PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
ISC Stormcast For Tuesday, June 19th 2018 https://isc.sans.edu/podcastdetail.html?id=6044…

ISC Stormcast For Tuesday, June 19th 2018 https://isc.sans.edu/podcastdetail.html?id=6044, (Tue, Jun 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Malicious JavaScript Targeting Mobile Browsers, (Mon, Jun 18th)
A reader reported a suspicious piece of a Javascript code that was found on a website. In the meantime, the compromized website has been cleaned but it was runn…

ISC Stormcast For Monday, June 18th 2018 https://isc.sans.edu/podcastdetail.html?id=6042, (Mon, Jun 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Encrypted Office Documents, (Sun, Jun 17th)
Last I had to analyze a malicious, encrypted Excel document, with a twist. …


Anomaly Detection & Threat Hunting with Anomalize, (Sat, Jun 16th)
When, in October and November&#39&#x3b;s posts, I redefined DFIR un…

Packet Storm
Latest Security Tool Files
msploitego 1.0
msploitego is the pentesting suite for Maltego. msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Ser…

TOR Virtual Network Tunneling Tool 0.3.3.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Tinc Virtual Private Network Daemon 1.0.34
tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling all…

AIEngine 1.9.0
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

m4ngl3m3! 0.1 Password Generator
m4ngl3m3! version 0.1 is a common password pattern generator using a strings list.

GNU Privacy Guard 2.2.8
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

GNUnet P2P Framework 0.11.0pre66
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a tran…

Bro Network Security Monitor 2.5.4
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehens…

Reptile LKM Rootkit
Reptile is a Linux kernel module rootkit that hides files, processes, etc. It implements ICMP/UDP/TCP port-knocking backdoors, supports kernels 2.6.x/3.x/4.x, and more.


SecurityFocus
General Security Vulnerabilities
Vuln: Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability
Intel Core Microprocessors CVE-2018-3665 Information Disclosure Vulnerability…

Vuln: Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability…

Vuln: Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability
Airbnb Knowledge Repo CVE-2018-12104 Cross Site Scripting Vulnerability…

Vuln: Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability
Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability…

Bugtraq: [SECURITY] [DSA 4231-1] libgcrypt20 security update
[SECURITY] [DSA 4231-1] libgcrypt20 security update…

Bugtraq: [SECURITY] [DSA 4230-1] redis security update
[SECURITY] [DSA 4230-1] redis security update…

Bugtraq: [SECURITY] [DSA 4229-1] strongswan security update
[SECURITY] [DSA 4229-1] strongswan security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0231)
Nessus Plugin ID 110581 with Medium Severity Synopsis The remote OracleVM host is missing one or m…

SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-1)
Nessus Plugin ID 110595 with High Severity Synopsis The remote SUSE host is missing one or more se…

Fedora 27 : singularity (2018-02051f8300)
Nessus Plugin ID 110573 with High Severity Synopsis The remote Fedora host is missing a security u…

SUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1)
Nessus Plugin ID 110594 with High Severity Synopsis The remote SUSE host is missing one or more se…

Fedora 27 : kernel (2018-b57db4753c)
Nessus Plugin ID 110577 with High Severity Synopsis The remote Fedora host is missing a security u…

Sourcefire
Vulnerability Research Team
Threat Roundup for June 1-15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 01 and June 1…

Vulnerability Spotlight: TALOS-2018-0545 - Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability
Vulnerabilities discovered by Marcin Noga from TalosOverviewTalos is disclosing a remote code execution vulner…

Vulnerability Spotlight: TALOS-2018-0523-24 - Multiple Vulnerabilities in Pixars Renderman application
Vulnerabilities discovered by Tyler Bohan from Talos OverviewTalos is disclosing two denial-of-service vulnera…

Microsoft Patch Tuesday - June 2018
Executive SummaryMicrosoft has released its monthly set of security advisories for vulnerabilities that have b…

VPNFilter Update - VPNFilter exploits endpoints, targets new devices
IntroductionCisco Talos, while working with our various intelligence partners, has discovered additional detai…

RHEL
Red Hat Errata
RHBA-2018:1855-1: nfs-utils bug fix update
Red Hat Enterprise Linux: An update for nfs-utils is now available for Red Hat Enterprise Linux 6.

RHBA-2018:1856-1: redhat-release-server bug fix update
Red Hat Enterprise Linux: An update for redhat-release-server is now available for Red Hat Enterprise Linux 6…

RHBA-2018:1857-1: copy-jdk-configs bug fix update
Red Hat Enterprise Linux: An update for copy-jdk-configs is now available for Red Hat Enterprise Linux 6.

RHBA-2018:1858-1: binutils bug fix update
Red Hat Enterprise Linux: An update for binutils is now available for Red Hat Enterprise Linux 6.

RHBA-2018:1859-1: iptables bug fix update
Red Hat Enterprise Linux: An update for iptables is now available for Red Hat Enterprise Linux 6.

RHBA-2018:1861-1: libcgroup bug fix update
Red Hat Enterprise Linux: An update for libcgroup is now available for Red Hat Enterprise Linux 6.

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

vadonka.com
URL: vadonka.com/iTKS/index.html, IP Address: 193.91.64.2, Country: HU, ASN: 12301, MD5: 68a8723d8dd250d2198a3…

uploadtops.is
URL: uploadtops.is/1/f/bGXgZN9, IP Address: 82.221.105.125, Country: IS, ASN: 50613, MD5: ef471f88c0e67157ef1c…

uploadtops.is
URL: uploadtops.is/1/f/jpjdkuW, IP Address: 82.221.105.125, Country: IS, ASN: 50613, MD5: 423f0e1a6bf914cdf027…

thecentralbaptist.com
URL: thecentralbaptist.com/pMI9u5l/index.php, IP Address: 144.208.78.30, Country: US, ASN: 54641, MD5: 716869b…

psatafoods.com
URL: psatafoods.com/pawpaw/neworder.exe, IP Address: 198.54.126.125, Country: US, ASN: 22612, MD5: dde138224da…

mycscinfo.in
URL: mycscinfo.in/img1/trg657.exe, IP Address: 103.231.41.220, Country: IN, ASN: 18229, MD5: 2706b1404296c7a73…

invizza.com
URL: invizza.com/K3t9MW/index.html, IP Address: 177.185.194.43, Country: BR, ASN: 28299, MD5: 606fee763688ee21…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as always, from the down…
ClamAV Mirror improvements
Community --Over the next several weeks, you are going to see some changes made to our ClamAV mirror infrastru…
Installing ClamAV from source: New Documentation!
Hey everyone,I wanted to point everyone to a git repository, located here.I'm pointing this out because if you…
ClamAV 0.100.0-rc has been posted!
0.100.0-rc (Release Candidate) NotesClamAV 0.100.0 is a feature release (candidate) which includes many code s…
Returning to working form: A Clamsubmit story!
Community -I wanted to inform everyone of the functionality of ClamAV ClamsubmitClamsubmit is a tool that allo…
ClamAV 0.99.4 has been released!
Join us as we welcome ClamAV 0.99.4 to the family!0.99.4 Release Notes0.99.4 is a security patch release, quic…
ClamAV.net has been upgraded
Community --Today we completed a large upgrade to the backend of ClamAV.net.  This upgrade should fix sev…
ClamAV 0.100.0 beta has been released!
ClamAV 0.100.0-beta is the successor to the previous 0.99.3-beta2.  The 0.99.3 patch release on January 2…
Update on the recent "File Descriptors" issue in ClamAV
A signature introduced in daily.cvd version 24256 triggered bug that exists in all current stable releases of…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2017 Procyon Labs / Randal T. Rioux