PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
ISC Stormcast For Thursday, October 18th 2018 https://isc.sans.edu/podcastdetail.html?id=6216…

ISC Stormcast For Thursday, October 18th 2018 https://isc.sans.edu/podcastdetail.html?id=6216, (Thu, Oct 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence, (Wed, Oct 17th)
Based on Lubuntu-18.04 x64, the RedHunt Linux virtual machine for adversary emulation and threat hunting is a “one stop shop for all your threa…


CVE-2018-10933: libssh 0.8.4 & 0.7.6 security & bugfix release https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/, (Wed, Oct 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Wednesday, October 17th 2018 https://isc.sans.edu/podcastdetail.html?id=6214, (Wed, Oct 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


VMSA-2018-0026 VMware ESXi, Workstation & Fusion updates address out-of-bounds read vulnerability https://www.vmware.com/security/advisories/VMSA-2018-0026.html, (Wed, Oct 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Wireshark Analyzer 2.6.4
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

SD-WAN Harvester 0.99
SD-WAN Harvester is a tool that was created to automatically enumerate and fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine for discovering, NMAP NSE scr…

Tinc Virtual Private Network Daemon 1.0.35
tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling all…

I2P 0.9.37
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

Clam AntiVirus Toolkit 0.100.2
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

Ceaser Cypher Single Byte Payload Encryption
This program takes a payload and does a single offset on the payload (ceaser cypher encryption) and allows you to take the payload and decrypt and execute it in memory to bypa…

Intel ME Manufacturing Mode Detection Tools
Intel ME has a Manufacturing Mode designed to be used exclusively by motherboard manufacturers. This mode provides some additional opportunities that an attacker can take adva…

SQLMAP - Automatic SQL Injection Tool 1.2.10
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it dete…

Aircrack-ng Wireless Network Tools 1.4
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay…


SecurityFocus
General Security Vulnerabilities
Vuln: JQuery CVE-2015-9251 Cross Site Scripting Vulnerability
JQuery CVE-2015-9251 Cross Site Scripting Vulnerability…

Vuln: Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
Apache Batik CVE-2018-8013 Information Disclosure Vulnerability…

Vuln: Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability…

Vuln: Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability
Microsoft SQL Server Management Studio CVE-2018-8527 Information Disclosure Vulnerability…

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update…

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update…

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Oracle Linux 7 : tomcat (ELSA-2018-2921)
Nessus Plugin ID 118161 with Medium Severity Synopsis The remote Oracle Linux host is missing one…

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3173-1)
Nessus Plugin ID 118175 with High Severity Synopsis The remote SUSE host is missing one or more se…

RHEL 6 : kernel (RHSA-2018:2933)
Nessus Plugin ID 118165 with High Severity Synopsis The remote Red Hat host is missing one or more…

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3172-1)
Nessus Plugin ID 118174 with High Severity Synopsis The remote SUSE host is missing one or more se…

Debian DLA-1547-1 : libpdfbox-java security update
Nessus Plugin ID 118157 with High Severity Synopsis The remote Debian host is missing a security u…

Sourcefire
Vulnerability Research Team
Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
These vulnerabilities were discovered by Jared Rittle of Cisco Talos.Cisco Talos is disclosing several vulnera…

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau…

Threat Roundup for October 5 to October 12
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed thi…

GPlayed Trojan - .Net playing with Google Market
This blog post is authored by Vitor Ventura.IntroductionIn a world where everything is always connected, and m…

Microsoft WindowsCodecs.dll SniffAndConvertToWideString Information Leak Vulnerability
These vulnerabilities were discovered by Marcin Noga of Cisco Talos.Today, Cisco Talos is disclosing a vulnera…

RHEL
Red Hat Errata
RHSA-2018:2944-1: Important: rh-nodejs6-nodejs security update
Red Hat Enterprise Linux: An update for rh-nodejs6-nodejs is now available for Red Hat Software Collections.

RHSA-2018:2949-1: Important: rh-nodejs8-nodejs security update
Red Hat Enterprise Linux: An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.

RHBA-2018:2941-1: virtio-win bug fix update
Red Hat Enterprise Linux: An updated virtio-win package that fixes one bug is now available for Red Hat Enter…

RHSA-2018:2942-1: Critical: java-1.8.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7.

RHSA-2018:2943-1: Critical: java-1.8.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6.

RHBA-2018:2922-1: Red Hat Certification bug fix and enhancement update
Red Hat Enterprise Linux: An updated redhat-certification package that fixes several bugs and adds various en…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

sg2i.net
URL: sg2i.net/security/Software.exe, IP Address: 213.186.33.104, Country: FR, ASN: 16276, MD5: a09f90899f5c28b…

checkandswitch.com
URL: checkandswitch.com/afile/7.exe, IP Address: 81.177.140.147, Country: RU, ASN: 8342, MD5: dea9fe894990de82…

checkandswitch.com
URL: checkandswitch.com/afile/7.exe, IP Address: 81.177.140.147, Country: RU, ASN: 8342, MD5: 6468db1571b22b7a…

avast.dongguanmolds.com
URL: avast.dongguanmolds.com/svchost.123, IP Address: 104.28.14.219, Country: US, ASN: 13335, MD5: 6facb50c1f8…

95.181.179.75
URL: 95.181.179.75/2.php, IP Address: 95.181.179.75, Country: RU, ASN: 57311, MD5: dc60735ad158c5d4dce7a104a0b…

95.181.179.75
URL: 95.181.179.75/2.php, IP Address: 95.181.179.75, Country: RU, ASN: 57311, MD5: 1fd5cc1d4e9cd89756af71a2c63…

185.231.155.180
URL: , IP Address: 185.231.155.180, Country: RU, ASN: 48282, MD5: 92f4165fd8feb85d5ae83dfdb1238fed…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV 0.100.2 has been released!
ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities.Fixes for the fol…
SigAnalyzer: Signature analysis with CASC
Executive summaryClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV p…
Want to improve your ClamAV experience? Here are some common mistakes we see with FreshClam
At Cisco Talos, we regularly get questions on how to get the most out of ClamAV. Therefore, we wanted to…
ClamAV Git Work-flow Changes
If you use ClamAV’s Git repository, you may have noticed that we’ve recently changed our Git workflow. It…
ClamAV 0.100.1 has been released!
ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.Fixes for the following CVE's:CVE-2017-16…
ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as always, from the down…
ClamAV Mirror improvements
Community --Over the next several weeks, you are going to see some changes made to our ClamAV mirror infrastru…
Installing ClamAV from source: New Documentation!
Hey everyone,I wanted to point everyone to a git repository, located here.I'm pointing this out because if you…
ClamAV 0.100.0-rc has been posted!
0.100.0-rc (Release Candidate) NotesClamAV 0.100.0 is a feature release (candidate) which includes many code s…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2018 Procyon Labs / Randal T. Rioux