Share |

InfoSec News

We have received a report from one of our readers that their Cisco IPS are picking up a large amount of scanning traffic across a large number of monitored clients.
He indicates: These scans started about two or three days ago and have been rolling through our clients. Once we block one source IP address, a new source IP address shows up with the same traffic shortly thereafter. The scans are firing off multiple rapid events for two signatures on our deployed Cisco IPS sensors.
The sources are both inside and outside the US. Please let us know if you are seeing this type of activity.
Thank you to Ryan for reporting this activity to us.
He reports that thetwo signatures that are triggering are:

Unix Password File Access Attempt (SigID: 3201) Web Application Security Test/Attack (SigID: 7212)
Deb Hale (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

First Major Al-Qa'eda Malware Release Wrecks Havoc
CSO (blog)
Al-Qa'eda recently released its first major distributed denial of service (DDoS) attack against Western interests, primarily in the US The attack only lasted for 7 hours and 47 minutes but it was highly ...

 
Microsoft Excel spreadsheets hold more than a million rows of data and automate number crunching, but they can do so much more. Excel's simple interface lends itself to uses well beyond those that its designers ever imagined.
 
The benchmark results for Apple's latest MacBook Pros are in—and they’re impressive. In testing conducted by Macworld Lab, the laptops released Thursday turned in Speedmark scores between 13 and 53 percent faster than the systems they replace.
 


Internet Storm Center Infocon Status