SecLists.Org Security Mailing List Archive

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• nmap-devLatest Posts

quite mode André Coelho (Jun 06)
why not a argument (like gdb's -q) to not show banner?

like nmap -q ..etc

thanks

Re: No results from asn-query.nse Daniel Miller (Jun 06)
Mike,

Thanks for this fix! I committed a slightly smaller diff in r38705 and
credited you. This bug had been in here since 2018, so I added some tests
to dns.lua to catch similar issues in the future.

Dan

Re: No results from asn-query.nse David Fifield (Jun 04)
Thanks, this patch works for me.

hello André Coelho (Jun 04)
Hello, instead of port scanning and operating system discovery, discover
the o.s , and based on that, use port scanner specially to that o.s?

also i got

sudo nmap -sS 192.168.1.254 -Pn --disable-arp-ping

Stats: 0:00:01 elapsed; 0 hosts completed (0 up), 0 undergoing Host
Discovery

So nmap is not skipping host discovery (-Pn)

but if i use -n option, it goes straight to

Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN...

Zenmap Crash Report Paweł Wojtczak (Jun 04)
Version: 7.94
Traceback (most recent call last):
File "C:\Program Files (x86)\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\ScanInterface.py", line 782, in
_save_comment
comment = buff.get_text(
TypeError: Gtk.TextBuffer.get_text() takes exactly 4 arguments (3 given)

Regards
---
Paweł Wojtczak

an unexpected error has crashed zenmap Sakura (Jun 04)
Version: 7.94
Traceback (most recent call last):
  File "C:\Hacktool\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\ScriptInterface.py", line 261, in
script_list_timer_callback
    callback(True, process)
  File "C:\Hacktool\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\ScriptInterface.py", line 270, in
initial_script_list_cb
    if status and...

Nmap 7.94 macOS Ventura 13.4 crash Massimiliano Pini via dev (Jun 04)

Bug in MySQL NSE script ? CRESTIN , Frédéric (Jun 04)
Hi Fyodor/The Nmap Team,

I try to use the NSE script "mysql-empty-password", but there may be a bug.

Zenmap bug Carmen DiMichele (Jun 04)
I got this when trying to save a scan file after adding a comment to the
host details. Running on a Windows 10 machine:

Version: 7.94
Traceback (most recent call last):
File
"C:\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\ScanInterface.py",
line 782, in _save_comment
comment = buff.get_text(
TypeError: Gtk.TextBuffer.get_text() takes exactly 4 arguments (3 given)

[no subject] deng_weiyang--- via dev (Jun 04)
Version: 7.94
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\Program Files (x86)\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\App.py", line 281, in run
window = new_window()
File "C:\Program Files (x86)\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\App.py", line 124, in new_window
from zenmapGUI.MainWindow import ScanWindow
File "C:\Program...

nmap crash report 白雪 (Jun 04)
Version: 7.94

Traceback (most recent call last):

File "C:\Program Files (x86)\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\DiffCompare.py", line 379, in
check_ndiff_process

stderr = self.ndiff_process.stderr.read()

AttributeError: 'NoneType' object has no attribute 'read'

bug report yinghao hu (Jun 04)
屏幕录制2023-06-05 01.36.21.mov
<https://drive.google.com/file/d/1Qg26enIYidEh-SJTEbFKl7OFhHJZKJur/view?usp=drive_web>
I cannot copy characters from other place and paste in the Zenmap 7.94 in
MacOS 13.4 (22F66) and I cannort copy characters from Zenmap and paste to
other place.

No results from asn-query.nse Mike Pattrick (Jun 04)
Restore TXT record decoding in nselib.dns
---
nselib/dns.lua | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nselib/dns.lua b/nselib/dns.lua
index ba00d0aec..c32e741fe 100644
--- a/nselib/dns.lua
+++ b/nselib/dns.lua
@@ -1169,8 +1169,10 @@ function (entry, data, pos)
entry.TXT.text = {}
end

- while np < len do
- txt, np = string.unpack("s1", data, np)
+ while len > 0 do
+ txt_len, np =...

Crash report andreytsikun (Jun 04)
Hello,

For your information, an error occurred on recently installed app.

It doesn’t allow to add comments under host details.

Version: 7.94

Traceback (most recent call last):

File "C:\Program Files (x86)\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\ScanInterface.py", line 782, in
_save_comment

comment = buff.get_text(

TypeError: Gtk.TextBuffer.get_text() takes exactly 4 arguments (3 given)

Thank you,

Andrey

Problem running nmap 7.94 Adam Kurzeja (Jun 04)
Hello,
While installing nmap on Windows 10 Pro I got this error while running
Zenmap:

Version: 7.94
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\Program Files
(x86)\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\App.py", line 281,
in run
window = new_window()
File "C:\Program Files
(x86)\Nmap\zenmap\lib\python3.10\site-packages\zenmapGUI\App.py", line...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.

• Previous Year
• Archived Posts
• RSS Feed
• About List
• nmap-announceLatest Posts

Nmap 7.93 - 25th Anniversary Release! Gordon Fyodor Lyon (Sep 01)
Dear Nmap community,

Twenty five years ago today, I released the first version of Nmap in a
Phrack article named The Art of Port Scanning (https://nmap.org/p51-11.html).
I never thought I'd still be at it a quarter of a century later, but that's
because I also didn't anticipate such a wonderful community of users and
contributors spanning those decades. You've helped Nmap blossom from a
fairly simple port scanner to a...

Npcap Versions 1.70 and 1.71 improve Windows packet capturing performance, stability, security, and compatibility Gordon Fyodor Lyon (Sep 01)
Hello folks. While the Nmap Project has been quiet lately (this is my
first post of the year), I'm happy to share some great progress on both
Nmap and Npcap development. Starting with our Npcap Windows packet
capturing/sending library, I'm happy to report that we quietly released
Version 1.70 in June and then 1.71 on August 19. They include many key
improvements:

* Performance: A major overhaul of Packet.dll sped up routines that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
• Archived Posts
• RSS Feed
• About List
• fulldisclosureLatest Posts

Windows PowerShell / Trojan File RCE revisited hyp3rlinx (Jun 09)
Hi,

Windows PowerShell Filename Code Execution POC

Discovery: 2019 and revisited 2023

Since it still works, I dusted off and made minor improvements:

Execute a remote DLL using rundll32
Execute an unintended secondary PS1 script or local text-file (can be
hidden)
Updated the PS1 Trojan Filename Creator Python3 Script
First reported to Microsoft back in 2019 yet remains unfixed as of the time
of this writing.

Remote code execution via a...

Defense in depth -- the Microsoft way (part 85): escalation of privilege plus remote code execution with HVCISCAN.exe Stefan Kanthak (Jun 07)
Hi @ll,

about a month ago Microsoft published HVCIScan-{amd,arm}64.exe, a
"Tool to check devices for compatibility with memory integrity (HVCI)"

The "Install instructions" on the download page
<https://www.microsoft.com/en-us/download/105217> tell:

| Download the hvciscan.exe for your system architecture (AMD64 or ARM64).
| From an elevated command window or PowerShell, run hvciscan.exe

"ELEVATED" sounds...

LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 Qualys Security Advisory via Fulldisclosure (Jun 07)
Qualys Security Advisory

LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863

========================================================================
Contents
========================================================================

Summary
CVE-2023-33865, a symlink vulnerability in /tmp/RenderDoc
- Analysis
- Exploitation
CVE-2023-33864, an integer underflow to heap-based buffer overflow
- Analysis
- Exploitation...

[CVE-2023-29459] FC Red Bull Salzburg App "at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity" Arbitrary URL Loading Julien Ahrens (RCE Security) (Jun 02)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: FC Red Bull Salzburg App
Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull
Type: Improper Authorization in Handler for Custom URL Scheme [CWE-939]
Date found: 2023-04-06
Date published: 2023-06-01
CVSSv3 Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: CVE-2023-29459...

[RT-SA-2022-004] STARFACE: Authentication with Password Hash Possible RedTeam Pentesting GmbH (Jun 01)
Advisory: STARFACE: Authentication with Password Hash Possible

RedTeam Pentesting discovered that the web interface of STARFACE as well
as its REST API allows authentication using the SHA512 hash of the
password instead of the cleartext password. While storing password
hashes instead of cleartext passwords in an application's database
generally has become best practice to protect users' passwords in case
of a database compromise, this...

CVE-2022-48336 - Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8) Cyber Intel Security (May 30)
1. INFORMATION
--------------
[+] CVE : CVE-2022-48336
[+] Title : Buffer Overflow in Widevine Trustlet
(PRDiagParseAndStoreData @ 0x5cc8)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E),...

CVE-2022-48335 - Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90) Cyber Intel Security (May 30)
1. INFORMATION
--------------
[+] CVE : CVE-2022-48335
[+] Title : Buffer Overflow in Widevine Trustlet
(PRDiagVerifyProvisioning @ 0x5f90)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0...

CVE-2022-48334 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370) Cyber Intel Security (May 30)
1. INFORMATION
--------------
[+] CVE : CVE-2022-48334
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_verify_keys @ 0x7370)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

CVE-2022-48333 - Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c) Cyber Intel Security (May 30)
1. INFORMATION
--------------
[+] CVE : CVE-2022-48333
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_verify_keys @ 0x730c)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

CVE-2022-48332 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18) Cyber Intel Security (May 30)
1. INFORMATION
--------------
[+] CVE : CVE-2022-48332
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_save_keys @ 0x6a18)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------
5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

CVE-2022-48331 - Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0) Cyber Intel Security (May 30)
1. INFORMATION
--------------
[+] CVE : CVE-2022-48331
[+] Title : Buffer Overflow in Widevine Trustlet
(drm_save_keys @ 0x69b0)
[+] Vendor : Google
[+] Device : Nexus 6
[+] Affected component : Widevine
[+] Publication date : March 2023
[+] Credits : CyberIntel Team

2. AFFECTED VERSIONS
--------------------

5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0...

SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Lennert Preuth via Fulldisclosure (May 30)
Title
=====

SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2023-33255

Link
====

https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001.txt

Further SCHUTZWERK advisories:
https://www.schutzwerk.com/blog/tags/advisories/

Affected products/vendor...

[RT-SA-2023-005] Pydio Cells: Server-Side Request Forgery RedTeam Pentesting GmbH (May 30)
For longer running processes, Pydio Cells allows for the creation of
jobs, which are run in the background. The job "remote-download" can be
used to cause the backend to send a HTTP GET request to a specified URL
and save the response to a new file. The response file is then available
in a user-specified folder in Pydio Cells.

Details
=======

Product: Pydio Cells
Affected Versions: 4.1.2 and earlier versions
Fixed Versions: 4.2.0,...

[RT-SA-2023-004] Pydio Cells: Cross-Site Scripting via File Download RedTeam Pentesting GmbH (May 30)
Advisory: Pydio Cells: Cross-Site Scripting via File Download

Pydio Cells implements the download of files using presigned URLs which
are generated using the Amazon AWS SDK for JavaScript [1]. The secrets
used to sign these URLs are hardcoded and exposed through the JavaScript
files of the web application. Therefore, it is possible to generate
valid signatures for arbitrary download URLs. By uploading an HTML file
and modifying the download URL...

[RT-SA-2023-003] Pydio Cells: Unauthorised Role Assignments RedTeam Pentesting GmbH (May 30)
Advisory: Pydio Cells: Unauthorised Role Assignments

Pydio Cells allows users by default to create so-called external users
in order to share files with them. By modifying the HTTP request sent
when creating such an external user, it is possible to assign the new
user arbitrary roles. By assigning all roles to a newly created user, access to
all cells and non-personal workspaces is granted.

Details
=======

Product: Pydio Cells
Affected...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Archived Posts
• RSS Feed
• About List

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
• RSS Feed
• About List

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Archived Posts
• RSS Feed
• About List

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
• RSS Feed
• About List

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
• RSS Feed
• About List

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
• RSS Feed
• About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Archived Posts
• RSS Feed
• About List

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• dailydaveLatest Posts

Re: A graph disassembler Arun Koshy via Dailydave (Jun 12)
I actually forgot to post my own talk here, so if you want to watch
that, it's here:
https://www.youtube.com/watch?v=BarJCn4yChA&t=1669s&ab_channel=OffensiveCon

lol.. QOTD .. " Rust is not... " ;-)

p.s. The " D " is not day, but decade .. many are waiting on Rust to
spread through the nix kernel as they wear down Linus ;-).

lol honesty from both the industry and gov is always about timing.. ;-).

A graph disassembler Dave Aitel via Dailydave (Jun 08)
Lately I've been watching a lot of online security talks - the new thing
for conferences to do is publish them almost immediately, which is amazing.

So like, today I watched Chompie's talk:
https://www.sstic.org/2023/presentation/deep_attack_surfaces_shallow_bugs/
(I was honestly hoping it went from RCE to logic bug and allowed you to log
in, but maybe left as an exercise for the reader).

And yesterday I watched Natalie's talk:...

Re: Yawps from the rooftops Dave Aitel via Dailydave (Jun 05)
So I can't help but notice MOVEit, an "old enterprise file sharing system"
is getting a ton of press
<https://techcrunch.com/2023/06/05/microsoft-clop-moveit-hacks-victims/>,
after ransomware crews found/bought an 0day and then went hog wild. I mean
this is the sort of thing only predictable if you listen to Risky Biz or
the invite-only more hardcore uncensored podcast "Risky Life", where there
are whole episodes...

Re: Fussing about with fuzzers Adrian Sanabria via Dailydave (May 22)
IMO, we're in the toddler phase of LLMs right now. You know how toddlers
put everything in their mouth? Since we're still figuring out what LLMs are
good at, we're going to keep throwing weird stuff at them to see what
happens.

Fussing about with fuzzers Dave Aitel via Dailydave (May 22)
So last week at offensivecon I watched a talk on Fuzzilli (
https://github.com/googleprojectzero/fuzzilli) which, I have to admit I had
no idea what it was. Obviously I knew it was a Googlely Javascript fuzzer,
finding bugs. But I did not realize that it was applying mutations to its
own intermediate language which it then compiled to Javascript. I just
assumed it was, like most fuzzers, mutating the javascript directly (f.e....

Re: Knowledge Graph + AI = ? Isaac Dawson via Dailydave (May 09)
Did you happen across the research that Lauren Orr did with using knowledge
graphs with ML for their Bootleg system? (ref: https://youtu.be/IPTjuxxPaZs)
I got halfway through the course before I got distracted, but her research
seemed rather fruitful.

For your P.S. Note: Another interesting paper I came across had researchers
transform code into an AST and used a Graph Neural Network (GNN) to
identify if a function contained a vulnerability or...

Knowledge Graph + AI = ? Dave Aitel via Dailydave (May 08)
*Logical Operations on Knowledge Graphs:*

So if you've spent enough time looking at graph databases, you will
invariably run into people who are obsessed with "ontologies". The basic
theory being that if you've already organized your data in some sort of
directed graph, maybe you can then apply a logical ruleset to those
relationships and infer knowledge about things you didn't already know,
which could be useful? There...

Performance thoughts Dave Aitel via Dailydave (Apr 28)
So my first thought is that performance measurement tools seem exactly
aimed at a lot of security problems but performance people are extremely
reluctant <https://aus.social/@brendangregg/110276319669838295> to admit
that because of the drama involved in the security market. Which is very
smart of them! :)

Secondly, I wanted to re-link to Halvar's QCon keynote
<...

Yawps from the rooftops Dave Aitel via Dailydave (Mar 31)
[image: image.png]https://twitter.com/thezdi/status/1638617627626176513

[image: image.png]
Yawps

So one thing I have as a "lessons learned" from the past 20 years is that
security is not a proactive sport. In fact, we are all experts at running
to where the ball _was_as opposed to where it is _going_.

Like, if you listen to Risky Biz this week, Patrick asks Metlstorm whether
it's time to go out and replace all the old enterprise...

LSU is hiring CS Professors with RE and binary exploitation experience Andrew Case via Dailydave (Mar 31)
The Computer Science department at Louisiana State University (LSU) is
currently hiring for many faculty positions related to applied cyber
security. Courses taught inside this department include reverse
engineering, malware analysis, binary exploitation, memory forensics
and other intensive courses related to incident response and offensive
security.

Ideal candidates will have significant experience with deeply
technical areas of cybersecurity....

t2'23: Call For Papers 2023 (Helsinki, Finland) Tomi Tuominen via Dailydave (Mar 06)
Call For Papers 2023

Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.

CFP and registration both open. Read further if still unsure.

Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
• RSS Feed
• About List

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
• RSS Feed
• About List

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Archived Posts
• RSS Feed
• About List

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
• RSS Feed
• About List

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Current Year
• Archived Posts
• RSS Feed
• About List
• certLatest Posts

Apple Releases Security Updates for Multiple Products CISA (Mar 28)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated and is now available.

Apple Releases Security Updates for Multiple Products [
https://www.cisa.gov/news-events/alerts/2023/03/28/apple-releases-security-updates-multiple-products ] 03/28/2023 01:00
PM EDT

Apple...

CISA Releases Six Industrial Control Systems Advisories CISA (Mar 23)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA Releases Six Industrial Control Systems Advisories [
https://www.cisa.gov/news-events/alerts/2023/03/23/cisa-releases-six-industrial-control-systems-advisories ] 03/23/2023
08:00 AM EDT...

CISA Releases Eight Industrial Control Systems Advisories CISA (Mar 21)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA Releases Eight Industrial Control Systems Advisories [
https://www.cisa.gov/news-events/alerts/2023/03/21/cisa-releases-eight-industrial-control-systems-advisories ]
03/21/2023 08:00 AM...

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management CISA (Mar 21)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management [...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• oss-secLatest Posts

Re: Linux kernel: off-by-one in fl_set_geneve_opt Salvatore Bonaccorso (Jun 16)
Hi,

CVE-2023-35788 has been assigned for this issue:
https://www.cve.org/CVERecord?id=CVE-2023-35788

Regards,
Salvatore

Re: distros list archive Solar Designer (Jun 15)
Hi,

I've just made a further update of these, until May 31, 2023.

Alexander

Fwd: [ANNOUNCE] X.Org Security Advisory: Sub-object overflows in libX11 Alan Coopersmith (Jun 15)
-------- Forwarded Message --------
Subject: [ANNOUNCE] X.Org Security Advisory: Sub-object overflows in libX11
Date: Thu, 15 Jun 2023 09:34:36 -0700
From: Alan Coopersmith <alan.coopersmith () oracle com>
To: xorg-announce () lists x org
CC: xorg () lists x org, xorg-devel () lists x org

X.Org Security Advisory: June 15, 2023

Buffer overflows in InitExt.c in libX11 prior to 1.8.6 [CVE-2023-3138]...

CVE-2023-1672: race condition in Tang exposes private keys to other processes Brian McDermott (Jun 15)
Hello all,

Tang (https://github.com/latchset/tang) is an open source project that
is used to bind data to network presence. It is commonly used along with
Clevis clients to provide for unattended LUKS decryption of server
storage volumes within the realms of a network, where a trusted Tang
server is situated.

CENSUS identified that the Tang software in versions 11, 12 and 13 (and
possibly previous versions) is vulnerable to a form of race...

RCE in acme.sh < 3.0.6 Jan Schaumann (Jun 14)
Hi,

I don't think this has been raised here:

The acme.sh ACME client[1] prior to version 3.0.6[2] has
an RCE vulnerability allowing a hostile server to
execute arbitrary commands on the client[3].

I was unable to determine whether a CVE has been
requested for this issue; both the original discussion
and a second GitHub issue[4] have been inconclusively
closed for comments (I've reached out to the author).

The issue is also being...

CVE-2023-34095: cpdb-libs: Buffer overflows via scanf Till Kamppeter (Jun 14)
Following bug got reported to OpenPrinting's GitHub, repo cpdb-libs, as
a private (security) issue report, which is now published:

https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x

Summary

There's multiple instances of buffer overflows in this package via
improper use of scanf(3).

Details

cpdb-libs/tools/cpdb-text-frontend.c

Line 362 in 85555fb

else if (strcmp(buf, "print-file") ==...

Re: Stack overflow in imagemagick coders/tiff.c Bob Friesenhahn (Jun 14)
It seems suspicious that (after looking at the code) this is obviously
a heap overflow (of the 'tile_pixels' allocation) rather than a stack
overflow. Whenever something is mischaracterized, it becomes suspect.

The overflow checking while computing 'extent' still seems suspect and
is worthy of more inspection, especially on 32-bit systems.

The development ImageMagick 7.1 is included in oss-fuzz testing (but
has not...

Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 14)
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.

The following releases contain fixes for security vulnerabilities:

* Jenkins 2.400
* Jenkins LTS 2.401.1
* Checkmarx Plugin 2023.2.6
* Dimensions Plugin 0.9.3.1
* Team Concert Plugin 2.4.2

Additionally, we announce unresolved security issues in the following
plugins:

* AWS CodeCommit Trigger Plugin
*...

Fwd: Node.js security updates for all active release lines, June 2023 Rafael Silva (Jun 14)
---------- Forwarded message ---------
From: Rafael Silva <rafael.silva () nearform com>
Date: Tuesday, June 13, 2023 at 1:06:55 PM UTC-3
Subject: Node.js security updates for all active release lines, June 2023
To: nodejs-sec <nodejs-sec () googlegroups com>

The Node.js project will release new versions of all supported release
lines on or shortly after Tuesday, February 20th 2023. For more information
see:...

S2-064: CVE-2023-34396: Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms Yasser Zamani (Jun 14)
Affected versions:

- Apache Struts through 2.5.30
- Apache Struts through 6.1.2

Description:

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This
issue affects Apache Struts: through 2.5.30, through 6.1.2.

Credit:

Matthew McClain (finder)

References:

https://cwiki.apache.org/confluence/display/WW/S2-064
https://struts.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-34396

S2-063: CVE-2023-34149: Apache Struts: DoS via OOM owing to not properly checking of list bounds Yasser Zamani (Jun 14)
Affected versions:

- Apache Struts through 2.5.30
- Apache Struts through 6.1.2

Description:

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This
issue affects Apache Struts: through 2.5.30, through 6.1.2.

Credit:

Matthew McClain (finder)

References:

https://cwiki.apache.org/confluence/display/WW/S2-063
https://struts.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-34149

Re: Stack overflow in imagemagick coders/tiff.c Salvatore Bonaccorso (Jun 13)
Hi

CVE-2023-3195 has been assigned for this issue according to
https://bugzilla.redhat.com/show_bug.cgi?id=2214141 (not yet on
cve.org feed itself).

Regards,
Salvatore

Re: Solar Designer talk about 15 years of oss-security at SSTIC conference Georgi Guninski (Jun 13)
Na zdorovie tovarish Solar :)
I am missing the old full disclosure mailing list,
there is little discussion on oss-security.

CVE-2023-34468: Apache NiFi: Potential Code Injection with Database Services using H2 David Handermann (Jun 12)
Severity: important

Affected versions:

- Apache NiFi 0.0.2 through 1.21.0

Description:

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an
authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.

The resolution validates the Database URL and rejects H2 JDBC locations.

This issue is being tracked as NIFI-11653

Credit:...

CVE-2023-34212: Apache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components David Handermann (Jun 12)
Severity: important

Affected versions:

- Apache NiFi 1.8.0 through 1.21.0

Description:

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache
NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that
enable deserialization of untrusted data from a remote location.

The resolution validates the JNDI URL and restricts...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
• RSS Feed
• About List

Educause Security Discussion — Securing networks and computers in an academic environment.

• Archived Posts
• RSS Feed
• About List

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
• Archived Posts
• RSS Feed
• About List
• nanogLatest Posts

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Owen DeLong via NANOG (Jun 16)
Maybe, but ta the rate their prices have been going up and their reviews have been going down, it’s not at all
promising. I’m in a wait and see mode with Starling. Every time I get just about frustrated enough with Comcast to
shell out, I discover that Starling’s pricing has again moved above my threshold of frustration.

Owen

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Owen DeLong via NANOG (Jun 16)
Competition… You’re hilarious…

Here’s my current choices:

Local WISP: Excellent service, great guy, tops out at 60MBPS.

AT&T: Awful service, but no worse than Comcast. Tops out at 768Kbps down (Yes, Kbps) and 384Kbps up. Ugh.

5G (various providers): Lousy service, no inbound connections allowed (they stateful firewall everything), many no
longer give a public IPv4.
Not an option for my needs since GRE is an essential...

Re: Shaw peering contact Christopher Munz-Michielin (Jun 16)
I don't have any one to offer, but if you do manage to get in touch with
someone and you can, please pass it on.

A year or so back I was trying to get in touch with the Shaw NOC
regarding some routing weirdness with our Anycast DNS network and never
got anywhere.

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Michael Thomas (Jun 16)
Modulo P2P nodes, what drives high usage? I guess game downloads are
getting gigantic these days, but that's not an every day event. Back in
the bad old days it wasn't inconceivable to go over the lower caps but
once it's big enough to support video what is left? I mean, how much 4k
pr0n can randy teenagers watch in one month?

Mike

Re: 10G CPE w/VXLAN - vendors? Tom Mitchell (Jun 16)
Lanner NCA-1516

-- Tom

On Fri, Jun 16, 2023 at 9:15 AM Michel Blais <Michel () targointernet com>
wrote:

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Keith Stokes (Jun 16)
Cox also has a 1.2 TB cap.

If I can believe my graphs, the metered Cox connection (video streaming primarily for wife) is about 90 GB the month of
April and the unmetered ATT fiber WFH for me is about 370 GB. Total LAN is about 450 GB. Napkin math but it's pretty
close.

________________________________
From: NANOG <nanog-bounces+keiths=salonbiz.com () nanog org> on behalf of Steve Meuse <smeuse () mara org>
Sent: Friday, June...

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Steve Meuse (Jun 16)
I always looked at Comcast's caps as pre-emptive fodder for future FCC
bargaining. The next time they want to do something with the FCC's approval
and the commission wanted a concession, they would offer it up for the
block.

-Steve

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Michael Thomas (Jun 16)
I get the impression that they are still in a beta/early adopter
situation so unaffordability might be feature not a bug to them to keep
the system from a success disaster. At least for now. I get the
impression that some/a lot of this is to bring the internet to the rest
of the world as one of their goals.

I do wonder how they are numbering them though. Are the they using the
same scheme that the mobile providers are using with ipv6? hmm....

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Mark Tinka (Jun 16)
Partly why I don't pay any attention to Starlink. It's a niche product
for folk who either have the ability to live off-grid, or be in a
position to have someone else wealthier cover the cost for them. That
won't be the majority.

In Africa, most people will connect to the Internet via mobile. Even
with mobile coverage being relatively poor in the deepest part of the
village, penetration via mobile is far more likely than...

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Josh Luthman (Jun 16)
Not everyone can afford $1000 to start up Starlink and then pay $130+ per
month. That may be an option for some, but certainly not the majority.

If 100% of a town was covered by a single company with data caps, those
that are crying from hitting 1.2 TB/month will not be enough for a
competitor to come in and build on top. A TB/mo now is extremely high - In
May 2023 we had 4 customers that exceeded that (all 4 of these customers
mentioned are...

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Michael Thomas (Jun 16)
I've toyed with getting it which I think I can do here in rural
California especially given that my ISP installed fiber and inexplicably
didn't change the rate plans from DSL (given that it's an older
population here, I doubt that any new over subscription would be much
problem). But the fact of the matter is that we don't seem to ever be in
the situation that our 25Mbs service is an actual problem.

Mike

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Mark Tinka (Jun 16)
Maybe. I really haven't paid any attention to Starlink, although there
are credible reports of folk testing it here in South Africa's urban
centres.

I have not heard of any mention of Starlink having caps as part of their
service. Having said that, for services like this, things change as the
number of customers using them rises.

Mark.

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Michael Thomas (Jun 16)
Won't Starlink and other LEO configurations be that backstop sooner
rather than later? I don't know if they have caps as well, but even if
they do they could compete with their caps.

Mike

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps Mark Tinka (Jun 16)
I should have been clearer... the lack of competition in many markets is
not unique to North America. I'd say all of the world suffers that,
since there is only so much money and resources to go around.

What I was trying to say is that should a town or village have the
opportunity to receive competition, where existing services are capped,
uncapping that via an alternative provider would be low hanging fruit to
gain local marketshare....

RE: Test Dual Queue L4S (if you are on Comcast) Livingood, Jason via NANOG (Jun 16)
In the meantime please just select some unrelated industry on the form. We don’t care – it seems to be boilerplate.

From: "Livingood, Jason" <Jason_Livingood () cable comcast com>
Date: Friday, June 16, 2023 at 15:46
To: "Eric C. Miller" <eric () ericheather com>, nanog <nanog () nanog org>
Subject: Re: [EXTERNAL] RE: Test Dual Queue L4S (if you are on Comcast)

We’re working to fix that. Sorry!

From:...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Archived Posts
• RSS Feed
• About List

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• risksLatest Posts

Risks Digest 33.72 RISKS List Owner (Jun 04)
RISKS-LIST: Risks-Forum Digest Sunday 4 June 2023 Volume 33 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.72>
The current issue can also be found at
<...

Risks Digest 33.71 RISKS List Owner (May 16)
RISKS-LIST: Risks-Forum Digest Tuesday 16 May 2023 Volume 33 : Issue 71

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.71>
The current issue can also be found at
<...

Risks Digest 33.70 RISKS List Owner (May 13)
RISKS-LIST: Risks-Forum Digest Saturday 13 May 2023 Volume 33 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.70>
The current issue can also be found at
<...

Risks Digest 33.69 RISKS List Owner (Apr 28)
RISKS-LIST: Risks-Forum Digest Friday 28 April 2023 Volume 33 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.69>
The current issue can also be found at
<...

Risks Digest 33.67 RISKS List Owner (Apr 06)
RISKS-LIST: Risks-Forum Digest Saturday 1* April 2023 Volume 33 : Issue 67

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.67>
The current issue can also be found at
<...

Risks Digest 33.66 RISKS List Owner (Mar 16)
RISKS-LIST: Risks-Forum Digest Thursday 16 March 2023 Volume 33 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.66>
The current issue can also be found at
<...

Risks Digest 33.65 RISKS List Owner (Mar 11)
RISKS-LIST: Risks-Forum Digest Saturday 11 March 2023 Volume 33 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.65>
The current issue can also be found at
<...

Risks Digest 33.64 RISKS List Owner (Mar 07)
RISKS-LIST: Risks-Forum Digest Tuesday 14 March 2023 Volume 33 : Issue 64

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.64>
The current issue can also be found at
<...

Risks Digest 33.63 RISKS List Owner (Feb 25)
RISKS-LIST: Risks-Forum Digest Saturday 25 February 2023 Volume 33 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.63>
The current issue can also be found at
<...

Risks Digest 33.62 RISKS List Owner (Feb 19)
RISKS-LIST: Risks-Forum Digest Sunday 19 February 2023 Volume 33 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.62>
The current issue can also be found at
<...

Risks Digest 33.60 RISKS List Owner (Jan 16)
RISKS-LIST: Risks-Forum Digest Monday 15 January 2023 Volume 33 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.60>
The current issue can also be found at
<...

Risks Digest 33.59 RISKS List Owner (Jan 02)
RISKS-LIST: Risks-Forum Digest Monday 2 January 2023 Volume 33 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.59>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Archived Posts
• RSS Feed
• About List
• datalossLatest Posts

Healthcare organizations face rising ransomware attacks – and are paying up Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/

Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.

The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do...

A digital conflict between Russia and Ukraine rages on behind the scenes of war Matthew Wheeler (Jun 03)
https://wskg.org/npr_story_post/a-digital-conflict-between-russia-and-ukraine-rages-on-behind-the-scenes-of-war/

SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a
senior U.S. intelligence official told British outlet Sky News that the
U.S. is running offensive cyber operations in support of Ukraine.

“My job is to provide a series of options to the secretary of defense and
the president, and so that’s what I do,” said...

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Matthew Wheeler (Jun 03)
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

The Parrot traffic direction system (TDS) that came to light earlier this
year has had a larger impact than previously thought, according to new
research.

Sucuri, which has been tracking the same campaign since February 2019 under
the name "NDSW/NDSX," said that "the malware was one of the top infections"
detected in 2021, accounting for more than...

FBI, CISA: Don't get caught in Karakurt's extortion web Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/

The Feds have warned organizations about a lesser-known extortion gang
Karakurt, which demands ransoms as high as $13 million and, some
cybersecurity folks say, may be linked to the notorious Conti crew.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury
Department outlined technical details about how Karakurt operates, along
with actions to take,...

DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of
three domains used by cybercriminals to trade stolen personal information
and facilitate distributed denial-of-service (DDoS) attacks for hire.

This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the
former of which allowed its users to traffic hacked personal data and
offered a...

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

An advanced persistent threat (APT) actor aligned with Chinese state
interests has been observed weaponizing the new zero-day flaw in Microsoft
Office to achieve code execution on affected systems.

"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using
URLs to deliver ZIP archives which contain Word Documents that use the
technique,"...

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command Matthew Wheeler (Jun 02)
https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/

US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.

In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify...

SideWinder Hackers Launched Over a 1, 000 Cyber Attacks Over the Past 2 Years Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

An "aggressive" advanced persistent threat (APT) group known as SideWinder
has been linked to over 1,000 new attacks since April 2020.

"Some of the main characteristics of this threat actor that make it stand
out among the others, are the sheer number, high frequency and persistence
of their attacks and the large collection of encrypted and obfuscated...

Hackers are Selling US University Credentials Online, FBI Says Matthew Wheeler (May 31)
https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says

The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.

The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope...

Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

Interpol on Monday announced the arrest of three suspected global scammers
in Nigeria for using remote access trojans (RATs) such as Agent Tesla to
facilitate malware-enabled cyber fraud.

"The men are thought to have used the RAT to reroute financial
transactions, stealing confidential online connection details from
corporate organizations, including oil and gas...

U.S. Warns Against North Korean Hackers Posing as IT Freelancers Matthew Wheeler (May 18)
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Highly skilled software and mobile app developers from the Democratic
People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in
hopes of landing freelance employment in an attempt to enable the regime's
malicious cyber intrusions.

That's according to a joint advisory from the U.S. Department of State, the
Department of the...

FBI and NSA say: Stop doing these 10 things that let the hackers in Matthew Wheeler (May 18)
https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/

Cyber attackers regularly exploit unpatched software vulnerabilities, but
they "routinely" target security misconfigurations for initial access, so
the US Cybersecurity and Infrastructure Security Agency (CISA) and its
peers have created a to-do list for defenders in today's heightened threat
environment.

CISA, the FBI and National...

Fifth of Businesses Say Cyber-Attack Nearly Broke Them Matthew Wheeler (May 18)
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

A fifth of US and European businesses have warned that a serious
cyber-attack nearly rendered them insolvent, with most (87%) viewing
compromise as a bigger threat than an economic downturn, according to
Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France,
Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox
Cyber...

Hacker And Ransomware Designer Charged For Use And Sale Of Ransomware, And Profit Sharing Arrangements With Cybercriminals Matthew Wheeler (May 18)
https://www.shorenewsnetwork.com/2022/05/16/hacker-and-ransomware-designer-charged-for-use-and-sale-of-ransomware-and-profit-sharing-arrangements-with-cybercriminals/

A criminal complaint was unsealed today in federal court in Brooklyn, New
York, charging Moises Luis Zagala Gonzalez (Zagala), also known as
“Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and
Venezuela who resides in Venezuela, with attempted...

State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts

Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.

The average ransom paid by organizations that had data encrypted in their...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
• RSS Feed
• About List

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Archived Posts
• RSS Feed
• About List

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• snortLatest Posts

Snort Subscriber Rules Update 2023-06-15 Research (Jun 15)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2023-06-13 Research (Jun 13)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2023-28310:
A coding deficiency exists in Microsoft Exchange Server that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort2: GID 1, SIDs 61933 through 61935,
Snort3: GID 1, SIDs...

Re: Snort 3 rules - Antivirus Rostanin Gleb SBR DIRCS via Snort-sigs (Jun 13)
No, Virus total does not flag anything when pasting the Rules URL. When uploading the file though, 4 vendors flag the
file as malicious as shown in the attached screenshot.

Von: Dzmitry Khmialkou <dmitri.hmelkov () gmail com>
Gesendet: Montag, 12. Juni 2023 18:18
An: Rostanin Gleb SBR DIRCS <Gleb.Rostanin () zf com>
Cc: snort-sigs () lists snort org
Betreff: Re: [Snort-sigs] Snort 3 rules - Antivirus

Is Virustotal reports the same?...

Re: Snort 3 rules - Antivirus Jayesh Patel via Snort-sigs (Jun 13)
I believe this is normal, since AV detections based on signatures can trigger alert when they see pattern in Snort
Rules. I had this alert earlier, it would help to create a folder and exclude that from defender scans. Also, verify
the checksum of the file downloaded from Snort, just to be on safe side.

Thanks,
Jayesh

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Snort-sigs <snort-sigs-bounces...

Re: Snort 3 rules - Antivirus Dzmitry Khmialkou via Snort-sigs (Jun 12)
Is Virustotal reports the same?

пн, 12 июн. 2023 г. в 16:35, Rostanin Gleb SBR DIRCS via Snort-sigs <
snort-sigs () lists snort org>:

Re: Snort 3 rules - Antivirus Joel Esler via Snort-sigs (Jun 12)
I would probably file a false positive report with Microsoft for Defender. Snort rules should not trigger an AV
signature.

—
Sent from my iPhone

Snort 3 rules - Antivirus Rostanin Gleb SBR DIRCS via Snort-sigs (Jun 12)
Dear Snort community,

I recently registered to be able to download the Snort 3 rules. Unfortunately, when downloading, Windows defender
started complaining that a Virus was detected. Is this normal behavior or am I currently being attacked 😃?

Kind regards

Gerry

Snort Subscriber Rules Update 2023-06-08 Research (Jun 08)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-identify,
indicator-compromise, malware-tools and server-other rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Machine learning using Snort Ghislain Hounmenou via Snort-devel (Jun 08)
Hello everyone, I hope you're doing well. Currently, I'm working on
developing a machine learning plugin for Snort. My idea is to enhance
Snort's capabilities by adding behavior-based (anomaly) detection in
addition to signature-based detection. For this purpose, I trained a
machine learning model using PCA for dimensionality reduction and SVM as
the classifier, using the CICIDS2017 dataset. Now, I would like to know how
I can...

Snort Subscriber Rules Update 2023-06-06 Research (Jun 06)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
file-image, indicator-compromise and malware-tools rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2023-06-02 Research (Jun 02)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos is releasing Snort2 SIDs 61876-61879, Snort3 SIDs 300582-300583
to protect against webshell activities targeting the MoveIT Transfer
vulnerability currently being exploited in the wild.

Talos has added and modified multiple rules in the malware-backdoor
rule sets to provide coverage for emerging threats from these...

Re: NEED HELP FOR WORK Ghislain Hounmenou via Snort-devel (Jun 02)
Thanks for the feedback!
Thank you very much for your feedback. It is exactly for my master's thesis
that I am doing the work and I have to finish in the next two weeks. I want
you to send me your brief first, and I will read. How are we going to do
the work? Can I already share with you the code of my model that you will
see? And also to see with me how I will do the integration. Thank you.

Le jeu. 1 juin 2023 à 14:33, Hazen...

Re: NEED HELP FOR WORK Hazen Valliant-Saunders via Snort-devel (Jun 01)
Good Morning Ghislain;

I wrote my Masters on this subject; and consult in this field.

AI / ML is very broad ( since you have a model we'd need to figure out how
to code up the classifier and then run Dev and integration testing on it)
we would have to use the Plugin API / develop a plugin for Snort.

We'd have to work on integrating it as a Plugin for Snort (which is where
we'd need to develop said model / plugin )

I will be...

NEED HELP FOR WORK Ghislain Hounmenou via Snort-devel (Jun 01)
Hello everyone, I hope you're doing well. Currently, I'm working on
developing a machine learning plugin for Snort. My idea is to enhance
Snort's capabilities by adding behavior-based (anomaly) detection in
addition to signature-based detection. For this purpose, I trained a
machine learning model using PCA for dimensionality reduction and SVM as
the classifier, using the CICIDS2017 dataset. Now, I would like to know how
I can...

Snort Subscriber Rules Update 2023-06-01 Research (Jun 01)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-identify,
file-pdf, indicator-obfuscation, indicator-shellcode and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories