PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
It's Not An Invoice ...

It's Not An Invoice ..., (Sun, Aug 20th)
Jeff received an invoice via email, did not trust it and submitted it to us. …

tshark 2.4 New Feature - Command Line Export Objects, (Fri, Aug 18th)
There is nothing new about Wireshark releasing an update; however, the new 2.4 branch has new feature that is quite useful that I have been waiting to be a…

EngineBox Malware Supports 10+ Brazilian Banks, (Fri, Aug 18th)
1. Introduction …

ISC Stormcast For Friday, August 18th 2017 https://isc.sans.edu/podcastdetail.html?id=5632, (Fri, Aug 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Maldoc with auto-updated link, (Thu, Aug 17th)
Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of links. This feature is enabled by default fo…

Packet Storm
Latest Security Tool Files
Tenshi Log Monitoring Program 0.16
tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressi…

Check Siem 201708.05
check_siem is a security incidents and events monitor written in Perl. It reports on unusual user, process, net, and file activities by leveraging fuzzy LSOF statistics. Think…

OpenDNSSEC 2.1.3
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to f…

Mobius Forensic Toolkit 0.5.30
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and i…

Faraday 2.6.2
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

Swap Digger 1.0
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credenti…

I2P 0.9.31
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

TOR Virtual Network Tunneling Tool 0.3.0.10
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Nmap Port Scanner 7.60
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassi…


SecurityFocus
General Security Vulnerabilities
Vuln: GraphicsMagick CVE-2017-11642 Denial of Service Vulnerability
GraphicsMagick CVE-2017-11642 Denial of Service Vulnerability…

Vuln: Mozilla Firefox CVE-2017-7806 Use After Free Denial of Service Vulnerability
Mozilla Firefox CVE-2017-7806 Use After Free Denial of Service Vulnerability…

Vuln: Mozilla Firefox CVE-2017-7781 Man in the Middle Security Bypass Vulnerability
Mozilla Firefox CVE-2017-7781 Man in the Middle Security Bypass Vulnerability…

Vuln: Mozilla Firefox CVE-2017-7788 Security Bypass Vulnerability
Mozilla Firefox CVE-2017-7788 Security Bypass Vulnerability…

Bugtraq: [SECURITY] [DSA 3946-1] libmspack security update
[SECURITY] [DSA 3946-1] libmspack security update…

Bugtraq: [SECURITY] [DSA 3928-2] firefox-esr security update
[SECURITY] [DSA 3928-2] firefox-esr security update…

Bugtraq: Microsoft Resnet - DNS Configuration Web Vulnerability
Microsoft Resnet - DNS Configuration Web Vulnerability…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Apache Tomcat 9.0.0M1 < 9.0.0.M22 Multiple Vulnerabilities
Synopsis : The remote Apache Tomcat server is affected by multiple vulnerabilities. Description : The versi…

Apache Tomcat 8.5.x < 8.5.16 Multiple Vulnerabilities
Synopsis : The remote Apache Tomcat server is affected by multiple vulnerabilities. Description : The versi…

Apache Tomcat 8.0.0.RC1 < 8.0.45 Cache Poisoning
Synopsis : The remote Apache Tomcat server is affected by a cache poisoning vulnerability. Description : Th…

Apache Tomcat 7.0.41 < 7.0.79 Cache Poisoning Vulnerability
Synopsis : The remote Apache Tomcat server is affected by a cache poisoning vulnerability. Description : Th…

IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.0.x < 9.0.0.4 SOAP Connectors DoS
Synopsis : The remote web application server is affected by a denial of service vulnerability. Description :…

Sourcefire
Vulnerability Research Team
Threat Round-up for Aug 11 - Aug 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and Augu…

Booters with Chinese Characteristics: The Rise of Chinese Online DDoS Platforms
This post was authored by Dave LiebenbergIn the past few months, Talos has observed an uptick in the number of…

When combining exploits for added effect goes wrong
IntroductionSince public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Off…

WinDBG and JavaScript Analysis
This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to exe…

Microsoft Patch Tuesday - August 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified an…

RHEL
Red Hat Errata
RHBA-2017:2490-1: virtio-win bug fix update
Red Hat Enterprise Linux: Updated virto-win packages that fix two bugs are now available in the Supplementary…

RHSA-2017:2486-1: Important: groovy security update
Red Hat Enterprise Linux: An update for groovy is now available for Red Hat Enterprise Linux 7. Red Hat Prod…

RHSA-2017:2489-1: Important: mercurial security update
Red Hat Enterprise Linux: An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat P…

RHSA-2017:2491-1: Important: rh-git29-git security update
Red Hat Enterprise Linux: An update for rh-git29-git is now available for Red Hat Software Collections. Red…

RHSA-2017:2483-1: Important: httpd24-httpd security update
Red Hat Enterprise Linux: An update for httpd24-httpd is now available for Red Hat Software Collections. Red…

RHSA-2017:2484-1: Important: git security update
Red Hat Enterprise Linux: An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product…

Microsoft
Security Advisories
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

Malc0de

Malc0de

(You might not want to click on these!)

shiftspace.ro
URL: shiftspace.ro/87wifhFsdf, IP Address: 176.223.209.3, Country: GB, ASN: 39756, MD5: 91a61e3be9cc7251972f6e…

playstation3online.com
URL: playstation3online.com/tennis/player1.exe, IP Address: 132.148.26.145, Country: US, ASN: 26496, MD5: 1d59…

mm7758.com
URL: mm7758.com/89yhFA, IP Address: 108.167.146.54, Country: US, ASN: 20013, MD5: 3540ad8e052ff4c735336ec65e5c…

imexltd.eu
URL: imexltd.eu/86hHYU6, IP Address: 176.32.230.9, Country: GB, ASN: 20738, MD5: e35c9d795e7fb1db54465ef46d70e…

healthbynature.co.nz
URL: healthbynature.co.nz/86hHYU6, IP Address: 113.21.224.9, Country: NZ, ASN: 24466, MD5: e35c9d795e7fb1db544…

babil117.com
URL: babil117.com/86hHYU6, IP Address: 219.118.71.141, Country: JP, ASN: 2514, MD5: e35c9d795e7fb1db54465ef46d…

almahaconsultants.com
URL: almahaconsultants.com/86hHYU6, IP Address: 213.158.187.37, Country: EG, ASN: 8452, MD5: e35c9d795e7fb1db5…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…


© 2001-2017 Procyon Labs / Randal T. Rioux