PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC Stormcast For Tuesday, September 27th 2016 https://isc.sans.edu/podcastdetail.html?id=5183, (Mon, Sep 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Monday, September 26th 2016 https://isc.sans.edu/podcastdetail.html?id=5181, (Mon, Sep 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

VBA and P-code, (Mon, Sep 26th)
I want to draw your attention to some great work Dr. Bontchev did. pcodedmp.py is a VBA P-code disassembler. Microsoft Office documents contain VBA macros in…

Defining Threat Intelligence Requirements, (Sun, Sep 25th)
Introduction Setting up the requirements is the first task to be completed before investing time in researching and collecting any type of intelligence. Howe…

.PUB Analysis, (Sat, Sep 24th)
Xavier reported a maldoc campaign using Microsoft Publisher files. These files can be analyzed just like malicious Word files. oledump.py reveals VBA macros…

The era of big DDOS?, (Thu, Sep 22nd)
I have been tracking DDOSs for a number of years, and quite frankly, it has become boring. Dont get me wrong, I am not complaining, just stating a fact. A numbe…

Packet Storm
Latest Security Tool Files
TOR Virtual Network Tunneling Tool 0.2.8.8
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Faraday 2.1.0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

OpenSSL Toolkit 1.0.2i
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…

Keypatch 2.0
Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.

CodeWarrior 0.3
CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules…

Tinycrypt.asm Training Ransomware Virus
Tinycrypt.asm is a training ransomware virus that is fully configurable to your needs but it is designed to be very controllable. It was designed to be used with the PoShFoTo…

Wireshark Analyzer 2.2.0
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

Suricata IDPE 3.1.2
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

Nmap Port Scanner 7.25BETA2
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassi…


SecurityFocus
General Security Vulnerabilities
Vuln: Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability…

Vuln: libTIFF CVE-2016-5320 Remote Code Execution Vulnerability
libTIFF CVE-2016-5320 Remote Code Execution Vulnerability…

Vuln: LibTIFF '_TIFFVGetField()' Function Arbitrary Command Execution Vulnerability
LibTIFF '_TIFFVGetField()' Function Arbitrary Command Execution Vulnerability…

Vuln: LibTIFF 'tif_write.c' Denial of Service Vulnerability
LibTIFF 'tif_write.c' Denial of Service Vulnerability…

Bugtraq: [security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)
[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)…

Bugtraq: OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)
OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)…

Bugtraq: [slackware-security] php (SSA:2016-267-01)
[slackware-security] php (SSA:2016-267-01)…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
McAfee Security Information and Event Management 9.5.x / 9.6.x < 9.6.0.3 ESM Authentication Bypass (KB87744)
Synopsis : The remote device is affected by an authentication bypass vulnerability. Description : According…

MariaDB 10.1.x < 10.1.11 sql/sql_yacc.yy SELECT Statement Keyword Handling DoS
Synopsis : The remote database server is affected by a denial of service vulnerability. Description : The v…

MariaDB 10.1.x < 10.1.9 Multiple Vulnerabilities
Synopsis : The remote database server is affected by multiple vulnerabilities. Description : The version of…

Symantec Endpoint Protection Client 12.1.x < 12.1.6 MP6 Multiple DoS (SYM16-015)
Synopsis : A security application installed on the remote host is affected by multiple denial of service vuln…

EMC Documentum D2 4.5.x < 4.5 patch 15 / 4.6.x < 4.6 patch 03 r_object_id Handling Unauthenticated Document Disclosure (ESA-2016-108)
Synopsis : The remote host is affected by an information disclosure vulnerability. Description : The remote…

Sourcefire
Vulnerability Research Team
Project APT: How to Build an ICS Network and Have fun at the Same Time
The Industrial Control System (ICS) security team at Talos frequently see requests from peers and from student…

The Rising Tides of Spam
This blog post was authored by Jaeson Schultz.For the past five years we have enjoyed a relatively calm period…

Microsoft Patch Tuesday - September 2016
This post was authored by Jaeson Schultz.Well it's Microsoft Patch Tuesday, again, and that must mean we are g…

Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability
Vulnerability discovered by Marcin 'Icewall' Noga of Cisco Talos. OverviewTalos is disclosing the presence of…

Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted
This blog authored by Nick Biasini.Exploit kits are a class of threat that indiscriminately aims to compromise…

RHEL
Red Hat Errata
RHEA-2016:1935-1: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.9
Red Hat Enterprise Linux: An updated rhev-hypervisor package is now available.

RHBA-2016:1913-1: gluster-smb bug fix update
Red Hat Enterprise Linux: Updated Samba package that adds one enhancement is now available for Red Hat Gluste…

RHBA-2016:1914-1: gluster-smb bug fix update
Red Hat Enterprise Linux: Updated Samba package that adds one enhancement is now available for Red Hat Gluste…

RHEA-2016:1930-1: new packages: kmod-mpt3sas
Red Hat Enterprise Linux: New kmod-mpt3sas packages are now available for Red Hat Enterprise Linux 7.

RHBA-2016:1915-1: Red Hat OpenStack Platform 9 Bug Fix and Enhancement Advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat OpenStac…

RHBA-2016:1916-1: openstack-nova bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now available fo…

Microsoft
Security Advisories
3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary:…

3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security adv…

3179528 - Update for Kernel Mode Blacklist - Version: 1.0
Revision Note: V1.0 (August 9, 2016): Click here to enter text.Summary: Microsoft is blacklisting some publica…

2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the…

3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published.Summary: FalseStart allows the TLS client to send appli…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
apexgames.org (2016/09/21_12:12)
Host: apexgames.org/ykxj6/par/factura.zip, IP address: 166.62.112.150, ASN: 26496, Country: US, Description: Javascript inside zip file leads to trojan…

art-archiv.ru (2016/09/21_12:12)
Host: art-archiv.ru/images/animated-number/docum-arhiv.exe, IP address: 81.177.139.111, ASN: 8342, Country: RU, Description: trojan…

tscl.com.bd (2016/09/15_08:48)
Host: tscl.com.bd/m/RI%20XIN%20QUOTATION%20LIST.zip, IP address: 209.99.16.206, ASN: 394695, Country: US, Description: trojan inside zip file…

catjogger.win (2016/09/15_10:06)
Host: catjogger.win/ganel/gate.php, IP address: 213.145.225.170, ASN: 25575, Country: AT, Description: pony loader c&c…

ad.getfond.info (2016/09/14_20:05)
Host: ad.getfond.info, IP address: 83.217.26.203, ASN: 200161, Country: RU, Description: PlugX C&C…

www.brollopsguiden.se (2016/09/06_11:49)
Host: www.brollopsguiden.se/openx/www/delivery/ajs.php?campaignid=4&target=_blank&cb=84501358690, IP address: 89.221.240.73, ASN: 1257, Country: SE, Description: compromised site leads to exploit kit…

structured.blackswanstore.com (2016/09/06_11:49)
Host: structured.blackswanstore.com/plc/header.js, IP address: 5.200.55.91, ASN: 48096, Country: RU, Description: leads to exploit kit…

jessisjewels.com (2016/09/06_12:42)
Host: jessisjewels.com/disk/update/postmaster/en/?ar=yourname@yourdomain.com, IP address: 50.87.153.96, ASN: 46606, Country: US, Description: phishing site…

ad.9tv.co.il (2016/09/05_09:37)
Host: ad.9tv.co.il/serv4/www/delivery/ajs.php?zoneid=37&cb=54350405237&charset=utf-8, IP address: 62.219.67.44, ASN: 8551, Country: IL, Description: iframe on compromised site leads to exploit kit…


© 2001-2016 Procyon Labs / Randal T. Rioux