PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
ISC Stormcast For Monday, November 19th 2018 https://isc.sans.edu/podcastdetail.html?id=6260…

ISC Stormcast For Monday, November 19th 2018 https://isc.sans.edu/podcastdetail.html?id=6260, (Sun, Nov 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Multipurpose PCAP Analysis Tool, (Sun, Nov 18th)
I was looking for a tool to easily graph traffic for a project (there are many out there) and while searching I found this tool written as a project by "&…

Quickly Investigating Websites with Lookyloo, (Sat, Nov 17th)
While we are enjoying our weekend, it&#;x26;#;39;s always a good time to learn about new pieces of software that could be added to y…

Basic Obfuscation With Permissive Languages, (Fri, Nov 16th)
For attackers, obfuscation is key to keep their malicious code below the radar. Code is obfuscated for two main reasons: defeat automatic detection by AV soluti…

ISC Stormcast For Friday, November 16th 2018 https://isc.sans.edu/podcastdetail.html?id=6258, (Fri, Nov 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Apkatshu 1.0
Apkatshu is a tool for for extracting urls, emails, ip addresses, and interesting data from APK files. The user can choose either JADX or APKTOOL for de-compilation.

Packet Fence 8.2.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Web-Based Firewall Logging Tool 1.1.1
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Inclu…

Suricata IDPE 4.1.0
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

Stegano 0.8.6
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

GNU Privacy Guard 2.2.11
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

SQLMAP - Automatic SQL Injection Tool 1.2.11
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it dete…

TOR Virtual Network Tunneling Tool 0.3.4.9
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

SSLsplit 0.5.4
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation…


SecurityFocus
General Security Vulnerabilities
Vuln: Asterisk Open Source Remote Buffer Overflow Vulnerability
Asterisk Open Source Remote Buffer Overflow Vulnerability…

Vuln: Linux Kernel CVE-2018-18955 Local Privilege Escalation Vulnerability
Linux Kernel CVE-2018-18955 Local Privilege Escalation Vulnerability…

Vuln: Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability
Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability…

Vuln: OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability…

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update…

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update…

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
CentOS 7 : fuse (CESA-2018:3324)
Nessus Plugin ID 119003 with Medium Severity Synopsis The remote CentOS host is missing one or mor…

CentOS 7 : PackageKit / accountsservice / adwaita-icon-theme / appstream-data / at-spi2-atk / etc (CESA-2018:3140)
Nessus Plugin ID 118995 with High Severity Synopsis The remote CentOS host is missing one or more…

VMware vRealize Log Insight Detection (Linux)
Nessus Plugin ID 119016 with Info Severity Synopsis A virtualization log management application is…

CentOS 7 : zziplib (CESA-2018:3229)
Nessus Plugin ID 118999 with Medium Severity Synopsis The remote CentOS host is missing one or mor…

VMware vRealize Log Insight 4.6.x < 4.6.2 / 4.7.x < 4.7.1 Authorization Bypass Vulnerability (VMSA-2018-0028)
Nessus Plugin ID 119015 with Medium Severity Synopsis A log management application running on the…

Sourcefire
Vulnerability Research Team
Threat Roundup for Nov. 9 to Nov. 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 09 and…

Beers with Talos Ep. #41: Sex, money and malware
Beers with Talos (BWT) Podcast Ep. #41 is now available. Download this episode and subscribe to Beers with Tal…

Microsoft Patch Tuesday — November 2018: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of it…

Threat Roundup for November 2 to November 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 02 and…

Metamorfo Banking Trojan Keeps Its Sights on Brazil
This blog post was authored by Edmund Brumaghin, Warren Mercer, Paul Rascagneres, and Vitor Ventura.Executive…

RHEL
Red Hat Errata
RHEA-2018:3617-1: .NET Core Runtime 2.1.6 and SDK 2.1.500 for Red Hat Enterprise Linux 7
Red Hat Enterprise Linux: .NET Core Runtime 2.1.6 and SDK 2.1.500 for Red Hat Enterprise Linux 7…

RHSA-2018:3618-1: Important: flash-plugin security update
Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Suppleme…

RHBA-2018:3561-1: new packages: devtoolset-8
Red Hat Enterprise Linux: New devtoolset-8 packages are now available as a part of Red Hat Developer Toolset…

RHBA-2018:3562-1: new packages: devtoolset-8-gcc
Red Hat Enterprise Linux: New devtoolset-8-gcc packages are now available as a part of Red Hat Developer Tool…

RHBA-2018:3563-1: new packages: devtoolset-8-elfutils
Red Hat Enterprise Linux: New devtoolset-8-elfutils packages are now available as a part of Red Hat Developer…

RHBA-2018:3564-1: new packages: devtoolset-8-valgrind
Red Hat Enterprise Linux: New devtoolset-8-valgrind packages are now available as a part of Red Hat Developer…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

www.remnanttabernacle7thday.com
URL: www.remnanttabernacle7thday.com/XyH3iJ4, IP Address: 66.223.95.182, Country: CA, ASN: 13768, MD5: 568d17d…

trombleoff.com
URL: trombleoff.com/bin/stak.exe, IP Address: 78.24.218.109, Country: RU, ASN: 29182, MD5: ffe2ce6ba8577fc06f2…

trombleoff.com
URL: trombleoff.com/bin/rig.exe, IP Address: 78.24.218.109, Country: RU, ASN: 29182, MD5: 570a9cc9fd20159e9270…

trdesign.pro
URL: trdesign.pro/themes/bartik/color/sserv.jpg, IP Address: 89.108.84.195, Country: RU, ASN: 43146, MD5: c90c…

selfgifted.pt
URL: selfgifted.pt/OW, IP Address: 188.93.227.195, Country: PT, ASN: 8426, MD5: 568d17d6da77a46e35c8094a7c4143…

localbusinesspromotion.co.uk
URL: localbusinesspromotion.co.uk/u, IP Address: 66.206.38.173, Country: US, ASN: 40244, MD5: 568d17d6da77a46e…

jovive.es
URL: jovive.es/Rbd9Y09, IP Address: 134.0.15.191, Country: ES, ASN: 197712, MD5: 0b0dc2b2ccd4b46b3381508f7209a…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV 0.101.0 beta has been posted!
Welcome to the ClamAV 0.101.0 beta!Important notes about this release:Changes to the libclamav API:Those who b…
ClamAV 0.100.2 has been released!
ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities.Fixes for the fol…
SigAnalyzer: Signature analysis with CASC
Executive summaryClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV p…
Want to improve your ClamAV experience? Here are some common mistakes we see with FreshClam
At Cisco Talos, we regularly get questions on how to get the most out of ClamAV. Therefore, we wanted to…
ClamAV Git Work-flow Changes
If you use ClamAV’s Git repository, you may have noticed that we’ve recently changed our Git workflow. It…
ClamAV 0.100.1 has been released!
ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.Fixes for the following CVE's:CVE-2017-16…
ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as always, from the down…
ClamAV Mirror improvements
Community --Over the next several weeks, you are going to see some changes made to our ClamAV mirror infrastru…
Installing ClamAV from source: New Documentation!
Hey everyone,I wanted to point everyone to a git repository, located here.I'm pointing this out because if you…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2018 Procyon Labs / Randal T. Rioux