PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Sextortion Bitcoin on the Move…

Sextortion Bitcoin on the Move, (Fri, Jan 18th)
We&#;x26;#;39;ve gotten a few reports of the latest round of sextortion emails demanding bitcoin in exchange for deleting incriminat…

ISC Stormcast For Friday, January 18th 2019 https://isc.sans.edu/podcastdetail.html?id=6334, (Fri, Jan 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Wednesday, January 16th 2019 https://isc.sans.edu/podcastdetail.html?id=6330, (Wed, Jan 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Emotet infections and follow-up malware, (Wed, Jan 16th)
Introduction …

Oracle Has Published 284 Security Updates in their January Patch Advisory, More here: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html, (Tue, Jan 15th)
-- …

Packet Storm
Latest Security Tool Files
Falco 0.13.1
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

Scapy Packet Manipulation Tool 2.4.2
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively c…

Capstone 4.0.1
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on di…

Hodorsec Linux Binary Encryption Utility
This archive contains a Linux x86/x64 payload AES-128 CBC encrypter and payload decrypter/runner.

Packet Fence 8.3.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Wireshark Analyzer 2.6.6
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

TOR Virtual Network Tunneling Tool 0.3.5.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

UFONet 1.2
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion tech…

Clam AntiVirus Toolkit 0.101.1
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…


SecurityFocus
General Security Vulnerabilities
Vuln: Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities
Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities…

Vuln: NTP CVE-2018-12327 Stack Buffer Overflow Vulnerability
NTP CVE-2018-12327 Stack Buffer Overflow Vulnerability…

Vuln: Linux Kernel 'kernel/events/core.c' Local Denial of Service Vulnerability
Linux Kernel 'kernel/events/core.c' Local Denial of Service Vulnerability…

Vuln: Linux Kernel 'arch/x86/kernel/cpu/mcheck/mce.c' Local Denial of Service Vulnerability
Linux Kernel 'arch/x86/kernel/cpu/mcheck/mce.c' Local Denial of Service Vulnerability…

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update…

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update…

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Fedora 28 : perl-Email-Address (2019-8deebad756)
Nessus Plugin ID 121238 with High Severity Synopsis The remote Fedora host is missing a security u…

Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Jan 2019 CPU)
Nessus Plugin ID 121252 with Medium Severity Synopsis An application running on the remote web ser…

SUSE SLED15 / SLES15 Security Update : soundtouch (SUSE-SU-2019:0112-1)
Nessus Plugin ID 121242 with Medium Severity Synopsis The remote SUSE host is missing one or more…

Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)
Nessus Plugin ID 121251 with High Severity Synopsis An application running on the remote web serve…

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : irssi vulnerability (USN-3862-1)
Nessus Plugin ID 121244 with High Severity Synopsis The remote Ubuntu host is missing a security-r…

Sourcefire
Vulnerability Research Team
Threat Roundup for Jan. 11 to Jan. 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and…

Cisco Talos' new reputation dispute system
We know users have been waiting for this feature for a while, and we are here to say: It’s ready.  Cisc…

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos.IntroductionTP-Link recently…

What we learned by unpacking a recent wave of Imminent RAT infections using AMP
This blog post was authored by Chris MarczewskiCisco Talos has been tracking a series of Imminent RAT infectio…

Beers with Talos EP44: Fun with 2018’s Worst and Talks We Want to Hear
Beers with Talos (BWT) Podcast Ep. #44 is now available. Download this episode and subscribe to Beers with Tal…

RHEL
Red Hat Errata
RHSA-2019:0095-1: Low: Red Hat Enterprise Linux 6.7 EUS Final Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux 6.7 E…

RHBA-2019:0055-1: Red Hat OpenStack Platform 10.0 director bug fix advisory
Red Hat Enterprise Linux: Updated director installer packages that resolve various issues are now available f…

RHBA-2019:0073-1: Red Hat OpenStack Platform 10.0 director images bug fix advisory
Red Hat Enterprise Linux: Updated deployment images are now available for Red Hat OpenStack Platform 10.0 (Ne…

RHBA-2019:0074-1: openstack-nova bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now available fo…

RHBA-2019:0075-1: Red Hat OpenStack Platform 10 bug fix and enhancement advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat OpenStac…

RHBA-2019:0076-1: openstack-heat bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Orchestration packages that resolve various issues are now availa…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

www.brainchildmultimediagroup.com
URL: www.brainchildmultimediagroup.com/Podcast/sserv.jpg, IP Address: 23.254.250.219, Country: US, ASN: 54290,…

toutenvecteur.com
URL: toutenvecteur.com/wp-content/themes/thestory/css/ssj.jpg, IP Address: 87.98.154.146, Country: FR, ASN: 16…

tecnologiaz.com
URL: tecnologiaz.com/wp-content/themes/envo-magazine/fonts/ssj.jpg, IP Address: 107.155.140.75, Country: US, A…

skolastudium.com
URL: skolastudium.com/wp-content/ai1wm-backups/ssj.jpg, IP Address: 104.28.10.163, Country: US, ASN: 13335, MD…

opensoft.space
URL: opensoft.space/wp-includes/ID3/ssj.jpg, IP Address: 195.201.243.232, Country: DE, ASN: 24940, MD5: 8a714a…

jineplast.com.tr
URL: jineplast.com.tr/wp-admin/css/colors/blue/ssj.jpg, IP Address: 94.73.146.142, Country: TR, ASN: 34619, MD…

jineplast.com.tr
URL: jineplast.com.tr/teo.jpg, IP Address: 94.73.146.142, Country: TR, ASN: 34619, MD5: 212ec8667380dbb2b29b24…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV 0.101.1 Patch has been released
ClamAV 0.101.1 is an urgent patch release to address an issue in 0.101.0 specifically for developers that depe…
Libclamav missing headers issue; Upcoming ClamAV 0.101.1 patch
Earlier this month we wrote to the ClamAV users and developers mailing lists to disclose an issue with ClamAV…
ClamAV 0.101.0 has been released!
We are pleased to announce the release of ClamAV 0.101.0!  Please take a look at the below release notes…
The ClamAV 0.101.0 release candidate is here!
The ClamAV 0.101.0 release candidate is here!We have also made significant improvements to our User Manual&nbs…
ClamAV 0.101.0 beta has been posted!
Welcome to the ClamAV 0.101.0 beta!Important notes about this release:Changes to the libclamav API:Those who b…
ClamAV 0.100.2 has been released!
ClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities.Fixes for the fol…
SigAnalyzer: Signature analysis with CASC
Executive summaryClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV p…
Want to improve your ClamAV experience? Here are some common mistakes we see with FreshClam
At Cisco Talos, we regularly get questions on how to get the most out of ClamAV. Therefore, we wanted to…
ClamAV Git Work-flow Changes
If you use ClamAV’s Git repository, you may have noticed that we’ve recently changed our Git workflow. It…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2018 Procyon Labs / Randal T. Rioux