PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
BTC pickpockets are back…

BTC pickpockets are back, (Sat, Jul 21st)
About 8 months after their first visit, my server gets another visit from the Bitcoin pickpockets. …

Weblogic Exploit Code Made Public (CVE-2018-2893), (Fri, Jul 20th)
[UPDATE] We do see first exploit attempts. The exploit attempts to download additional code from %%ip:185.159.128.200%% . We are s…

ISC Stormcast For Friday, July 20th 2018 https://isc.sans.edu/podcastdetail.html?id=6088, (Fri, Jul 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reporting Malicious Websites in 2018, (Thu, Jul 19th)
Back in 2010 I wrote up a quick diary on how to report malicious websites at the end of your incident reponse process (https://isc.sans.edu/forums/diary/How&&#x…

ISC Stormcast For Thursday, July 19th 2018 https://isc.sans.edu/podcastdetail.html?id=6086, (Thu, Jul 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
SSLsplit 0.5.3
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation…

Wireshark Analyzer 2.6.2
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

Suricata IDPE 4.0.5
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

Capstone 3.0.5
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on di…

TOR Virtual Network Tunneling Tool 0.3.3.9
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

GNU Privacy Guard 2.2.9
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

Aircrack-ng Wireless Network Tools 1.3
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay…

Packet Fence 8.1.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

TOR Virtual Network Tunneling Tool 0.3.3.8
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…


SecurityFocus
General Security Vulnerabilities
Vuln: Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability
Cisco SD-WAN Configuration and Management Service CVE-2018-0343 Remote Code Execution Vulnerability…

Vuln: Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability
Oracle MySQL Client CVE-2018-3081 Remote Security Vulnerability…

Vuln: Oracle MySQL Server Multiple Security Vulnerabilities
Oracle MySQL Server Multiple Security Vulnerabilities…

Vuln: Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability
Oracle MySQL Server CVE-2018-3071 Remote Security Vulnerability…

Bugtraq: Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities…

Bugtraq: Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities
Secunia Research: Oracle Outside In Technology Multiple Vulnerabilities…

Bugtraq: Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Oracle Solaris Critical Patch Update : jul2018_SRU11_3_33_5_0
Nessus Plugin ID 111190 with High Severity Synopsis The remote Solaris system is missing a securit…

openSUSE Security Update : perl (openSUSE-2018-750)
Nessus Plugin ID 111198 with High Severity Synopsis The remote openSUSE host is missing a security…

Oracle Database Server Multiple Vulnerabilities (July 2018 CPU)
Nessus Plugin ID 111219 with Critical Severity Synopsis The remote database server is affected by…

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2018-1220)
Nessus Plugin ID 111182 with High Severity Synopsis The remote EulerOS host is missing a security…

Apple iOS < 11.4.1 Multiple Vulnerabilities
Nessus Plugin ID 111218 with High Severity Synopsis The version of Apple iOS running on the mobile…

Sourcefire
Vulnerability Research Team
Threat Roundup for July 13-20
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we've observed this…

Vulnerability Spotlight: Multiple Vulnerabilities in Sony IPELA E Series Camera
Vulnerabilities discovered by Cory Duplantis and Claudio Bozzato of Cisco Talos.OverviewToday, Cisco Talos is…

Vulnerability Spotlight: Multiple Vulnerabilities in ACD Systems Canvas Draw 4
These vulnerabilities were discovered by Tyler Bohan of Cisco TalosToday, Talos is disclosing several vulnerab…

Blocking Cryptocurrency Mining Using Cisco Security Products
Cisco Talos is releasing a whitepaper addressing Cryptocurrency mining and all the ways to block it using Cisc…

Vulnerability Spotlight: Foxit PDF Reader JavaScript Remote Code Execution Vulns
OverviewDiscovered by Aleksandar Nikolic of Cisco Talos.Talos is disclosing a pair of vulnerabilities in Foxit…

RHEL
Red Hat Errata
RHBA-2018:2222-1: glusterfs bug fix update
Red Hat Enterprise Linux: Updated glusterfs packages that fix several bugs are now available for Red Hat Glus…

RHSA-2018:2224-1: Low: Red Hat Enterprise Linux 6.7 Extended Update Support Six-Month Notice
Red Hat Enterprise Linux: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 6…

RHBA-2018:2218-1: firefox bug fix update
Red Hat Enterprise Linux: Updated firefox packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2018:2221-1: Red Hat Certification bug fix and enhancement update
Red Hat Enterprise Linux: An updated redhat-certification package that fixes several bugs and adds various en…

RHBA-2018:2208-1: dracut bug fix update
Red Hat Enterprise Linux: Updated dracut packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2018:2210-1: util-linux bug fix update
Red Hat Enterprise Linux: Updated util-linux packages that fix one bug are now available for Red Hat Enterpri…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

workgrace.com
URL: workgrace.com/FF/FF.exe, IP Address: 193.29.187.213, Country: RO, ASN: 51177, MD5: 8b0bee73412f6b732310c5…

uploadtops.is
URL: uploadtops.is/3/T/K3qBlP9, IP Address: 82.221.105.125, Country: IS, ASN: 50613, MD5: 5b58e05d1bfe0251ff02…

psatafoods.com
URL: psatafoods.com/pawpaw/doc/Purchaseorder.exe, IP Address: 198.54.126.125, Country: US, ASN: 22612, MD5: 30…

oleopene.com
URL: oleopene.com/pavel2.exe, IP Address: 185.213.208.228, Country: UA, ASN: 24875, MD5: 5670145c9afe0bf7c1c92…

newskyinternational.com
URL: newskyinternational.com/server.exe, IP Address: 162.241.225.102, Country: US, ASN: 20013, MD5: 949755b8f6…

faktor.rs
URL: faktor.rs/media/DDR.exe, IP Address: 77.105.36.111, Country: RS, ASN: 9125, MD5: 65ea4df74a0f5d9374603c75…

desjardinscourriel818654.pw
URL: desjardinscourriel818654.pw/TCCTL32.DLL, IP Address: 195.123.225.94, Country: UA, ASN: 59729, MD5: 2c88d9…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV 0.100.1 has been released!
ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.Fixes for the following CVE's:CVE-2017-16…
ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as always, from the down…
ClamAV Mirror improvements
Community --Over the next several weeks, you are going to see some changes made to our ClamAV mirror infrastru…
Installing ClamAV from source: New Documentation!
Hey everyone,I wanted to point everyone to a git repository, located here.I'm pointing this out because if you…
ClamAV 0.100.0-rc has been posted!
0.100.0-rc (Release Candidate) NotesClamAV 0.100.0 is a feature release (candidate) which includes many code s…
Returning to working form: A Clamsubmit story!
Community -I wanted to inform everyone of the functionality of ClamAV ClamsubmitClamsubmit is a tool that allo…
ClamAV 0.99.4 has been released!
Join us as we welcome ClamAV 0.99.4 to the family!0.99.4 Release Notes0.99.4 is a security patch release, quic…
ClamAV.net has been upgraded
Community --Today we completed a large upgrade to the backend of ClamAV.net.  This upgrade should fix sev…
ClamAV 0.100.0 beta has been released!
ClamAV 0.100.0-beta is the successor to the previous 0.99.3-beta2.  The 0.99.3 patch release on January 2…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2017 Procyon Labs / Randal T. Rioux