PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Suspicious DNS Requests ... Issued by a Firewall…

Suspicious DNS Requests ... Issued by a Firewall, (Sat, Sep 22nd)
An anonymous reader contacted us because he noticed DNS requests for malicious domains originating from his Windows machine, even before he opened a browser.&#x…

The danger of sending information for API consumption without adequate security measures, (Sat, Sep 22nd)
Migrating an on-premise application to the cloud can bring numerous business advantages to companies, among which we have fast deployment times and reusability…

Pre-Pwned AMI Images in Amazon's AWS public instance store, (Fri, Sep 21st)
I keep getting reports about AMI images in Amazon&#;x26;#;39;s AWS, which come "pre-pwned." These images typically include for the m…

ISC Stormcast For Friday, September 21st 2018 https://isc.sans.edu/podcastdetail.html?id=6178, (Fri, Sep 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Hunting for Suspicious Processes with OSSEC, (Thu, Sep 20th)
Here is a quick example of how OSSEC[1] can be helpful to perform threat hunting. OSSEC is a free security monitoring tool/log management platform wh…

Packet Storm
Latest Security Tool Files
Faraday 3.1
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

Falco 0.12.1
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

VBScan Vulnerability Scanner 0.1.8
VBScan is a black box vBulletin vulnerability scanner written in perl.

DAVOSET 1.3.6
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

OpenSSL Toolkit 1.1.1
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…

TOR Virtual Network Tunneling Tool 0.3.4.8
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Samhain File Integrity Checker 4.3.0
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can…

TestSSL 2.9.5-7
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and muc…

SQLMAP - Automatic SQL Injection Tool 1.2.9
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it dete…


SecurityFocus
General Security Vulnerabilities
Vuln: Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability
Cisco IOS XE Software CVE-2018-0150 Default Credentials Security Bypass Vulnerability…

Vuln: Ghostscript Multiple Security Bypass Vulnerabilities
Ghostscript Multiple Security Bypass Vulnerabilities…

Vuln: Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability
Multiple Bluetooth Drivers CVE-2018-5383 Security Bypass Vulnerability…

Vuln: Microsoft Windows JET Database Engine Remote Code Execution Vulnerability
Microsoft Windows JET Database Engine Remote Code Execution Vulnerability…

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update…

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update…

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
RHEL 7 : spice and spice-gtk (RHSA-2018:2731)
Nessus Plugin ID 117625 with High Severity Synopsis The remote Red Hat host is missing one or more…

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)
Nessus Plugin ID 117629 with High Severity Synopsis The remote SUSE host is missing one or more se…

Photon OS 2.0: Curl PHSA-2018-2.0-0096
Nessus Plugin ID 117638 with High Severity Synopsis The remote PhotonOS host is missing multiple s…

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : lcms2 vulnerabilities (USN-3770-1)
Nessus Plugin ID 117631 with Medium Severity Synopsis The remote Ubuntu host is missing one or mor…

Photon OS 1.0: Curl PHSA-2018-1.0-0186
Nessus Plugin ID 117637 with High Severity Synopsis The remote PhotonOS host is missing multiple s…

Sourcefire
Vulnerability Research Team
Threat Roundup for September 14 to September 21
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed thi…

Cyber Threat Alliance Releases Cryptomining Whitepaper
This post is authored by Ashlee Benge.Despite the recent devaluation of some cryptocurrencies, illicit cryptoc…

Beers with Talos EP 37: Snort 3 Beta Uses Multithreading. It’s Super Effective!
Beers with Talos (BWT) Podcast Ep. #37 is now available. Download this episode and subscribe to Beers with Tal…

Threat Roundup for September 7 to September 14
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed thi…

SigAnalyzer: Signature analysis with CASC
Executive summaryClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV p…

RHEL
Red Hat Errata
RHSA-2018:2607-2: Important: Red Hat Gluster Storage security, bug fix, and enhancement update
Red Hat Enterprise Linux: Updated glusterfs packages that fix multiple security issues and bugs, and add vari…

RHBA-2018:2734-1: openvswitch-selinux-extra-policy bug fix update
Red Hat Enterprise Linux: An updated openvswitch-selinux-extra-policy package that fixes one bug is now avail…

RHSA-2018:2731-1: Important: spice and spice-gtk security update
Red Hat Enterprise Linux: An update for spice and spice-gtk is now available for Red Hat Enterprise Linux 7.

RHSA-2018:2732-1: Important: spice-gtk and spice-server security update
Red Hat Enterprise Linux: An update for spice-gtk and spice-server is now available for Red Hat Enterprise Li…

RHEA-2018:2723-1: rh-git29 enhancement update
Red Hat Enterprise Linux: Updated rh-git29 packages are now available for Red Hat Software Collections.

RHBA-2018:2670-1: Red Hat OpenStack Platform 10.0 director Bug Fix Advisory
Red Hat Enterprise Linux: Updated director installer packages that resolve various issues are now available f…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

watchdogdns.duckdns.org
URL: watchdogdns.duckdns.org/mrd.exe, IP Address: 23.249.161.109, Country: US, ASN: 36352, MD5: 0035e101d7fbf2…

aurrealisgroup.com
URL: aurrealisgroup.com/filzillaa/Payee1.exe, IP Address: 111.90.144.63, Country: MY, ASN: 45839, MD5: ef604f7…

aurrealisgroup.com
URL: aurrealisgroup.com/Purchas/Purchas.exe, IP Address: 111.90.144.63, Country: MY, ASN: 45839, MD5: d99a012b…

aurrealisgroup.com
URL: aurrealisgroup.com/force/Ner.exe, IP Address: 111.90.144.63, Country: MY, ASN: 45839, MD5: d1148a6f80f702…

aurrealisgroup.com
URL: aurrealisgroup.com/Luck/Invoicee.exe, IP Address: 111.90.144.63, Country: MY, ASN: 45839, MD5: cd3eedba62…

aurrealisgroup.com
URL: aurrealisgroup.com/Karma/Wisxxy.exe, IP Address: 111.90.144.63, Country: MY, ASN: 45839, MD5: a6d11beedd3…

aurrealisgroup.com
URL: aurrealisgroup.com/pdf file/suppl/nwaboi.exe, IP Address: 111.90.144.63, Country: MY, ASN: 45839, MD5: 6f…

ClamAV
Top 10 ClamAV Official Signatures
SigAnalyzer: Signature analysis with CASC
Executive summaryClamAV Signature Creator (CASC) is an IDA Pro plugin that assists in the creation of ClamAV p…
Want to improve your ClamAV experience? Here are some common mistakes we see with FreshClam
At Cisco Talos, we regularly get questions on how to get the most out of ClamAV. Therefore, we wanted to…
ClamAV Git Work-flow Changes
If you use ClamAV’s Git repository, you may have noticed that we’ve recently changed our Git workflow. It…
ClamAV 0.100.1 has been released!
ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.Fixes for the following CVE's:CVE-2017-16…
ClamAV 0.100.0 has been released!
Join us as we welcome ClamAV 0.100.0 to the family officially.  You can grab it, as always, from the down…
ClamAV Mirror improvements
Community --Over the next several weeks, you are going to see some changes made to our ClamAV mirror infrastru…
Installing ClamAV from source: New Documentation!
Hey everyone,I wanted to point everyone to a git repository, located here.I'm pointing this out because if you…
ClamAV 0.100.0-rc has been posted!
0.100.0-rc (Release Candidate) NotesClamAV 0.100.0 is a feature release (candidate) which includes many code s…
Returning to working form: A Clamsubmit story!
Community -I wanted to inform everyone of the functionality of ClamAV ClamsubmitClamsubmit is a tool that allo…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2018 Procyon Labs / Randal T. Rioux