PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Hancitor malspam uses DDE attack…

Hancitor malspam uses DDE attack, (Tue, Oct 17th)
Introduction …

ISC Stormcast For Tuesday, October 17th 2017 https://isc.sans.edu/podcastdetail.html?id=5714, (Mon, Oct 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

WPA2 "KRACK" Attack, (Mon, Oct 16th)
Starting yesterday, word of a new attack against WPA2 started to take over security news feeds. This "Key Reinstallation Attack" (aka KRACK) can be used to subs…

It's in the signature., (Sun, Oct 15th)
We were contacted by a worried reader: he had found 2 seemingly identical &#;x26;#;xc2;&#;x26;#;xb5;Torr…

ISC Stormcast For Monday, October 16th 2017 https://isc.sans.edu/podcastdetail.html?id=5712, (Sun, Oct 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Macro Pack 1.1
macro_pack is a tool used to automate obfuscation and generation of MS Office documents for penetration testing, demo, and social engineering assessments. The goal of macro_pa…

Falco 0.8.1
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

Wireshark Analyzer 2.4.2
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

OpenSSH 7.6p1
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all…

Packet Fence 7.3.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

TestSSL 2.9.5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and muc…

TOR Virtual Network Tunneling Tool 0.3.1.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

ifchk 1.0.8
Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will dis…

FireHOL 3.1.5
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…


SecurityFocus
General Security Vulnerabilities
Vuln: WPA2 Key Reinstallation Multiple Security Weaknesses
WPA2 Key Reinstallation Multiple Security Weaknesses…

Vuln: Adobe Flash Player CVE-2017-11292 Type Confusion Remote Code Execution Vulnerability
Adobe Flash Player CVE-2017-11292 Type Confusion Remote Code Execution Vulnerability…

Vuln: AlienVault USM CVE-2017-14956 Cross Site Request Forgery Vulnerability
AlienVault USM CVE-2017-14956 Cross Site Request Forgery Vulnerability…

Vuln: Fortinet FortiWLC CVE-2017-7335 Multiple Cross Site Scripting Vulnerabilities
Fortinet FortiWLC CVE-2017-7335 Multiple Cross Site Scripting Vulnerabilities…

Bugtraq: [SECURITY] [DSA 3999-1] wpa security update
[SECURITY] [DSA 3999-1] wpa security update…

Bugtraq: SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++
SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++…

Bugtraq: [security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege
[security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
MikroTik RouterOS < 6.39.3 / 6.40.4 / 6.41rc (KRACK)
Synopsis : The remote networking device is affected by a heap corruption vulnerability. Description : Accor…

Cisco ASA FirePOWER Services Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II (KRACK)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : According to its se…

ArubaOS WPA2 Key Reinstallation Vulnerabilities (KRACK)
Synopsis : The version of ArubaOS is affected by a MitM vulenrability. Description : The version of ArubaOS…

SUSE SLES12 Security Update : samba (SUSE-SU-2017:2726-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for samb…

SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2725-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : The SUSE Linux Enter…

Sourcefire
Vulnerability Research Team
Spoofed SEC Emails Distribute Evolved DNSMessenger
This post was authored by Edmund Brumaghin, Colin Grady, with contributions from Dave Maynor and @Simpo13.Exec…

Threat Round Up for Oct 6 - Oct 13
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between October 6 and Octo…

Disassembler and Runtime Analysis
This post was authored by Paul Rascagneres.IntroductionIn the CCleaner 64bit stage 2 previously described in o…

Banking Trojan Attempts To Steal Brazillion$
This post was authored by Warren Mercer, Paul Rascagneres and Vanja SvajcerIntroductionBanking trojans are amo…

Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified an…

RHEL
Red Hat Errata
RHEA-2017:2898-1: rh-mongodb32-mongo-java-driver bug fix and enhancement update
Red Hat Enterprise Linux: Updated rh-mongodb32-mongo-java-driver packages that fix several bugs and add vario…

RHBA-2017:2891-1: qemu-kvm-rhev bug fix update
Red Hat Enterprise Linux: Updated qemu-kvm-rhev packages that fix several bugs are now available for Red Hat…

RHBA-2017:2896-1: openstack-neutron bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now available…

RHBA-2017:2897-1: openstack-neutron bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now available…

RHSA-2017:2886-1: Important: rh-mysql57-mysql security and bug fix update
Red Hat Enterprise Linux: An update for rh-mysql57-mysql is now available for Red Hat Software Collections.

RHEA-2017:2879-1: heketi bug fix and enhancement update
Red Hat Enterprise Linux: Updated heketi packages that fix several bugs and add various enhancements are now…

Microsoft
Security Advisories
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

Malc0de

Malc0de

(You might not want to click on these!)

theplatonicsolid.com
URL: theplatonicsolid.com/cftmon.exe, IP Address: 64.90.34.67, Country: US, ASN: 26347, MD5: 13e91cc988469a5ba…

sonatrach.us
URL: sonatrach.us/otip5/micro.exe, IP Address: 162.144.220.37, Country: US, ASN: 46606, MD5: a87bc8e965477585b…

sonatrach.us
URL: sonatrach.us/obinp2/shit.exe, IP Address: 162.144.220.37, Country: US, ASN: 46606, MD5: 7fa81f8b17fd2f7d2…

sonatrach.us
URL: sonatrach.us/otic/micro.exe, IP Address: 162.144.220.37, Country: US, ASN: 46606, MD5: 5b2374499e26f600bc…

sonatrach.us
URL: sonatrach.us/fidtest/micro.exe, IP Address: 162.144.220.37, Country: US, ASN: 46606, MD5: 2eb9298d16c8460…

secundaria50.edu.mx
URL: secundaria50.edu.mx/6jbgcfwe3, IP Address: 98.124.251.65, Country: US, ASN: 21740, MD5: e3d2e5e74874fd8b5…

sambad.com.np
URL: sambad.com.np/cunrb78f, IP Address: 74.200.89.84, Country: US, ASN: 14383, MD5: c77d1c0c0ecd0b2f81f2bcf89…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
izeselet.hu (2017/09/28_08:11)
Host: izeselet.hu/wp-content/uploads/2016/03/ch.js, IP address: 87.229.63.171, ASN: 62292, Country: HU, Description: coin mining…

sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…


© 2001-2017 Procyon Labs / Randal T. Rioux