PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Proactive Malicious Domain Search…

Proactive Malicious Domain Search, (Thu, Nov 23rd)
In a previous diary[1], I presented a dashboard that I'm using to keep track of the DNS traffic on my networks. Tracking malicious domains is usef…

ISC Stormcast For Wednesday, November 22nd 2017 https://isc.sans.edu/podcastdetail.html?id=5765, (Wed, Nov 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Internet Wide Ethereum JSON-RPC Scans, (Tue, Nov 21st)
Ethereum is certainly getting a lot of press this year, and with this, we also see the bad guys spending more effort to steal the shiny fresh off the digital mi…

ISC Stormcast For Tuesday, November 21st 2017 https://isc.sans.edu/podcastdetail.html?id=5763, (Tue, Nov 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Monday, November 20th 2017 https://isc.sans.edu/podcastdetail.html?id=5762, (Mon, Nov 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Mobius Forensic Toolkit 1.0
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and i…

Faraday 2.7.1
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

Haveged 1.9.2
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algo…

Flawfinder 2.0.5
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. T…

I2P 0.9.32
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

PTP-RAT Screen Share Proof Of Concept
PTP-RAT is a proof of concept that allows data theft via screen-share protocols. Each screen flash starts with a header. This contains a magic string, "PTP-RAT-CHUNK" followed…

Faraday 2.7
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

Hashcat Advanced Password Recovery 4.0.1 Source Code
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Hashcat Advanced Password Recovery 4.1.0 Binary Release
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…


SecurityFocus
General Security Vulnerabilities
Vuln: Atlassian Hipchat for Mac CVE-2017-14586 Remote Code Execution Vulnerability
Atlassian Hipchat for Mac CVE-2017-14586 Remote Code Execution Vulnerability…

Vuln: Jenkins Favorite Plugin CVE-2017-1000243 Security Bypass Vulnerability
Jenkins Favorite Plugin CVE-2017-1000243 Security Bypass Vulnerability…

Vuln: Atlassian Hipchat Server and Data Center CVE-2017-14585 Remote Code Execution Vulnerability
Atlassian Hipchat Server and Data Center CVE-2017-14585 Remote Code Execution Vulnerability…

Vuln: Jenkins Favorite Plugin CVE-2017-1000244 Cross Site Request Forgery Vulnerability
Jenkins Favorite Plugin CVE-2017-1000244 Cross Site Request Forgery Vulnerability…

Bugtraq: Edward Snowden free speech at JBFone - Data Security & Privacy
Edward Snowden free speech at JBFone - Data Security & Privacy…

Bugtraq: [SECURITY] [DSA 4046-1] libspring-ldap-java security update
[SECURITY] [DSA 4046-1] libspring-ldap-java security update…

Bugtraq: [SECURITY] [DSA 4045-1] vlc security update
[SECURITY] [DSA 4045-1] vlc security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
TLS Version 1.0 Protocol Detection
<br /> Synopsis :<br /> <br /> The remote service encrypts traffic using an older version of…

Foxit PhantomPDF < 8.3.5 Multiple Vulnerabilities
Synopsis : A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities. Descr…

Intel Management Engine Unspecified Multiple Vulnerabilities (INTEL-SA-00086)
Synopsis : The management engine on the remote host is affected by multiple vulnerabilities. Description :…

Checkpoint Gaia Portal WebUI Detection
Synopsis : A firewall web portal is running on the remote host. Description : The remote host is a Check Po…

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : db5.3 vulnerability (USN-3489-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing one or more security-relate…

Sourcefire
Vulnerability Research Team
Talos Wins The 5th Volatility Plugin Contest With Pyrebox
Talos has won this year's 5th Volatility plugin contest with Pyrebox. Volatility is a well-known open-source f…

Beers with Talos EP 17: Greek Gods, Trojans, and the Spice Girls as Spirit Animals
Beers with Talos (BWT) Podcast Episode 17 is now available.  Download this episode and subscribe to Beers…

This Holiday Season - Buy One IoT Device, Get Free CVEs
As the Internet of Things gains steam and continues to develop, so are adversaries and the threats affecting t…

Threat Round Up for Nov 10 - Nov 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between November 10 and No…

Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls
Vulnerabilities discovered by Marcin Noga of Cisco TalosTalos is releasing seven new vulnerabilities discovere…

RHEL
Red Hat Errata
RHEA-2017:1948-2: libtdb bug fix update
Red Hat Enterprise Linux: An update for libtdb is now available for Red Hat Enterprise Linux 7.

RHBA-2017:3258-1: rh-nodejs6 bug fix update
Red Hat Enterprise Linux: Updated rh-nodejs6 packages that fix one bug are now available for Red Hat Software…

RHBA-2017:3256-1: kernel bug fix update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Upd…

RHBA-2017:3257-1: rear bug fix update
Red Hat Enterprise Linux: Updated rear packages that fix one bug are now available for Red Hat Enterprise Lin…

RHBA-2017:3249-1: rh-nodejs4 bug fix update
Red Hat Enterprise Linux: Updated rh-nodejs4 packages that fix one bug are now available for Red Hat Software…

RHBA-2017:3250-1: devtoolset-6-gdb bug fix update
Red Hat Enterprise Linux: Updated devtoolset-6-gdb packages that fix one bug are now available for Red Hat De…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0
Revision Note: V1.0 (November 8, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

Malc0de

Malc0de

(You might not want to click on these!)

xploramail.com
URL: xploramail.com/JHgd476, IP Address: 185.57.172.213, Country: NL, ASN: 29119, MD5: e8806738a575a6639e7c9aa…

www.yourflyness.com
URL: www.yourflyness.com/thR/index.html, IP Address: 108.179.242.143, Country: US, ASN: 20013, MD5: fa98e1e5dc…

www.atleticarimininord.it
URL: www.atleticarimininord.it/files/ri.php, IP Address: 81.31.147.89, Country: IT, ASN: 47242, MD5: f7f9c6d6c…

www.atleticarimininord.it
URL: www.atleticarimininord.it/files/ri.php, IP Address: 81.31.147.89, Country: IT, ASN: 47242, MD5: f6b57f5c2…

srisaradabrahmavidyakendra.com
URL: srisaradabrahmavidyakendra.com/logs/invoice_3098_2017_11.exe, IP Address: 103.21.58.121, Country: AE, ASN…

pamplonarecados.com
URL: pamplonarecados.com/JHgd476, IP Address: 5.2.88.79, Country: ES, ASN: 198432, MD5: e8806738a575a6639e7c9a…

mytravelzone.co.in
URL: mytravelzone.co.in/XsTr/index.html, IP Address: 174.138.64.72, Country: US, ASN: 14061, MD5: 8fbdf57037ac…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

izeselet.hu (2017/09/28_08:11)
Host: izeselet.hu/wp-content/uploads/2016/03/ch.js, IP address: 87.229.63.171, ASN: 62292, Country: HU, Description: coin mining…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…


© 2001-2017 Procyon Labs / Randal T. Rioux