SecLists.Org Security Mailing List Archive

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• nmap-devLatest Posts

libnsock ssl_init_helper(): OpenSSL legacy provider failed to load. Peter Jones (Sep 14)
Hi,

My OS is Windows 11 21H2 - 22000.978

I installed ncat and get this error when sending a file:

C:\Users\Peter Jones\Downloads\sjasmplus-1.20.1.win\sjasmplus-1.20.1.win>ncat 192.168.1.111 <output.bin
libnsock ssl_init_helper(): OpenSSL legacy provider failed to load.

Ncat: No connection could be made because the target machine actively refused it. .

C:\Users\Peter Jones\Downloads\sjasmplus-1.20.1.win\sjasmplus-1.20.1.win>winver...

Live Capture Performance to Rival Wireshark Matthew Davis (Sep 12)
Hello.

The project I work on is a Windows-only, 64-bit-only application that
collects and processes application layer messages across various
system-specific protocols. Our legacy application used the old Windows raw
socket mechanism (before migrating to WinPcap 4.1.3) to read the packets
off the wire. Our revamped application is using the OEM version of Npcap
with MUCH better success.

However...

A recent survey of our log files from the...

Re: Nmap 7.93 - 25th Anniversary Release! - build failures Kevin Brott (Sep 12)
Debian 11.4 ...
# gmake
....
gmake[1]: Entering directory '/usr/src/LOCAL/NMAP/nmap-7.93/ncat'
gcc -o ncat -g -O2 -Wall   ncat_main.o ncat_connect.o ncat_core.o ncat_posix.o ncat_listen.o ncat_proxy.o ncat_ssl.o
base64.o http.o util.o sys_wrap.o http_digest.o ncat_lua.o ../nsock/src/libnsock.a ../nbase/libnbase.a -lssl -lcrypto
-lpcap -lm -llua5.3 -ldl
/usr/bin/ld: http_digest.o: in function `make_nonce':...

Zenmap scan commands on Automotive ECU Ilin, Adrian Robert (Sep 12)
Information Classification: Internal

Hello,

Zenmap version 7.92
Operating System Windows 10
We connected an automotive ECU to the laptop using the RadMoon2 media converter.
https://intrepidcs.com/products/automotive-ethernet-tools/rad-moon2/
We are able to see the messages from the ECU in WireShark (messages from 172.16.4.200, 172.16.201.200, 172.16.202.200)
- see the attached log.
We run these commands in Zenmap:...

ncat: perform half-duplex shutdown upon EOF James Stanley (Sep 12)
I have submitted a pull request on github:
https://github.com/nmap/nmap/pull/2510

The summary is:

Previously, |netexec()| would cease all communication as soon as it read EOF
from either the child proces *or* the remote side. This meant (for example)
when the other end of the TCP socket calls |shutdown(fd, SHUT_WR)|, the
child
process doesn't get a chance to send any more response, drain its
buffers, etc.

The new behaviour is to...

Re: Nmap 7.93 - 25th Anniversary Release! - build failures Kevin Brott (Sep 01)
Debian 11.4 ...
# gmake
....
gmake[1]: Entering directory '/usr/src/LOCAL/NMAP/nmap-7.93/ncat'
gcc -o ncat -g -O2 -Wall   ncat_main.o ncat_connect.o ncat_core.o ncat_posix.o ncat_listen.o ncat_proxy.o ncat_ssl.o
base64.o http.o util.o sys_wrap.o http_digest.o ncat_lua.o ../nsock/src/libnsock.a ../nbase/libnbase.a -lssl -lcrypto
-lpcap -lm -llua5.3 -ldl
/usr/bin/ld: http_digest.o: in function `make_nonce':...

Re: ncat: Windows build difficulties David Fifield (Aug 15)
It's strange that there haven't been other reports of the same problem,
but the way to file a bug report is with a GitHub issue:
https://github.com/nmap/nmap/blob/d66644be63e64a94687160da005d65cbf0b51280/CONTRIBUTING.md#bug

Re: ncat: Windows build difficulties Adam Baxter (Aug 11)
Interestingly, https://github.com/microsoft/vcpkg/tree/master/ports/nmap carries a number of patches which might be
useful here upstream, too.

--Adam

Re: ncat: Windows build difficulties Adam Baxter (Aug 11)
Hi David,

Good catch, thanks. At the time of writing, "CompileAsCpp" is set in 3 places in
https://svn.nmap.org/nmap/ncat/ncat.vcxproj. What's the process to get this changed?

--Adam

Re: ncat: Windows build difficulties David Fifield (Aug 11)
I think this error occurs when trying to compile C code with a C++
compiler. The pointer conversion is implicit in C but must be explicit
in C++.

I'm not sure how the C++ compiler came to be used, though—maybe check
the changes you made to the solution file.

ncat: Windows build difficulties Adam Baxter (Aug 11)
Hi,
I'm attempting to build ncat statically for Windows using VS2022 and I've run into the following issues:
* applink.c missing from static build of openssl 3.0.5 - fixed by downloading
https://github.com/openssl/openssl/blob/master/ms/applink.c into the correct path

* vcxproj/sln file not set up to build ncat for x64 - fixed by fiddling with the solution configuration. I'm not sure
how this was generated but I could provide a...

Report a Bug of Zenmap zjjncsn via dev (Aug 10)
????7.92(????)
??????Nmap??????????Nmap??????????????????????????????????????????Nmap????????????????????????????????????????????

version 7.92(Chinese)
When I'm in nmap output tab, it can display normally. But once I&nbsp;switch to another tab and switch back, it can't
display. And the output box will be gray. (Look at the video.)
Sorry for my poor English.

Shining&nbsp;Chen
zjjncsn () qq com...

Re: Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library Gordon Fyodor Lyon (Jun 20)
Hi Shivani. Thanks for the report. Those two vulnerabilities are in the
PCRE2 (2nd generation) PCRE library. Although we plan to upgrade to PCRE2
soon, Nmap is currently still using the 1st generation PCRE which is not
susceptible to these bugs. When we do upgrade, we will be sure to use a
fixed version of PCRE2.

Also, Nmap version 4.6 and 5.21 are ancient and well worth upgrading for
other reasons.

On Mon, Jun 20, 2022 at 1:47 PM Sharma,...

Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library Sharma, Shivani via dev (Jun 20)
Hi Team,
We are using Nmap 4.6 and 5.21 in our project and scan tool reports one vulnerability to Nmap which is related to PCRE2.
As per vulnerabilities ,CVE-2022-1586: This involves a unicode property matching issue in JIT-compiled regular
expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVE-2022-1587: This comes with PCRE2 library in the get_recurse_data_length() function of the...

dhcp script not being seen as open? Mike . (Jun 20)
was testing with my router today i noticed this. sent out a dhcp OFFER i am assuming that is what the script is
sending out, and i notice i get back OPEN/FILTERED. if i am receiving a reply back, why is nmap not seeing this,
marking that as such, and calling it OPEN? it is receiving a valid packet response. am i missing something? here is the
output>

from the nmap side of the NSE debug on

NSE: Script scanning 192.168.0.1.
Initiating NSE...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.

• Current Year
• Archived Posts
• RSS Feed
• About List
• nmap-announceLatest Posts

Nmap 7.93 - 25th Anniversary Release! Gordon Fyodor Lyon (Sep 01)
Dear Nmap community,

Twenty five years ago today, I released the first version of Nmap in a
Phrack article named The Art of Port Scanning (https://nmap.org/p51-11.html).
I never thought I'd still be at it a quarter of a century later, but that's
because I also didn't anticipate such a wonderful community of users and
contributors spanning those decades. You've helped Nmap blossom from a
fairly simple port scanner to a...

Npcap Versions 1.70 and 1.71 improve Windows packet capturing performance, stability, security, and compatibility Gordon Fyodor Lyon (Sep 01)
Hello folks. While the Nmap Project has been quiet lately (this is my
first post of the year), I'm happy to share some great progress on both
Nmap and Npcap development. Starting with our Npcap Windows packet
capturing/sending library, I'm happy to report that we quietly released
Version 1.70 in June and then 1.71 on August 19. They include many key
improvements:

* Performance: A major overhaul of Packet.dll sped up routines that...

Npcap 1.60 Release: Code Hardening, Compatibility, and Bug Fixes Gordon Fyodor Lyon (Dec 08)
Hi Nmap (and Npcap) hackers! I hope you're enjoying the start of the
holidays. For your first stocking stuffer, we're happy to release Npcap
Version 1.60! We also released (but never actually announced) Version 1.55
in September. We put out Versions 1.12 and 1.11 of the SDK too. None of
these try to wow you with major new features. We're excited about a lot of
those in the pipeline, but we focused the last few months on...

Nmap 7.92 Defcon Release! Gordon Fyodor Lyon (Aug 07)
Hi folks. Many of us can't attend Defcon in person this year due to global
pandemic, but we won't let that stop our traditional Defcon Nmap release!
We just posted Nmap 7.92 to https://nmap.org/download.html. It includes
dozens of performance improvements, feature enhancements, and bug fixes
that we've made over the last 10 months.

The biggest improvement (at least for Windows users) is the inclusion of
version 1.50 of Npcap (...

Npcap 1.50 Release Brings Nmap & Wireshark to Windows ARM devices Gordon Fyodor Lyon (Jun 28)
Hi folks. The Nmap Project is pleased to release Npcap version 1.50 at
https://npcap.org. There are many improvements in this release, but the
one we're most excited about is support for the ARM architecture! This
allows apps like Nmap and Wireshark to run for the first time on a newer
generation of hardware which often includes all-day battery life and
always-on LTE/5G capabilities. Devices vary from the $349 Samsung Galaxy
Book Go...

Npcap 1.30 Released: Raw WiFi + Better Performance Gordon Fyodor Lyon (Apr 12)
Hi folks. The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did....

Npcap 1.20 released Gordon Fyodor Lyon (Mar 16)
Nmap/Npcap Community:

I'm happy to report the release of version 1.20 of the Npcap Windows packet
capturing/sending driver! It's the first release of 2021 and includes
better capabilities for selecting timestamp methods as well as many other
improvements and bug fixes. These include updating the underlying libpcap
library to version 1.10 and building our installer now with NSIS 3. More
details on all this are available from the...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
• Archived Posts
• RSS Feed
• About List
• fulldisclosureLatest Posts

SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk) SEC Consult Vulnerability Lab, Research via Fulldisclosure (Sep 15)
SEC Consult Vulnerability Lab Security Advisory < 20220915-0 >
=======================================================================
title: Local privilege escalation
product: SAP® SAPControl Web Service Interface (sapuxuserchk)
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3158619
CVE number: CVE-2022-29614...

SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter SEC Consult Vulnerability Lab, Research via Fulldisclosure (Sep 15)
SEC Consult Vulnerability Lab Security Advisory < 20220914-0 >
=======================================================================
title: Improper Access Control
product: SAP® SAProuter
vulnerable version: see section "Vulnerable / tested versions"
fixed version: see SAP security note 3158375
CVE number: CVE-2022-27668
impact: high
homepage:...

over 2000 packages depend on abort()ing libgmp Georgi Guninski (Sep 15)
ping world

libgmp is library about big numbers.

it is not a library for very big numbers, because
if libgmp meets a very big number, it calls abort()
and coredumps.

2442 packages depend on libgmp on ubuntu20.

guest3@ubuntu20:~/prim$ apt-cache rdepends libgmp10 | wc -l
2442

gawk crash:

guest3@ubuntu20:~/prim$ gawk --bignum 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
gmp: overflow in mpz type
Aborted (core dumped)...

APPLE-SA-2022-09-12-5 Safari 16 Apple Product Security via Fulldisclosure (Sep 12)
APPLE-SA-2022-09-12-5 Safari 16

Safari 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213442.

Safari Extensions
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 242278
CVE-2022-32868: Michael

WebKit...

APPLE-SA-2022-09-12-4 macOS Monterey 12.6 Apple Product Security via Fulldisclosure (Sep 12)
APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213444.

ATS
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2022-32902: Mickey Jin (@patch1t)

iMovie
Available for: macOS Monterey
Impact: A user may...

APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7 Apple Product Security via Fulldisclosure (Sep 12)
APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

iOS 15.7 and iPadOS 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213445.

Contacts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to bypass Privacy preferences
Description:...

APPLE-SA-2022-09-12-1 iOS 16 Apple Product Security via Fulldisclosure (Sep 12)
APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.

Additional CVE entries to be added soon.

Contacts
Available for: iPhone 8 and later
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security

Kernel
Available...

[SYSS-2022-041] Remote Code Execution due to unsafe JMX default configuration in JasperReports Server Moritz Bechler (Sep 12)
Advisory ID: SYSS-2022-041
Product: JasperReports Server
Manufacturer: TIBCO Software Inc.
Tested Version(s): 8.0.2 Community Edition
Vulnerability Type: CWE-502: Deserialization of Untrusted Data
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2022-06-10
Solution Date: 2022-08-10
Public Disclosure: 2022-09-09
CVE Reference:...

Multiple vulnerabilities discovered in Qualys Cloud Agent Daniel Wood via Fulldisclosure (Sep 12)
The Unqork Security team discovered multiple security vulnerabilities in
the Qualys Cloud Agent, to include arbitrary code execution.

CVE-2022-29549 (Arbitrary Code Execution)
https://nvd.nist.gov/vuln/detail/CVE-2022-29549

CVE-2022-29550 (Sensitive Information Disclosure)
https://nvd.nist.gov/vuln/detail/CVE-2022-29550

Read more:
https://www.unqork.com/resources/unqork-and-qualys-partner-to-resolve-zero-day-vulnerabilities...

Trojan.Win32.Autoit.fhj / Named Pipe Null DACL malvuln (Sep 08)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Autoit.fhj
Vulnerability: Named Pipe Null DACL
Family: Autoit
Type: PE32
MD5: d871836f77076eeed87eb0078c1911c7
Vuln ID: MVID-2022-0638
Disclosure: 09/06/2022
Description: The malware creates two processes...

Trojan-Ransom.Win32.Hive.bv / Arbitrary Code Execution malvuln (Sep 08)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/44aba241dd3f0d156c6ed82a0ab3a9e1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Win32.Hive.bv
Vulnerability: Arbitrary Code Execution
Description: Hive Ransomware will load and execute arbitrary .EXE PE files
if a third-party adversary or defender uses the vulnerable naming
convention of...

Trojan-Spy.Win32.Pophot.bsl / Insecure Permissions malvuln (Sep 08)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8c0e6ec6b8ac9eb1169e63df71f24456.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.Pophot.bsl
Vulnerability: Insecure Permissions
Description: The malware writes a BATCH file ".bat" to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the...

Backdoor.Win32.Hupigon.aspg / Insecure Service Path malvuln (Sep 08)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/121bf601275e2aed0c3a6fe7910f9826.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Hupigon.aspg
Vulnerability: Insecure Service Path
Description: The malware creates a service with an unquoted path. Attackers
who can place an arbitrary executable named "Program.exe" under c:\ drive
can...

Backdoor.Win32.Winshell.5_0 / Weak Hardcoded Credentials malvuln (Sep 08)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5bc5f72d19019a2fa3b75896e82ae1e5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Winshell.5_0
Vulnerability: Weak Hardcoded Credentials
Description: The malware is UPX packed, listens on TCP port 5277 and
requires authentication for remote access. However, the password
"123456789" is weak...

Trojan.Win32.Autoit.fhj / Insecure Permissions malvuln (Sep 08)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Win32.Autoit.fhj
Vulnerability: Insecure Permissions
Description: The malware writes two hidden DLL files "vp8decoder.dll" and
"vp8encoder.dll" to its installation directory granting full (F)
permissions to...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Archived Posts
• RSS Feed
• About List

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
• RSS Feed
• About List

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Archived Posts
• RSS Feed
• About List

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
• RSS Feed
• About List

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
• RSS Feed
• About List

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
• RSS Feed
• About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Archived Posts
• RSS Feed
• About List

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• dailydaveLatest Posts

Chapter 2 Dave Aitel via Dailydave (Sep 04)
(Note, this is a continuation of our previous story chapter since sometimes
it's more fun to read fiction than to wonder what's going on these days
with Cloudflare or whatever.

https://lists.aitelfoundation.org/archives/list/dailydave () lists aitelfoundation
org/thread/GAPKL6MWOQ6S2K3DN32FHBOHHT7KNEBZ/
)

Chapter 2

Re: "Market Failures" Bryan Buckman via Dailydave (Aug 29)
"And as critical as Twitter is, we have the exact same dynamic with
our privatized water and power companies - who have no plans to make
strategic investments in security or anything really - which is why on
public calls you can hear them humiliating themselves asking Jen
Easterly to absorb the entire costs of their security programs. "

Long time lurker, first time poster. This hits me where I live because
I run a Red Team for a large...

Re: "Market Failures" Haroon Meer via Dailydave (Aug 25)
Heya(s)

I knew if i did this long enough, i'd find a discussion where i disagreed
with Halvar..

We've been talking about the market-failure in infosec for a while. If
anyone is bored, we once gave an entire talk titled "The products we
deserve" which some smart people said doesn't suck (
https://youtu.be/GHuQC1qLnJ4)

When I started optimyze, a lot of my acquaintances asked me: "Why not a

I deeply believe this is...

Re: "Market Failures" Jhonatan via Dailydave (Aug 25)
Good morning everyone, greetings from Bogota DC, Colombia.

I consider that for the government is cheaper to make a deal with a
software company to install a backdoor in their products in order to
"improve the service or whatever" or "terms and conditions... etc..." as
opposed to paying millions of dollars for a zero day vulnerability in the
most used products by users in the world, Microsoft Windows, Adobe,
Microsoft Office,...

Re: "Market Failures" Nathan Landon via Dailydave (Aug 25)
This reasoning is similar to why selling iOS 0-days for a million dollars a pop for a talented computer scientist is
not the most economically appealing choice when you can potentially build and sell a neat $1 app to 100 million people.

Re: "Market Failures" Konrads Klints via Dailydave (Aug 25)
I couldn't quite figure out where Dave was mistaken with his "market failure" analogy - instinctively it didn't feel
right. Twitter's market is selling customer data and attention to advertisers and as long as the a) platform is up b)
eyes are peeled to the feed, the market is working[1]; i.e. they don't need better security.

What we are facing however is a "policy market failure", meaning that Internet...

Re: "Market Failures" Arun Koshy via Dailydave (Aug 25)
mic-drop moment , if there ever was one. And folks who have played
this game from about the time of the old h/p/v groups realize this "
law " [1]

[1] -
https://www.reuters.com/article/us-whatsapp-w00w00/elite-security-posse-fostered-founders-of-whatsapp-napster-idUSBREA260KF20140307

Re: "Market Failures" Thomas Dullien via Dailydave (Aug 24)
Hey all,

2022 is a year in which I post to Dailydave *at least twice*. This hasn't
happened in a while.

Dave's last paragraph hits on something that I have repeated to startup
founders and other folks in security for the last few years. When I started
optimyze, a lot of my acquaintances asked me: "Why not a security
company?". And my reply was always a variant of the following:

In B2B, there are three categories of product,...

"Market Failures" Dave Aitel via Dailydave (Aug 24)
If you were at a talk at Defcon this year in the Policy track, you probably
heard someone talk about how they, as a government official, are there to
address "market failures". And immediately you thought: This is a load of
nonsense.

Because that government official is not allowed to, and has no intentions
of, addressing any market failures whatsoever. If the Government was going
to address market failures, they'd have to find...

Re: Defcon 30 Konrads Klints via Dailydave (Aug 23)
But then, who is great at giving career advice? Some things change very slowly - your basic advice how to get along in
any corporation remains probably the same - fit into the culture, network within and outside, be moderately
disagreeable, avoid ethnic humor, etc. About the same as in 1990s.

Some thing change: people I interview for jobs for junior to mid-senior roles in cyber security (consulting) largely do
well or poorly based on three...

Re: Phase changes in international relations Konrads Klints via Dailydave (Aug 23)
William Gibson’s transition from the bridge cycle and Johnny Mnemonic with its meta verse-cyberspace to Blue Ant cycle
with it’s careful amplification of trends through nudges etc captures this beautifully

Re: Phase changes in international relations Pukhraj Singh via Dailydave (Aug 22)
I am one of those people who find this problem so pressing that I have
side-lined my SIEM engineering job to pursue an international
relations degree. It has been an epiphany to say the least.

- The lack of empiricism in cyber policy has transformed it
into a credibility problem, centred around personalities. This problem
is not going away anytime soon.

- If it is going to remain a subjective discipline, then
there are...

Phase changes in international relations Dave Aitel via Dailydave (Aug 22)
Right now, there is a, to put it mildly, ongoing discussion between
proponents of coercion and deterrence in cyber policy, and adherents of a
new theory, called *persistent engagement.* Maybe the sum total of the
people in the argument is less than a thousand, but as academic circles go,
it heavily influences the US Defense Department and IC, and through that,
the rest of the world, so it is fun to watch. Also obviously it has added
to infosec...

Re: Defcon 30 Ken Pfeil via Dailydave (Aug 21)
As usual, Halvar, great thoughts to ponder.

I’m kind of fond of my glasses, although I’ve yet to hit the point of yelling “get off my lawn”. If you look back we
should be proud of what we’ve built (be it on stilts at times) but never lose sight of where that ship seems to be
sailing to.

A lot of us are at the “tail end” of our careers, with many building that career on “unmentionables”. It was good to us
then, fairly good...

Re: Defcon 30 Richard Thieme via Dailydave (Aug 21)
So well said. When I was given an “Uber contributor” acknowledgement last week after 26 years speaking at Def Con, it
felt like a “lifetime achievement award” and we all know what that means.

I just started the third book in the Möbius trilogy and have speeches slated so not done yet. But life is certainly
different in every way.

Thanks for saying that.

Sent from my iPad

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
• RSS Feed
• About List

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
• RSS Feed
• About List

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Archived Posts
• RSS Feed
• About List

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
• RSS Feed
• About List

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Archived Posts
• RSS Feed
• About List

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• oss-secLatest Posts

[kubernetes] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) Monis Khan (Sep 16)
Hello Kubernetes Community,

A security issue was discovered in kube-apiserver that allows an aggregated
API server to redirect client traffic to any URL. This could lead to the
client performing unexpected actions as well as forwarding the client's API
server credentials to third parties.

This issue has been rated *medium* (
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)
(5.1), and assigned...

[kubernetes] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers Pushkar Joglekar (Sep 15)
Hello Kubernetes Community,

A security issue was discovered in Kubernetes that could allow Windows
workloads to run as ContainerAdministrator even when those workloads set
the runAsNonRoot option to true .

This issue has been rated low and assigned CVE-2021-25749
<https://hackmd.io/ndl5QD3tTUKqYdO7rfGX7A#Am-I-vulnerable>Am I vulnerable?

All Kubernetes clusters with following versions, running Windows workloads
with runAsNonRoot are...

Fwd: Node.js security updates for all active release lines, Month Year Vladimir de Turckheim (Sep 15)
---------- Forwarded message ---------
From: Vladimir de Turckheim <vdeturckheim () gmail com>
Date: Thursday, September 15, 2022 at 7:13:25 PM UTC+2
Subject: Node.js security updates for all active release lines, Month Year
To: nodejs-sec <nodejs-sec () googlegroups com>

The Node.js project will release new versions of all supported release
lines on or shortly after Thursday, 22nd of September, 2022 For more
information see:...

Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 14)
Hopefully last post in this thread:

guest3@ubuntu20:~/prim$ gawk --bignum 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
gmp: overflow in mpz type
Aborted (core dumped)
guest3@ubuntu20:~/prim$ gawk 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
a = +inf

insufficiently protected D-Bus interface in KDiskMark 3.0.0 (CVE-2022-40673) Matthias Gerstner (Sep 14)
# Introduction

The SUSE security team has been asked to review changes [1] in the D-Bus
implementation in KDiskMark [2] major version 3.0.0. KDiskMark is a graphical
utility that allows to run performance benchmarks on local file systems.

# Vulnerability

The review of this codebase showed that the D-Bus interface of the privileged
helper program `kdiskmark_helper` is insufficiently secured. Only the helper's
`init()` member function...

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008 John Helmert III (Sep 13)
Apple's released new security advisories yesterday, with 4 WebKit
security fixes, two of which are code execution issues, but all 4 of
which have public bugzilla bugs and public patches, since as early as
late June (https://support.apple.com/en-us/HT213442):

https://bugs.webkit.org/show_bug.cgi?id=242278
https://bugs.webkit.org/show_bug.cgi?id=241969
https://bugs.webkit.org/show_bug.cgi?id=242762...

Re: CVE-2019-18960: Firecracker v0.18.0 and v0.19.0 vsock buffer overflow Solar Designer (Sep 11)
Hi,

FWIW, Valentina Palmiotti @chompie1337 and her colleagues at Grapl have
recently looked into exploiting the below vulnerability, and blogged
about it here:

https://www.graplsecurity.com/post/attacking-firecracker

The attempts so far have bumped into guard pages, some of unidentified
origin. Maybe someone else will want to continue this research.

The blog post above includes a lot of other observations, not limited to
this one...

CVE-2022-39135: Apache Calcite: potential XEE attacks Ruben Q L (Sep 11)
Description:

In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE
do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML
External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the
first three) or MySQL dialect (the last one), is affected by this vulnerability...

Vulnerability in Jenkins Daniel Beck (Sep 09)
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.

The following releases contain fixes for security vulnerabilities:

* Jenkins 2.263
* Jenkins LTS 2.361.1

Summaries of the vulnerabilities are below. More details, severity, and
attribution can be found here:
https://www.jenkins.io/security/advisory/2022-09-09/

We provide advance notification for security...

Linux kernel: information disclosure in stex_queuecommand_lck Xingyuan Mo (Sep 09)
Hello,

We found an information disclosure vulnerability in stex_queuecommand_lck() in
drivers/scsi/stex.c through linux v6.0-rc4 which allows an attacker to disclose
sensitive information such as kernel space address.

This issue can be fixed with the following patch:
https://lore.kernel.org/all/20220908145154.2284098-1-gregkh () linuxfoundation org/

=*=*=*=*=*=*=*=*= Bug Details =*=*=*=*=*=*=*=*=

In drivers/scsi/stex.c:
666: case...

Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux (Sep 08)
Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz versions prior to 18.12.06

Description:
The Birt viewer version 4.5.0 has a security issue that allows this exploit.
We waited long for https://github.com/eclipse/birt/issues/625
to resolve but eventually decided to release OFBiz 18.12.06 without
the Birt component

Mitigation:
Upgrade to at least 18.12.06

Credit:
Positive Technologies

References:...

Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 08)
1. This is nearly true story: On a mailing list someone posted crash
when parsing the Subject header in one the most popular MUA.
Whenever the user tried to open the folder, the MUA crashed,
preventing reading the list.
Users without technical skills needed technical help to delete the DoS mail.
2. coredump takes space.

Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery (Sep 07)
Georgi Guninski <gguninski () gmail com> writes:

I don't think anyone here is trying to defend the behavior of gmp. That
it aborts on unexpected input has been a long-standing problem that's
provoked a lot of discussion elsewhere. It's certainly surprising, and it
violates the expectations that a lot of people have about how libraries
should work. (I feel obligated to say that the gmp maintainers do have
reasons for why...

Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 07)
[...]

[...]

I was merely pointing out that being able to "DoS" the Python
interpreter with arbitrary Python source code is expected.
"Infidels" like me tend to take no position on your related rants,
but thanks for asking!

Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 07)
on ubuntu 20 a lot of stuff depends on libgmp:

$ apt-cache rdepends libgmp10 | wc -l
2442
$ apt-cache rdepends libgmp10 | grep -i crypt | wc -l
28

some examples:
gcc-9
gawk
g++-9
dnsmasq-base
cpp-9-s390x-linux-gnu

will the infidels who argue that crash in python is nothing
still will claim that gmp crash in any of the 2442 packages
is still nothing?

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
• RSS Feed
• About List

Educause Security Discussion — Securing networks and computers in an academic environment.

• Archived Posts
• RSS Feed
• About List

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
• Archived Posts
• RSS Feed
• About List
• nanogLatest Posts

bufferbloat-beating customer shaping via LibreQoS Dave Taht (Sep 18)
There's been a huge uptake in interest lately in doing better per
device and per customer shaping, especially for
ISPs, in the libreQoS.io project, which is leveraging the best ideas
bufferbloat project members have had over the
past decade (cake, bpf, xdp) to push an x86 middlebox well past the
10Gbit barrier, on sub-2k boxes, with really
good stats on backlogs, drops, and ecn marks. I've long primarily
tried to get fq_codel and cake...

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
Since at its best, all RPKI can provide is a hint at how to properly lie about an announcement (i.e. what
you must prepend in order for it to be believed), I remain unconvinced that it provides any actual benefit
except, perhaps, to the largest and most well known ASNs as originators.

Owen

Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Niels Bakker (Sep 18)
* nanog () nanog org (Owen DeLong via NANOG) [Sun 18 Sep 2022, 19:53 CEST]:

Would you say that in hindsight you would have advocated differently
when ARIN decided not to allow transfer of IPv6 resources to other
RIRs?

-- Niels.

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Alex Band (Sep 18)
While I’m sure that most would agree that RPKI offers at least some benefits, perhaps the problem is the cost/benefit
of doing RPKI in the ARIN region compared to the rest of the world, e.g. ticketed requests to set it up, no indication
of what the effect of your ROA is going to be before you publish, handling ROA expiry manually, etc.

In other regions using RPKI is orders of magnitude simpler to set up and maintain, and a lot less error...

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
The first part of that statement is the status quo. The latter is not within IANA’s ability to effect. Some RIRs claim
it is already the case. Some legacy holders disagree. A true court test of this with precedent has yet to actually
occur, but generally the RIRs have prevailed in most cases.

I think it won’t happen more likely because to the extent that it can happen (and matter), it already has.

I don’t think that is an accurate...

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 Owen DeLong via NANOG (Sep 18)
Again, I think you mean membership rather than community. Since this is basically a board decision,
the membership would have to elect a board that has a different opinion.

Owen

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 Owen DeLong via NANOG (Sep 18)
Under current policy structure, it’s pretty difficult to qualify for a /48 and not qualify for a /24.

If you’ve got ASNs in use, you almost certainly qualify for a /24 at this point.

Owen

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 Owen DeLong via NANOG (Sep 18)
You again mis-state this sir. It was only opened up to IPv4 and IPv6 resource holders WITH CONTRACT and
paying fees.

Owen

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
You keep saying this, but it is still false.

The community includes legacy holders that don’t have contracts. It also includes end users that don’t have voting
rights (until their next renewal and demand of those voting rights by said end users).

The ARIN board is elected by the members… In other words, you have specifically excluded anyone with an interest
contrary to the stated position from electing the board, so of course the board is...

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Alex Band (Sep 18)
The policy:

https://www.ripe.net/publications/docs/ripe-639

The details:

https://www.ripe.net/manage-ips-and-asns/legacy-resources/ripe-ncc-services-to-legacy-internet-resource-holders

Once you’re set, you can go through a wizard that will give you access to a subset of the RIPE NCC Portal that will
only let you manage Hosted or Delegated RPKI and nothing else....

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
Nah… Because the reputations will still be the individual /24s and while
lots of /24s around mine have bad reputations, mine doesn’t and never has
(modulo a couple of administrative errors that were on me and legitimately
my fault, not actual spammers).

Yes, but I think that RPKI unknowns are never going to be something that
can be safely dropped and 90% of RPKI invalids so far seem to be people
making RPKI mistakes with their legitimate...

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
I think that the likelihood of that happening while IPv4 is still important is very near 0%.

Neither… I am pretty convinced that neither one will be necessary.

Owen

Re: [External] Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
I could be mistaken, but I believe that RIPE NCC provides RPKI services for Legacy without Contract resource holders.

Owen

Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
I have to say that my experience transferring to RIPE-NCC was quite pleasant
and involved quite minimal bureaucratic hassle. I did have to select “Legacy
without contract” on one form and reassert that in reply to one email, but that
was about the extent of it.

YMMV.

Owen

Re: Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023) Owen DeLong via NANOG (Sep 18)
I highly recommend that legacy holders who wish to ensure that their rights are respected transfer their registrations
to RIPE-NCC, whether they have signed the LRSA or not.

Transferring to RIPE-NCC as Legacy without Contract will afford you full respect for your rights in your resources in
perpetuity (or at least as long as RIPE-NCC lasts) without requiring a contract and without having to pay fees.

If you need to establish presence in...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Current Month
• Archived Posts
• RSS Feed
• About List
• interesting-peopleLatest Posts

Disfruta un Año con costos Super Bajos, venite a Movistar Mariela Batallan (Sep 16)


&nbsp;

Mail: info () movistar asesornegocios com ar

&nbsp;

hace click aquí para reenviar este News a tus amigos

&nbsp;

.

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywyiisroi";>click aqu&iacute;</a>

Incoming Shipment Notification DHL Demand (Sep 14)


SCHEDULE DELIVERY UPDATED!

Your package with Air Bill No. ******** has been delivered to our office. We will require a signature upon
delivery.

Please confirm that the shipping address in the attachment is correct.
The current estimated delivery time is 10 Sep 2022.
Label Number: (Read Attached file details),

To manage delivery or track your shipment, please Check Attached File for corresponding information.

SHIPMENT...

Lotes algunos c/Planos Apobados otros con MUCHO CANJE, etc Gustavo (Sep 13)


Caballito, Achaval y *Pedro Goyena*&nbsp;Demolido,&nbsp;*Certificado Urbanístico Aprobado*, para 1308,9m2 vendibles +
10 cocheras, Pileta, Solarium, SUM, hay anteproyecto, precio us720.000,&nbsp;*si es todo cash se podria negociar en
algo menos, sino&nbsp;cash + m2 terminados y/o en la misma obra*&nbsp;se escuchan propuestas

&nbsp;

Colegiales, Cespedes entre Conesa y Zapiola 15m de frente, lote de 185m2,...

Highland Park Country Club, Alquiler y Venta Marisa (Sep 10)


Casa en Alquiler Amoblada por Temporada desde Septiembre a Marzo 2023

Venta o Alquiler

La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA
3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

Haga click aquí para reenviar este email a otra persona

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="...

Disfruta un Año con costos Super Bajos, venite a Movistar Mariela B. (Sep 07)


&nbsp;

Mail: info () movistar asesornegocios com ar

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywyrysroi";>click aqu&iacute;</a>

INVITATION TO ATTEND A TRAINING SEMINAR ON DATA ANALYTICS FOR MANAGERIAL DECISION MAKING FROM 10TH TO 14TH OCTOBER 2022 Skills for Africa Training Institute (Sep 06)
<https://133IK.trk.elasticemail.com/tracking/click?d=4RSOGeS5HI6KFJixQpykUH7SBDSj0A2EdHdcqqEk-KMNMZahuPEwncnSEsiuvZ-0-95qIS353n3csq__b98iIacynlmNERIkiH-1mPGOb0vGKkzvnMjRQCw_9xBGh3pVFQ9gcBKcDtc_TkdMz6JAqys1>
TRAINING SEMINAR ON DATA ANALYTICS FOR
MANAGERIAL DECISION MAKING FROM 10TH TO 14TH OCTOBER 2022

<...

Palermo Hollywood, Diseñados para Vos La Capitana Real Estate (Sep 02)


&nbsp;...

INVITATION TO ATTEND A GIS AND REMOTE SENSING FOR SUSTAINABLE FOREST MONITORING AND MANAGEMENT WORKSHOP ON 3RD TO 14TH OCTOBER 2022 Skills for Africa Training Institute (Aug 31)
<https://133IK.trk.elasticemail.com/tracking/click?d=P08blSuDoRuew65DssSnHuGcINCTLrSEiLqVUl-wacQ-BT0vPQRMDUUyOW2Xr2P4M_fGXdY7gXh8xMjNMlZRI3FswR1NEuXrxnhDAi16ucKXyMkJZ0RgU7W3uwNZ-Td4hasrJtq8_NRM5KzjstJ5z-o1>
GIS AND
REMOTE SENSING FOR SUSTAINABLE FOREST MONITORING AND MANAGEMENT WORKSHOP ON 3RD
TO 14TH OCTOBER 2022

<...

“La Mejor Inversión Inmobiliaria” Solanas (Aug 26)
Invertí en un lugar que nunca te va a dejar de sorprender

&nbsp;

&nbsp;

&nbsp;

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywtpysroi";>click aqu&iacute;</a>

“La Mejor Inversión Inmobiliaria” Solanas (Aug 22)
Invertí en un lugar que nunca te va a dejar de sorprender

&nbsp;

&nbsp;

&nbsp;

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywtoisroi";>click aqu&iacute;</a>

Gulf Exp Project Engineer, Maintenance Engineer, QA/QC Engineer, Design Engineer_CV RESUME (Aug 20)
*APPLYING FOR: PROJECT ENGINEER, MAINTENANCE ENGINEER, QA/QC ENGINEER,
DESIGN ENGINEER*

NAME : SHAIK

*Email : aman.sg () rediffmail com <aman.sg () rediffmail com>,
cresume () yahoo com <cresume () yahoo com> *

Respected Sir,

*Career Statement:*

Extensive Project Engineer, Maintenance Engineer, QA/QC Engineer, Design
Engineer with knowledge of handling projects. Seeking a responsible
position as a engineer with a view...

INVITATION TO ATTEND A SEMINAR ON PROJECT MONITORING, EVALUATION, ACCOUNTABILITY AND LEARNING (PMEAL) ON 5TH TO 16TH SEPTEMBER 2022 Skills for Africa Training Institute (Aug 18)
<https://133IK.trk.elasticemail.com/tracking/click?d=4RSOGeS5HI6KFJixQpykUH7SBDSj0A2EdHdcqqEk-KMkPvEcib-XG5qoTWw7Oc4ngrquig-5NwFZpD0qx_2tBq3OEOIYllXK75ABh_Z6I63cDfYqiOmiLZqXkFzJuVGuWYDxY61jWq8UWmx9zrRZ51w1>
SEMINAR
ON PROJECT MONITORING, EVALUATION, ACCOUNTABILITY AND LEARNING (PMEAL) ON 5TH TO
16TH SEPTEMBER 2022

<...

Parque Centenario, AMENITIES - SUM - SOLARIUM - PISCINA - PARRILLA Marisa (Aug 17)


&nbsp;...

INVITATION TO ATTEND A TRAINING COURSE ON INFORMATION SECURITY AND DATA MANAGEMENT Data-Afrique consultancy (Aug 16)
 

<http://tracking.data-afriqueconsultancy.or.ke/tracking/click?d=oDah7l8kg8fRX4v_Dq9CJ8fKCK7MLa9PexMMw99FlDBkezJxBTHpoNb4sbb-8aNhjiZtjKOo_b2fPG0PDDHlcL5ubJHrn8RRGx8_pndnQkUa17S2QMuN4KQPBkTkEmYBAeKJwGEGcFXHsC2NSTpI7i_RozSVJYQwgCTDmEPwffKimq_Hl9KefHJ7KaXiNIJV4cp_m0TbDM6mwUcWxY1UPhRn8JAt_hit-hlxqHrasa6qxsIjhvQg7JzMxxOxnw5pbenhWOWy4ePLHQfSK5carigY3j5RjZ8x-0bcNICJyPnEMO2920bMSxMjecmnxvYqYA2>
TRAINING COURSE ON INFORMATION SECURITY AND DATA...

Highland Park Country Club, Alquiler y Venta Marisa (Aug 11)


&nbsp;

Venta o Alquiler

La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA
3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

Haga click aquí para reenviar este email a otra persona

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• risksLatest Posts

Risks Digest 33.45 RISKS List Owner (Sep 17)
RISKS-LIST: Risks-Forum Digest Saturday 17 September 2022 Volume 33 : Issue 45

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.45>
The current issue can also be found at
<...

Risks Digest 33.44 RISKS List Owner (Sep 13)
RISKS-LIST: Risks-Forum Digest Tuesday 13 September 2022 Volume 33 : Issue 44

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.44>
The current issue can also be found at
<...

Risks Digest 33.43 RISKS List Owner (Sep 04)
RISKS-LIST: Risks-Forum Digest Sunday 4 September 2022 Volume 33 : Issue 43

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.43>
The current issue can also be found at
<...

Risks Digest 33.42 RISKS List Owner (Aug 27)
RISKS-LIST: Risks-Forum Digest Saturday 27 August 2022 Volume 33 : Issue 42

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.42>
The current issue can also be found at
<...

Risks Digest 33.41 RISKS List Owner (Aug 23)
RISKS-LIST: Risks-Forum Digest Tuesday 23 August 2022 Volume 33 : Issue 41

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.41>
The current issue can also be found at
<...

Risks Digest 33.40 RISKS List Owner (Aug 20)
RISKS-LIST: Risks-Forum Digest Saturday 20 August 2022 Volume 33 : Issue 40

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.40>
The current issue can also be found at
<...

Risks Digest 33.39 RISKS List Owner (Aug 16)
RISKS-LIST: Risks-Forum Digest Tuesday 16 August 2022 Volume 33 : Issue 39

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.39>
The current issue can also be found at
<...

Risks Digest 33.38 RISKS List Owner (Aug 12)
RISKS-LIST: Risks-Forum Digest Friday 12 August 2022 Volume 33 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.38>
The current issue can also be found at
<...

Risks Digest 33.37 RISKS List Owner (Aug 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 August 2022 Volume 33 : Issue 37

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.37>
The current issue can also be found at
<...

Risks Digest 33.36 RISKS List Owner (Aug 03)
RISKS-LIST: Risks-Forum Digest Wednesday 3 August 2022 Volume 33 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.36>
The current issue can also be found at
<...

Risks Digest 33.35 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Monday 1 August 2022 Volume 33 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.35>
The current issue can also be found at
<...

Risks Digest 33.34 RISKS List Owner (Jul 23)
RISKS-LIST: Risks-Forum Digest Saturday 23 July 2022 Volume 33 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.34>
The current issue can also be found at
<...

Risks Digest 33.33 RISKS List Owner (Jul 19)
RISKS-LIST: Risks-Forum Digest Tuesday 19 July 2022 Volume 33 : Issue 33

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.33>
The current issue can also be found at
<...

Risks Digest 33.32 RISKS List Owner (Jul 09)
RISKS-LIST: Risks-Forum Digest Saturday 9 July 2022 Volume 33 : Issue 32

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.32>
The current issue can also be found at
<...

Risks Digest 33.31 RISKS List Owner (Jul 02)
RISKS-LIST: Risks-Forum Digest Saturday 2 July 2022 Volume 33 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.31>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Previous Quarter
• Archived Posts
• RSS Feed
• About List
• datalossLatest Posts

Healthcare organizations face rising ransomware attacks – and are paying up Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/

Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.

The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do...

A digital conflict between Russia and Ukraine rages on behind the scenes of war Matthew Wheeler (Jun 03)
https://wskg.org/npr_story_post/a-digital-conflict-between-russia-and-ukraine-rages-on-behind-the-scenes-of-war/

SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a
senior U.S. intelligence official told British outlet Sky News that the
U.S. is running offensive cyber operations in support of Ukraine.

“My job is to provide a series of options to the secretary of defense and
the president, and so that’s what I do,” said...

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Matthew Wheeler (Jun 03)
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

The Parrot traffic direction system (TDS) that came to light earlier this
year has had a larger impact than previously thought, according to new
research.

Sucuri, which has been tracking the same campaign since February 2019 under
the name "NDSW/NDSX," said that "the malware was one of the top infections"
detected in 2021, accounting for more than...

FBI, CISA: Don't get caught in Karakurt's extortion web Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/

The Feds have warned organizations about a lesser-known extortion gang
Karakurt, which demands ransoms as high as $13 million and, some
cybersecurity folks say, may be linked to the notorious Conti crew.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury
Department outlined technical details about how Karakurt operates, along
with actions to take,...

DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of
three domains used by cybercriminals to trade stolen personal information
and facilitate distributed denial-of-service (DDoS) attacks for hire.

This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the
former of which allowed its users to traffic hacked personal data and
offered a...

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

An advanced persistent threat (APT) actor aligned with Chinese state
interests has been observed weaponizing the new zero-day flaw in Microsoft
Office to achieve code execution on affected systems.

"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using
URLs to deliver ZIP archives which contain Word Documents that use the
technique,"...

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command Matthew Wheeler (Jun 02)
https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/

US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.

In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify...

SideWinder Hackers Launched Over a 1, 000 Cyber Attacks Over the Past 2 Years Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

An "aggressive" advanced persistent threat (APT) group known as SideWinder
has been linked to over 1,000 new attacks since April 2020.

"Some of the main characteristics of this threat actor that make it stand
out among the others, are the sheer number, high frequency and persistence
of their attacks and the large collection of encrypted and obfuscated...

Hackers are Selling US University Credentials Online, FBI Says Matthew Wheeler (May 31)
https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says

The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.

The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope...

Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

Interpol on Monday announced the arrest of three suspected global scammers
in Nigeria for using remote access trojans (RATs) such as Agent Tesla to
facilitate malware-enabled cyber fraud.

"The men are thought to have used the RAT to reroute financial
transactions, stealing confidential online connection details from
corporate organizations, including oil and gas...

U.S. Warns Against North Korean Hackers Posing as IT Freelancers Matthew Wheeler (May 18)
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Highly skilled software and mobile app developers from the Democratic
People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in
hopes of landing freelance employment in an attempt to enable the regime's
malicious cyber intrusions.

That's according to a joint advisory from the U.S. Department of State, the
Department of the...

FBI and NSA say: Stop doing these 10 things that let the hackers in Matthew Wheeler (May 18)
https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/

Cyber attackers regularly exploit unpatched software vulnerabilities, but
they "routinely" target security misconfigurations for initial access, so
the US Cybersecurity and Infrastructure Security Agency (CISA) and its
peers have created a to-do list for defenders in today's heightened threat
environment.

CISA, the FBI and National...

Fifth of Businesses Say Cyber-Attack Nearly Broke Them Matthew Wheeler (May 18)
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

A fifth of US and European businesses have warned that a serious
cyber-attack nearly rendered them insolvent, with most (87%) viewing
compromise as a bigger threat than an economic downturn, according to
Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France,
Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox
Cyber...

Hacker And Ransomware Designer Charged For Use And Sale Of Ransomware, And Profit Sharing Arrangements With Cybercriminals Matthew Wheeler (May 18)
https://www.shorenewsnetwork.com/2022/05/16/hacker-and-ransomware-designer-charged-for-use-and-sale-of-ransomware-and-profit-sharing-arrangements-with-cybercriminals/

A criminal complaint was unsealed today in federal court in Brooklyn, New
York, charging Moises Luis Zagala Gonzalez (Zagala), also known as
“Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and
Venezuela who resides in Venezuela, with attempted...

State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts

Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.

The average ransom paid by organizations that had data encrypted in their...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
• RSS Feed
• About List

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Archived Posts
• RSS Feed
• About List

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• snortLatest Posts

Re: my flow rule doesn't work Patrick Mullen (Sep 16)
The "|17 03 03|" is never in a packet with the "|16 03 03|". It looks like
they are message types, from opposite sides of the connection. Since they
are in different packets, from different devices, they won't match a single
rule since they're never seen together.

Thanks,

~Patrick

my flow rule doesn't work Xing Star via Snort-sigs (Sep 15)
I make a rule to detect this pcap.But it seems not work at all.How can I do?
Rule:
alert tcp any any -> any any
(msg:"TLS";flow:established,to_server;cotent:"|16 03 03|";content:"|14 03
03|";content:"|16 03 03|";content:"|17 03 03|";sid:87654321;rev:2;)
I think it will work properly ,but it can match to 14 03 03 16 03 03, it
can't match 17 03 03 .
And if the rule like this :alert tcp any...

Snort Subscriber Rules Update 2022-09-15 Research (Sep 15)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-09-13 Research (Sep 13)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-34725:
A coding deficiency exists in Microsoft Windows ALPC that may lead to
an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 60553 through 60554,
Snort3: GID 1, SID...

Snort Subscriber Rules Update 2022-09-08 Research (Sep 08)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and file-other rule
sets to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

How to enable event filter for all alert John Kayode-Abusi via Snort-sigs (Sep 07)
Hello all,

Can anyone help me with the correct configuration for event filters most
especially SIG and ID value. I did something like this: gen_id 0, sig_id
0, type limit, track by_src, count 1, seconds 120 but it seems not working.
Kindly help.

John

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Sep 07)
Dorian,

You could try to fix up permissions to get to a point where you can build but it would probably be best in the long run
to uninstall whatever you did and reinstall normally. A typical default install would put stuff in these directories,
readable as a regular (non-root) user:

/usr/local/lib/
/usr/local/include/hs/

If you can get that sorted, the script you have should build Snort with hyperscan.

Russ...

Snort Subscriber Rules Update 2022-09-06 Research (Sep 06)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other,
malware-cnc, malware-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Sep 06)
What is the output of this command:

ls -l /root/snort_src/cmake-3.23.3/include/hs

Run it as non-root user you have been building with and do not use sudo.

________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Tuesday, September 6, 2022 9:57 AM
To: Russ Combs (rucombs) <rucombs () cisco com>; snort-devel () lists snort org <snort-devel () lists snort org>
Subject: RE: snort3 can't build...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Sep 06)
Dorian,

Seems like an issue with your hyperscan installation. You said previously this file exists:

/usr/local/lib/pkgconfig/libhs.pc

Send that file.

Thanks,
Russ
________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Tuesday, September 6, 2022 5:05 AM
To: Russ Combs (rucombs) <rucombs () cisco com>; snort-devel () lists snort org <snort-devel () lists snort org>
Subject: RE: snort3...

How to Specify the Source IP Address Tomohiro Fusauchi via Snort-sigs (Sep 02)
Hi,

I want to create the snort rule specifies the source IP address as 0.0.0.0/8
,
but if I do, it detects the alert on all IP addresses (like any).
How do I set that it detects only IP addresses in the 0.0.0.0/8 range?

Best regards

Snort Subscriber Rules Update 2022-09-01 Research (Sep 01)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-08-30 Research (Aug 30)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-office,
file-other, malware-cnc and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Aug 30)
Thanks. ldconfig looks unhappy but we can try to work around it. Attached is an updated script:

./build_snort.sh football &> football.log

PKG_CONFIG_PATH was also updated so no need to export that.

Russ

________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Tuesday, August 30, 2022 5:54 AM
To: Russ Combs (rucombs) <rucombs () cisco com>; snort-devel () lists snort org <snort-devel ()...

Error - Direct searches of the snort rules in the Snort.org Sabarish Prabhakaran (sabprabh) via Snort-sigs (Aug 29)
Hi Team,

I have a question on “Direct searches of the release snort rules based upon CVE ID in the Snort
https://snort.org/rule_docs “

I don’t see the expected output when I search CVE-2022-22965 in the https://snort.org/rule_docs .

Not sure, Is this bug in the Snort Url ? Please let me know.

For example:
CVE Id - CVE-2022-22965

[cid:image001.png@01D8B966.9C887160]

In FMC-7.2
When I search the CVE id in the FMC-7.2, I got the...