PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Comment your Packet Captures!…

Comment your Packet Captures!, (Thu, Jan 18th)
When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “bestâ…

ISC Stormcast For Thursday, January 18th 2018 https://isc.sans.edu/podcastdetail.html?id=5831, (Thu, Jan 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reviewing the spam filters: Malspam pushing Gozi-ISFB, (Wed, Jan 17th)
Introduction …

ISC Stormcast For Wednesday, January 17th 2018 https://isc.sans.edu/podcastdetail.html?id=5829, (Wed, Jan 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Are you watching for brute force attacks on IPv6?, (Tue, Jan 9th)
For a number of years, I&#;x26;#;39;ve had a personal blog that for the last 2 or 3 years has been pretty much dormant. A few years…

Packet Storm
Latest Security Tool Files
SSLsplit 0.5.1
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation…

cryptmount Filesystem Manager 5.2.3
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand…

Lynis Auditing Tool 2.5.9
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Wireshark Analyzer 2.4.4
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

TOR Virtual Network Tunneling Tool 0.3.2.9
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

THC-IPv6 Attack Tool 3.4
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Wapiti Web Application Vulnerability Scanner 3.0.0
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulne…

GNU Privacy Guard 2.2.4
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

Lynis Auditing Tool 2.5.8
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…


SecurityFocus
General Security Vulnerabilities
Vuln: Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability
Multiple Oracle Products CVE-2016-0635 Remote Security Vulnerability…

Vuln: Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability
Bouncy Castle CVE-2015-7940 Information Disclosure Vulnerability…

Vuln: OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities
OpenSSL CVE-2016-2179 Multiple Denial of Service Vulnerabilities…

Vuln: OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
OpenSSL CVE-2017-3732 Information Disclosure Vulnerability…

Bugtraq: [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation…

Bugtraq: [security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities…

Bugtraq: [security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Informatio…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : bind9 vulnerability (USN-3535-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : eglibc, glibc vulnerabilities (USN-3534-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

SUSE SLED12 / SLES12 Security Update : perl-XML-LibXML (SUSE-SU-2018:0123-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for perl…

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0122-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for curl…

SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0120-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for ncur…

Sourcefire
Vulnerability Research Team
Beers with Talos EP20: Crypto, Vuln Disco, and the Spectre Meltdown
Beers with Talos (BWT) Podcast Episode 20 is now available.  Download this episode and subscribe to Beers…

The Many Tentacles of the Necurs Botnet
This post was written by Jaeson Schultz.IntroductionOver the past five years the Necurs botnet has established…

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerability
OverviewTalos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysv…

Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified
Technology has evolved in incredible ways that has helped people to create and visualize media like never befo…

Korea In The Crosshairs
This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An.A…

RHEL
Red Hat Errata
RHBA-2018:0096-1: rh-python36 bug fix update
Red Hat Enterprise Linux: Updated rh-python36 packages that fix one bug are now available for Red Hat Softwar…

RHBA-2018:0097-1: Bug Fix for Red Hat JBoss Enterprise Application Platform 6.4.18 packages
Red Hat Enterprise Linux: Updated Red Hat JBoss Enterprise Application Platform 6.4.18 packages that fix a bu…

RHSA-2018:0095-1: Important: java-1.8.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 an…

RHSA-2018:0092-1: Important: Red Hat CloudForms 4.0 security update
Red Hat Enterprise Linux: An update is now available for Red Hat CloudForms 4.0. Red Hat Product Security ha…

RHSA-2018:0093-1: Important: microcode_ctl security update
Red Hat Enterprise Linux: An update for microcode_ctl is now available for Red Hat Enterprise Linux 6, Red Ha…

RHSA-2018:0094-1: Important: linux-firmware security update
Red Hat Enterprise Linux: An update for linux-firmware is now available for Red Hat Enterprise Linux 7, Red H…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

www.wehrmachtluftwaffe3213.ru
URL: www.wehrmachtluftwaffe3213.ru/fia2.exe, IP Address: 178.250.241.22, Country: RU, ASN: 43362, MD5: fabf28c…

www.wehrmachtluftwaffe3213.ru
URL: www.wehrmachtluftwaffe3213.ru/windowsexplorer.exe, IP Address: 178.250.241.22, Country: RU, ASN: 43362, M…

www.wehrmachtluftwaffe3213.ru
URL: www.wehrmachtluftwaffe3213.ru/ybh.exe, IP Address: 178.250.241.22, Country: RU, ASN: 43362, MD5: 3bc3094b…

www.pizzadenis.fr
URL: www.pizzadenis.fr/4.exe, IP Address: 176.31.240.83, Country: FR, ASN: 16276, MD5: 12ee889f3a4da0ad4431f67…

ow.ly
URL: ow.ly/32nP30h187Z, IP Address: 54.67.62.204, Country: US, ASN: 16509, MD5: 6c29b80a61ff5ca7f5d8db8b002e96…

lesfaverelles.com
URL: lesfaverelles.com/images/novo1212.exe, IP Address: 62.210.16.62, Country: FR, ASN: 12876, MD5: f30b903b8e…

lesfaverelles.com
URL: lesfaverelles.com/images/CHKDSK0.exe, IP Address: 62.210.16.62, Country: FR, ASN: 12876, MD5: c460a4e1207…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV List Server Upgrade
Tomorrow (10/Jan/2018) at 9:00 EST, we will be upgrading the ClamAV Mailman list hosting server.This will resu…
ClamAV 0.99.3 beta2 has been released!
Welcome to ClamAV 0.99.3's beta2 release. In this release, we have included many codesubmissions from the Clam…
Mirror Sync Outage for ClamAV AV updates
ClamAV Community --ClamAV is currently experiencing an issue with one of our sync servers that provides update…
ClamAV introduction and survey reminder!
Hello everyone! My name is Tom McCourt, a newer member to ClamAV on Joel Esler’s team here at Cisco. I hope…
ClamAV Customer Feedback Survey
As we are ramping up the feature planning on the next version of ClamAV, and with the recent turmoil that we'v…
CVD Download issues for August 23, 2017
This morning, we became aware of an issue with our ClamAV mirror infrastructure that was causing some freshcla…
ClamAV 0.99.3 beta has been released!
Join us as we welcome ClamAV 0.99.3 beta for testing!  Be sure and grab the beta release on our official&…
BASS Automated Signature Synthesizer
ClamAV Users --Please take a look at the newest OpenSource project from Cisco Talos, entirely released towards…
ClamAV Main.cvd and Main-cdiff.cvd have been published!
As promised, we were able to ship a new Main.cvd and the cdiff for the main.cvd a few minutes ago.It should ha…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2017 Procyon Labs / Randal T. Rioux