PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
BGP Hijacking: The Internet is Still/Again Broken, (Thu, Apr 27th)
The Internet is a network of networks. Each Autonomous system (AS) connects to the internet using a router that speaks the Border Gateway Protocol (BGP) to diss…

ISC Stormcast For Thursday, April 27th 2017 https://isc.sans.edu/podcastdetail.html?id=5476, (Thu, Apr 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again), (Wed, Apr 26th)
Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy t…

ISC Stormcast For Wednesday, April 26th 2017 https://isc.sans.edu/podcastdetail.html?id=5474, (Wed, Apr 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

CAA Records and Certificate Issuance, (Tue, Apr 25th)
[This is a guest diary submitted by J. Edward Durrett, GCUX] While going over an SSL report from SSL Labs [1], I noticed something that I had not seen before…

ISC Stormcast For Tuesday, April 25th 2017 https://isc.sans.edu/podcastdetail.html?id=5472, (Tue, Apr 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
TOR Virtual Network Tunneling Tool 0.3.0.6
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Uberscan Brute Forcing Tool
Uberscan is an IP scanner and brute forcing tool all in one. Written in perl.

Thycotic Secret Server Data Decrypter
This is a powershell script that decrypts the data stored within a Thycotic Secret Server.

DAVOSET 1.3.2
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Packet Fence 7.0.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Blue Team Training Toolkit (BT3) 2.2
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and…

360-FAAR Firewall Analysis Audit And Repair 0.6.2
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

Wireshark Analyzer 2.2.6
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

Ansvif 1.7
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.


SecurityFocus
General Security Vulnerabilities
Vuln: Jenkins Java Deserialization CVE-2017-1000353 Remote Code Execution Vulnerability
Jenkins Java Deserialization CVE-2017-1000353 Remote Code Execution Vulnerability…

Vuln: Mediawiki 'Parser::replaceInternalLinks2()' Method Cross-Site Scripting Vulnerability
Mediawiki 'Parser::replaceInternalLinks2()' Method Cross-Site Scripting Vulnerability…

Vuln: Mediawiki 'Special:MyPage/common.css' Cross-Site Scripting Vulnerability
Mediawiki 'Special:MyPage/common.css' Cross-Site Scripting Vulnerability…

Vuln: HP NonStop Servers CVE-2017-5803 Information Disclosure Vulnerability
HP NonStop Servers CVE-2017-5803 Information Disclosure Vulnerability…

Bugtraq: FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter…

Bugtraq: CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability…

Bugtraq: April 2017 - Confluence - Security Advisory
April 2017 - Confluence - Security Advisory…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Splunk Enterprise 6.4.x < 6.4.7 Multiple XSS
Synopsis : An application running on the remote web server is affected by multiple cross-site scripting vulne…

Cisco Unified Communications Manager SIP UDP Throttling DoS (CSCuz72455)
Synopsis : The remote device is affected by a denial of service vulnerability. Description : According to i…

SUSE SLED12 / SLES12 Security Update : tcpdump, libpcap (SUSE-SU-2017:1110-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for tcpd…

openSUSE Security Update : tiff (openSUSE-2017-515)
Synopsis : The remote openSUSE host is missing a security update. Description : This update for tiff fixes…

openSUSE Security Update : libsndfile (openSUSE-2017-514)
Synopsis : The remote openSUSE host is missing a security update. Description : This update for libsndfile…

Sourcefire
Vulnerability Research Team
Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
These vulnerabilities were discovered by Lilith Wyatt of Cisco ASIGSummaryZabbix is an enterprise monitoring s…

Vulnerability Spotlight: IrfanView Jpeg2000 Reference Tile width Arbitrary Code Execution Vulnerability
Discovered by Aleksandar Nikolic of Cisco TalosOverviewTalos is disclosing TALOS-2017-0310 / CVE-2017-2813, an…

Vulnerability Spotlight: Hard-coded Credential Flaw in Moxa ICS Wireless Access Points Identified and Fixed
Earlier this month, Talos responsibly disclosed a set of vulnerabilities in Moxa ICS wireless access points. W…

Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs
This post was authored by Nick BiasiniThroughout the majority of 2016, Locky was the dominant ransomware in th…

Threat Round-up for Apr 14 - Apr 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 14 and April…

RHEL
Red Hat Errata
RHBA-2017:1171-1: heketi bug fix update
Red Hat Enterprise Linux: Updated heketi packages are now available for Container Native Storage 3.5.

RHBA-2017:1172-1: cns-deploy-tool bug fix update
Red Hat Enterprise Linux: Updated cns-deploy-tool packages that fix several bugs are now available for Contai…

RHEA-2017:1188-1: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.10
Red Hat Enterprise Linux: An updated rhev-hypervisor package is now available.

RHBA-2017:1141-1: devtoolset-6-ltrace bug fix update
Red Hat Enterprise Linux: Updated devtoolset-6-ltrace packages that fix two bugs are now available as a part…

RHBA-2017:1143-1: devtoolset-6-gcc bug fix update
Red Hat Enterprise Linux: Updated devtoolset-6-gcc packages that fix several bugs are now available as a part…

RHBA-2017:1147-1: devtoolset-6 update
Red Hat Enterprise Linux: Updated devtoolset-6 packages are now available as a part of Red Hat Developer Tool…

Microsoft
Security Advisories
3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (March 14, 2017): Advisory rereleased to announce that the changes described in this advis…

4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
Revision Note: V1.0 (January 27, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (January 10, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security adv…

3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary:…

Malc0de

Malc0de

(You might not want to click on these!)

down12.xiazaidc.com
URL: , IP Address: 121.41.10.159, Country: CN, ASN: 37963, MD5: 2a65f85d09f36402fbd91484a9a4adac…

d1.97you.net
URL: , IP Address: 183.131.168.153, Country: CN, ASN: 4134, MD5: e6cf7a3c987ada0625981f2a654f5106…

cendereci.com
URL: cendereci.com/dasphdasodasopjdaspjdasdasa.png, IP Address: 85.159.66.172, Country: TR, ASN: 34619, MD5: 2…

c.img001.com
URL: c.img001.com/re58/guagua_23103510024.exe, IP Address: 14.152.50.39, Country: CN, ASN: 134764, MD5: f1db40…

c.img001.com
URL: c.img001.com/re58/kele_20090197397.exe, IP Address: 14.152.50.39, Country: CN, ASN: 134764, MD5: bde29dee…

c.img001.com
URL: c.img001.com/re58/pingguo_21561000328.exe, IP Address: 14.152.50.39, Country: CN, ASN: 134764, MD5: b3aa7…

c.img001.com
URL: c.img001.com/re58/girlshow_20300025849.exe, IP Address: 14.152.50.39, Country: CN, ASN: 134764, MD5: 31d5…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…

up.mykings.pw:8888 (2017/03/06_21:09)
Host: up.mykings.pw:8888/update.txt, IP address: 60.250.76.52, ASN: 3462, Country: TW, Description: related to a Mirai windows spreader trojan…

down.mykings.pw:8888 (2017/03/06_21:09)
Host: down.mykings.pw:8888/ver.txt, IP address: 60.250.76.52, ASN: 3462, Country: TW, Description: related to a Mirai windows spreader trojan…


© 2001-2016 Procyon Labs / Randal T. Rioux