PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
An RTF phish…

An RTF phish, (Sat, Jan 20th)
I received another RTF file (with .doc extension) via email. Let&#;x26;#;39;s take a look with rtfdump: …

Followup to IPv6 brute force and IPv6 blocking, (Fri, Jan 19th)
My diary earlier this week led to some good discussion in the comments and on twitter. I want to, first off, apologize for not responding as much or as quickly…

ISC Stormcast For Friday, January 19th 2018 https://isc.sans.edu/podcastdetail.html?id=5833, (Fri, Jan 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Comment your Packet Captures!, (Thu, Jan 18th)
When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “bestâ…

ISC Stormcast For Thursday, January 18th 2018 https://isc.sans.edu/podcastdetail.html?id=5831, (Thu, Jan 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Chameleon Mini Smartcard Emulator Iceman Fork 1.0
This is the first version of a mostly working firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same f…

cryptmount Filesystem Manager 5.2.4
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand…

Lynis Auditing Tool 2.6.0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Falco 0.9.0
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

SSLsplit 0.5.1
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation…

cryptmount Filesystem Manager 5.2.3
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand…

Lynis Auditing Tool 2.5.9
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Wireshark Analyzer 2.4.4
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

TOR Virtual Network Tunneling Tool 0.3.2.9
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…


SecurityFocus
General Security Vulnerabilities
Vuln: WordPress MediaElement Cross Site Scripting Vulnerability
WordPress MediaElement Cross Site Scripting Vulnerability…

Vuln: Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability…

Vuln: Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability…

Vuln: Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability
Microsoft Office for MAC CVE-2018-0819 Spoofing Vulnerability…

Bugtraq: [SECURITY] [DSA 4092-1] awstats security update
[SECURITY] [DSA 4092-1] awstats security update…

Bugtraq: [security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation…

Bugtraq: [security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
DHCP server Detection (Linux)
Synopsis : A DHCP server is installed on the remote host. Description : A DHCP server is installed on the r…

ISC DHCP 4.1.0 to 4.1-ESV-R15 / 4.2.0 to 4.2.8 / 4.3.0 to 4.3.6 DoS vulnerability
Synopsis : The DHCP server installed on the remote Linux host is affected by a denial of service vulnerabilit…

Oracle Primavera Unifier Platform Component Unspecified Remote Issue (January 2018 CPU)
Synopsis : An application running on the remote web server is affected by an unspecified remote issue in the…

ISC BIND 9 < 9.9.11-P1 / 9.9.11-S2 / 9.10.6-P1 / 9.10.6-S2 / 9.11.2-P1 / 9.12.0rc2 Multiple Vulnerabilities
Synopsis : The remote name server is affected by multiple vulnerabilities. Description : According to its s…

Oracle Secure Global Desktop Multiple Vulnerabilities (January 2018 CPU)
Synopsis : An application installed on the remote host is affected by multiple vulnerabilities. Description…

Sourcefire
Vulnerability Research Team
Beers with Talos EP20: Crypto, Vuln Disco, and the Spectre Meltdown
Beers with Talos (BWT) Podcast Episode 20 is now available.  Download this episode and subscribe to Beers…

The Many Tentacles of the Necurs Botnet
This post was written by Jaeson Schultz.IntroductionOver the past five years the Necurs botnet has established…

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerability
OverviewTalos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysv…

Vulnerability Spotlight: Multiple Unpatched Vulnerabilities in Blender Identified
Technology has evolved in incredible ways that has helped people to create and visualize media like never befo…

Korea In The Crosshairs
This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An.A…

RHEL
Red Hat Errata
RHBA-2018:0096-1: rh-python36 bug fix update
Red Hat Enterprise Linux: Updated rh-python36 packages that fix one bug are now available for Red Hat Softwar…

RHBA-2018:0097-1: Bug Fix for Red Hat JBoss Enterprise Application Platform 6.4.18 packages
Red Hat Enterprise Linux: Updated Red Hat JBoss Enterprise Application Platform 6.4.18 packages that fix a bu…

RHSA-2018:0095-1: Important: java-1.8.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 an…

RHSA-2018:0092-1: Important: Red Hat CloudForms 4.0 security update
Red Hat Enterprise Linux: An update is now available for Red Hat CloudForms 4.0. Red Hat Product Security ha…

RHSA-2018:0093-1: Important: microcode_ctl security update
Red Hat Enterprise Linux: An update for microcode_ctl is now available for Red Hat Enterprise Linux 6, Red Ha…

RHSA-2018:0094-1: Important: linux-firmware security update
Red Hat Enterprise Linux: An update for linux-firmware is now available for Red Hat Enterprise Linux 7, Red H…

Microsoft
Security Advisories
4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0
Revision Note: V3.0 (January 9, 2018): Microsoft has released an update for all supported editions of Microsof…

4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0
Revision Note: V1.0 (December 12, 2017): Advisory published.Summary: Microsoft is releasing this security advi…

4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

Malc0de

Malc0de

(You might not want to click on these!)

www.wehrmachtluftwaffe3213.ru
URL: www.wehrmachtluftwaffe3213.ru/fia2.exe, IP Address: 178.250.241.22, Country: RU, ASN: 43362, MD5: fabf28c…

www.wehrmachtluftwaffe3213.ru
URL: www.wehrmachtluftwaffe3213.ru/windowsexplorer.exe, IP Address: 178.250.241.22, Country: RU, ASN: 43362, M…

www.wehrmachtluftwaffe3213.ru
URL: www.wehrmachtluftwaffe3213.ru/ybh.exe, IP Address: 178.250.241.22, Country: RU, ASN: 43362, MD5: 3bc3094b…

www.pizzadenis.fr
URL: www.pizzadenis.fr/4.exe, IP Address: 176.31.240.83, Country: FR, ASN: 16276, MD5: 12ee889f3a4da0ad4431f67…

verdantcocktails.co.uk
URL: verdantcocktails.co.uk/kjhy876g, IP Address: 75.119.200.80, Country: US, ASN: 26347, MD5: fd19d54287d984c…

takagari.com
URL: takagari.com/kjhy876g, IP Address: 69.163.163.39, Country: US, ASN: 26347, MD5: fd19d54287d984c899908a7c3…

ow.ly
URL: ow.ly/32nP30h187Z, IP Address: 54.183.131.91, Country: US, ASN: 16509, MD5: 6c29b80a61ff5ca7f5d8db8b002e9…

ClamAV
Top 10 ClamAV Official Signatures
ClamAV List Server Upgrade
Tomorrow (10/Jan/2018) at 9:00 EST, we will be upgrading the ClamAV Mailman list hosting server.This will resu…
ClamAV 0.99.3 beta2 has been released!
Welcome to ClamAV 0.99.3's beta2 release. In this release, we have included many codesubmissions from the Clam…
Mirror Sync Outage for ClamAV AV updates
ClamAV Community --ClamAV is currently experiencing an issue with one of our sync servers that provides update…
ClamAV introduction and survey reminder!
Hello everyone! My name is Tom McCourt, a newer member to ClamAV on Joel Esler’s team here at Cisco. I hope…
ClamAV Customer Feedback Survey
As we are ramping up the feature planning on the next version of ClamAV, and with the recent turmoil that we'v…
CVD Download issues for August 23, 2017
This morning, we became aware of an issue with our ClamAV mirror infrastructure that was causing some freshcla…
ClamAV 0.99.3 beta has been released!
Join us as we welcome ClamAV 0.99.3 beta for testing!  Be sure and grab the beta release on our official&…
BASS Automated Signature Synthesizer
ClamAV Users --Please take a look at the newest OpenSource project from Cisco Talos, entirely released towards…
ClamAV Main.cvd and Main-cdiff.cvd have been published!
As promised, we were able to ship a new Main.cvd and the cdiff for the main.cvd a few minutes ago.It should ha…
Malware Domain List
textspeier.de (2017/12/04_18:50)
Host: textspeier.de, IP address: 104.27.163.228, ASN: 13335, Country: US, Description: phishing/fraud…

photoscape.ch (2017/10/26_13:48)
Host: photoscape.ch/Setup.exe, IP address: 31.148.219.11, ASN: 14576, Country: CZ, Description: trojan…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…


© 2001-2017 Procyon Labs / Randal T. Rioux