PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
HSBC-themed malspam uses ISO attachments to push Loki Bot malware…

HSBC-themed malspam uses ISO attachments to push Loki Bot malware, (Thu, Oct 19th)
Introduction …

Baselining Servers to Detect Outliers, (Wed, Oct 18th)
Introduction …

ISC Stormcast For Wednesday, October 18th 2017 https://isc.sans.edu/podcastdetail.html?id=5716, (Wed, Oct 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Hancitor malspam uses DDE attack, (Tue, Oct 17th)
Introduction …

ISC Stormcast For Tuesday, October 17th 2017 https://isc.sans.edu/podcastdetail.html?id=5714, (Mon, Oct 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Bro Network Security Monitor 2.5.2
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehens…

Macro Pack 1.1
macro_pack is a tool used to automate obfuscation and generation of MS Office documents for penetration testing, demo, and social engineering assessments. The goal of macro_pa…

Falco 0.8.1
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

Wireshark Analyzer 2.4.2
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

OpenSSH 7.6p1
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all…

Packet Fence 7.3.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

TestSSL 2.9.5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and muc…

TOR Virtual Network Tunneling Tool 0.3.1.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

ifchk 1.0.8
Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will dis…


SecurityFocus
General Security Vulnerabilities
Vuln: Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability…

Vuln: OpenSSL CVE-2017-3731 Denial of Service Vulnerability
OpenSSL CVE-2017-3731 Denial of Service Vulnerability…

Vuln: cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability…

Vuln: Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability…

Bugtraq: WebKitGTK+ Security Advisory WSA-2017-0008
WebKitGTK+ Security Advisory WSA-2017-0008…

Bugtraq: SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products
SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products…

Bugtraq: [security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data
[security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Oracle Business Intelligence Publisher Multiple Vulnerabilities (October 2017 CPU)
Synopsis : The remote host is affected by multiple vulnerabilities. Description : The version of Oracle Bus…

Oracle WebLogic Server Multiple Vulnerabilities (October 2017 CPU)
Synopsis : An application server installed on the remote host is affected by multiple vulnerabilities. Descr…

Google Chrome < 62.0.3202.62 Multiple Vulnerabilities (macOS)
Synopsis : A web browser installed on the remote macOS or Mac OS X host is affected by multiple unspecified v…

Google Chrome < 62.0.3202.62 Multiple Vulnerabilities
Synopsis : A web browser installed on the remote Windows host is affected by multiple vulnerabilities. Descr…

Oracle JRockit R28.3.15 Multiple Vulnerabilities (October 2017 CPU)
Synopsis : A programming platform installed on the remote Windows host is affected by multiple vulnerabilitie…

Sourcefire
Vulnerability Research Team
Beers with Talos EP 15: Landing a Job, Phishing Midstream, and Paul’s IDA Palette
Beers with Talos (BWT) Podcast Episode 15 is now available.  Download this episode and subscribe to Beers…

Spoofed SEC Emails Distribute Evolved DNSMessenger
This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13.Exec…

Threat Round Up for Oct 6 - Oct 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between October 6 and Octo…

Disassembler and Runtime Analysis
This post was authored by Paul Rascagneres.IntroductionIn the CCleaner 64bit stage 2 previously described in o…

Banking Trojan Attempts To Steal Brazillion$
This post was authored by Warren Mercer, Paul Rascagneres and Vanja SvajcerIntroductionBanking trojans are amo…

RHEL
Red Hat Errata
RHSA-2017:2908-1: Moderate: rh-nodejs6-nodejs security update
Red Hat Enterprise Linux: An update for rh-nodejs6-nodejs is now available for Red Hat Software Collections.

RHSA-2017:2911-1: Important: wpa_supplicant security update
Red Hat Enterprise Linux: An update for wpa_supplicant is now available for Red Hat Enterprise Linux 6. Red…

RHSA-2017:2912-1: Moderate: rh-nodejs4-nodejs-tough-cookie security update
Red Hat Enterprise Linux: An update for rh-nodejs4-nodejs-tough-cookie is now available for Red Hat Software…

RHSA-2017:2913-1: Moderate: rh-nodejs6-nodejs-tough-cookie security update
Red Hat Enterprise Linux: An update for rh-nodejs6-nodejs-tough-cookie is now available for Red Hat Software…

RHBA-2017:2903-1: Red Hat Ceph Storage 2.4 enhancement and bug fix update
Red Hat Enterprise Linux: An update is now available for Red Hat Ceph Storage 2.4.

RHEA-2017:2898-1: rh-mongodb32-mongo-java-driver bug fix and enhancement update
Red Hat Enterprise Linux: Updated rh-mongodb32-mongo-java-driver packages that fix several bugs and add vario…

Microsoft
Security Advisories
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

Malc0de

Malc0de

(You might not want to click on these!)

theplatonicsolid.com
URL: theplatonicsolid.com/cftmon.exe, IP Address: 64.90.34.67, Country: US, ASN: 26347, MD5: 13e91cc988469a5ba…

memorywedge.net
URL: memorywedge.net/11/cftmon.exe, IP Address: 64.111.126.113, Country: US, ASN: 26347, MD5: 13e91cc988469a5b…

goliathstoneindustries.com
URL: goliathstoneindustries.com/niv785yg, IP Address: 103.53.172.3, Country: SG, ASN: 38532, MD5: ebae928bc005…

evlilikpsikolojisi.com
URL: evlilikpsikolojisi.com/kas44.png, IP Address: 178.210.175.13, Country: TR, ASN: 42910, MD5: a7deb18758c9f…

dbatee.gr
URL: dbatee.gr/niv785yg, IP Address: 62.103.152.100, Country: GR, ASN: 6799, MD5: ebae928bc0051c735d6facdc3475…

3overpar.com
URL: 3overpar.com/niv785yg, IP Address: 98.124.251.167, Country: US, ASN: 21740, MD5: ebae928bc0051c735d6facdc…

200.7.105.4
URL: 200.7.105.4/ital1.exe, IP Address: 200.7.105.4, Country: PA, ASN: 61046, MD5: ecb456a4dd77bf97bd754c79dfe…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
kiwifarms.net (2017/10/17_17:40)
Host: kiwifarms.net/js/Jawsh/xmr/cryptonight-worker.js, IP address: 104.24.17.94, ASN: 13335, Country: US, Description: crypto mining…

izeselet.hu (2017/09/28_08:11)
Host: izeselet.hu/wp-content/uploads/2016/03/ch.js, IP address: 87.229.63.171, ASN: 62292, Country: HU, Description: coin mining…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…


© 2001-2017 Procyon Labs / Randal T. Rioux