PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Change in patterns for the pseudoDarkleech campaign, (Sat, Jul 2nd)
Introduction Im used to seeing large blocks of code containing 12,000 to 15,000 characters associated with the pseudo-Darkleech campaign." /> Shown above: S…

ISC Stormcast For Friday, July 1st 2016 http://isc.sans.edu/podcastdetail.html?id=5065, (Fri, Jul 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

APT and why I don't like the term, (Fri, Jul 1st)
Introduction In May 2015, I wrote a dairy describing a SOC analyst pyramid. It describes the various types of activity SOC analysts encounter in their daily…

Phishing Campaign with Blurred Images, (Wed, Jun 29th)
For a few days, Im seeing a lot of phishing emails that try to steal credentials from victims. Well, nothing brand new but,this time, the scenario is quite diff…

ISC Stormcast For Thursday, June 30th 2016 http://isc.sans.edu/podcastdetail.html?id=5063, (Thu, Jun 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Critical Symantec Endpoint Protection Vulnerability, (Wed, Jun 29th)
Googles Project Zero released details about a number ofcritical vulnerabilitiesin Symantecs Endpoint Protection prodoct [1]. The vulnerabilities allow for arbit…

Packet Storm
Latest Security Tool Files
Blue Team Training Toolkit (BT3) 1.0
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and…

Mandos Encrypted File System Unattended Reboot Utility 1.7.10
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client progra…

Packet Fence 6.1.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Mandos Encrypted File System Unattended Reboot Utility 1.7.9
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client progra…

Faraday 1.0.21
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

Packet Fence 6.1.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Mandos Encrypted File System Unattended Reboot Utility 1.7.8
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client progra…

Ansvif 1.5.2
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Suricata IDPE 3.1
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…


SecurityFocus
General Security Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities…

Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Oracle Java SE CVE-2015-4893 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Oracle Java SE CVE-2015-4872 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Oracle Java SE CVE-2015-4842 Remote Security Vulnerability…

Bugtraq: [security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam
[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam…

Bugtraq: KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability…

Bugtraq: Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Symantec Mail Security for Exchange / Domino Decomposer Engine Multiple Vulnerabilities (SYM16-010)
Synopsis : The remote Windows host has software installed that is affected by multiple vulnerabilities. Desc…

Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : oxide-qt vulnerabilities (USN-3015-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

FreeBSD : expat2 -- denial of service (ff76f0e0-3f11-11e6-b3c8-14dae9d210b8)
Synopsis : The remote FreeBSD host is missing a security-related update. Description : Adam Maris reports :…

FreeBSD : haproxy -- denial of service (f1c219ba-3f14-11e6-b3c8-14dae9d210b8)
Synopsis : The remote FreeBSD host is missing a security-related update. Description : HAproxy reports : H…

FreeBSD : Python -- HTTP Header Injection in Python urllib (a61374fc-3a4d-11e6-a671-60a44ce6887b)
Synopsis : The remote FreeBSD host is missing a security-related update. Description : Guido Vranken report…

Sourcefire
Vulnerability Research Team
Gotta be SWIFT for this Spam Campaign!
This blog post was authored by Warren MercerSummaryTalos have observed a large uptick in the Zepto ransomware…

Detecting DNS Data Exfiltration
This blog was co-authored by Martin Lee and Jaeson Schultz with contributions from Warren Mercer.The recent di…

Vulnerability Spotlight: LibreOffice RTF Vulnerability
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos.Talos is disclosing the presence of CVE-2016-432…

Vulnerability Spotlight: Pidgin Vulnerabilities
These vulnerabilities were discovered by Yves Younan.Pidgin is a universal chat client that is used on million…

The Poisoned Archives
Vulnerabilities discovered by Marcin “Icewall” Noga. Blog post authored by Marcin Noga and Jaeson Schultz.

RHEL
Red Hat Errata
RHBA-2016:1290-4: libvirt bug fix update
Red Hat Enterprise Linux: Updated libvirt packages that fix two bugs are now available for Red Hat Enterprise…

RHEA-2016:1375-1: new packages: kmod-qla2xxx
Red Hat Enterprise Linux: New kmod-qla2xxx packages are now available for Red Hat Enterprise Linux 7.

RHBA-2016:1357-1: 3.6.7 - rhevm-sdk-python bug fix update
Red Hat Enterprise Linux: Updated rhevm-python-sdk packages that fix several bugs are now available.

RHBA-2016:1358-1: 3.6.7 - rhevm-cli bug fix and enhancement update
Red Hat Enterprise Linux: An updated rhevm-cli package that fixes one bug is now available.

RHBA-2016:1359-1: redhat-support-plugin-rhev fix logging in engine-psql script for 3.6.7
Red Hat Enterprise Linux: A bug fix update for the redhat-support-plugin-rhev package is now available.

RHBA-2016:1364-1: Red Hat Enterprise Virtualization Manager (rhevm) bug fix 3.6.7
Red Hat Enterprise Linux: Updated RFE packages that fix several bugs and add various enhancements are now ava…

Microsoft
Security Advisories
2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the…

3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published.Summary: FalseStart allows the TLS client to send appli…

3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
Revision Note: V1.1 (April 22, 2016): Added FAQs and additional information to clarify that only standalone mo…

3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NE…

2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enabl…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
websitebuildersinfo.in (2016/06/29_08:48)
Host: websitebuildersinfo.in, IP address: 166.62.28.83, ASN: 26496, Country: US, Description: fake infection page…

www.alphamedical02.fr (2016/06/28_20:52)
Host: www.alphamedical02.fr/, IP address: 94.23.236.74, ASN: 16276, Country: FR, Description: pseudo darkleech on compromised site leads to EK…

www.freegames777.net (2016/06/27_00:24)
Host: www.freegames777.net/Price-list-Yuan%202016.6.8_545_54.zip, IP address: 194.126.200.65, ASN: 47302, Country: CH, Description: Trojan.Injector…

www.gennaroespositomilano.it (2016/06/27_08:07)
Host: www.gennaroespositomilano.it/, IP address: 75.126.217.36, ASN: 36351, Country: US, Description: pseudo darkleech on compromised site leads to EK…

www.airbornehydrography.com (2016/06/27_12:33)
Host: www.airbornehydrography.com/, IP address: 194.9.95.65, ASN: 39570, Country: SE, Description: pseudo darkleech on compromised site leads to EK…

www.fiocchidiriso.com (2016/06/24_12:43)
Host: www.fiocchidiriso.com/, IP address: 81.31.147.98, ASN: 47242, Country: IT, Description: pseudo darkleech on compromised site leads to EK…

www.enchantier.com (2016/06/23_15:01)
Host: www.enchantier.com/, IP address: 176.31.73.196, ASN: 16276, Country: FR, Description: pseudo darkleech on compromised site leads to EK…


© 2001-2016 Procyon Labs / Randal T. Rioux