PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Another Day - Another Ransomware Sample, (Fri, Aug 26th)
Catching ransomware is pretty easy these days. I setup a procmail filter that will extract all e-mails with compressed JavaScript attachments. Whatever is left…

ISC Stormcast For Friday, August 26th 2016 http://isc.sans.edu/podcastdetail.html?id=5141, (Thu, Aug 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities, (Thu, Aug 25th)
A new spyware has been discovered on the Apple platform. Called Pegasus [1], it turns out to be a sophisticated targeted spyware. Developed by professionals, it…

Example of Targeted Attack Through a Proxy PAC File, (Wed, Aug 24th)
Yesterday, I discovered a nice example of targeted attack against a Brazilian bank. It started with an email sample like this: This message was sent to a…

ISC Stormcast For Thursday, August 25th 2016 http://isc.sans.edu/podcastdetail.html?id=5139, (Wed, Aug 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

New VMware Patches VMSA-2016-0009.4 VMSA-2016-0013 http://www.vmware.com/security/advisories.html, (Wed, Aug 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Blue Team Training Toolkit (BT3) 2.0
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and…

Htcap Analysis Tool 1.0.1
Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inse…

TOR Virtual Network Tunneling Tool 0.2.8.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Lynis Auditing Tool 2.3.3
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

UFONet 0.7
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multithreading, proxies, origin spoofing methods, cache evasion tech…

Hashcat Advanced Password Recovery 3.10 Source Code
hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Hashcat Advanced Password Recovery 3.10 Binary Release
hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

ifchk 1.0.5
Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will dis…

BLATSTING / BANANAGLEE / BANANABALLOT Implants
This bundle contains various implants such as BLATSTING, BANANAGLEE, and BANANABALLOT. They are firewall and BIOS implants. Note that these implants are part of the recent pub…


SecurityFocus
General Security Vulnerabilities
Vuln: Apple iOS CVE-2016-4656 Memory Corruption Vulnerability
Apple iOS CVE-2016-4656 Memory Corruption Vulnerability…

Vuln: Apple iOS CVE-2016-4655 Information Disclosure Vulnerability
Apple iOS CVE-2016-4655 Information Disclosure Vulnerability…

Vuln: WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability
WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability…

Vuln: Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability
Linux Kernel 'Ack Challenge' Information Disclosure Vulnerability…

Bugtraq: Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2…

Bugtraq: [SECURITY] [DSA 3654-1] quagga security update
[SECURITY] [DSA 3654-1] quagga security update…

Bugtraq: Necroscan <= v0.9.1 Buffer Overflow
Necroscan <= v0.9.1 Buffer Overflow…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Apple iOS < 9.3.5 Multiple Vulnerabilities
Synopsis : The version of iOS running on the mobile device is affected by multiple vulnerabilities. Descript…

Cisco IOS XE Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The Cisco IOS XE So…

Cisco IOS Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The Cisco IOS Softw…

Oracle Access Manager Webgate Information Disclosure (July 2016 CPU)
Synopsis : An authentication management application installed on the remote host is affect by an information…

Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eog vulnerability (USN-3069-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

Sourcefire
Vulnerability Research Team
Vulnerability Spotlight: Kernel Information Leak & Multiple DOS Issues Within Kaspersky Internet Security Suite
Vulnerability discovered by Piotr Bania and Marcin ‘Icewall’ Noga of Cisco Talos.OverviewTalos has di…

Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within Lexmark Perceptive Document Filters.
Vulnerabilities discovered by Tyler Bohan & Marcin Noga of Cisco TalosTalos are today releasing three new…

Vulnerability Spotlight: Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability
This vulnerability was discovered by Patrick DeSantis.DescriptionTalos recently discovered a vulnerability in…

Vulnerability Spotlight: BlueStacks App Player Privilege Escalation
Discovered by Marcin ‘Icewall’ Noga of Cisco TalosTalos is releasing an advisory for a vulnerability in Bl…

Vulnerability Spotlight: MS Edge/Windows PDF Library Arbitrary Code Execution Vulnerability Identified and Patched
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos.Yesterday, Microsoft released its monthly set of…

RHEL
Red Hat Errata
RHSA-2016:1776-1: Important: java-1.6.0-openjdk security update
Red Hat Enterprise Linux: An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, R…

RHEA-2016:1765-1: Red Hat OpenStack Platform 9 director images GA Advisory
Red Hat Enterprise Linux: Red Hat OpenStack Platform 9.0 director GA images are now available for Red Hat Ent…

RHBA-2016:1757-1: Red Hat OpenStack Platform 9 Bug Fix and Enhancement Advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat OpenStac…

RHBA-2016:1758-1: openstack-nova bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now available fo…

RHBA-2016:1759-1: openstack-neutron bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now available…

RHBA-2016:1760-1: openstack-cinder bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Block Storage packages that resolve various issues are now availa…

Microsoft
Security Advisories
3179528 - Update for Kernel Mode Blacklist - Version: 1.0
Revision Note: V1.0 (August 9, 2016): Click here to enter text.Summary: Microsoft is blacklisting some publica…

2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the…

3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published.Summary: FalseStart allows the TLS client to send appli…

3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
Revision Note: V1.1 (April 22, 2016): Added FAQs and additional information to clarify that only standalone mo…

3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NE…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
wopper.bioblitzgaming.ca (2016/08/26_10:10)
Host: wopper.bioblitzgaming.ca/pwigd3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

mepra.blautechnology.cl (2016/08/26_10:45)
Host: mepra.blautechnology.cl/pwigd3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

wixx.caliptopis.cl (2016/08/26_11:55)
Host: wixx.caliptopis.cl/lwwxx3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

funkucck.bluerobot.cl (2016/08/26_12:00)
Host: funkucck.bluerobot.cl/lwwxx3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

soxorok.ddospower.ro (2016/08/26_12:35)
Host: soxorok.ddospower.ro/lwwxx3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

pumpkin.brisik.net (2016/08/23_17:30)
Host: pumpkin.brisik.net/rvgkm3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

losos.caliane.com.br (2016/08/23_18:40)
Host: losos.caliane.com.br/wkicrz3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

losas.cabanaslanina.com.ar (2016/08/23_18:45)
Host: losas.cabanaslanina.com.ar/wkicrz3.html, IP address: 93.190.140.162, ASN: 49981, Country: NL, Description: gateway to EK…

scanty.colormark.cl (2016/08/22_16:35)
Host: scanty.colormark.cl/rjavgx3.html, IP address: 93.190.140.163, ASN: 49981, Country: NL, Description: gateway to EK…


© 2001-2016 Procyon Labs / Randal T. Rioux