When information security vulnerabilities are identified, the Internet Storm Center (ISC) develops, assembles, and distributes material to help the cyber security community manage these threats. For some of the more critical vulnerabilities, SANS hosts special webcasts led by ISC handlers to provide additional information. On this page, you can read an overview of recent critical vulnerabilities, watch the related webcasts or go to the ISC to learn more about each vulnerability.
______________________________
Meltdown and Spectre
On January 3, 2018, two new vulnerabilities, Meltdown and Spectre, were introduced that are in the architecture of processors in nearly every computer and other devices using CPUs. Code to exploit these vulnerabilities in some cases is now publicly available and we can expect that more capable/modular code will be released soon. In this webcast, we walked through how the vulnerabilities work, what is being done to patch them, the performance impacts of patching, and probable exploit scenarios for the vulnerabilities.
View Webcast Recording - Recorded on January 4, 2018, with Jake Williams
Visit the Internet Storm Center for the latest information about the Meltdown and Spectre vulnerabilities. Updates include daily podcasts, diaries, and posts.
______________________________
WannaCry Ransomware Attack
Friday, May 12, 2017, witnessed an unprecedented ransomware attack known as WCrypt, which targeted healthcare, government, telecom, Universities, and other industries around the world. Jake Williams and Renato Marinho have been on the frontlines of this ransomware battle since it broke and provided an update on the latest facts and analysis in this webcast.
View Webcast Recording - Recorded on May 16, 2017, with Jake Williams, Renato Marinho, and Benjamin Wright
Visit the Internet Storm Center to read the in-depth summary of the attack produced by Johannes Ullrich, Dean of Research and a faculty member of the SANS Technology Institute. It includes a PowerPoint presentation for management and steps you can take to prevent infection.
______________________________
HTTP.sys Vulnerability
On Tuesday, April 14, 2015, Microsoft released MS15-034 as part of its monthly patch. The bulletin addresses a vulnerability in HTTP.sys, the library processing HTTP requests in Windows. According to Microsoft, the vulnerability could be used to run arbitrary code on a vulnerable host.
Among other programs, IIS uses HTTP.sys and is directly exposed to the exploit. As of the release date, trivial to execute exploits have been made public that will cause an IIS server to crash, and in a published analysis of the bug, an exploit to leak kernel memory was outlined.
SANS Institute hosted a live webcast where Dr. Johannes Ullrich discussed the exploit, why it happened, how to prevent exploitation, and how prevalent its use has already become.
View Webcast Recording - Recorded on April 16, 2015, with Dr. Johannes Ullrich
Visit the Internet Storm Center for the latest information about this vulnerability, including FAQs and ISC handler posts.
______________________________
The Ghost Vulnerability
In this presentation, we explain what "Ghost" is all about, how to recognize vulnerable systems, and what can be done to mitigate risk. We look beyond Ghost to explain how to quickly assess your exposure and build a comprehensive framework to address high-priority vulnerabilities.
View Webcast Recording - Recorded on February 6, 2015, with Johannes Ullrich and Chris Wysopal
Visit the Internet Storm Center to read the latest on the Critical GLibc (Ghost) Vulnerability CVE-2015-0235.
Watch a short video, produced by Johannes Ullrich, Dean of Research and a faculty member of the SANS Technology Institute, that helps to better understand the critical nature of this vulnerability and what can and should be done about it.
