PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Yet Another DOSfuscation Sample…

Yet Another DOSfuscation Sample, (Wed, Dec 12th)
Reader Vince asked for help with the analysis of a malicious Word document. He started the analysis himself, following the method I illustrated in diary entry "…

ISC Stormcast For Wednesday, December 12th 2018 https://isc.sans.edu/podcastdetail.html?id=6290, (Wed, Dec 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Microsoft December 2018 Patch Tuesday, (Tue, Dec 11th)
December 2018 Security Updates …

Announcing the Security Awareness Survey, find it at https://survey.sans.org/jfe/form/SV_4UZfNorPzzXlfr7, (Tue, Dec 11th)
Richard Porter --- ISC Handler on Duty …

ISC Stormcast For Tuesday, December 11th 2018 https://isc.sans.edu/podcastdetail.html?id=6288, (Tue, Dec 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Faraday 3.4
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

SQLMAP - Automatic SQL Injection Tool 1.2.12
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it dete…

Packet Fence 8.2.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Hashcat Advanced Password Recovery 5.1.0 Source Code
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Hashcat Advanced Password Recovery 5.1.0 Binary Release
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Clam AntiVirus Toolkit 0.101.0
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

TestSSL 3.0rc3
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and muc…

Bro Network Security Monitor 2.6
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehens…

Wireshark Analyzer 2.6.5
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…


SecurityFocus
General Security Vulnerabilities
Vuln: phpMyAdmin CVE-2018-19968 Local File Include Vulnerability
phpMyAdmin CVE-2018-19968 Local File Include Vulnerability…

Vuln: OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability…

Vuln: OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability…

Vuln: Oracle Solaris CVE-2017-3623 Remote Code Execution Vulnerability
Oracle Solaris CVE-2017-3623 Remote Code Execution Vulnerability…

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update…

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update…

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Python Flask Installed (Linux)
Nessus Plugin ID 119602 with Info Severity Synopsis Python Flask is installed on the remote host.

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)
Nessus Plugin ID 119575 with Critical Severity Synopsis The remote SUSE host is missing one or mor…

phpMyAdmin 4.x < 4.8.4 Multiple Vulnerabilities (PMASA-2018-6) (PMASA-2018-8)
Nessus Plugin ID 119601 with Medium Severity Synopsis The remote web server hosts a PHP applicatio…

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)
Nessus Plugin ID 119567 with High Severity Synopsis The remote Oracle Linux host is missing one or…

phpMyAdmin 4.7.x <= 4.7.6 / 4.8.x < 4.8.4 Multiple XSRF/CSRF Vulnerabilities (PMASA-2018-7)
Nessus Plugin ID 119600 with Medium Severity Synopsis The remote web server hosts a PHP applicatio…

Sourcefire
Vulnerability Research Team
Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerability
Aleksandar Nikolic of Cisco Talos discovered this vulnerability.Executive summaryAdobe Acrobat Reader DC conta…

Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of it…

in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal
This blog post is authored by Vitor Ventura.Executive summaryMessaging applications have been around sinc…

Threat Roundup for Nov. 30 to Dec. 7
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 30 and…

An introduction to offensive capabilities of Active Directory on UNIX
Tim Wadhwa-Brown of Portcullis Labs authored this post.In preparation for our talk at Black Hat Europe, Securi…

RHEL
Red Hat Errata
RHSA-2018:3822-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifec…

RHSA-2018:3823-1: Moderate: kernel security and bug fix update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life.

RHSA-2018:3800-1: Important: rh-git218-git security update
Red Hat Enterprise Linux: An update for rh-git218-git is now available for Red Hat Software Collections. Red…

RHSA-2018:3803-1: Important: chromium-browser security update
Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supp…

RHSA-2018:3804-1: Low: Red Hat Enterprise Linux 7.3 Extended Update Support Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux 7.3 E…

RHSA-2018:3805-1: Low: Red Hat Enterprise Linux 6.7 Extended Update Support One-Month Retirement Notice
Red Hat Enterprise Linux: This is the one-Month notification for the retirement of Red Hat Enterprise Linux 6…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

velatoursrls.com
URL: velatoursrls.com/templates/ol_blexi/css/font-awesome/sserv.jpg, IP Address: 89.46.108.29, Country: IT, AS…

pastelcolors.in
URL: pastelcolors.in/wp-content/plugins/LayerSlider/classes/sserv.jpg, IP Address: 198.204.226.18, Country: US…

masterbud.com.pl
URL: masterbud.com.pl/templates/theme_390/css/sserv.jpg, IP Address: 87.98.239.19, Country: FR, ASN: 16276, MD…

deaconbrothersfilm.com
URL: deaconbrothersfilm.com/tre.tata, IP Address: 69.28.199.10, Country: US, ASN: 13768, MD5: 09773921879498d5…

careforthesheep.org
URL: careforthesheep.org/wp-content/ai1wm-backups/sserv.jpg, IP Address: 66.45.226.139, Country: US, ASN: 1931…

biztradersintl.xyz
URL: biztradersintl.xyz/456.exe, IP Address: 47.74.244.156, Country: US, ASN: 45102, MD5: 98b861627063aa463bc7…

arrtkart.com
URL: arrtkart.com/wp-content/themes/agama/page-templates/sserv.jpg, IP Address: 46.105.163.80, Country: FR, AS…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV 0.101.0 has been released!
We are pleased to announce the release of ClamAV 0.101.0!  Please take a look at the below release notes…
The ClamAV 0.101.0 release candidate is here!
The ClamAV 0.101.0 release candidate is here!We have also made significant improvements to our User Manual&nbs…
ClamAV 0.101.0 beta has been posted!
Welcome to the ClamAV 0.101.0 beta!Important notes about this release:Changes to the libclamav API:Those who b…
ClamAV 0.100.2 has been released!
ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities.Fixes for the fol…
SigAnalyzer: Signature analysis with CASC
Executive summaryClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV p…
Want to improve your ClamAV experience? Here are some common mistakes we see with FreshClam
At Cisco Talos, we regularly get questions on how to get the most out of ClamAV. Therefore, we wanted to…
ClamAV Git Work-flow Changes
If you use ClamAV’s Git repository, you may have noticed that we’ve recently changed our Git workflow. It…
ClamAV 0.100.1 has been released!
ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.Fixes for the following CVE's:CVE-2017-16…
ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as always, from the down…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2018 Procyon Labs / Randal T. Rioux