PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC Stormcast For Tuesday, February 28th 2017 https://isc.sans.edu/podcastdetail.html?id=5393, (Tue, Feb 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Monday, February 27th 2017 https://isc.sans.edu/podcastdetail.html?id=5391, (Mon, Feb 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Dynamite Phishing , (Mon, Feb 27th)
Last week I ran across a very successful phishing campaign, whats odd in most ways it was nothing special. The attacker was using this more like a worm, where s…

CRA Maldoc Analysis, (Sun, Feb 26th)
I took a look at Guy font-family:Helvetica Neue width:1267px" /> Didier Stevens Microsoft MVP Consumer Security blog.DidierStevens.com DidierStevensLabs.co…

It is Tax Season - Watch out for Suspicious Attachment, (Sun, Feb 26th)
This week I received an email looking very realistic with a Word document that made it through the AV gateway from the Canadian Revenue Agency, it is tax season…

Unpatched Microsoft Edge and IE Bug, (Sat, Feb 25th)
Microsoft Edge and Internet Explorer can be exploited by a type confusion in HandleColumnBreakOnColumnSpanningElement. A POC was released here. [1] https://b…

Packet Storm
Latest Security Tool Files
Packet Fence 6.5.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Ansvif 1.6.2
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Mandos Encrypted File System Unattended Reboot Utility 1.7.15
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client progra…

Lynis Auditing Tool 2.4.3
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Stegano 0.6.7
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Suricata IDPE 3.2.1
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

Stegano 0.6.5
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Lynis Auditing Tool 2.4.2
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

FireHOL 3.1.3
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…


SecurityFocus
General Security Vulnerabilities
Bugtraq: [SECURITY] [DSA 3788-2] tomcat8 regression update
[SECURITY] [DSA 3788-2] tomcat8 regression update…

Bugtraq: [security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
[security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Informat…

Bugtraq: APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1
APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1…

Bugtraq: PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability…

More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
McAfee ePolicy Orchestrator 5.1.x < 5.1.3 HF1110787 Computer Management Services XSS (SB10184)
Synopsis : A security management application installed on the remote Windows host is affected by a reflected…

EulerOS 2.0 SP1 : bind security update (EulerOS-SA-2016-1052)
Synopsis : The remote EulerOS host is missing one or more security updates. Description : The remote EulerO…

Scientific Linux Security Update : kernel on SL5.x i386/x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : Security…

RHEL 6 : kernel (RHSA-2017:0324)
Synopsis : The remote Red Hat host is missing one or more security updates. Description : An update for ker…

RHEL 5 : kernel (RHSA-2017:0323)
Synopsis : The remote Red Hat host is missing one or more security updates. Description : An update for ker…

Sourcefire
Vulnerability Research Team
Cisco Coverage for Smart Install Client Protocol Abuse
SummaryTalos has become aware of active scanning against customer infrastructure with the intent of finding Ci…

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect MarkLogic
Vulnerability discovered by Marcin ’Icewall’ Noga and a member of the Talos VulnDev team.OverviewTalos has…

Vulnerability Deep Dive - Ichitaro Office Excel File Code Execution Vulnerability
This vulnerability was discovered by Cory Duplantis and another member of Cisco TalosOverviewVulnerabilities…

Vulnerability Spotlight: Multiple Ichitaro Office Vulnerabilities
These vulnerabilities were discovered by Cory Duplantis and another member of Cisco TalosTalos has discovered…

Korean MalDoc Drops Evil New Years Presents
This blog was authored by Warren Mercer and Paul Rascagneres.Executive SummaryTalos has investigated…

RHEL
Red Hat Errata
RHEA-2017:0326-1: opendaylight enhancement advisory
Red Hat Enterprise Linux: An updated opendaylight package that adds new features is now available for Red Hat…

RHSA-2017:0328-1: Important: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (N…

RHSA-2017:0329-1: Important: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 9.0 (Mi…

RHSA-2017:0330-1: Important: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 8.0 (Li…

RHSA-2017:0332-1: Important: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack…

RHSA-2017:0333-1: Important: qemu-kvm-rhev security update
Red Hat Enterprise Linux: An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack…

Microsoft
Security Advisories
4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
Revision Note: V1.0 (January 27, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (January 10, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary:…

3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security adv…

3179528 - Update for Kernel Mode Blacklist - Version: 1.0
Revision Note: V1.0 (August 9, 2016): Click here to enter text.Summary: Microsoft is blacklisting some publica…

Malc0de

Malc0de

(You might not want to click on these!)

down12.xiazaidc.com
URL: , IP Address: 121.43.97.175, Country: CN, ASN: 37963, MD5: 2a65f85d09f36402fbd91484a9a4adac…

cendereci.com
URL: cendereci.com/dasphdasodasopjdaspjdasdasa.png, IP Address: 85.159.66.172, Country: TR, ASN: 34619, MD5: 2…

c.img001.com
URL: c.img001.com/re58/guagua_23103510024.exe, IP Address: 183.47.234.107, Country: CN, ASN: 58543, MD5: f1db4…

c.img001.com
URL: c.img001.com/re58/pingguo_21561000328.exe, IP Address: 183.47.234.107, Country: CN, ASN: 58543, MD5: b3aa…

c.img001.com
URL: c.img001.com/re58/girlshow_20300025849.exe, IP Address: 183.47.234.107, Country: CN, ASN: 58543, MD5: 31d…

c.img001.com
URL: c.img001.com/re58/qixi_20200013406.exe, IP Address: 183.47.234.107, Country: CN, ASN: 58543, MD5: 086ca0d…

bargainshop.councilofcoders.com
URL: bargainshop.councilofcoders.com/wp-includes/pm2.dll, IP Address: 162.249.2.136, Country: US, ASN: 55293,…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
fo5.a1-downloader.org (2017/02/09_14:04)
Host: fo5.a1-downloader.org/g2v9s1.php?id=yourname@yourdomain.com, IP address: 188.225.32.177, ASN: 9123, Country: RU, Description: trojan download…

aadroid.net (2017/02/09_14:04)
Host: aadroid.net/sys.olk, IP address: 107.180.51.15, ASN: 26496, Country: US, Description: ransomware…

www.lifelabs.vn (2017/01/25_20:15)
Host: www.lifelabs.vn/api/get.php?id=aW5mb0BzYXBjdXBncmFkZXMuY29t, IP address: 118.69.196.199, ASN: 18403, Country: VN, Description: Trojan.Backdoor, Office.Word.Downloader…

falconsafe.com.sg (2017/01/25_20:16)
Host: falconsafe.com.sg/api/get.php?id=aW5mb0BzYXBjdXBncmFkZXMuY29t, IP address: 43.229.84.107, ASN: 38532, Country: SG, Description: Trojan.Backdoor, Office.Word.Downloader…

61kx.uk-insolvencydirect.com (2017/01/19_13:05)
Host: 61kx.uk-insolvencydirect.com/sending_data/in_cgi/bbwp/cases/Inquiry.php, IP address: 35.166.113.223, ASN: 16509, Country: US, Description: leads to ransomware…

daralasnan.com (2017/01/19_13:05)
Host: daralasnan.com/wp-content/plugins/mkazaqbya/vmywyvz4.php, IP address: 166.62.12.1, ASN: 26496, Country: US, Description: leads to ransomware…

www.studiolegaleabbruzzese.com (2017/01/19_13:05)
Host: www.studiolegaleabbruzzese.com/wp-content/plugins/urxwhbnw3ez/flight_4832.pdf, IP address: 62.149.142.206, ASN: 31034, Country: IT, Description: ransomware…

raneevahijab.id (2017/01/19_13:05)
Host: raneevahijab.id/adnin/box/workspace/, IP address: 103.24.13.91, ASN: 132644, Country: ID, Description: phishing site…

kingskillz.ru (2016/10/30_01:52)
Host: kingskillz.ru/~kingskil/Prince/Man/lucy/mine/shit.exe, IP address: 85.143.215.183, ASN: 201848, Country: RU, Description: Trojan.FareIt…


© 2001-2016 Procyon Labs / Randal T. Rioux