PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Wide-scale Petya variant ransomware attack noted…

Wide-scale Petya variant ransomware attack noted, (Tue, Jun 27th)
Sent from a reader earlier today:…

A Tale of Two Phishies, (Tue, Jun 27th)
Introduction…

ISC Stormcast For Tuesday, June 27th 2017 https://isc.sans.edu/podcastdetail.html?id=5560, (Tue, Jun 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1), (Mon, Jun 26th)
[This is the first part of a multi-part a guest diary written byDr. Ali Dehghantanha]…

ISC Stormcast For Monday, June 26th 2017 https://isc.sans.edu/podcastdetail.html?id=5558, (Sun, Jun 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
AIEngine 1.8.0
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

DAVOSET 1.3.4
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

MySQL G0ld Brute Forcing Utility
MySQL G0ld is a program that issues brute force attacks against a MySQL Server using a supplied wordlist.

Mobius Forensic Toolkit 0.5.28
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and i…

Nmap Port Scanner 7.50
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassi…

Hashcat Advanced Password Recovery 3.6.0 Source Code
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Hashcat Advanced Password Recovery 3.6.0 Binary Release
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

WPForce 1.0.0
WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin c…

TOR Virtual Network Tunneling Tool 0.3.0.8
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…


SecurityFocus
General Security Vulnerabilities
Vuln: IBM DB2 CVE-2017-1297 Local Buffer Overflow Vulnerability
IBM DB2 CVE-2017-1297 Local Buffer Overflow Vulnerability…

Vuln: Cisco AnyConnect Secure Mobility Client CVE-2017-6638 Local Privilege Escalation Vulnerability
Cisco AnyConnect Secure Mobility Client CVE-2017-6638 Local Privilege Escalation Vulnerability…

Vuln: QEMU 'hw/display/cirrus_vga_rop.h' Multiple Memory Corruption Vulnerabilities
QEMU 'hw/display/cirrus_vga_rop.h' Multiple Memory Corruption Vulnerabilities…

Vuln: Ghostscript CVE-2017-7207 Denial of Service Vulnerability
Ghostscript CVE-2017-7207 Denial of Service Vulnerability…

Bugtraq: [SECURITY] [DSA 3899-1] vlc security update
[SECURITY] [DSA 3899-1] vlc security update…

Bugtraq: [slackware-security] kernel (SSA:2017-177-01)
[slackware-security] kernel (SSA:2017-177-01)…

Bugtraq: [CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
KB4023307: Security Update for the Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Silverlight 5 (June 2017)
Synopsis : A web application framework running on the remote host is affected by multiple remote code executi…

KB4022730: Security update for Adobe Flash Player (June 2017)
Synopsis : The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilitie…

KB4022727: Windows 10 Version 1507 June 2017 Cumulative Update
Synopsis : The remote Windows host is affected by multiple vulnerabilities. Description : The remote Window…

KB4022726: Windows 8.1 and Windows Server 2012 R2 June 2017 Cumulative Update
Synopsis : The remote Windows host is affected by multiple vulnerabilities. Description : The remote Window…

KB4022725: Windows 10 Version 1703 June 2017 Cumulative Update
Synopsis : The remote Windows host is affected by multiple vulnerabilities. Description : The remote Window…

Sourcefire
Vulnerability Research Team
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams.Executive SummaryA m…

Threat Round-up for May 05 - May 12
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 05 and May 12.

Jaff Ransomware: Player 2 Has Entered The Game
This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin GradyS…

Vulnerability Spotlight: Hangul Word Processor Remote Code Execution Vulnerability
Vulnerability discovered by Rich Johnson of Talos.OverviewPublished by Hancom inc. the Hangul Office Suite, of…

Microsoft Patch Tuesday - May 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This m…

RHEL
Red Hat Errata
RHSA-2017:1576-1: Important: mercurial security update
Red Hat Enterprise Linux: An update for mercurial is now available for Red Hat Enterprise Linux 6 and Red Hat…

RHBA-2017:1572-1: Red Hat Certification bug fix and enhancement update
Red Hat Enterprise Linux: An updated redhat-certification package that fixes several bugs and adds various en…

RHSA-2017:1574-1: Moderate: sudo security update
Red Hat Enterprise Linux: An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecyc…

RHBA-2017:1566-1: redhat-virtualization-host security, bug fix, and enhancement update
Red Hat Enterprise Linux: Updated redhat-virtualization-host packages are now available.

RHBA-2017:1568-1: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.11
Red Hat Enterprise Linux: An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents…

RHEA-2017:1564-1: RH-SSO adapters for Red Hat JBoss Enterprise Application Platform 6
Red Hat Enterprise Linux: Red Hat Single Sign-On 7.1.1 adapters are now available for Red Hat JBoss Enterpris…

Microsoft
Security Advisories
4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
Revision Note: V1.1 (May 10, 2017): Advisory revised to include a table of issue CVEs and their descriptions.

4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
Revision Note: V1.0 (May 9, 2017): Advisory published.Summary: Beginning May 9, 2017, Microsoft released updat…

Malc0de

Malc0de

(You might not want to click on these!)

ygnopsi.halfuniform.ru
URL: ygnopsi.halfuniform.ru/Google_Mail_Checker.exe, IP Address: 46.28.67.154, Country: UA, ASN: 15626, MD5: 9…

yanghanaka.tistory.com
URL: yanghanaka.tistory.com/attachment/cfile4.uf@220AE03958D07FDF216479.exe, IP Address: 175.126.170.70, Count…

www.pgware.com
URL: www.pgware.com/downloads/throttle.exe, IP Address: 104.219.55.145, Country: US, ASN: 6364, MD5: 6bb546b4c…

uuu.job391.com
URL: , IP Address: 220.243.230.247, Country: CN, ASN: 54994, MD5: 97ddb2ab5d3ccc8b9e75a6d494493440…

ustraloi.mentalchoke.ru
URL: ustraloi.mentalchoke.ru/Google_Mail_Checker.exe, IP Address: 193.238.152.123, Country: UA, ASN: 15626, MD…

sklep.marme.pl
URL: sklep.marme.pl/d4fa7b4b.exe, IP Address: 89.161.204.243, Country: PL, ASN: 12824, MD5: 7bfc1e7d24107c11b2…

rkinstaller.securestudies.com
URL: rkinstaller.securestudies.com/rk/rkinstaller.exe, IP Address: 205.217.167.8, Country: US, ASN: 3561, MD5:…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…


© 2001-2017 Procyon Labs / Randal T. Rioux