PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
ISC Stormcast For Friday, April 20th 2018 https://isc.sans.edu/podcastdetail.html?id=5963…

ISC Stormcast For Friday, April 20th 2018 https://isc.sans.edu/podcastdetail.html?id=5963, (Fri, Apr 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Malspam pushing ransomware using two layers of password protection to avoid detection, (Fri, Apr 20th)
Introduction …

Back to Basics: Backups and Data Recovery "The Home Office Edition", (Thu, Apr 19th)
Back to Basics: Backups and Data Recovery “The Home Office Edition” …

ISC Stormcast For Thursday, April 19th 2018 https://isc.sans.edu/podcastdetail.html?id=5961, (Thu, Apr 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Webshell looking for interesting files, (Wed, Apr 18th)
Yesterday, I found on Pastebin a bunch of samples of a webshell that integrates an interesting feature: It provides a console mode that you can use to execute c…

Packet Storm
Latest Security Tool Files
Stegano 0.8.5
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Ansvif 1.9.1
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

OpenStego Free Steganography Solution 0.7.3
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algor…

Ansvif 1.9
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Aircrack-ng Wireless Network Tools 1.2
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay…

TestSSL 2.9.5-5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and muc…

XSSer Penetration Testing Tool 1.7-2
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several opti…

Clam AntiVirus Toolkit 0.100.0
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

GNU Privacy Guard 2.2.6
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…


SecurityFocus
General Security Vulnerabilities
Vuln: Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability…

Vuln: FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability
FasterXML Jackson-databind CVE-2017-15095 Incomplete Fix Remote Code Execution Vulnerability…

Vuln: Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability
Multiple Huawei Products CVE-2017-17167 Information Disclosure Vulnerability…

Vuln: FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability…

Bugtraq: Seagate Media Server stored Cross-Site Scripting vulnerability
Seagate Media Server stored Cross-Site Scripting vulnerability…

Bugtraq: [slackware-security] gd (SSA:2018-108-01)
[slackware-security] gd (SSA:2018-108-01)…

Bugtraq: WebKitGTK+ Security Advisory WSA-2018-0003
WebKitGTK+ Security Advisory WSA-2018-0003…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Amazon Linux AMI : exim (ALAS-2018-997)
Nessus Plugin ID 109186 with High Severity Synopsis The remote Amazon Linux AMI host is missing a…

RHEL 6 : java-1.8.0-openjdk (RHSA-2018:1188)
Nessus Plugin ID 109194 with High Severity Synopsis The remote Red Hat host is missing one or more…

Juniper Junos Short MacSec Keys Configuration CKN / CAK Key Extension Brute-force Mitm Spoofing (JSA10854)
Nessus Plugin ID 109215 with Medium Severity Synopsis The remote device is missing a vendor-suppli…

Amazon Linux 2 : curl (ALAS-2018-995)
Nessus Plugin ID 109178 with High Severity Synopsis The remote Amazon Linux 2 host is missing a se…

Juniper Junos Routing Process Daemon (RPD) BGP UPDATE Packet Handling Unspecified Remote DoS (JSA10848)
Nessus Plugin ID 109214 with Medium Severity Synopsis The remote device is missing a vendor-suppli…

Sourcefire
Vulnerability Research Team
Beers with Talos EP27: Smart Install, Vuln Process Realities, and Professional Wrestling
Beers with Talos (BWT) Podcast Episode 27 is now available.  Download this episode and subscribe to Beers…

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader
OverviewTalos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free progr…

Updates for BASS
This blog post was authored by Jonas Zaddach and Mariano Graziano.Cisco Talos has rolled out a series of impro…

Vulnerability Spotlight: Foscam IP Video Camera Firmware Recovery Unsigned Image Vulnerability
This vulnerability was discovered by Claudio Bozzato of Cisco Talos.Executive SummaryThe Foscam C1 Indoor HD C…

Threat Roundup for April 6 - 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 6 and 13. As…

RHEL
Red Hat Errata
RHBA-2018:1178-1: heketi bug fix update
Red Hat Enterprise Linux: Updated heketi packages that fix several bugs are now available for Container-Nativ…

RHEA-2018:1190-1: Red Hat Enterprise MRG Realtime 2.5 enhancement update
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are now a…

RHSA-2018:1188-1: Critical: java-1.8.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.

RHSA-2018:1191-1: Critical: java-1.8.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.

RHSA-2018:1136-1: Important: glusterfs security update
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red Hat Enterprise L…

RHSA-2018:1137-1: Important: glusterfs security update
Red Hat Enterprise Linux: An update for glusterfs is now available for Native Client for Red Hat Enterprise L…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

microratings.tk
URL: microratings.tk/videos, IP Address: 188.165.62.17, Country: FR, ASN: 16276, MD5: cd09cbc5069bdd2137f38265…

erlivia.ltd
URL: erlivia.ltd/adobe.exe, IP Address: 5.199.129.251, Country: DE, ASN: 24961, MD5: 82aa9e8a427a68b553c11638d…

erlivia.ltd
URL: erlivia.ltd/adobe.exe, IP Address: 5.199.129.251, Country: DE, ASN: 24961, MD5: 53c70febe3d3b515081a1565d…

demo.topline.com.sa
URL: demo.topline.com.sa/page/fonts/font.bin, IP Address: 5.9.41.105, Country: DE, ASN: 24940, MD5: a04bd6aead…

bariklo.com
URL: bariklo.com/media/fonts/font.bin, IP Address: 176.9.28.179, Country: DE, ASN: 24940, MD5: a04bd6aeadf4767…

3lionsfactory.ga
URL: 3lionsfactory.ga/out/andre2.exe, IP Address: 164.160.128.121, Country: NG, ASN: 328110, MD5: ab545d0d59fa…

3lionsfactory.ga
URL: 3lionsfactory.ga/out/andre1.exe, IP Address: 164.160.128.121, Country: NG, ASN: 328110, MD5: 9a199ad31bf0…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as always, from the down…
ClamAV Mirror improvements
Community --Over the next several weeks, you are going to see some changes made to our ClamAV mirror infrastru…
Installing ClamAV from source: New Documentation!
Hey everyone,I wanted to point everyone to a git repository, located here.I'm pointing this out because if you…
ClamAV 0.100.0-rc has been posted!
0.100.0-rc (Release Candidate) NotesClamAV 0.100.0 is a feature release (candidate) which includes many code s…
Returning to working form: A Clamsubmit story!
Community -I wanted to inform everyone of the functionality of ClamAV ClamsubmitClamsubmit is a tool that allo…
ClamAV 0.99.4 has been released!
Join us as we welcome ClamAV 0.99.4 to the family!0.99.4 Release Notes0.99.4 is a security patch release, quic…
ClamAV.net has been upgraded
Community --Today we completed a large upgrade to the backend of ClamAV.net.  This upgrade should fix sev…
ClamAV 0.100.0 beta has been released!
ClamAV 0.100.0-beta is the successor to the previous 0.99.3-beta2.  The 0.99.3 patch release on January 2…
Update on the recent "File Descriptors" issue in ClamAV
A signature introduced in daily.cvd version 24256 triggered bug that exists in all current stable releases of…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2017 Procyon Labs / Randal T. Rioux