PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
May OUCH! Newsletter: Internet of Things - https://securingthehuman.sans.org/ouch, (Wed, May 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Wednesday, May 4th 2016 http://isc.sans.edu/podcastdetail.html?id=4981, (Wed, May 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Neutrino exploit kit sends Cerber ransomware, (Wed, May 4th)
Introduction Seems like were always finding new ransomware. In early March 2016, BleepingComputer announced a new ransomware named Cerber had appeared near t…

OpenSSL Updates, (Tue, May 3rd)
TheOpenSSLupdates pre-announced last week have dropped. The latest versions are1.0.1t and 1.0.2h. These updates dont come with same level of urgency as some we…

ISC Stormcast For Tuesday, May 3rd 2016 http://isc.sans.edu/podcastdetail.html?id=4979, (Tue, May 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reminder: OpenSSL releases later today!, (Tue, May 3rd)
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center.

Packet Storm
Latest Security Tool Files
Clam AntiVirus Toolkit 0.99.2
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

OpenSSL Toolkit 1.0.2h
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…

Mobile Security Framework MobSF 0.9.2 Beta
Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analys…

Ansvif 1.4.2
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

VBScan Vulnerability Scanner 0.1.6
VBScan is a black box vBulletin vulnerability scanner written in perl.

Packet Fence 6.0.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Packet Fence 6.0.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Logwatch 7.4.3
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make…

Pcapteller 1.1
Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign networ…


SecurityFocus
General Security Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities…

Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Oracle Java SE CVE-2015-4893 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Oracle Java SE CVE-2015-4872 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Oracle Java SE CVE-2015-4842 Remote Security Vulnerability…

Bugtraq: APPLE-SA-2016-05-03-1 Xcode 7.3.1
APPLE-SA-2016-05-03-1 Xcode 7.3.1…

Bugtraq: Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability…

Bugtraq: Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability
Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Cisco Wireless LAN Controller Multiple Vulnerabilities
Synopsis : The remote device is missing vendor-supplied security patches. Description : According to its se…

ImageMagick < 7.0.1-1 / 6.x < 6.9.3-10 Multiple Vulnerabilities (ImageTragick)
Synopsis : The remote Windows host has an application installed that is affected by multiple vulnerabilities.

OpenSSL 1.0.2 < 1.0.2h Multiple Vulnerabilities
Synopsis : The remote service is affected by multiple vulnerabilities. Description : According to its banne…

OpenSSL 1.0.1 < 1.0.1t Multiple Vulnerabilities
Synopsis : The remote service is affected by multiple vulnerabilities. Description : According to its banne…

OpenSSL 1.0.2 < 1.0.2c ASN.1 Encoder Negative Zero Value Handling RCE
Synopsis : The remote service is affected by a remote code execution vulnerability. Description : According…

Sourcefire
Vulnerability Research Team
Angler Catches Victims Using Spam as Bait
This post is authored by Nick Biasini with contributions from Erick Galinkin and Alex McDonnell…

Threat Spotlight: Spin to Win...Malware
This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau.The thre…

Cryptolocker 4 White Paper Available: The Evolution Continues
We are pleased to announce the availability of the Cryptolocker 4 white paper. Over the past year, Talos has d…

Research Spotlight: The Resurgence of Qbot
The post was authored by Ben Baker.Qbot, AKA Qakbot, has been around for since at least 2008, but it recently…

The "Wizzards" of Adware
This post was authored by Warren Mercer with contributions from Matthew MolyettExecutive SummaryTalos posted a…

RHEL
Red Hat Errata
RHBA-2016:0717-1: kdebase-workspace bug fix update
Red Hat Enterprise Linux: Updated kdebase-workspace packages that fix one bug are now available for Red Hat E…

RHBA-2015:1014-1: libtar bug fix update
Red Hat Enterprise Linux: Updated libtar packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2015:1079-1: libkkc bug fix update
Red Hat Enterprise Linux: Updated libkkc packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2015:1116-1: ibus bug fix update
Red Hat Enterprise Linux: Updated ibus packages that fix two bugs are now available for Red Hat Enterprise Li…

RHBA-2015:1131-1: paps bug fix and enhancement update
Red Hat Enterprise Linux: Updated paps packages that fix one bug and add one enhancement are now available fo…

RHBA-2015:1504-1: libmemcached bug fix update
Red Hat Enterprise Linux: Updated libmemcached packages that fix one bug are now available for Red Hat Enterp…

Microsoft
Security Advisories
3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
Revision Note: V1.1 (April 22, 2016): Added FAQs and additional information to clarify that only standalone mo…

3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NE…

2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enabl…

3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing a policy change to…

3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing the availability o…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
stielscohillfamiliebetrekking.4xetf.com (2016/05/04_05:51)
Host: stielscohillfamiliebetrekking.4xetf.com/nijydKT-cGVFTOZ-vZBhFC/KXuI-89932-BXWnGx/, IP address: 207.244.96.10, ASN: 30633, Country: US, Description: Angler EK…

scarecrowsdebriac.acrepairnaplesfl.org (2016/05/04_11:29)
Host: scarecrowsdebriac.acrepairnaplesfl.org/kHpccVGN/038-CyjtObAP-ylcYrVeD-kKQvVKJsX-VAvyP-FVIjpeKl-, IP address: 132.148.6.99, ASN: 26496, Country: US, Description: Angler EK…

endure.smartinspectionsnext.info (2016/05/04_12:00)
Host: endure.smartinspectionsnext.info/gbcci4.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to Angler EK…

www.yourshopsrl.com (2016/05/04_12:26)
Host: www.yourshopsrl.com/, IP address: 212.78.8.37, ASN: 52025, Country: IT, Description: pseudo darkleech on compromised site leads to Angler EK…

taeuschungsmanoevers.xn------pzebafdkv4cgduk0czoesio5gqm.com (2016/05/04_12:26)
Host: taeuschungsmanoevers.xn------pzebafdkv4cgduk0czoesio5gqm.com/NFUmULWGYJ_ej_ZnKfL.aspx, IP address: 162.251.109.139, ASN: 32338, Country: AI, Description: Angler EK…

mz7idv.hk0gasy.top (2016/05/04_12:42)
Host: mz7idv.hk0gasy.top/mo/l/01/, IP address: 89.32.40.186, ASN: 29141, Country: BZ, Description: Angler EK…

ihospital.com.ua (2016/05/04_12:44)
Host: ihospital.com.ua/09u87tgy, IP address: 185.65.246.229, ASN: 200000, Country: UA, Description: Locky ransomware…

opinion.sss1666.com (2016/05/04_12:55)
Host: opinion.sss1666.com/gbcci4.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to Angler EK…

climb.somachi.cl (2016/05/04_13:00)
Host: climb.somachi.cl/gbcci4.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to Angler EK…


© 2001-2015 Procyon Labs / Randal T. Rioux