PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Malicious script dropping an executable signed by Avast?…

Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd)
Yesterday, I found an interesting sample that I started to analyze… It reached my spam trap attached to an email in Portuguese w…

ISC Stormcast For Wednesday, August 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5638, (Wed, Aug 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Defang all the things!, (Tue, Aug 22nd)
Today, I would like to promote a best practice via a small Python module that is very helpful when you're dealing with suspicious or malicious URLs. Links i…

ISC Stormcast For Tuesday, August 22nd 2017 https://isc.sans.edu/podcastdetail.html?id=5636, (Tue, Aug 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Monday, August 21st 2017 https://isc.sans.edu/podcastdetail.html?id=5634, (Sun, Aug 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Bettercap 1.6.2
BetterCAP is a powerful, flexible, and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sn…

AIEngine 1.8.1
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

Mandos Encrypted File System Unattended Reboot Utility 1.7.16
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client progra…

FireHOL 3.1.4
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…

Tenshi Log Monitoring Program 0.16
tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressi…

Check Siem 201708.05
check_siem is a security incidents and events monitor written in Perl. It reports on unusual user, process, net, and file activities by leveraging fuzzy LSOF statistics. Think…

OpenDNSSEC 2.1.3
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to f…

Mobius Forensic Toolkit 0.5.30
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and i…

Faraday 2.6.2
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…


SecurityFocus
General Security Vulnerabilities
Vuln: GraphicsMagick CVE-2017-11642 Denial of Service Vulnerability
GraphicsMagick CVE-2017-11642 Denial of Service Vulnerability…

Vuln: Adobe Digital Editions CVE-2017-11272 XML Entity Parsing Information Disclosure Vulnerability
Adobe Digital Editions CVE-2017-11272 XML Entity Parsing Information Disclosure Vulnerability…

Vuln: Adobe Digital Editions APSB17-27 Multiple Unspecified Memory Corruption Vulnerabilities
Adobe Digital Editions APSB17-27 Multiple Unspecified Memory Corruption Vulnerabilities…

Vuln: Adobe Digital Editions CVE-2017-11274 Unspecified Buffer Overflow Vulnerability
Adobe Digital Editions CVE-2017-11274 Unspecified Buffer Overflow Vulnerability…

Bugtraq: [SECURITY] [DSA 3951-1] smb4k security update
[SECURITY] [DSA 3951-1] smb4k security update…

Bugtraq: [RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification
[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification…

Bugtraq: [RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates
[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Audit IBM BigFix using Tenable.io
With the adoption of more cloud, mobile, IoT, and SaaS solutions, organizations need an effective way to under…

Secure Configuration Baselines for Network Devices
In a recent blog post, Ted Gary discussed results from a Tenable survey about configuration hardening at the s…

Cybersecurity’s role in U.S. trade agreements, starting with NAFTA
We must modernize our trade agreements to incorporate cybersecurity cooperation, and cooperation with our clos…

Tenable Internship Takeaways: Understanding Different Port Scanning Techniques
As a summer intern for the research and development department at Tenable, I was surprised when my manager gav…

Happy SysAdmin Day 2017
Having a background as a system administrator, I know first-hand many of the challenges you face. As every org…

Sourcefire
Vulnerability Research Team
Threat Round-up for Aug 11 - Aug 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and Augu…

Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms
This post was authored by Dave LiebenbergIn the past few months, Talos has observed an uptick in the number of…

When combining exploits for added effect goes wrong
IntroductionSince public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Off…

WinDBG and JavaScript Analysis
This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to exe…

Microsoft Patch Tuesday - August 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified an…

RHEL
Red Hat Errata
RHBA-2017:2531-1: Red Hat Certification bug fix and enhancement update
Red Hat Enterprise Linux: An updated redhat-certification package that fixes several bugs and adds various en…

RHSA-2017:2530-1: Critical: java-1.6.0-ibm security update
Red Hat Enterprise Linux: An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 6 Supple…

RHBA-2017:2499-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2017:2501-1: acl bug fix update
Red Hat Enterprise Linux: An updated acl package that fixes one bug is now available for Red Hat Enterprise L…

RHBA-2017:2502-1: java-1.8.0-openjdk bug fix update
Red Hat Enterprise Linux: Updated java-1.8.0-openjdk packages that fix one bug are now available for Red Hat…

RHBA-2017:2503-1: samba bug fix update
Red Hat Enterprise Linux: Updated samba packages that fix one bug are now available for Red Hat Enterprise Li…

Microsoft
Security Advisories
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

Malc0de

Malc0de

(You might not want to click on these!)

zubairfazal.com
URL: zubairfazal.com/89yhFA, IP Address: 107.189.3.214, Country: US, ASN: 53667, MD5: 3540ad8e052ff4c735336ec6…

stevecarlile.com
URL: stevecarlile.com/counter/2, IP Address: 50.63.209.1, Country: US, ASN: 26496, MD5: 59d4aa47323fe7c1106f99…

nubodyofdallas.com
URL: nubodyofdallas.com/FwJSgvPKF/index.html, IP Address: 74.124.198.22, Country: US, ASN: 22611, MD5: eab58be…

june12.5gbfree.com
URL: june12.5gbfree.com/fszz/gud.exe, IP Address: 209.90.88.139, Country: US, ASN: 5048, MD5: 1517814c4d44cc63…

imexltd.eu
URL: imexltd.eu/86hHYU6, IP Address: 176.32.230.9, Country: GB, ASN: 20738, MD5: e35c9d795e7fb1db54465ef46d70e…

gmcint.com
URL: gmcint.com/jbfr387, IP Address: 89.255.9.102, Country: NL, ASN: 15703, MD5: ec091d840d8e6e179804cf5a2ea81…

germanshepherdpuppiescalifornia.com
URL: germanshepherdpuppiescalifornia.com/jbfr387, IP Address: 205.251.139.178, Country: US, ASN: 27413, MD5: e…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…


© 2001-2017 Procyon Labs / Randal T. Rioux