PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC Stormcast For Tuesday, May 24th 2016 http://isc.sans.edu/podcastdetail.html?id=5009, (Tue, May 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Technical Report about the RUAG attack, (Mon, May 23rd)
RUAGis a Swiss based company that participatesin the aerospace, defense, and space industries. In January of 2016 they detected an external compromise in their…

ISC Stormcast For Monday, May 23rd 2016 http://isc.sans.edu/podcastdetail.html?id=5007, (Mon, May 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The strange case of WinZip MRU Registry key, (Sun, May 22nd)
When we want to know if a document (.doc, .pdf, whatever) has been opened by the user, in a Windows environment our information goldmine place is the Registry a…

Python Malware - Part 2, (Sat, May 21st)
I would have liked to create a PEiD signature for PE files created with PyInstaller, because then I could just use my pecheck tool (it" /> The output tells y…

ISC Stormcast For Friday, May 20th 2016 http://isc.sans.edu/podcastdetail.html?id=5005, (Fri, May 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Stegano 0.5.4
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Sunxi Linux Module Backdoor
This is a Linux kernel module that adds a backdoor to a system. Based on sunxi_debug.

Stegano 0.5.3
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Ansvif 1.5
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Falco 0.1.0
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

ifchk 1.0.3
Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will dis…

ASP Webshell For IIS 8
ASP webshell backdoor designed specifically for IIS 8.

PHP Backdoor Collection
This is a collection of PHP backdoors to be used for testing purposes.

Faraday 1.0.19
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…


SecurityFocus
General Security Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities…

Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Oracle Java SE CVE-2015-4893 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Oracle Java SE CVE-2015-4872 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Oracle Java SE CVE-2015-4842 Remote Security Vulnerability…

Bugtraq: MSA-2016-01: PowerFolder Remote Code Execution Vulnerability
MSA-2016-01: PowerFolder Remote Code Execution Vulnerability…

Bugtraq: [SECURITY] [DSA 3586-1] atheme-services security update
[SECURITY] [DSA 3586-1] atheme-services security update…

Bugtraq: AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection
AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1374-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update to Mozil…

SUSE SLES11 Security Update : Recommended udpate for SUSE Manager Client Tools (SUSE-SU-2016:1366-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update for SUSE…

Scientific Linux Security Update : libndp on SL7.x x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : Security…

OracleVM 3.3 : kernel-uek (OVMSA-2016-0053)
Synopsis : The remote OracleVM host is missing one or more security updates. Description : The remote Oracl…

Oracle Linux 6 / 7 : docker-engine (ELSA-2016-3568)
Synopsis : The remote Oracle Linux host is missing one or more security updates. Description : Description…

Sourcefire
Vulnerability Research Team
Making Friends By Proactive Notification
This blog post is authored by Tazz.Talos has continued to observe ongoing attacks leveraging the use of JBoss…

Multiple 7-Zip Vulnerabilities Discovered by Talos
7-Zip vulnerabilities were discovered by Marcin Noga.Blog post was authored by Marcin Noga, and Jaeson Schultz…

Microsoft Patch Tuesday - May 2016
This post is authored by Holger Unterbrink. Patch Tuesday for May 2016 has arrived where Microsoft releases t…

Angler Catches Victims Using Spam as Bait
This post is authored by Nick Biasini with contributions from Erick Galinkin and Alex McDonnell…

Threat Spotlight: Spin to Win...Malware
This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau.The thre…

RHEL
Red Hat Errata
RHSA-2016:1100-1: Important: kernel security, bug fix, and enhancement update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Upd…

RHEA-2016:1097-1: Red Hat Enterprise Linux Atomic pod-infrastructure Container Image Update
An updated Red Hat Enterprise Linux Atomic pod-infrastructure container image is now available for Red Hat Ent…

RHSA-2016:1096-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Upd…

RHSA-2016:1098-1: Moderate: jq security update
Red Hat Enterprise Linux: An update for jq is now available for Red Hat Enterprise Linux OpenStack Platform 6…

RHBA-2016:1093-1: Red Hat OpenShift Enterprise 2.2 bug fix update
Red Hat Enterprise Linux: Updated packages are now available for Red Hat OpenShift Enterprise release 2.2. Th…

RHBA-2016:1092-2: Packages moved from Optional to Base channel
Red Hat Enterprise Linux: Certain RPM packages have been moved from the Optional channel to the Base channel…

Microsoft
Security Advisories
2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the…

3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published.Summary: FalseStart allows the TLS client to send appli…

3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
Revision Note: V1.1 (April 22, 2016): Added FAQs and additional information to clarify that only standalone mo…

3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NE…

2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enabl…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
www.sieltre.it (2016/05/23_09:06)
Host: www.sieltre.it/, IP address: 79.58.246.237, ASN: 3269, Country: IT, Description: pseudo darkleech on compromised site leads to Angler EK…

www.poolmaster.it (2016/05/23_12:14)
Host: www.poolmaster.it/, IP address: 192.99.15.180, ASN: 16276, Country: CA, Description: pseudo darkleech on compromised site leads to Angler EK…

lojaonline.eurobar.pt (2016/05/23_12:34)
Host: lojaonline.eurobar.pt/kmdb4euf, IP address: 185.11.164.60, ASN: 8426, Country: PT, Description: Locky ransomware…

jhplhomedecor.com (2016/05/23_12:34)
Host: jhplhomedecor.com/m637g, IP address: 23.229.202.132, ASN: 26496, Country: US, Description: Locky ransomware…

canalshopping.com.br (2016/05/23_12:34)
Host: canalshopping.com.br/kf5d9, IP address: 104.236.67.125, ASN: 393406, Country: US, Description: Locky ransomware…

yumanewsnow.com (2016/05/23_13:24)
Host: yumanewsnow.com/, IP address: 23.254.153.210, ASN: 54290, Country: US, Description: pseudo darkleech on compromised site leads to Angler EK…

toestakenmareca.scottishhomesonline.com (2016/05/22_11:07)
Host: toestakenmareca.scottishhomesonline.com/yMHf/1877-zfcbIqjA-LZHay-iiBDRK-, IP address: 188.165.246.189, ASN: 16276, Country: FR, Description: Angler EK…

kulibin.com.ua (2016/05/20_06:56)
Host: kulibin.com.ua/437gfinw2?VjEVDX=NmyiwQvW, IP address: 77.87.198.174, ASN: 28907, Country: UA, Description: Locky ransomware…

freesource.su (2016/05/20_06:56)
Host: freesource.su/437gfinw2?FVOjTYdS=bsqsiKyX, IP address: 136.243.176.66, ASN: 24940, Country: DE, Description: Locky ransomware…


© 2001-2015 Procyon Labs / Randal T. Rioux