PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
ISC Stormcast For Wednesday, May 24th 2017 https://isc.sans.edu/podcastdetail.html?id=5514…

ISC Stormcast For Wednesday, May 24th 2017 https://isc.sans.edu/podcastdetail.html?id=5514, (Wed, May 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Jaff ransomware gets a makeover, (Wed, May 24th)
Introduction Since 2017-05-11, a new ransomware named Jaff has been distributed through malicious spam (malspam) from the Necurs botnet. This malspam uses PD…

What did we Learn from WannaCry? - Oh Wait, We Already Knew That!, (Tue, May 23rd)
In the aftermath of last weeks excitement over the WannaCry malware, Ive had a lot of lessons learned meetings with clients. The results are exactly what youd e…

ISC Stormcast For Tuesday, May 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5512, (Tue, May 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Investigating Sites After They are Gone; And a Case of Uber Phishing With SSL, (Mon, May 22nd)
A reader sent us an interesting find of a phishing site that is going after Uber credentials. Uber credentials are often stolen and resold to obtain free rides.

Packet Storm
Latest Security Tool Files
DAVOSET 1.3.3
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Nixauditor CIS Script 1.1
Nixauditor is a script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines.

Mosca Analysis Tool 0.08
Mosca is a tool that checks code for poor security practices akin to using grep against it for static analysis.

AntiRansom 3.02
AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.

Stegano 0.8.1
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Falco 0.6.1
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

Payload Mask 0.2
Payload Mask is a payload editor that can mutate an initial dataset.

TOR Virtual Network Tunneling Tool 0.3.0.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Stegano 0.8
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…


SecurityFocus
General Security Vulnerabilities
Vuln: SAP HANA Multiple Security Vulnerabilities
SAP HANA Multiple Security Vulnerabilities…

Vuln: Rpcbind CVE-2017-8779 Remote Denial of Service Vulnerability
Rpcbind CVE-2017-8779 Remote Denial of Service Vulnerability…

Vuln: SAP Netweaver Visual Composer XML External Entity Information Disclosure Vulnerability
SAP Netweaver Visual Composer XML External Entity Information Disclosure Vulnerability…

Vuln: OneThird CMS CVE-2017-2124 Cross Site Scripting Vulnerability
OneThird CMS CVE-2017-2124 Cross Site Scripting Vulnerability…

Bugtraq: Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities
Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities…

Bugtraq: HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)
HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)…

Bugtraq: CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Artifex Ghostscript Installed
Synopsis : An interpreter for PostScript and PDF is installed on the remote host. Description : Artifex Gho…

macOS : Apple Safari < 10.1.1 Multiple Vulnerabilities
Synopsis : A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabiliti…

SUSE SLED12 / SLES12 Security Update : libplist (SUSE-SU-2017:1368-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for libp…

SUSE SLED12 / SLES12 Security Update : libsndfile (SUSE-SU-2017:1367-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for libs…

SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for libx…

Sourcefire
Vulnerability Research Team
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams.Executive SummaryA m…

Threat Round-up for May 05 - May 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 05 and May 12.

Jaff Ransomware: Player 2 Has Entered The Game
This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin GradyS…

Vulnerability Spotlight: Hangul Word Processor Remote Code Execution Vulnerability
Vulnerability discovered by Rich Johnson of Talos.OverviewPublished by Hancom inc. the Hangul Office Suite, of…

Microsoft Patch Tuesday - May 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This m…

RHEL
Red Hat Errata
RHSA-2017:1267-1: Important: rpcbind security update
Red Hat Enterprise Linux: An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Pro…

RHSA-2017:1268-1: Important: libtirpc security update
Red Hat Enterprise Linux: An update for libtirpc is now available for Red Hat Enterprise Linux 6. Red Hat Pr…

RHSA-2017:1262-1: Important: rpcbind security update
Red Hat Enterprise Linux: An update for rpcbind is now available for Red Hat Enterprise Linux 7. Red Hat Pro…

RHSA-2017:1263-1: Important: libtirpc security update
Red Hat Enterprise Linux: An update for libtirpc is now available for Red Hat Enterprise Linux 7. Red Hat Pr…

RHSA-2017:1264-1: Important: kdelibs security update
Red Hat Enterprise Linux: An update for kdelibs is now available for Red Hat Enterprise Linux 7. Red Hat Pro…

RHSA-2017:1265-1: Moderate: samba security and bug fix update
Red Hat Enterprise Linux: An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Produ…

Microsoft
Security Advisories
4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions.

4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Beginning May 9, 2017, Microsoft released updat…

3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (March 14, 2017): Advisory rereleased to announce that the changes described in this advis…

4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
Revision Note: V1.0 (January 27, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

Malc0de

Malc0de

(You might not want to click on these!)

down12.xiazaidc.com
URL: , IP Address: 120.55.114.132, Country: CN, ASN: 37963, MD5: 2a65f85d09f36402fbd91484a9a4adac…

d1.97you.net
URL: , IP Address: 219.144.69.103, Country: CN, ASN: 134768, MD5: e6cf7a3c987ada0625981f2a654f5106…

cendereci.com
URL: cendereci.com/dasphdasodasopjdaspjdasdasa.png, IP Address: 85.159.66.172, Country: TR, ASN: 34619, MD5: 2…

c.img001.com
URL: c.img001.com/re58/guagua_23103510024.exe, IP Address: 183.136.232.10, Country: CN, ASN: 4134, MD5: f1db40…

c.img001.com
URL: c.img001.com/re58/kele_20090197397.exe, IP Address: 183.136.232.10, Country: CN, ASN: 4134, MD5: bde29dee…

c.img001.com
URL: c.img001.com/re58/pingguo_21561000328.exe, IP Address: 183.136.232.10, Country: CN, ASN: 4134, MD5: b3aa7…

c.img001.com
URL: c.img001.com/re58/girlshow_20300025849.exe, IP Address: 183.136.232.10, Country: CN, ASN: 4134, MD5: 31d5…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…

up.mykings.pw:8888 (2017/03/06_21:09)
Host: up.mykings.pw:8888/update.txt, IP address: 60.250.76.52, ASN: 3462, Country: TW, Description: related to a Mirai windows spreader trojan…


© 2001-2016 Procyon Labs / Randal T. Rioux