PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Applied Lessons Learned, (Sat, May 28th)
What were those tough lessons learned that you will never forget and more importantly vowed to never repeat again? Especially those of you who have been in info…

ISC Stormcast For Friday, May 27th 2016 http://isc.sans.edu/podcastdetail.html?id=5015, (Fri, May 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Keeping an Eye on Tor Traffic, (Thu, May 26th)
Do you know the amount of Tor traffic hitting your network? Do you know what people are doing from this anonymized network?Most IDS solutions have built-in rule…

ISC Stormcast For Thursday, May 26th 2016 http://isc.sans.edu/podcastdetail.html?id=5013, (Thu, May 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

VMWare Security Advisories, (Wed, May 25th)
VMware has released the following new and updated security advisories: New VMware VCenter Server -VMSA-2016-0006:http://www.vmware.com/security/adviso…

ISC Stormcast For Wednesday, May 25th 2016 http://isc.sans.edu/podcastdetail.html?id=5011, (Wed, May 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Shellsploit Framework Beta 0.3
Shellsploit lets you generate customized shellcodes, backdoors, and injectors for various operating systems. It also has obfuscation abilities.

Stegano 0.5.4
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Sunxi Linux Module Backdoor
This is a Linux kernel module that adds a backdoor to a system. Based on sunxi_debug.

pyJoiner Tool Using Tkinter
This is a deviation of the pyJoiner tool using Tkinter.

Stegano 0.5.3
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Signific…

Ansvif 1.5
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Falco 0.1.0
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check f…

ifchk 1.0.3
Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will dis…

ASP Webshell For IIS 8
ASP webshell backdoor designed specifically for IIS 8.


SecurityFocus
General Security Vulnerabilities
Vuln: GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities
GNU glibc 'getaddrinfo()' Function Multiple Stack Buffer Overflow Vulnerabilities…

Vuln: Oracle Java SE CVE-2015-4893 Remote Security Vulnerability
Oracle Java SE CVE-2015-4893 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Oracle Java SE CVE-2015-4872 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-4842 Remote Security Vulnerability
Oracle Java SE CVE-2015-4842 Remote Security Vulnerability…

Bugtraq: [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass…

Bugtraq: [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability…

Bugtraq: [SECURITY] [DSA 3587-1] libgd2 security update
[SECURITY] [DSA 3587-1] libgd2 security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Citrix XenServer Multiple Vulnerabilities (CTX212736)
Synopsis : The remote host is affected by multiple vulnerabilities. Description : The version of Citrix Xen…

Google Chrome < 51.0.2704.63 Multiple Vulnerabilities (Mac OS X)
Synopsis : A web browser installed on the remote Mac OS X host is affected by multiple vulnerabilities. Desc…

Google Chrome < 51.0.2704.63 Multiple Vulnerabilities
Synopsis : A web browser installed on the remote Windows host is affected by multiple vulnerabilities. Descr…

Zabbix < 2.0.18 / 2.2.13 / 3.0.3 'mysql.size' Parameter Command Injection
Synopsis : The remote web application is affected by a command injection vulnerability. Description : Accor…

Apple iTunes < 12.4 DLL Injection Arbitrary Code Execution (uncredentialed check)
Synopsis : The remote host is running an application that is affected by a DLL injection vulnerability. Desc…

Sourcefire
Vulnerability Research Team
Making Friends By Proactive Notification
This blog post is authored by Tazz.Talos has continued to observe ongoing attacks leveraging the use of JBoss…

Multiple 7-Zip Vulnerabilities Discovered by Talos
7-Zip vulnerabilities were discovered by Marcin Noga.Blog post was authored by Marcin Noga, and Jaeson Schultz…

Microsoft Patch Tuesday - May 2016
This post is authored by Holger Unterbrink. Patch Tuesday for May 2016 has arrived where Microsoft releases t…

Angler Catches Victims Using Spam as Bait
This post is authored by Nick Biasini with contributions from Erick Galinkin and Alex McDonnell…

Threat Spotlight: Spin to Win...Malware
This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau.The thre…

RHEL
Red Hat Errata
RHSA-2016:1132-1: Important: rh-mariadb100-mariadb security update
Red Hat Enterprise Linux: An update for rh-mariadb100-mariadb is now available for Red Hat Software Collectio…

RHBA-2016:1107-1: ovirt-engine-extension-aaa-jdbc bug fix and enhancement update for 3.6.6
Red Hat Enterprise Linux: Updated ovirt-engine-extension-aaa-jdbc 1.0.7 package that fix several bugs and add…

RHBA-2016:1108-1: ovirt-engine-extension-aaa-ldap bug fix and enhancement update for 3.6.6
Red Hat Enterprise Linux: Updated ovirt-engine-extension-aaa-ldap 1.1.4 packages that fix several bugs and ad…

RHBA-2016:1110-1: rhevm-setup-plugins bug fix update for 3.6.6
Red Hat Enterprise Linux: Updated rhevm-setup-plugins packages that add fix one bug are now available.

RHBA-2016:1113-1: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.6
Red Hat Enterprise Linux: An updated rhev-hypervisor package that fixes several security issues, bugs, and en…

RHBA-2016:1114-1: rhevm-dwh 3.6.6 bug fix update
Red Hat Enterprise Linux: An updated rhevm-dwh package that fixes one bug is now available.

Microsoft
Security Advisories
2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the…

3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published.Summary: FalseStart allows the TLS client to send appli…

3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
Revision Note: V1.1 (April 22, 2016): Added FAQs and additional information to clarify that only standalone mo…

3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NE…

2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enabl…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
collective.vodlockers.ml (2016/05/27_12:55)
Host: collective.vodlockers.ml/fadxa2.html, IP address: 93.190.143.34, ASN: 49981, Country: NL, Description: gateway to Angler EK…

idle.wizardburiti.com.br (2016/05/27_13:15)
Host: idle.wizardburiti.com.br/fadxa2.html, IP address: 93.190.143.34, ASN: 49981, Country: NL, Description: gateway to Angler EK…

pale.wspaperbag.com (2016/05/27_13:35)
Host: pale.wspaperbag.com/kehfta2.html, IP address: 93.190.143.35, ASN: 49981, Country: NL, Description: gateway to Angler EK…

fustian.yiyiaudiovisual.com.ar (2016/05/27_15:35)
Host: fustian.yiyiaudiovisual.com.ar/jbrf2.html, IP address: 93.190.143.35, ASN: 49981, Country: NL, Description: gateway to Angler EK…

conjure.victorblanco.com (2016/05/27_15:55)
Host: conjure.victorblanco.com/jbrf2.html, IP address: 93.190.143.35, ASN: 49981, Country: NL, Description: gateway to Angler EK…

learn.wapftp.co.uk (2016/05/27_16:35)
Host: learn.wapftp.co.uk/jbrf2.html, IP address: 93.190.143.35, ASN: 49981, Country: NL, Description: gateway to Angler EK…

fetch.was33.com (2016/05/27_16:40)
Host: fetch.was33.com/jbrf2.html, IP address: 93.190.143.35, ASN: 49981, Country: NL, Description: gateway to Angler EK…

gossip.yodyiam.com (2016/05/27_17:30)
Host: gossip.yodyiam.com/jbrf2.html, IP address: 93.190.143.35, ASN: 49981, Country: NL, Description: gateway to Angler EK…

disdain.archa.mx (2016/05/26_13:50)
Host: disdain.archa.mx/gsrsj2.html, IP address: 93.190.143.33, ASN: 49981, Country: NL, Description: gateway to Angler EK…


© 2001-2015 Procyon Labs / Randal T. Rioux