PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Malicious .iso Attachments…

Malicious .iso Attachments, (Fri, Jul 21st)
We width:1067px" />…

ISC Stormcast For Friday, July 21st 2017 https://isc.sans.edu/podcastdetail.html?id=5592, (Fri, Jul 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Thursday, July 20th 2017 https://isc.sans.edu/podcastdetail.html?id=5590, (Thu, Jul 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Bots Searching for Keys & Config Files, (Wed, Jul 19th)
If youdont know our 404project[1], I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like…

ISC Stormcast For Wednesday, July 19th 2017 https://isc.sans.edu/podcastdetail.html?id=5588, (Wed, Jul 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Wireshark Analyzer 2.2.8
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

UFONet 0.9
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion tech…

Blue Team Training Toolkit (BT3) 2.3
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and…

Suricata IDPE 3.2.3
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

Packet Fence 7.2.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Lynis Auditing Tool 2.5.2
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

CRLF Injector
This is a python script for testing CRLF injecting issues.

Mobius Forensic Toolkit 0.5.29
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and i…

Samhain File Integrity Checker 4.2.2
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can…


SecurityFocus
General Security Vulnerabilities
Vuln: Mozilla Firefox CVE-2017-5472 Use After Free Denial of Service Vulnerability
Mozilla Firefox CVE-2017-5472 Use After Free Denial of Service Vulnerability…

Vuln: Mozilla Firefox CVE-2017-5470 Multiple Unspecified Memory Corruption Vulnerabilities
Mozilla Firefox CVE-2017-5470 Multiple Unspecified Memory Corruption Vulnerabilities…

Vuln: Irssi CVE-2017-9469 Denial of Service Vulnerability
Irssi CVE-2017-9469 Denial of Service Vulnerability…

Vuln: ICU CVE-2016-6293 Out of Bounds Read Denial of Service Vulnerability
ICU CVE-2016-6293 Out of Bounds Read Denial of Service Vulnerability…

Bugtraq: [security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS)
[security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Loc…

Bugtraq: File Upload in Integration Gateway (PSIGW)
File Upload in Integration Gateway (PSIGW)…

Bugtraq: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Directory Traversal vulnerability in Integration Gateway (PSIGW)…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
KB4023307: Security Update for the Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Silverlight 5 (June 2017)
Synopsis : A web application framework running on the remote host is affected by multiple remote code executi…

KB4022730: Security update for Adobe Flash Player (June 2017)
Synopsis : The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilitie…

KB4022727: Windows 10 Version 1507 June 2017 Cumulative Update
Synopsis : The remote Windows host is affected by multiple vulnerabilities. Description : The remote Window…

KB4022726: Windows 8.1 and Windows Server 2012 R2 June 2017 Cumulative Update
Synopsis : The remote Windows host is affected by multiple vulnerabilities. Description : The remote Window…

KB4022725: Windows 10 Version 1703 June 2017 Cumulative Update
Synopsis : The remote Windows host is affected by multiple vulnerabilities. Description : The remote Window…

Sourcefire
Vulnerability Research Team
Threat Round-up for July 14 - July 21
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 14 and July 2…

Memcached - A Story of Failed Patching & Vulnerable Servers
This blog authored by Aleksandar Nikolich and David Maynor with contributions from Nick BiasiniMemcached - Not…

Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8
Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is…

Vulnerabilities in ProcessMaker, WebFOCUS, and OpenFire Identified and Patched
Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software…

Unravelling .NET with the Help of WinDBG
This blog was authored by Paul Rascagneres and Warren Mercer.Introduction.NET is an increasingly important com…

RHEL
Red Hat Errata
RHEA-2017:1788-1: Updated openshift-heat-templates package for OSP 10 and OCP 3.4
Red Hat Enterprise Linux: A new openshift-heat-templates package is now available for Red Hat Openstack Platf…

RHSA-2017:1789-1: Critical: java-1.8.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 an…

RHSA-2017:1790-1: Critical: java-1.8.0-oracle security update
Red Hat Enterprise Linux: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterp…

RHSA-2017:1791-1: Critical: java-1.7.0-oracle security update
Red Hat Enterprise Linux: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterp…

RHSA-2017:1792-1: Critical: java-1.6.0-sun security update
Red Hat Enterprise Linux: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterpris…

RHSA-2017:1793-1: Important: graphite2 security update
Red Hat Enterprise Linux: An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat P…

Microsoft
Security Advisories
4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
Revision Note: V1.0 (June 23, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

Malc0de

Malc0de

(You might not want to click on these!)

xxxx.nsupdate.info
URL: xxxx.nsupdate.info/1500/s500.exe, IP Address: 94.152.58.232, Country: PL, ASN: 29522, MD5: 11fd85b0d430b1…

www.proleite.com.pt
URL: www.proleite.com.pt/counter/index.html?2, IP Address: 213.58.195.45, Country: PT, ASN: 9186, MD5: ed3421f…

laurel.net.au
URL: laurel.net.au/counter/index.html?2, IP Address: 165.228.203.181, Country: AU, ASN: 1221, MD5: ed3421ff737…

kominki.szczecin.pl
URL: kominki.szczecin.pl/counter/index.html?2, IP Address: 93.157.100.53, Country: PL, ASN: 44514, MD5: ed3421…

gimn5.by.
URL: gimn5.by./counter/index.html?2, IP Address: 178.124.148.47, Country: BY, ASN: 6697, MD5: ed3421ff73709830…

fundacio.basquetcatala.cat
URL: fundacio.basquetcatala.cat/counter/index.html?2, IP Address: 217.150.210.152, Country: ES, ASN: 33932, MD…

eswindows.f3322.net
URL: eswindows.f3322.net/tt.exe, IP Address: 107.182.21.243, Country: US, ASN: 46664, MD5: 5a40d98a6af1e15b412…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…


© 2001-2017 Procyon Labs / Randal T. Rioux