Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

zenmap crash in Fedora 34 louzaoh (Apr 22)
This is the message I've got:

➜ zenmap
File "/usr/bin/zenmap", line 114
except ImportError, e:
^
SyntaxError: invalid syntax

➜ rpm -qa zenmap\*
zenmap-7.91-1.noarch

Regards.,

Nmap Bug in payload.cc: corrupted UDP packets during -sU scan mzet via dev (Apr 02)
Hi List,

 
It was observed that UDP packets that are sent during an UDP port scanning (-sU) are corrupted.

 
Background:

 
To make UDP scanning more effective, for many services (ports) Nmap takes content of UDP packets from nmap-payloads
file. Logic for handling this is implemented in payload.cc source file.

 
Issue:

 
Due to subtle implementation issue (introduced in...

[NSE] Hex digits in URL encoding should be upper-case nnposter (Apr 01)
For visibility to the broad Nmap community:

I have created issue #2281 to start using upper-case hexadecimal digits
for URL encoding inside NSE. More details at

https://github.com/nmap/nmap/issues/2281

Please leave any comments there.

Cheers,
nnposter

Re: Empty do_ipv4 function in address-info nnposter (Mar 27)
I agree that there is no obvious reason why to have the function there
at all. On the other hand, the script description is pretty clear:

"Shows extra information about IPv6 addresses, such as..."

In other words, there should be no expectation that the script does
anything with IPv4.

Cheers,
nnposter

Empty do_ipv4 function in address-info Toni Ruottu (Mar 27)
Hi!

In the current version of address-info.nse the do_ipv4 function body is
completely empty. Is this a mistake? If it is not a mistake I would at
least expect a comment that explains why the function doesn't do anything.

Cheers, --Toni

PR 2278 - improvement on script ssl-enum-ciphers Sulidi Maimaitiming (Mar 26)
Hi Nmap team,

I have been using the ssl-enum-ciphers script to detect the presence of
weak tls protocols and ciphers and it is a great tool.
However I've noticed many ciphers are rated A for cipher strength (while
they are flagged as weak on SSL Labs for instance), and then I realised
there was a list of warnings aggregated at the port level.
Plus the aggregated output is not always consistent...
I opened a PR on GitHub (...

Re: ssl-enum-ciphers.nse not showing TLS_ECDHE* ciphers nnposter (Mar 20)
<snip>

<snip>>

The script has been updated in r38199. Please see the following comment
for the root cause:

https://github.com/nmap/nmap/issues/1187#issuecomment-803503496

Cheers,
nnposter

Re: Nmap Issue : "kernel: RPC: fragment too large:" Dario Ciccarone (dciccaro) via dev (Mar 16)
https://serverfault.com/questions/652188/nfs-share-problems-rpc-fragment-too-large-xxxxx - second answer on a Google
search for "kernel: RPC: fragment too large:"

With the most absolute respect, and from a professional to another: it would certainly help *immensely* if you could
provide information such as:

* Nmap version and command-line options used
* Operating system, patch level on the host being used to run nmap
*...

Nmap Issue : "kernel: RPC: fragment too large:" PENISSON , TIMOTHÉ (Mar 16)
Hello,
I use Nmap to scan machines and in the logs of some of them, we see this kind of messages appearing in the logs:
"kernel: RPC: fragment too large:".
This message appears globally on all servers scanned by Nmap with an NFS mount.
Is this behavior known by the Nmap community? Is it linked to a specific conf or script?
Is there a workaround to avoid this?

Thanks for your help,

Sincerely,

[Bloc marque]

Timothé PENISSON
MOE...

I keep getting this error every time I try to open the scripting window on windows 10 to input an nse Mike Myers (Mar 16)
Here is the stack trace…

Version: 7.90
Traceback (most recent call last):
File "zenmapGUI\ScriptInterface.pyo", line 261, in script_list_timer_callback
File "zenmapGUI\ScriptInterface.pyo", line 270, in initial_script_list_cb
File "zenmapGUI\ScriptInterface.pyo", line 307, in handle_initial_script_list_output
NameError: global name 'os' is not defined

Thanks for any help. I can use the command...

ssl-enum-ciphers.nse not showing TLS_ECDHE* ciphers Guido van Rooij (Mar 16)
With nmap 7.60, I scanned the host with IP address 3.132.36.206 with the below reesulst:

Starting Nmap 7.60 ( https://nmap.org ) at 2021-03-10 11:06 UTC
Nmap scan report for ec2-3-132-36-206.us-east-2.compute.amazonaws.com (3.132.36.206)
Host is up (0.094s latency).

PORT STATE SERVICE VERSION
443/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
| ssl-enum-ciphers:
| TLSv1.0:
|...

Microsoft publishes Nmap NSE script for detecting Exchange Server SSRF Vulnerability (CVE-2021-26855) Gordon Fyodor Lyon (Mar 16)
It's kind of awesome to see that MS released an Nmap NSE script last week
for detecting the new Exchange Server SSRF Vulnerability (CVE-2021-26855).
They posted it to their GitHub here:

View:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
Download:
https://github.com/microsoft/CSS-Exchange/releases/latest/download/http-vuln-cve2021-26855.nse

Cheers,
Fyodor

Re: ncat socks5 client is broken nnposter (Mar 15)
Thank you for identifying the issue and proposing a fix. A slightly
modified code has been committed as r38198.

https://github.com/nmap/nmap/commit/024bbf84f137b6e937f8a702cb0718544e48483a

Cheers,
nnposter

ssl-enum-ciphers.nse not showing TLS_ECDHE* ciphers Guido van Rooij (Mar 12)
With nmap 7.60, I scanned the host with IP address 3.132.36.206 with the below reesulst:

Starting Nmap 7.60 ( https://nmap.org ) at 2021-03-10 11:06 UTC
Nmap scan report for ec2-3-132-36-206.us-east-2.compute.amazonaws.com (3.132.36.206)
Host is up (0.094s latency).

PORT STATE SERVICE VERSION
443/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
| ssl-enum-ciphers:
| TLSv1.0:
|...

Should NPING continue to return traceroute results once the a final destination has been reached? Chris Swinney (Mar 08)
Hi all,

Running

nping bbc.co.uk -traceroute -tcp -p 443

Will continue to return results and increment outgoing TTL even though the final destination was found. The result
become difficult to read and irrelevant. Should this be the case?

Cheers

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

• Current Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Npcap 1.30 Released: Raw WiFi + Better Performance Gordon Fyodor Lyon (Apr 12)
Hi folks. The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did....

Npcap 1.20 released Gordon Fyodor Lyon (Mar 16)
Nmap/Npcap Community:

I'm happy to report the release of version 1.20 of the Npcap Windows packet
capturing/sending driver! It's the first release of 2021 and includes
better capabilities for selecting timestamp methods as well as many other
improvements and bug fixes. These include updating the underlying libpcap
library to version 1.10 and building our installer now with NSIS 3. More
details on all this are available from the...

Nmap 7.91 Bugfix Release Gordon Fyodor Lyon (Oct 14)
Hello everyone. I'm glad Nmap 7.90 was so well received! There were so
many improvements that the official announcement (
https://seclists.org/nmap-announce/2020/1) was a bit unwieldy. So Daniel
Miller (who made most of those changes) Tweeted his top highlights at
https://twitter.com/bonsaiviking/status/1313247253197393920

While we do work hard to avoid bugs during development and to catch them
pre-release through continuous integration...

Nmap 7.90 Released! First release since August 2019. Gordon Fyodor Lyon (Oct 03)
Hello everyone. Hot on the heels of the big Npcap 1.00 release (
https://seclists.org/nmap-announce/2020/0), we're delighted to announce a
new Nmap--version 7.90! It's the first Nmap release since Defcon 2019, even
though we've made 16 Npcap releases since then. Raw packets are so
fundamental to Nmap that we really wanted to get it right. With the
production-ready and highly performant Npcap 1.00 driver included, we can
finally...

Npcap 1.00 was just released and a new Nmap is on the way! Gordon Fyodor Lyon (Sep 28)
Hello everyone. I hope you are all safe and well during this nasty
pandemic. I obviously haven't been wearing my marketing hat enough given
that this is my first mail to the Nmap Announcement list since last
August's Nmap 7.80 release. But we've been heads-down programming since
then and have great news to report!

The biggest news is that, after more than 7 years of development and 170
previous public releases, we're...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Packed.Win32.Black.d / Unauthenticated Open Proxy malvuln (Apr 23)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/17e3836682ffb0913459ece7c3f0786d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Packed.Win32.Black.d
Vulnerability: Unauthenticated Open Proxy
Description: The malware listens on TCP port 8080 and drops one of two
executables named "Unknown.exe" or "Internet Explorer.exe under Windows
dir". Third-party...

Backdoor.Win32.DarkKomet.artr / Insecure Permissions malvuln (Apr 23)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d2ee6046fd47de321d1310dccacca92b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.artr
Vulnerability: Insecure Permissions
Description: The malware creates an hidden insecure dir named "Windupdt"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users...

IM-Worm.Win32.Bropia.aa / Insecure Permissions malvuln (Apr 23)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ea6dfec6c3900ab422875119972d9c62.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: IM-Worm.Win32.Bropia.aa
Vulnerability: Insecure Permissions
Description: The malware creates an hidden insecure dir named "tmpdata"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...

Trojan-Dropper.Win32.Agent.xtp / Insecure Permissions malvuln (Apr 23)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/360bbc9e0926488f085029948ff6c759.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Agent.xtp
Vulnerability: Insecure Permissions
Description: The malware creates an insecure dir named "remove" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...

HEUR.Trojan.Win32.Generic / Insecure Permissions malvuln (Apr 23)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1a98a0a769e7351ba16e1b91e9f26692.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Generic
Vulnerability: Insecure Permissions
Description: The malware creates an insecure dir named "RECYCLER" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename...

Executable installers are vulnerable^WEVIL (case 61): arbitrary code execution WITH escalation of privilege via Intel WiFi drivers Stefan Kanthak (Apr 23)
Hi @ll,

the executable installers version 22.30.0 (Latest), published 2/23/2021,
for the "Windows® 10 Wi-Fi Drivers for Intel® Wireless Adapters",
<https://downloadmirror.intel.com/30208/a08/WiFi_22.30.0_Driver32_Win10.exe>
and
<https://downloadmirror.intel.com/30208/a08/WiFi_22.30.0_Driver64_Win10.exe>,
available from
<https://downloadcenter.intel.com/download/30208/Windows-10-Wi-Fi-Drivers-for-Intel-Wireless-Adapters...

SEC Consult SA-20210422-0 :: Stored Cross Site Scripting (Outdated software library) in BMDWeb 2.0 SEC Consult Vulnerability Lab (Apr 22)
SEC Consult Vulnerability Lab Security Advisory < 20210422-0 >
=======================================================================
title: Stored Cross Site Scripting (Outdated software library)
product: BMD BMDWeb 2.0
vulnerable version: BMD versions prior to 24.01.21
fixed version: 24.01.21 and 24.02.11 or higher
CVE number: -
impact: High
homepage: https://www.bmd.com/...

CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub Imre Rad (Apr 19)
The Microsoft (R) Diagnostics Hub Standard Collector Service is a
default component of Microsoft Windows operating system. This report
is about a flaw in the Diagnostics Hub Standard Collector Service DCOM
class that is available to all users of the OS (includes NT
AUTHORITY\Authenticated Users).
The service was vulnerable to directory traversal which could lead
data tampering and dropping files to arbitrary directories with
overall impact of...

[CVE-2021-1472/CVE-2021-1473] Cisco RV Series Authentication Bypass and Remote Command Execution Takeshi Shiomitsu (Apr 19)
IoT Inspector Research Lab Security Advisory IOT-20210414-0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
title: Cisco RV series Authentication Bypass and Remote Command
Execution
vendor/product: Cisco (https://www.cisco.com/)
vulnerable version: RV16X/RV26X: 1.0.01.02 & below.
RV34X: 1.0.03.20 & below.
fixed version: RV16X/RV26X:...

Trojan.Win32.Agent.hsm / Insecure Permissions malvuln (Apr 19)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c58d5aecd223ac95ae5fab6dcd69e953.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Agent.hsm
Vulnerability: Insecure Permissions
Description: Agent.hsm creates an insecure dir named "LOL" under c:\ drive
and grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Constructor.Win32.Bifrose.ag / Local Stack Buffer Overflow malvuln (Apr 19)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/db45a906a0a3747398b2b8a5faff5e44.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.Bifrose.ag
Vulnerability: Local Stack Buffer Overflow
Description: Bifrost crypted by Dr.G3NIUS, doesn't properly validate the IP
address when importing Bifrost settings (.set) files. The IP address offset
is located after a...

HEUR.Backdoor.Win32.Generic / Unauthenticated Open Proxy malvuln (Apr 19)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d7648b676dd139d1b7ba781816726510.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Backdoor.Win32.Generic
Vulnerability: Unauthenticated Open Proxy
Description: The backdoor creates a Windows service backed by an executable
named "1314.exe", it lives under C:\WINDOWS and listens on TCP ports 1080
and 8080....

Trojan.Win32.Bayrob.dtrg / Insecure Permissions malvuln (Apr 19)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2f3f0e9be7edb73e545fc49b5a78b4f0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Bayrob.dtrg
Vulnerability: Insecure Permissions
Description: Bayrob.dtrg creates an insecure dir named "mnfqzckna0dkc"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...

Trojan-Dropper.Win32.Agent.bjtzcp / Insecure Permissions malvuln (Apr 19)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/2992b86d03c3922ed45fa09ef105f018.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Agent.bjtzcp
Vulnerability: Insecure Permissions
Description: Agent.bjtzcp creates an insecure dir named "Isrimss2018" under
c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users...

Trojan.Win32.NanoBot.onh / Insecure Permissions malvuln (Apr 19)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9fff4c02274c0162880844f27ff91407.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.NanoBot.onh
Vulnerability: Insecure Permissions
Description: NanoBot.onh creates an insecure dir named "AppData" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can rename...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: [SECURITY] [DSA 4628-1] php7.0 security update Timesportsall (Jan 16)
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
------------------------------------------------------------------------
-

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047
CVE-2019-11050 CVE-2020-7059...

Re: BugTraq Shutdown tommypickle (Jan 16)
All old school hackers from UPT remember and want to show respect. Thanks for everything.

On Second Thought... alias (Jan 16)
Bugtraq has been a valuable institution within the Cyber Security community for
almost 30 years. Many of our own people entered the industry by subscribing to it
and learning from it. So, based on the feedback we’ve received both from the
community-at-large and internally, we’ve decided to keep the Bugtraq list running.
We’ll be working in the coming weeks to ensure that it can remain a valuable asset
to the community for years to...

BugTraq Shutdown alias (Jan 15)
2020 was quite the year, one that saw many changes. As we begin 2021, we wanted
to send one last note to our friends and supporters at the SecurityFocus BugTraq
mailing list. As many of you know, assets of Symantec were acquired by Broadcom
in late 2019, and some of those assets were then acquired by Accenture in 2020
(https://newsroom.accenture.com/news/accenture-completes-acquisition-of-broadco
ms-symantec-cyber-security-...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open Vic Vandal (Feb 03)
We are pleased to announce that CarolinaCon-15 will be on April 26th-28th 2019 in Charlotte NC at the Renaissance
Charlotte Suites. All who are interested in speaking on any topic in the realm of hacking, cybersecurity, technology,
science, robotics or any related field are invited to submit a proposal to present at the con. Full disclosure that
technology or physical security exploitation type submissions are most desirable for this storied...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

44CON 2018 - 12th-14th September, London (UK) Steve (Feb 28)
44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training
on the 10th and 11th of September, a free evening event on the 12th of September, and a full two-day conference on the
13th and 14th of September. The event takes place at the ILEC Conference Centre near Earls Court, London. 44CON 2018
includes catering, private bus bar and Gin O'Clock breaks. Early Bird discounted...

RootedCON Security Conference - 1-3 March, Madrid (Spain) omarbv (Feb 11)
On the occasion of the ninth edition of RootedCON, the most important
computer security conference in the country, around 2,000 hackers will
meet to discuss new questions and researchs about the cybersecurity
world, with its risks and threats. National and international experts
have included in their agendas this mandatory appointment to discuss new
vulnerabilities, viruses, and other threats, they will also talk about
countermeasures in order...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Ransomware: Why one city chose to the pay the ransom after falling victim InfoSec News (Aug 12)
https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/

By Danny Palmer
ZDNet.com
August 12, 2020

A US city has explained why it gave into the demands of cyber criminals
and paid a ransom demand of $45,000 following a ransomware attack.

Lafayette, Colorado fell victim to ransomware on July 27, which encrypted
the city's computer networks and caused disruptions to phone services,
email and...

0-days, a failed patch, and a backdoor threat. Update Tuesday highlights InfoSec News (Aug 12)
https://arstechnica.com/information-technology/2020/08/update-tuesday-fixes-2-0days-and-botched-patch-for-a-backdoor-threat/

By Dan Goodin
Ars Technica
08/12/2020

Microsoft on Tuesday patched 120 vulnerabilities, two that are notable
because they’re under active attack and a third because it fixes a
previous patch for a security flaw that allowed attackers to gain a
backdoor that persisted even after a machine was updated.

Zero-day...

OCR warns hospitals of HIPAA compliance scams InfoSec News (Aug 12)
https://www.healthcareitnews.com/news/ocr-warns-hospitals-apparent-hipaa-compliance-scams

By Mike Miliard
Healthcare IT News
August 11, 2020

The Office for Civil Rights at the U.S. Department of Health and Human
Services has warned health systems about what appears to be something of
an old-fashioned and low-tech phishing attempt: fraudulent postcards, most
addressed to hospital privacy officers, that warn of noncompliance with a
mandatory...

The Secret SIMs Used By Criminals to Spoof Any Number InfoSec News (Aug 12)
https://www.vice.com/en_us/article/n7w9pw/russian-sims-encrypted

By Joseph Cox
Vice.com
August 12, 2020

The unsolicited call came from France. Or at least that's what my phone
said. When I picked up, a man asked if I worked with the National Crime
Agency, the UK's version of the FBI. When I explained, no, as a journalist
I don't give information to the police, he said why he had contacted me.

"There are these special SIM...

North Korean Hacking Group Attacks Israeli Defense Industry InfoSec News (Aug 12)
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html

By Ronen Bergman and Nicole Perlroth
nytimes.com
Aug. 12, 2020

TEL AVIV -- Israel claimed Wednesday that it had thwarted a cyberattack by
a North Korea-linked hacking group on its classified defense industry.

The Defense Ministry said the attack was deflected “in real time” and that
there was no “harm or disruption” to its computer systems.

However,...

FBI says an Iranian hacking group is attacking F5 networking devices InfoSec News (Aug 11)
https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/

By Catalin Cimpanu
Zero Day
ZDNet.com
August 10, 2020

A group of elite hackers associated with the Iranian government has been
detected attacking the US private and government sector, according to a
security alert sent by the FBI last week.

While the alert, called a Private Industry Notification, didn't identify
the hackers by name,...

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks InfoSec News (Aug 11)
https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walkthrough/

By Gareth Corfield
The Register
08/10/2020

DEF CON -- Boeing 747-400s still use floppy disks for loading critical
navigation databases, Pen Test Partners has revealed to the infosec
community after poking about one of the recently abandoned aircraft.

The eye-catching factoid emerged during a DEF CON video interview of PTP's
Alex Lomas, where the man...

US Cyber Command is using unclassified networks to fight election interference InfoSec News (Aug 10)
https://www.c4isrnet.com/cyber/2020/08/10/us-cyber-command-is-using-unclassified-networks-to-fight-election-interference/

By Mark Pomerleau
C4ISRNET.com
08/10/2020

WASHINGTON -- U.S. Cyber Command is using unclassified networks and
publicly available communication platforms as it works to prevent foreign
interference in the next presidential election, a CYBERCOM official has
revealed.

“From a CYBERCOM standpoint, one of the big changes...

New England guardsmen test their skills in Cyber Yankee 2020 InfoSec News (Aug 03)
https://www.c4isrnet.com/cyber/2020/08/03/new-england-guardsmen-test-their-skills-in-cyber-yankee-2020/

By Mark Pomerleau
C4ISRNET.com
08/03/2020

Members of the National Guard from New England states concluded a two-week
cyber exercise that sought to test the cyber skills of guardsmen and
critical infrastructure operators.

Cyber Yankee 2020, which took place July 21-31 in New Hampshire, involved
more than 200 National Guard members and...

Travel management company CWT hands over $4.5M following ransomware attack InfoSec News (Aug 03)
https://siliconangle.com/2020/08/02/travel-management-company-cwt-hands-4-5m-following-ransomware-attack/

By Duncan Riley
SiliconAngle.com
08/02/2020

Business travel management company CWT Global B.V. is the latest company
to pay a ransom demand following a ransomware attack.

According to report Friday by Reuters, the company paid $4.5 million to
those behind the ransomware after the attack knocked some 30,000 of the
company’s computers...

DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns InfoSec News (Aug 03)
https://www.cyberscoop.com/taidoor-malware-report-china-cisa-dod-fbi/

By Shannon Vavra
CYBERSCOOP
August 3, 2020

The U.S. government publicly put forth information Monday that exposed
malware used in Chinese government hacking efforts for more than a decade.

The Chinese government has been using malware, referred to as Taidoor, to
target government agencies, entities in the private sector, and think
tanks since 2008, according to a joint...

Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets InfoSec News (Aug 03)
https://www.theregister.com/2020/08/03/leaky_s3_buckets/

By Shaun Nichols in San Francisco
The Register
3 Aug 2020

The massive amounts of exposed data on misconfigured AWS S3 storage
buckets is a catastrophic network breach just waiting to happen, say
experts.

The team at Truffle Security says its automated search tools were able to
stumble across some 4,000 open Amazon S3 buckets that included data
companies would not want public, things...

House Republicans introduce legislation to give states $400 million for elections InfoSec News (Aug 03)
https://thehill.com/policy/cybersecurity/510362-house-republicans-introduce-legislation-to-give-states-400-million-for

By Maggie Miller
The Hill
08/03/2020

A group of House Republicans on Monday introduced legislation that would
appropriate $400 million to states to address election challenges stemming
from the COVID-19 pandemic.

The Emergency Assistance for Safe Elections (EASE) Act would designate
$200 million to assist with sanitizing...

Zoom private meeting passwords were easily crackable InfoSec News (Jul 30)
https://www.itnews.com.au/news/zoom-private-meeting-passwords-were-easily-crackable-551095

By Juha Saarinen
itnews.com.au
July 31, 2020

The automatically generated passwords protecting private Zoom meetings
could be cracked with relative ease, allowing access to sensitive
conferences, a researcher has discovered.

Web site developer Tom Anthony decided on March 31 this year to see if he
could crack the password for private Zoom meetings....

Pentagon needs access to defense companies' networks to hunt cyberthreats, says commission InfoSec News (Jul 30)
https://www.c4isrnet.com/cyber/2020/07/30/pentagon-needs-access-to-defense-companies-networks-to-hunt-cyberthreats-says-commission/

By Mark Pomerleau
C4ISRNET.com
July 30, 2020

WASHINGTON -- The Pentagon must be able to hunt cyberthreats on the
private networks of defense companies in order to strengthen national
cybersecurity, according to one of the leaders of the Cyber Solarium
Commission.

Rep. Mike Gallagher, R-Wis., who co-chairs the...

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Revival? Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.

Paul

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
•  RSS Feed
•  About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Faraday Beta V3.0 Released Francisco Amato (Jul 04)
Faraday helps you to host your own vulnerability management platform
now and streamline your team in one place.

We are pleased to announce the newest version of Faraday v3.0. In this
new version we have made major architecture changes to adapt our
software to the new challenges of cyber security. We focused on
processing large data volumes and to making it easier for the user to
interact with Faraday in its environment.

To install it you can...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Plausible. Dave Aitel via Dailydave (Apr 11)
A while back I was chatting with someone at INFILTRATE, over fried
alligator and more alcohol than I probably should have imbibed, and he
said, "We're going to make fuzzing obsolete, because we have more CPUs on
the problem than anyone can reasonably duplicate, and we're going to
exhaust the space".

And it's PLAUSIBLE in a way. I've watched a few of the live streams that
Brandon Falk does, and you can see how like,...

News Roundups! Dave Aitel via Dailydave (Feb 01)
So lately I've been doing little news roundups on the YouTubes....
Yesterday's is here: https://youtu.be/xgiymt_0isY

Neal Stephenson, in his most recent book, *Fall*, had a character that was
an interesting play on the traditional fantasy "giant" in the sense that
she was normal size, but fractally dense. I feel like we are living that
kind of time - in the sense that gravity is really a measure of how much
stuff is happening...

Re: Fully Automated CONOPs Exercise Pukhraj Singh via Dailydave (Jan 28)
Folks like Joe Slowik
<https://www.youtube.com/watch?v=n7XqxRXwFZ4&ab_channel=CYBERWARCON>, Grugq
<https://www.blackhat.com/docs/webcast/12142017-the-triple-a-threat.pdf>and you
<https://cybersecpolitics.blogspot.com/2016/09/the-stern-stewart-summit-germany-and.html>(Dave)
have tried to articulate the CONOPS for worms since long. In their current
forms, worms look like IO packages in full-spectrum missions. Ignoring...

Re: Fully Automated CONOPs Exercise Dave Aitel via Dailydave (Jan 28)
I mean, the goal of the question is to start putting some meat on the idea
of what "harm" is and how that is reflected both from a policy and
technical perspective. But also: It's useful to put some real definitions
around what is required to make people comfortable with fully-automated
techniques.

I don't think the idea that we are going to come up with and enforce norms
is as useful as figuring out what the norms really are...

Re: Fully Automated CONOPs Exercise Dave Dittrich via Dailydave (Jan 28)
Did any of them mention international humanitarian law, specifically
discrimination, respecting territory of neutral ("green") actors and
their infrastructure, and avoiding harm to neutral third parties and
non-combatants? The problem with most worms is the inability to
accurately discriminate targets and resulting harm. This is an area
where technical experts need to be balanced with operators and policy
makers to ensure that...

Fully Automated CONOPs Exercise Dave Aitel via Dailydave (Jan 27)
So one of my new fav questions to ask policy teams is what they would do if
they were told to switch their offensive team entirely to worms. Nothing
else. Just worms. What needs to change to make that happen - from op tempo
to supply chain to personnel to policy and technological investment.

And how would their defensive team need to change strategically if they
were facing such an offensive team.

It's a fun thing to see people wrap their...

"Severely lacking". Dave Aitel via Dailydave (Jan 20)
Recently I read this post from Maddie Stone of Google's Project Zero:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
. In particular, it has a bolded line of "*As a community, our ability to
detect 0-days being used in the wild is severely lacking to the point that
we can’t draw significant conclusions due to the lack of (and biases in)
the data we have collected.*" which is the most...

[mm4.emwd.com] Please Confirm Your E-mail Address noreply (Jan 07)
Hello from mm4.emwd.com!

You're receiving this e-mail because user SeclistsDD has given yours as an e-mail address to connect their account.

To confirm this is correct, go to
https://lists.aitelfoundation.org/accounts/confirm-email/MzAw:1kxbbR:J_gxtLGlz_7WONRMX9blDLA1rXc/

Thank you from mm4.emwd.com!
mm4.emwd.com

Re: The Lost Decade of Security Metrics Andre Gironda via Dailydave (Jan 05)
MITRE ATK > CVE/CVSS
Enterprise v8 is more granular than ever before for vuln purposes, but
always has been extensive for threat purposes

If you want to express CVEs in maldocs or malware (including webshells) may
I suggest Yara and/or Suricata (maybe shortcuts such as JA3 or JARM if TLS
applies)?
If you want to express CVEs in runtime app infra may I suggest
caldera_pathfinder? e.g., this is heartbleed --...

Re: The Lost Decade of Security Metrics toby via Dailydave (Jan 05)
I don't think you are wrong but your comparison of CVSS and the multiple
(also separately bad) metrics for a WAF isn't effective or accurate.

The values going into CVSS have something in common; they are attempts to
characterize the importance of the vulnerability in question. You are
making (have made before) the claim that the importance of a vulnerability
is too variable and specific to an environment or an attack scenario to be...

Re: The Lost Decade of Security Metrics Chuck McAuley via Dailydave (Jan 05)
Throughput* is perhaps the wrong unit of measure. Most of the time you would be interested in measuring
“requests/second” or “transactions/second”. Aside from say a content ingesting site/repeater
(facebook/twitter/instagram), almost all content for a WAF to handle is inbound, using low amounts of available
bandwidth. The outbound content is rarely inspected by such a device, with the exception of 5xx error or similar
(headers).

A...

The Lost Decade of Security Metrics Dave Aitel via Dailydave (Jan 05)
A thousand years ago I subscribed to the Security Metrics mailing list.
Metrics are important - or rather, I think good decision making is
important, and without metrics your decision making is essentially luck.
But we haven't seen any progress on this in a decade, and I wanted to talk
about the meta-reason why: Oversimplification in the hopes of scaling.

There's a theme in security metrics, a deep Wrong, that the community
cannot...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Previous Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Mozilla Releases Security Update for Thunderbird US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Mozilla Releases Security Update for Thunderbird [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird ] 07/17/2020
10:50 AM EDT
Original release date: July 17, 2020

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit
some of these...

Microsoft Releases Security Update for Edge US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Releases Security Update for Edge [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/microsoft-releases-security-update-edge ] 07/17/2020 10:53 AM
EDT
Original release date: July 17, 2020

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit
this vulnerability to drop...

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation [
https://us-cert.cisa.gov/ncas/alerts/aa20-198a ] 07/16/2020 08:09 AM EDT
Original release date: July 16, 2020

Summary

"This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) and Pre-ATT&CK
frameworks....

CISA Releases Emergency Directive on Critical Microsoft Vulnerability US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

CISA Releases Emergency Directive on Critical Microsoft Vulnerability [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability
] 07/16/2020 03:28 PM EDT
Original release date: July 16, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive...

Apple Releases Security Updates US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Apple Releases Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/apple-releases-security-updates ] 07/16/2020 11:17 AM EDT
Original release date: July 16, 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of
these vulnerabilities to take control of an...

Malicious Activity Targeting COVID-19 Research, Vaccine Development US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Malicious Activity Targeting COVID-19 Research, Vaccine Development [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/malicious-activity-targeting-covid-19-research-vaccine-development
] 07/16/2020 07:16 AM EDT
Original release date: July 16, 2020

In response to malicious activity targeting COVID-19 research and vaccine development in the United...

Cisco Releases Security Updates for Multiple Products US-CERT (Jul 15)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Cisco Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products ]
07/15/2020 03:19 PM EDT
Original release date: July 15, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote
attacker...

Oracle Releases July 2020 Security Bulletin US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Oracle Releases July 2020 Security Bulletin [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/oracle-releases-july-2020-security-bulletin ] 07/14/2020
05:21 PM EDT
Original release date: July 14, 2020

Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A
remote attacker could...

Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome-0 ] 07/14/2020 04:51
PM EDT
Original release date: July 14, 2020

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit...

Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome ] 07/14/2020 02:45 PM
EDT
Original release date: July 14, 2020

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit to...

Microsoft Releases July 2020 Security Updates US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Releases July 2020 Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-releases-july-2020-security-updates ] 07/14/2020
02:13 PM EDT
Original release date: July 14, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could
exploit some of these...

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-addresses-wormable-rce-vulnerability-windows-dns-server
] 07/14/2020 02:14 PM EDT
Original release date: July 14, 2020

Microsoft has released a security update to address a remote code execution (RCE)...

Adobe Releases Security Updates for Multiple Products US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Adobe Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/adobe-releases-security-updates-multiple-products ]
07/14/2020 01:18 PM EDT
Original release date: July 14, 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit
some of...

Apache Releases Security Advisories for Apache Tomcat US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Apache Releases Security Advisories for Apache Tomcat [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/apache-releases-security-advisories-apache-tomcat ]
07/14/2020 11:33 AM EDT
Original release date: July 14, 2020

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat.
An attacker...

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java US-CERT (Jul 13)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java [ https://us-cert.cisa.gov/ncas/alerts/aa20-195a ]
07/13/2020 07:07 PM EDT
Original release date: July 13, 2020

Summary

On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287 [
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287 ],...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 25)
Le 20/04/2021 à 09:54, Gabriel Corona a écrit :

This is CVE-2021-31718.

Gabriel

Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Robert Scheck (Apr 24)
The affected Zarafa versions are identically to CVE-2021-28994 (verified),
thus all versions since Zarafa 6.30.0 Beta 1 (SVN Rev. 13713) are affected.

Given the crash and error messages in old Zarafa versions look different
than in more recent Zarafa/Kopano versions, here is how it looked for me
when verifying the Zarafa version introducing the flaw:

Pid 1545 caught SIGABRT (6), out of memory or unhandled exception, traceback:
backtrace length:...

Re: Malicious commits to Linux kernel as part of university study Thomas Ward (Apr 24)
Clarification is from 2020.  That clarification doesn't address the fact that this is still technically research
misconduct regardless of the clarifications.  The Linux Kernel has banned commits from University of Michigan because
of a large volume of noise and useless patch requests among other things.  So it still requires a misconduct evaluation.

⁣Get BlueMail for Android ​

-------- Original Message --------
From: Silas...

Re: Malicious commits to Linux kernel as part of university study Silas (Apr 24)
Hello,

They issued a clarification as well:
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf

- S

CVE-2021-26291: Apache Maven: block repositories using http by default Brian Fox (Apr 23)
Subject: CVE-2021-26291: Apache Maven: block repositories using http by default

Description:

Apache Maven will follow repositories that are defined in a
dependency’s Project Object Model (pom) which may be surprising to
some users, resulting in potential risk if a malicious actor takes
over that repository or is able to insert themselves into a position
to pretend to be that repository. Maven is changing the default
behavior in 3.8.1+ to no...

Re: Malicious commits to Linux kernel as part of university study James Feister (Apr 23)
It is naive to think this adversarial behavior is not already taking place.

The overall response I have seen to this should be encouraging to all of
us that live in these open-source and free software communities. It
shows how our system works. In this case, the actors were identified,
attributed to a publicly known group, and weeded out. The key part is
the information was freely shared, everyone knows about it and can take
what they feel are...

Re: Malicious commits to Linux kernel as part of university study Greg KH (Apr 23)
The people involved agree after-the-fact to the airing of those things.
No such thing happened here at all.

Those who need to know, know who "George Spelvin" is, that is not an
issue.

greg k-h

Re: Malicious commits to Linux kernel as part of university study Kurt H Maier (Apr 23)
This could have been coordinated with kernel maintainers who were
willing to participate, for instance by placing sabotaged code in a
time-locked escrow to be revealed after a set window. This is not
an all-or-nothing proposition. Red team protocols vary, but none of
them start with "first, pick an unsuspecting cadre of strangers trying to
build something, then attack it."

Those prank shows are generally not produced with money from...

Re: Malicious commits to Linux kernel as part of university study Jan Engelhardt (Apr 23)
If you alert the crowd that something is about to happen, you can no
longer observe how the crowd acts in an unalerted state, dooming the
research effort.

Not to encourage UMN's conduct, but I'd find that the prank shows on TV
(let alone Youtube) are a much more severe intrusion, but somehow those
shows still run.

What's more, with the pitchfork way this incident is being responded to,
future researchers may choose to...

Re: Malicious commits to Linux kernel as part of university study Eric Biggers (Apr 22)
Note that one of the patches (the one matching Figure 11 in their paper) did get
accepted and is in mainline. However, it doesn't actually have a bug as
intended, apparently because the author misunderstood what pci_disable_device()
does. So I'm not sure what the story is for that patch. Incompetence is
normally much more likely than malice, but this case would be doubly incompetent
(failing to actually write a malicious patch and...

Re: Malicious commits to Linux kernel as part of university study Francis Booth (Apr 22)
Mark,

by Aditya which did manage to make it into the stable trees.

https://lore.kernel.org/linux-nfs/CADVatmNgU7t-Co84tSS6VW=3NcPu=17qyVyEEtVMVR_g51Ma6Q () mail gmail com/

So I think we can agree that there may be more submissions that have made
it through that we aren't yet aware of.

Re: Malicious commits to Linux kernel as part of university study Michael Orlitzky (Apr 22)
If you believe them, the researchers never intended to allow the bad
commits into the kernel:

https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf

On the one hand, they're wasting everyone's time to report a
vulnerability that everyone knows exists already and finding
conclusions that are all obvious and/or useless. But on the other hand,
they don't sound quite as daft as the headlines make them seem. Overly
naive...

Re: Malicious commits to Linux kernel as part of university study Mark Steward (Apr 22)
...

This looks like a good guess to me, and if correct, means none of the
submissions in the paper were successful:

https://lore.kernel.org/linux-nfs/YIEqt8iAPVq8sG+t@sol.localdomain/

Mark

Re: Malicious commits to Linux kernel as part of university study r00t4dm (Apr 22)
Hello,

This case demonstrates that the possibility of a supply chain attack is
very high.
If the supply chain attack is sophisticated enough, this case may succeed.
e.g:

One day I committed some code, This code is a normal function.
After Five days, I committed some code, This code also is a normal function.

...

After three month, I committed it dozens of times, But These committed
code together to form a vulnerability.
I don't know how...

Re: Malicious commits to Linux kernel as part of university study Ariadne Conill (Apr 22)
Hello,

The paper says that they used throwaway Gmail accounts to submit the
patches. Frustratingly, they have not identified which patches they
succeeded in landing in that paper.

However, the paper also claims that they generated these "hypocrite"
commits using an LLVM-based static analysis tool.

Which means the work introduced by Aditya is likely directly related to
this experiment, since it has the same "feel" to...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

Educause Security Discussion — Securing networks and computers in an academic environment.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Virtual CISO Tej Patel (Apr 23)
OculusIT (https://www.oculusit.com/it-consulting/#cisoservices) - happy to share experiences directly.

Best,

--Tej

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Dr. Christopher
Davis
Sent: Friday, April 23, 2021 10:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Virtual CISO

Has anyone employed the services of a virtual CISO (or company) to help them design and...

Re: Virtual CISO David Eilken (Apr 23)
I might suggest BobCat Cyber. He's an ex-EY security consultant that could
be price competitive if that is a key criteria for you. He's very solid and
thorough. Started his career at Mitre.

Best,
Dave Eilken
[image: Maricopa Community College District Office logo]
DAVID EILKEN MA, MBA, CISSP-ISSMP
MARICOPA COMMUNITY COLLEGES
Information Security Officer | ITS
2411 West 14th Street, Tempe, AZ 85281
david.eilken () domail maricopa edu...

Re: Virtual CISO Koppel, Lorna (Apr 23)
I suggest talking to SideChannel – they provide virtual/fractional CISOs. Started by some VERY smart CISOs that like
to help smaller companies/institutions.
Reach out to Brian Haugli or visit https://www.sidechannel.com/

Lorna L. Koppel
Director of Information Security
Office of Information Security (OIS)
Tufts University
169 Holland
Street<...

Re: Virtual CISO Mattehew Prescott (Apr 23)
We didn't do a vCISO but we have and are using Vantage Consulting,
www.vantagetcg.com. They are an EDUCAUSE partner.

Thanks,
Matt Prescott, Security Analyst
Information Technology
(o) 325-674-2882
Abilene Christian University
[image: Abilene Christian University]

On Fri, Apr 23, 2021 at 9:10 AM Dr. Christopher Davis <CDavis () franciscan edu>
wrote:

**********
Replies to EDUCAUSE Community Group emails are sent to the entire...

Virtual CISO Dr. Christopher Davis (Apr 23)
Has anyone employed the services of a virtual CISO (or company) to help them design and implement a security program
for their school? Any recommendations, good or bad, are appreciated!

Pax Christi,

Dr. Chris Davis
Director of Information Technology Services
[Franciscan University logo]
Franciscan University of Steubenville
1235 University Blvd., Steubenville, OH 43952
740-284-5192 | cdavis () franciscan edu

St. Isidore, please pray that God...

Re: Emeriti Faculty Licensing Carter, Cyrus B (Apr 22)
I was curious about what you said. I found this article.
https://support.microsoft.com/en-us/topic/manage-graduating-student-licenses-and-content-in-microsoft-365-education-ba3142c7-fa7d-46d2-9efd-f1ee751cd400

basically If the institution wishes to maintain the email for alumni they can. But keeping the specific student license
is not part of the deal. This part below is FREE part that may be what was referenced by our Vendor regarding alumni....

Re: Emeriti Faculty Licensing Carter, Cyrus B (Apr 21)
That may be true. And it may be part of the license type we have . I was just repeating what was told to me. Either way
we are not going that route so is a moot point for us. I know this doesn't help anyone else with the question that
was posed. Sorry.

Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on...

Re: Emeriti Faculty Licensing Mandi Witkovsky (Apr 21)
I'm not a licensing expert but I have always been told that per MS licensing, alumni are only entitled to email.

mandi

Mandi Witkovsky
Director, Identity and Access Management
for the Purdue University system
witkovsm () pfw edu<mailto:witkovsm () pfw edu>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Carter, Cyrus B
Sent: Wednesday, April 21, 2021 2:41 PM
To: SECURITY ()...

Re: Emeriti Faculty Licensing Carter, Cyrus B (Apr 21)
We are currently migrating our Student tenant into our main tenant (fac/staff) in Azure AD. That was brought up if we
wanted to setup Alumni constituency to allow users to keep some of the office365 components. Its my understanding that
it is free but you as the institution would still have to manage it. As of now our leadership does not wish to
implement this for alumni because its just one more thing that would require us to manage and...

!!UPDATED TIMES!! [REGISTRATION OPEN] 2021 REN-ISAC Blended Threat Workshop - OSU Sarah Bigham (Apr 21)
<<< text/html; charset=utf-8: Unrecognized >>>

Emeriti Faculty Licensing Kimmitt, Jonathan (Apr 21)
Hi all,

Back in January there was a good conversation on the list about services that .edu's provide emeriti faculty
members.....

For those that let them keep their account, specifically in office365, how do you handle licensing? Do you add to your
employee count to cover those licenses?

Thanks!

-Jonathan

~
Jonathan Kimmitt
CISSP, FIP, CDPSE, CIPP/E, CIPM, CIPT,
OTCP,GLEG, GPEN, GSNA, PCIP, CEH
Chief Information Security Officer...

[Webinar] Rapid IAM Cloud-based Digital Transformation at California Institute of the Arts Hazel Woods (Apr 21)
<<< text/html: EXCLUDED >>>

[REGISTRATION OPEN] 2021 REN-ISAC Blended Threat Workshop - OSU Sarah Bigham (Apr 21)
<<< text/html; charset=utf-8: Unrecognized >>>

Re: MFA for Incarcerated Students Matt Weatherford (Apr 20)
Could the incarcerated student  work in a "study room" with a landline
that accepts incoming phone calls?  (more likely than allowing a cell
phone, but still feels unlikely)

DUO 2FA allows you to add in a "Call my landline and tell me a code" 2fa
option.
A shared incoming phone line has its share of risks and isnt tied
directly to a user in the way 2FA prefers, but might work here.

Matt Weatherford
University of...

2021 RIMM Call for Proposals Now Open! Sarah Bigham (Apr 20)
<<< text/html; charset=utf-8: Unrecognized >>>

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: DoD IP Space Michael Butler via NANOG (Apr 25)
The footnote (11) on page 7 of https://www.gao.gov/assets/gao-20-402.pdf
seems to be most relevant ..

"We are not aware of any statutory requirements that directly address
the ability of a government agency to transfer or sell IP addresses to a
third party, but DOD would face legal and policy constraints to any
potential sale or transfer of the addresses to a third party outside of
the government. Among other things, this is because...

Re: DoD IP Space Randy Bush (Apr 25)
john,

my altzheimer's device tells me that some years back there was a
documented written agreement between arin and the dod along the lines of
dod getting a large swath of ipv6 space[0] in exchange for agreeing to
return[1] or otherwise put into public use a half dozen ipv4 /8s.

could you refresh my memory, e.g. with the document, please? thanks.

randy

Re: DoD IP Space Martin Hannigan (Apr 25)
If you apply that ideology to 0/0 you're not going to have much of an
Internet beyond cat pics.

Wish i was in the room when they turned it on. I hope they make a tiktok of
the expressions of everyone looking at the first data. [ joke ]

Warm regards,

-M<

Re: DoD IP Space sronan (Apr 25)
So you are claiming that ARIN has jurisdiction over DoD IP space?

Sent from my iPhone

Re: DoD IP Space John Curran (Apr 25)
Sronan -

For avoidance of doubt (and to save folks some digging), I will observe that the number resources associated with the
U.S. DoD handle I referenced do not include DoD’s legacy IPv4 number resource holdings. However, there are indeed
are registration agreements with the US DoD that pertain to the DoD’s legacy IPv4 number resource holdings, and this
may be readily confirmed by reviewing the CBO assessment report for the...

Re: DoD IP Space John Curran (Apr 25)
Sronan -

I’d suggest asking rather than making assertions when it comes to ARIN, as this will avoid propagating existing
misinformation in the community.

Many US government agencies, including the US Department of Defense, have signed registration services agreements with
ARIN.

From https://account.arin.net/public/member-list -

United States Department of Defense (DoD)

USDDD<...

Re: DoD IP Space John Curran (Apr 25)
This doesn’t sound good, no matter how you slice it. The lack of
transparency with a civilian resource is troubling at a minimum.

You do understand that the addresses in question are not and have
never been "civilian." They came into DoD's possession when this was
all still a military project funded by what's now DARPA.

Personally, I think we may have an all time record for the largest
honeypot ever constructed. I'd...

Re: DoD IP Space sronan (Apr 25)
Except these DoD blocks don’t fall under ARIM justification, as they predate ARIN. It is very likely that the DoD has
never and will never sign any sort of ARIN agreement.

Sent from my iPhone

RE: DoD IP Space Jean St-Laurent via NANOG (Apr 25)
This is true and very interesting, but the opposite is also true.

They are now reachable from probably nearly anywhere and therefore open for business. 😊

Let's see what will slowly appear in shodan.io and shadowserver.org

Jean

-----Original Message-----
From: NANOG <nanog-bounces+jean=ddostest.me () nanog org> On Behalf Of William Herrin
Sent: April 24, 2021 6:46 PM
To: Mel Beckman <mel () beckman org>
Cc: nanog () nanog...

Re: DoD IP Space John Curran (Apr 25)
Mr. Beckman -

As noted by Mark Foster below, the listed contact information for the DoD address blocks is indeed correct, and (as you
yourself confirmed) may be used to successfully contact the organization. ARIN does not have the mandate to force any
organization “to deal” with any other, but I can assure you that the contacts listed for the resources in the ARIN
registry have been used to resolve actual technical problems without any...

Re: DoD IP Space Mark Foster (Apr 25)
Hi Mel,

I'd expect ARIN to hold them to account for complying with ARIN rules,
if they are subject.  In years gone by, I have been able to contact US
DoD organisations using published contact methods to address technical
issues. So even if there's technical non-compliance (which i'd agree
should be addressed), it could be a lot worse.

As for the DoD's accountability via your system of government, my view
would be that...

Re: DoD IP Space Christian de Larrinaga via NANOG (Apr 25)
Is the DoD still the owner?

Re: DoD IP Space Bill Woodcock (Apr 25)
I think I’d characterize it, rather, as a possible privatization of public property.

If someone builds a house in the middle of a public park, it’s not _what they’re doing in the house_ that concerns me.

-Bill

Re: DoD IP Space Mel Beckman (Apr 25)
Mark,

ARIN rules require every IP space holder to publish accurate — and effective — Admin, Tech, and Abuse POCs. The DOD
hasn’t done this, as I pointed out, and as you can test for yourself. Your expectation that the DOD will “generally
comply with all of the expected norms” is sorely naive, and already disproven.

As far as “why does anyone on the Internet need to publish to your arbitrary standards”, you seem to forget that...

Fwd: Re: OOB management options @ 60 Hudson & 1 Summer Lost Email Forwarder [Do Not Reply][DART-4276] via NANOG (Apr 25)
Before getting rid of the cellular based OOB, look into some more detail
about exactly what LTE modems are in those. I've seen some remarkable
results from equipment using the 600/700 bands (tmobile, verizon) for
getting signal into deeply buried concrete structures. There's a lot of
different types and capabilities of cellular data modems on the market.

On Thu, Apr 15, 2021 at 3:15 PM Matthew Crocker <matthew () corp crocker...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Will you work with us? Georgi (Feb 26)
N¬ŠÆŒ Á¢¹š¶×™ë,jˆ*.±ç­†+-{b¶gšžËajܨº±&j)l¡ûpj·¡ë'¢Û.¦š+´Âú+™«myٞ²Æ z

Invitation to Research Design, SurveyCTO mobile data collection,GIS mapping and data analysis using NVIVO and SPSS training FEB 2021 FDC Training (Jan 21)
<<< text/html: EXCLUDED >>>

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Risks Digest 32.61 RISKS List Owner (Apr 23)
RISKS-LIST: Risks-Forum Digest Friday 23 April 2021 Volume 32 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.61>
The current issue can also be found at
<...

Risks Digest 32.60 RISKS List Owner (Apr 17)
RISKS-LIST: Risks-Forum Digest Saturday 17 April 2021 Volume 32 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.60>
The current issue can also be found at
<...

Risks Digest 32.59 RISKS List Owner (Apr 04)
RISKS-LIST: Risks-Forum Digest Sunday 4 April 2021 Volume 32 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.59>
The current issue can also be found at
<...

Risks Digest 32.58 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Thursday 1 April 2021 Volume 32 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.58>
The current issue can also be found at
<...

Risks Digest 32.57 RISKS List Owner (Mar 23)
RISKS-LIST: Risks-Forum Digest Tuesday 23 March 2021 Volume 32 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.57>
The current issue can also be found at
<...

Risks Digest 32.56 RISKS List Owner (Mar 19)
RISKS-LIST: Risks-Forum Digest Friday 19 March 2021 Volume 32 : Issue 56

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.56>
The current issue can also be found at
<...

Risks Digest 32.55 RISKS List Owner (Mar 16)
RISKS-LIST: Risks-Forum Digest Tuesday March 2021 Volume 32 : Issue 55

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.55>
The current issue can also be found at
<...

Risks Digest 32.54 RISKS List Owner (Mar 13)
RISKS-LIST: Risks-Forum Digest Saturday 13 March 2021 Volume 32 : Issue 54

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.54>
The current issue can also be found at
<...

Risks Digest 32.53 RISKS List Owner (Mar 12)
RISKS-LIST: Risks-Forum Digest Friday 12 February 2021 Volume 32 : Issue 53

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.53>
The current issue can also be found at
<...

Risks Digest 32.52 RISKS List Owner (Mar 06)
RISKS-LIST: Risks-Forum Digest Saturday 6 March 2021 Volume 32 : Issue 52

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.52>
The current issue can also be found at
<...

Risks Digest 32.51 RISKS List Owner (Feb 22)
RISKS-LIST: Risks-Forum Digest Monday 22 February 2021 Volume 32 : Issue 51

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.51>
The current issue can also be found at
<...

Risks Digest 32.50 RISKS List Owner (Feb 19)
RISKS-LIST: Risks-Forum Digest Friday 19 February 2021 Volume 32 : Issue 50

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.50>
The current issue can also be found at
<...

Risks Digest 32.49 RISKS List Owner (Feb 12)
RISKS-LIST: Risks-Forum Digest Friday 12 February 2021 Volume 32 : Issue 49

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.49>
The current issue can also be found at
<...

Risks Digest 32.48 RISKS List Owner (Feb 05)
RISKS-LIST: Risks-Forum Digest Friday 5 February 2021 Volume 32 : Issue 48

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.48>
The current issue can also be found at
<...

Risks Digest 32.47 RISKS List Owner (Jan 29)
RISKS-LIST: Risks-Forum Digest Friday 29 January 2021 Volume 32 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.47>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

What in the World Is a CISO? Destry Winant (Apr 23)
https://www.tripwire.com/state-of-security/featured/what-in-the-world-is-a-ciso/

Whilst employment has taken a downward curve over the last year or so,
there are a variety of approaches I use when applying for a role to help my
CV stand out. One key point is knowing what the job entails before
submitting my cover letter and CV. This allows me to tailor my message
effectively. Additionally, it enables me to find positions that I might not
have...

Apple supplier Quanta hit by cyber attack Destry Winant (Apr 23)
https://www.ft.com/content/0ec11549-9d68-4ca2-bbac-34684c86abab

Quanta, one of Apple’s major suppliers, said on Wednesday that it had been
hit by a cyber attack and was trying to “recover data” after one of the
world’s most notorious hacking gangs said it was attempting to extort both
companies.

The Taiwanese company, which manufactures computers for Apple and also
supplies companies such as Cisco, Microsoft and Siemens, said it had...

Hackers Target Iconic Japan’s Toshiba Rival Hoya With Ransomware Destry Winant (Apr 23)
https://www.bnnbloomberg.ca/hackers-target-iconic-japan-s-toshiba-rival-hoya-with-ransomware-1.1593280

(Bloomberg) -- A group of hackers executed a ransomware attack on Hoya
Corp, marking the second successful attack suffered by the Japanese firm in
two years.

”We can confirm that Hoya Vision Care US has experienced a cyberattack.
Based on our initial forensics, the disruption appears to have been limited
to our United States systems,” a...

Vermont Health Connect had 10 data breaches last winter Destry Winant (Apr 23)
https://vtdigger.org/2021/04/18/vermont-health-connect-had-10-data-breaches-last-winter/

In mid-December, a Vermont Health Connect user was logging in when the
names of two strangers popped up in the newly created account.

The individual, who was trying to sign up for health insurance,
deleted the information that had suddenly appeared.

“It was super unsettling to think that someone is filing in my account
with my information,” the person,...

Eversource Energy data breach caused by unsecured cloud storage Destry Winant (Apr 22)
https://www.bleepingcomputer.com/news/security/eversource-energy-data-breach-caused-by-unsecured-cloud-storage/

Eversource, the largest energy supplier in New England, has suffered a
data breach after customers' personal information was exposed on an
unsecured cloud server.

Eversource Energy is the latest energy delivery company in New
England, powering 4.3 million electric and natural gas customers
throughout Connecticut, Massachusetts,...

Sustaining IT resiliency in the face of a ransomware attack Destry Winant (Apr 22)
https://www.securityinfowatch.com/cybersecurity/information-security/anti-virus-and-malware-defense/article/21219148/sustaining-it-resiliency-in-the-face-of-a-ransomware-attack

Ransomware has been challenging enterprise IT teams for years. Considering
the necessity of today’s remote working world, and the reliance on online
programs – the pandemic has set the stage for a new evolution of ransomware
attacks that are more harmful and more...

Emergency medicine staffing firm offers patients up to $1M insurance policy after phishing incident Destry Winant (Apr 22)
https://www.beckershospitalreview.com/cybersecurity/emergency-medicine-staffing-firm-offers-patients-up-to-1m-insurance-policy-after-phishing-incident.html

Concord, Calif.-based VEP Healthcare, an emergency medicine and hospital
staffing firm, began notifying patients of a data breach after email hacks
left patients' data exposed for more than a year.

A portion of VEP email accounts were accessed by an unauthorized party
after...

Shifting Strategies: ShinyHunters and Known Cyber Threat Actors Change Tactics Destry Winant (Apr 21)
https://www.riskbasedsecurity.com/2021/04/21/shifting-strategies-shinyhunters-and-known-cyber-threat-actors-change-tactics/

Successful criminals are known to change their tools, tactics, or targets
frequently to ensure the highest payout. They are also keen observers of
other criminal enterprises. So when a novel, more lucrative strategy is
discovered, it is often duplicated and rapidly incorporated into other
criminal schemes. The same can be...

Dating Service Suffers Data Breach Destry Winant (Apr 21)
https://www.infosecurity-magazine.com/news/dating-service-suffers-data-breach/

Men's social networking website and online dating application Manhunt
has suffered a data breach.

According to a security notice filed with the office of the Washington
attorney general on April 1, the 20-year-old site was compromised in a
cyber-attack that took place in February 2021.

An unauthorized third party downloaded personal information belonging
to...

Member of FIN7 Hacking Group Sentenced to US Prison Destry Winant (Apr 21)
https://www.securityweek.com/member-fin7-hacking-group-sentenced-us-prison

A Ukrainian national arrested for his role in a hacking group that
compromised millions of financial accounts was sentenced to a decade
in prison, US prosecutors said Friday.

Fedir Hladyr, 35, had a high-level role as a manager and systems
administrator for a hacking group known at FIN7, authorities said.

He was one of three Ukrainians arrested in mid-2018 for hacking...

Hackers post 26,000 files online after Florida school district doesn’t pay $40 million ransom Destry Winant (Apr 21)
https://www.orlandosentinel.com/news/florida/fl-ne-broward-schools-hackers-post-files-20210420-mypt2qtlc5a7xela4x6bcg5hdy-story.html

Hackers who demanded up to $40 million from the Broward School
District have now published nearly 26,000 files stolen from district
servers.

An initial review by the South Florida Sun Sentinel found a few
isolated incidents where confidential student or employee information
was released, but none that contained...

Geico data breach exposed customers’ driver’s license numbers for more than a month Destry Winant (Apr 20)
https://www.theverge.com/2021/4/19/22392566/geico-data-breach-exposed-customer-drivers-license-numbers-security

Insurance company Geico suffered a data breach earlier this year that
exposed customers’ driver’s license numbers for more than a month,
according to a data breach notice filed with the attorney general of
California. First reported by TechCrunch, Geico says in the notice
that it has fixed the security issue that led to the breach....

Will the CodeCov breach become the next big software supply chain hack? Destry Winant (Apr 20)
https://www.scmagazine.com/home/security-news/data-breach/will-the-codecov-breach-become-the-next-big-software-supply-chain-hack/

It’s always good to have your radar up on April Fool’s Day, constantly
on the lookout for potential pranks or tomfoolery. For one company,
what they discovered on April 1 was far from a joke.

Yesterday, software company Codecov, which sells a tool that lets
developers measure the testing coverage of their...

Domino's India database likely hacked, 1 million credit card details leaked along with mail IDs, cell numbers Destry Winant (Apr 20)
https://www.indiatoday.in/technology/news/story/domino-s-india-database-likely-hacked-1-million-credit-card-details-leaked-along-with-mail-ids-cell-numbers-1792305-2021-04-18

Popular pizza outlet Domino’s India seems to have fallen victim to a
cyber attack. According to Alon Gal co-founder of an Israeli
cybercrime intelligence, the hackers have access to Domino’s India
13TB of internal data which includes employee details of over 250...

Crypto Lending Service, Celsius Suffers Third Party Data Breach Destry Winant (Apr 20)
https://www.ehackingnews.com/2021/04/crypto-lending-service-celsius-suffers.html

Cryptocurrency rewards portal, Celsius has witnessed a data breach,
with the personal details of its clients disclosed by a third-party
services provider that resulted in a phishing attack, as confirmed in
the email sent out to the Celsius clients.

Celsius CEO Alex Mashinsky indicated that perhaps the third-party
commercialization server of Celsius has been hacked...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...

Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]....

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Wireshark 3.4.5 is now available Graham Bloice (Apr 25)
The Wireshark release policy can be found on the wiki page: ReleasePolicy ·
Wiki · Wireshark Foundation / wireshark · GitLab
<https://gitlab.com/wireshark/wireshark/-/wikis/Development/ReleasePolicy>

TL;DR; Only bugfixes are backported from master to a stable branch.
Increasing dissector support for more protocol coverage is a grey area.

Re: Wireshark 3.4.5 is now available Roland Knall (Apr 25)
Normally it is a cut-off date. Exceptions are only made for bigger bug-fixes and security fixes

Re: Wireshark 3.4.5 is now available Constantine Gavrilov (Apr 25)
A quick question. I have been working on nvme dissector and I see that
some changes from dev tree are in and some are left out.

How is release selection made? Is it a cut-off date or manual choice?

Re: Status label for issues Jirka Novak (Apr 24)
Hi Uli,

I agree with you. I'm missing this information about created issues too.
I propose one more kind of label/labels. It is more about interaction
with reporter of the issue - "waiting for response". There are many
issues opened for years where last message is request for sample or more
information. I think that if such issue is opened for years with no
reaction, it is useless and should be closed....

Re: Having problem tracing multiple ip addresses Ricardo Díez Antequera (Apr 23)
Have you used 192.168.60.200 (the subnet address) or 192.168.60.203 (the broadcast address for the subnet) for a
device? Those addresses are reserved in your subnet and could cause errors in tcpdump engine. A /30 subnet only
supports 2 hosts.

Regards,

Ricardo

---- Robert Blair escribió ----

Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users...

Re: Having problem tracing multiple ip addresses chuck c (Apr 23)
You will probably get more feedback on the Wireshark Q&A site:
https://ask.wireshark.org/questions/

If you open a question there, include the output of "wireshark -v" or
"tshark -v".
These include OS information and version info for the libraries and program.
Maybe throw in "netstat -nr" (if it's not sensitive info) in case packets
go out one interface and return on another.

On Fri, Apr 23, 2021 at 1:36 PM...

Having problem tracing multiple ip addresses Robert Blair (Apr 23)
I changed three IoT devices from DHCP to static addresses so I could trace all
three of them.

when I enter "net 192.168.60.201" in the capture filter I get all traffic to
and from the ip.

If I enter "net 192.168.60.200/30" I get all fraffic from the ip addresses but
none going to the ip addresses. According to the documentation at
<https://wiki.wireshark.org/CaptureFilters> that syntax shoud capture all
traffic going...

Re: Status label for issues Graham Bloice (Apr 23)
Ah, I thought this was some different label, sorry for the noise.

Re: Status label for issues Pascal Quantin (Apr 23)
Hi Graham,

23 avr. 2021 16:39:16 Graham Bloice <graham.bloice () trihedral com>:

We already have an enhancement label.

@Uli, LGTM.

Cheers,
Pascal.

Re: Status label for issues Graham Bloice (Apr 23)
How will issues that aren't bugs be handled, e.g. enhancement requests?

Status label for issues Uli Heilmeier (Apr 23)
Hi everyone,

For issues (especially bugs) I really miss the status field which was available with Bugzilla.

Therefore I would like to create these scoped labels [1]:

ws-status::unconfirmed => This bug has recently been added to the issue tracker. Nobody has confirmed that this bug is
valid.
ws-status::confirmed => This bug is valid.
ws-status::in-progress => This bug is not yet resolved, but is assigned to the proper person who is...

Re: Rough consensus and quiet humming Josh Clark (Apr 22)
hmmmm

Re: Rough consensus and quiet humming Francesco Fondelli (Apr 22)
Meetecho team introduced the "virtual hum tool"... there should be a draft
somewhere describing it. Hmm.

Re: Rough consensus and quiet humming Graham Bloice (Apr 22)
In a covid pandemic, working from home world, no one can hear you hum.

Rough consensus and quiet humming Guy Harris (Apr 22)
https://twitter.com/MeghanEMorris/status/1382109954224521216/photo/1

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Snort Blog: 2.9.8.3 Shared Object end-of-life Joel Esler (jesler) via Snort-sigs (Apr 22)
https://blog.snort.org/2021/04/2983-shared-object-end-of-life.html

2.9.8.3 Shared Object end-of-life

Attention users of SNORTⓇ version 2.9.8.3: This serves as your official end-of-life notification. However, this EOL
notification is a bit unique.

We will be moving to an “end of life” for shared object rules for Snort version 2.9.8.3 in 90 days, (July 20, 2021).
After that, for an indeterminate amount of time after July 20, we will...

Snort Subscriber Rules Update 2021-04-22 Research (Apr 22)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-other
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-21 Research (Apr 21)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
malware-cnc, policy-other, protocol-voip, server-apache and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Fwd: question. Russ Combs (rucombs) via Snort-devel (Apr 20)
This should be posted to snort-users or snort-sigs. snort-devel is for bugs and related development work.

Russ

________________________________
From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of juan patricioo via Snort-devel <snort-devel ()
lists snort org>
Sent: Thursday, April 15, 2021 4:09 PM
To: snort-devel () lists snort org <snort-devel () lists snort org>
Subject: [Snort-devel] Fwd: question....

Snort Subscriber Rules Update 2021-04-20 Research (Apr 20)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Fwd: question. juan patricioo via Snort-devel (Apr 19)
---------- Forwarded message ---------
De: juan patricioo <cursoredesinap9644 () gmail com>
Date: jue, 15 abr 2021 a las 21:59
Subject: question.
To: <snort-users () lists snort org>

Hello, im trying to do a rule in snort that can capture de text on a text
field in the next formulary:

http://cekb.unileon.es/formulario.html

[image: image.png]

Im trying:

*alert tcp any any -> any 80 (msg:"script text";...

Snort Subscriber Rules Update 2021-04-15 Research (Apr 15)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
file-pdf, indicator-obfuscation, malware-backdoor, malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-13 Research (Apr 13)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2021-28310:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 57403 through 57404.

Microsoft Vulnerability...

Snort Blog: New "Snort 3 and me" webinar series launches on April 20 Joel Esler (jesler) via Snort-sigs (Apr 08)
We’re launching some webinars about the transition to Snort 3. They are totally free, and your information will not be
used for any marketing purposes.

Snort Subscriber Rules Update 2021-04-08 Research (Apr 08)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-06 Research (Apr 06)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and file-other rule
sets to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-01 Research (Apr 01)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
exploit-kit, indicator-obfuscation, indicator-shellcode, malware-cnc,
netbios, protocol-dns, protocol-voip, server-oracle and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please...

Snort Subscriber Rules Update 2021-03-30 Research (Mar 30)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-other,
malware-cnc, os-windows, protocol-tftp and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Blog: Official EOL Notice for 2.9.15.0, 2.9.15.1 and 2.9.16.0 Joel Esler (jesler) via Snort-sigs (Mar 29)
https://blog.snort.org/2021/03/official-eol-notice-for-29150-29151-and.html

Official EOL Notice for 2.9.15.0, 2.9.15.1 and 2.9.16.0

Attention Snort User and Integrators:

This blog post serves as your official 90-day notice that we will be EOL'ing rule support for versions 2.9.15.0,
2.9.15.1, and 2.9.16.0 as of 2021-06-21 or June 21, 2021.

As we release new versions of Snort, occasionally we have to decommission older versions, lowering...

Snort Blog: 2.9.17.1 has been released! Joel Esler (jesler) via Snort-sigs (Mar 29)
https://blog.snort.org/2021/03/29171-has-been-released.html

2.9.17.1 has been released!

Join us as we are pleased to release a minor bug fix version of Snort 2.9.17.1! Since all new development focus in on
Snort 3<https://snort.org/snort3>, we encourage you to take a look.

First, some release notes:

Snort 2.9.17.1

Improvements / Fix

* Fixed wrong reference to configuration during
* Fixed possible memleak in appid.
*...