SecLists.Org Security Mailing List Archive
Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all using the Site Search box above.
Insecure.Org Lists
Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.
Current Quarter
Archived Posts
RSS Feed
About ListZenmap wrong ptr Scott Mayoral (Feb 04)
Hello,
While using zenmap (Mac OS) and ran a number of scans on the ip 165.232.151.85 (my client's server which I manage) and
the ptr returned is cr1osbydoe.com <http://cr1osbydoe.com/> When I run a dig -x on the terminal, the correct ptr
appears (hncda.livinginarchitecture.org <http://livinginarchitecture.org/>), same correct results from nmap proper on
my PC, as well as on the PC command line. crosbydoe . com is a url on...
Re: NMAP Scan help Jon Gorenflo (Feb 04)
Seeing JavaScript comments during an NMAP scan can indeed be a concern for clients with proprietary information. The
best way to protect this information is to not include it in the source code of the website. If it is absolutely
necessary to include it, it can be obfuscated to make it more difficult for an attacker to understand, but it cannot be
completely protected from being seen during a scan.
Jon
From: dev <dev-bounces () nmap...
Re: NMAP Scan help Robin Wood (Feb 04)
Yes, the JavaScript is sent to the browser as part of the "web page
package".
This is a page on my site:
https://digi.ninja/projects/authlab.php
As part of it, it uses this bit of HTML:
<script src="/javascript/authlab.js
<https://digi.ninja/javascript/authlab.js>"></script>
To load this JavaScript file:
https://digi.ninja/javascript/authlab.js
The JS file is public and accessible to anyone who browses...
Re: NMAP Scan help Robin Wood (Feb 04)
JavaScript is sent to the client as part of the way the web works and so
can't be blocked or hidden. If you stop sending it then whatever bits of
the site rely on it will stop working.
Nothing should be considered secret in client side JavaScript.
Robin
PR: NSE Script: Oracle NNE Crypto Parameter Enumeration Moritz Bechler via dev (Feb 04)
Hello,
a while back I did some reversing and security analysis on Oracle database's
proprietary transport security protocol (NNE/SNS).
Based on that research I have put together a NSE script that determines the
NNE server parameters/configuration and identify weak/vulnerable instances.
Happy to contribute that to nmap, I have opened a PR: https://github.com/nmap/nmap/pull/2603
Looking forward to your comments in the PR (not subscribed...
Proposal for a new feature to Ncat codergaz (Feb 04)
Hello,
First of all, I wanted to thank you for your work in developing great software. I use Ncat on a daily basis and it is a
must have tool for services management. And I would like to contribute to the project.
A very useful feature would be for Ncat messages to have a timestamp, to know when connections have been established.
Especially in listen mode, but also in connect mode.
For example, recently I solved a problem based on the time...
Re: NMAP Scan help thanatos thanatos via dev (Feb 03)
Thank you so much for all of your help
Sent from Yahoo Mail on Android
On Fri, Feb 3, 2023 at 12:44 PM, Robin Wood<robin@digi.ninja> wrote: Yes, the JavaScript is sent to the browser as
part of the "web page package".
This is a page on my site:
https://digi.ninja/projects/authlab.php
As part of it, it uses this bit of HTML:
<script src="/javascript/authlab.js"></script>
To load this JavaScript...
Re: NMAP Scan help thanatos thanatos via dev (Feb 03)
I am talking about running a scan from the outside on port 443. It shows my clients information
Sent from Yahoo Mail on Android
On Thu, Feb 2, 2023 at 10:08 AM, Robin Wood<robin@digi.ninja> wrote: JavaScript is sent to the client as part of
the way the web works and so can't be blocked or hidden. If you stop sending it then whatever bits of the site rely on
it will stop working.
Nothing should be considered secret in client...
NMAP Scan help thanatos thanatos via dev (Feb 02)
I have a question.When I run MAP It displays the javascript comments for the site being scanned. This is a concern for
the client as this code has proprietary information. The client is asking if something can be done on their side to
prevent this information from being displayed as a part of the NMAP scan?
Thank UThanatos _______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev...
Possible minor erros in nmap-os-db João Medeiros (Dec 23)
Hi.
I was parsing nmap-os-db for research purposes and found 3 empty
entries of the OPS field. I'm using the current version in the SVN
repository and sharing here so they could be corrected (if this is the
case).
Line 6657: should OPS() be OPS(R=N)?
Line 14382: should OPS() be OPS(R=N)?
Line 101945: should OPS() be OPS(R=N)?
Best regards.
Updated version of RadialNet João Medeiros (Dec 22)
Good morning, dear friends.
I would like to share that I've updated the RadialNet tool [1] to work
with Python 3 and GTK 3. Maybe some of you could check it and report
any bug I did not notice.
To test you may execute a Scan using Nmap as a backend tool (initially
assumed to be on /usr/bin/nmap, but can be changed in config.cfg). You
may also test it loading any Nmap XML output file (a sample is
included in share/sample/nmap_example.xml)....
Re: Live Capture Performance to Rival Wireshark Daniel Miller (Dec 18)
Matt,
Thanks for your interest in Npcap! These are very good questions, and we
hope to be able to improve Npcap's documentation to answer them soon. In
the meantime, here are some answers that may help you:
A recent survey of our log files from the field indicates that we are
Wireshark's "TCP Previous segment not captured" message does not
necessarily mean that Npcap or your application was unable to capture a
packet that...
ncat http proxy listen bug Phel (Nov 28)
Dear nmap developer community,
it seems ncat doesn't honor the bind address when listening as http
proxy, as can be seen when running ncat in (very) verbose mode:
$ ncat -v -v -v --proxy-type http -l 127.0.0.1 8081
Ncat: Version 7.93 ( https://nmap.org/ncat )
NCAT DEBUG: Initialized fdlist with 2 maxfds
Ncat: Listening on :::8081
NCAT DEBUG: Added fd 3 to list, nfds 1, maxfd 3
Ncat: Listening on 0.0.0.0:8081
NCAT...
Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.
Nmap 7.93 - 25th Anniversary Release! Gordon Fyodor Lyon (Sep 01)
Dear Nmap community,
Twenty five years ago today, I released the first version of Nmap in a
Phrack article named The Art of Port Scanning (https://nmap.org/p51-11.html).
I never thought I'd still be at it a quarter of a century later, but that's
because I also didn't anticipate such a wonderful community of users and
contributors spanning those decades. You've helped Nmap blossom from a
fairly simple port scanner to a...
Npcap Versions 1.70 and 1.71 improve Windows packet capturing performance, stability, security, and compatibility Gordon Fyodor Lyon (Sep 01)
Hello folks. While the Nmap Project has been quiet lately (this is my
first post of the year), I'm happy to share some great progress on both
Nmap and Npcap development. Starting with our Npcap Windows packet
capturing/sending library, I'm happy to report that we quietly released
Version 1.70 in June and then 1.71 on August 19. They include many key
improvements:
* Performance: A major overhaul of Packet.dll sped up routines that...
Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
[CVE-2023-25355/25356] No fix available - vulnerabilities in CoreDial sipXcom sipXopenfire Systems Research Group via Fulldisclosure (Mar 06)
SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway SEC Consult Vulnerability Lab, Research via Fulldisclosure (Mar 06)
SEC Consult Vulnerability Lab Security Advisory < 20230306-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Arris DG3450 Cable Gateway
vulnerable version: AR01.02.056.18_041520_711.NCS.10
fixed version: -
CVE number: CVE-2023-27571, CVE-2023-27572
impact: medium
homepage: https://www.commscope.com...
OpenBSD overflow Erg Noor (Mar 06)
Hi,
Fun OpenBSD bug.
ip_dooptions() will allow IPOPT_SSRR with optlen = 2.
save_rte() will set isr_nhops to very large value, which will cause
overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/
-erg
SEC Consult SA-20230228-0 :: OS Command Injectionin Barracuda CloudGen WAN SEC Consult Vulnerability Lab, Research via Fulldisclosure (Mar 02)
SEC Consult Vulnerability Lab Security Advisory < 20230228-0 >
=======================================================================
title: OS Command Injection
product: Barracuda CloudGen WAN
vulnerable version: < v8.* hotfix 1089
fixed version: v8.* with hotfix webui-sdwan-1089-8.3.1-174141891 or above
version 9.0.0 or above
CVE number: CVE-2023-26213...
SRP on Windows 11 Andy Ful (Mar 02)
The correction to:
Full Disclosure: Defense in depth -- the Microsoft way (part 82):
INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2
(seclists.org) <https://seclists.org/fulldisclosure/2023/Feb/13>
The Kanthak correction to restore SRP functionality on Windows 11 ver.
22H2, works only when Smart App Control is OFF. If it is in Evaluate or ON
mode, then the invalid registry values are automatically restored after
restarting...
NetBSD overflow Erg Noor (Mar 02)
Hi,
Trivial overflow in hfslib_reada_node_offset, while loop has no range
checks.
|size_t hfslib_reada_node_offsets(void* in_bytes, uint16_t*
out_offset_array) { void* ptr; if (in_bytes == NULL || out_offset_array
== NULL) return 0; ptr = in_bytes; out_offset_array--; do {
out_offset_array++; *out_offset_array = be16tohp(&ptr); } while
(*out_offset_array != (uint16_t)14); return ((uint8_t*)ptr -
(uint8_t*)in_bytes); }|
Repro is here...
[NetworkSEC NWSSA] CVE-2023-26609: ABUS Security Camera LFI, RCE and SSH Root Peter Ohm (Feb 27)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-001-2023]
# Vendor Homepage: https://www.abus.com
# Version/Model: TVIP 20000-21150 (probably many others)
# Tested on: GM ARM Linux 2.6, Server: Boa/0.94.14rc21
# CVE:...
[NetworkSEC NWSSA] CVE-2023-26602: ASUS ASMB8 iKVM RCE and SSH Root Access Peter Ohm (Feb 27)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-002-2023]
# Vendor Homepage: https://servers.asus.com/search?q=ASMB8
# Version/Model: ASMB8 iKVM Firmware <= 1.14.51 (probably others)
# Tested on: Linux AMI2CFDA1C7570E 2.6.28.10-ami...
Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666 hyp3rlinx (Feb 27)
[-] Microsoft Windows Contact file / Remote Code Execution (Resurrected
2022) / CVE-2022-44666
[+] John Page (aka hyp3rlinx)
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
Back in 2018 I discovered three related Windows remote code execution
vulnerabilities affecting both VCF and Contact files. They were purchased
by Trend Micro Zero Day Initiative (@thezdi) from me and received candidate
identifiers ZDI-CAN-6920 and ZDI-CAN-7591. Microsoft...
Defense in depth -- the Microsoft way (part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2 Stefan Kanthak (Feb 22)
Hi @ll,
in Windows 11 22H2. some imbeciles from Redmond added the following
(of course WRONG and INVALID) registry entries and keys which they
dare to ship to their billion world-wide users:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000002
"LastWriteTime"=hex(b):01,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp\DLL]
JFTR: the time stamp is 100ns past...
Multiple vulnerabilities in Audiocodes Device Manager Express Eric Flokstra (Feb 22)
# Product Name: Device Manager Express
# Vendor Homepage: https://www.audiocodes.com
# Software Link:
https://www.audiocodes.com/solutions-products/products/management-products-solutions/device-manager
# Version: <= 7.8.20002.47752
# Tested on: Windows 10 / Server 2019
# Default credentials: admin/admin
# CVE-2022-24627, CVE-2022-24628, CVE-2022-24629, CVE-2022-24630,
CVE-2022-24631, CVE-2022-24632
# Exploit:...
Sumo Logic keep api credentials on endpoints dammitjosie--- via Fulldisclosure (Feb 22)
security bug:
go sumologic.com (big company, many customer)
make free account
log in account, make access key - help.sumologic.com/docs/manage/security/access-keys/
<http://help.sumologic.com/docs/manage/security/access-keys/>
download collector for windows -
help.sumologic.com/docs/send-data/installed-collectors/collector-installation-reference/download-collector-from-static-url/
<...
Remote Code Execution in Kardex MLOG Patrick Hener (Feb 16)
Remote Code Execution in Kardex MLOG
=======================================================================
Product: Kardex Mlog MCC
Vendor: Kardex Holding AG
Tested Version: 5.7.12+0-a203c2a213-master
Fixed Version: inline patch - no new version number
Vulnerability Type: Improper Control of Generation of Code ("RFI") - CWE-94
CVSSv2 Severity:...
CyberDanube Security Research 20230213-0 | Multiple Vulnerabilities in JetWave Series Thomas Weber (Feb 14)
CyberDanube Security Research 20230213-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| JetWave4221 HP-E, JetWave 2212G, JetWave
2212X/2212S,
| JetWave 2211C, JetWave 2411/2111, JetWave
2411L/2111L,
| JetWave 2414/2114, JetWave...
Defense in depth -- the Microsoft way (part 81): enabling UTF-8 support breaks existing code Stefan Kanthak (Feb 14)
Hi @ll,
almost 4 years ago, with Windows 10 1903, after more than a year
beta-testing in insider previews, Microsoft finally released UTF-8
support for the -A interfaces of the Windows API.
0) <https://docs.microsoft.com/en-us/windows/uwp/design/globalizing/use-utf8-code-page#activeCodePage>
| If the ANSI code page is configured for UTF-8, -A APIs typically
| operate in UTF-8. This model has the benefit of supporting
| existing...
Other Excellent Security Lists
Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
Info Security News — Carries news items (generally from mainstream sources) that relate to security.
IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list
Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
t2'23: Call For Papers 2023 (Helsinki, Finland) Tomi Tuominen via Dailydave (Mar 06)
Call For Papers 2023
Tired of your bosses suspecting conference trips to exotic locations being just a ploy to partake in Security Vacation
Club? Prove them wrong by coming to Helsinki, Finland on May 4-5 2023! Guaranteed lack of sunburn, good potential for
rain or slush. In case of great spring weather, though, no money back.
CFP and registration both open. Read further if still unsure.
Maui, Miami, Las Vegas, Tel Aviv or Wellington feel so...
PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.
Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.
Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community
CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.
Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
Re: Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Salvatore Bonaccorso (Mar 08)
Hi,
Two CVEs are assigned by MITRE:
CVE-2023-27985
CVE-2023-27986
Regards,
Salvatore
Multiple vulnerabilities in Jenkins Daniel Beck (Mar 08)
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.
The following releases contain fixes for security vulnerabilities:
* Jenkins 2.394
* Jenkins LTS 2.375.4 and 2.387.1
* update-center2 3.15
Summaries of the vulnerabilities are below. More details, severity, and
attribution can be found here:
https://www.jenkins.io/security/advisory/2023-03-08/
We provide...
Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Gabriel Corona (Mar 08)
emacsclient-mail.desktop is vulnerable to shell command
injections and Emacs Lisp injections through a crafted
mailto: URI.
This has been introduced in Emacs 28.1:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c
A fix for shell command injection is currently included
in the upcoming 28.3 branch:...
CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Albumen Kevin (Mar 08)
Description:
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior
versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
Credit:
yemoli、R1ckyZ、Koishi、cxc (reporter)
References:
https://dubbo.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-23638
CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting Eric Covener (Mar 07)
Severity: moderate
Description:
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server:
from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
Credit:
Dimas Fariski Setyawan Putra (nyxsorcerer) (finder)
References:
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/...
CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy Eric Covener (Mar 07)
Severity: important
Description:
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable...
Re: Re: double-free vulnerability in OpenSSH server 9.1 (CVE-2023-25136) Georgi Guninski (Mar 06)
So besides the double free bug you managed to circumvent
the mitigation in both linux and openbsd, right?
Did you find weakness in the mitigation or did you find
fundamental way to exploit double free?
UAF in OpenSSL up to 3.0.7 Octavio Galland (Mar 03)
Hi all,
There is a heap-based UAF vulnerability in OpenSSL up to version 3.0.7
(note that it affected version branches 1.0 and 1.1 as well). I include the
report that was sent to the OpenSSL security team, with an update
concerning reproducibility.
The vulnerability was triaged by the OpenSSL security team, got assigned
CVE-2023-0215 with MODERATE severity (
https://www.openssl.org/news/secadv/20230207.txt) and has been fixed in
versions 3.0.8,...
Linux kernel: CVE-2023-1118: UAF vulnerabilities in "drivers/media/rc" directory duoming (Mar 01)
Hello there,
There are use-after-free vulnerabilities in drivers/media/rc/ene_ir.c of linux that
allow attacker to crash linux kernel without any privilege by detaching rc device.
=*=*=*=*=*=*=*=*= Bug Details =*=*=*=*=*=*=*=*=
When the rc device is detaching, function ene_remove() will be called.
But the synchronizations in ene_remove() are bad. The situations that
may lead to race conditions are shown below.
Firstly, the rx receiver is...
Re: sudo: double free with per-command chroot sudoers rules Marc Deslauriers (Mar 01)
Well, it looks like CVE-2023-27320 already got assigned to this issue.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27320
Marc.
CVE-2023-1077: Linux kernel: Type confusion in pick_next_rt_entity() Pietro Borrello (Mar 01)
Hi all,
I am disclosing a type confusion in the RT scheduling stack of the Linux Kernel.
pick_next_rt_entity() caller checks that list_entry() on the scheduler queue
does not return NULL, using a BUG_ON.
However, this condition can never happen.
For an empty list, list_entry() returns a type confused view of the list_head.
The buggy condition would lead to the use of a type confused sched_rt_entity,
causing memory corruption.
The proposed patch...
CVE-2023-1075 - Linux Kernel: Type Confusion in tls_is_tx_ready() Pietro Borrello (Mar 01)
Hi all,
I am disclosing a type confusion in the net/tls stack of the Linux Kernel.
tls_is_tx_ready() checks that list_first_entry() does not return NULL.
However, this condition can never happen.
For an empty `tx_list`, list_first_entry() returns the list_entry() of the head,
which, when used, is a type confusion.
Thus, tls_is_tx_ready() may potentially use a type-confused entry
to the list_head, leaking the last byte of the type confused field...
CVE-2023-1076: Linux Kernel: Type Confusion hardcodes tuntap socket UID to root Pietro Borrello (Mar 01)
Hi all,
I am disclosing a type confusion in the initialization of TUN/TAP sockets
which hardcodes their UID to 0, usually the root UID.
sock_init_data() assumes that the `struct socket` passed in input is
contained in a `struct socket_alloc` allocated with sock_alloc().
However, tap_open() and tun_chr_open() pass a `struct socket` embedded
in a `struct tap_queue` and `struct tun_file` respectively, both
allocated with sk_alloc().
This causes a...
CVE-2023-1079: Linux Kernel: Use-After-Free in asus_kbd_backlight_set() Pietro Borrello (Mar 01)
Hi all,
I'm disclosing a Use After Free that may be triggered when plugging in a
malicious USB device, which advertises itself as an asus device.
The device uses a worker `asus_worker` scheduled by asus_kbd_backlight_set() to
communicate with the hardware.
The work_struct is embedded in `struct asus_kbd_leds`, and at device removal,
`struct asus_kbd_leds` is freed.
However, concurrently with device removal, the LED controller...
Re: sudo: double free with per-command chroot sudoers rules Todd C. Miller (Mar 01)
No, and I don't plan on requesting one. As far as I can tell, this
doesn't actually affect any users.
- todd
Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.
Educause Security Discussion — Securing networks and computers in an academic environment.
Internet Issues and Infrastructure
NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
NetElastic Travis Garrison (Mar 09)
Anyone here running NetElastic? If so, what are your opinions on it. vBNG and CGNAT.
Thank you
Travis
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Mark Andrews (Mar 08)
Correct, you can’t use 100.64/10 for any service expected to be reached
by customers. CPE shouldn’t see traffic from 100.64/10 with the possible
exception of ICMP ERROR messages. Even advertising a 100.64/10 address as
next hop is problematic for dual homing CPE.
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) William Herrin (Mar 08)
Hi Lukas,
Thanks for the clarification. As others have said: the error lies in
the base conditions of your reasoning, not team-cyrmu's bogon list.
The bogon list is designed to be used unmodified at one particular
kind of location only: the BGP-speaking link between two different
Autonomous Systems. Anywhere else you might choose to use it, you must
first exclude or override the filtering for locally used addresses.
Perhaps the folks...
RE: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Travis Garrison (Mar 08)
I>'d say that they shouldn't send them to her without her acknowledgement
Exactly
We use CGNAT in our network unfortunately. We skip CGNAT for internal resources only, to reduce logging, load, etc.
but all outbound and/or customer to customer traffic goes through the CGNAT. Only public IP addresses are allowed to
communicate between customers.
Travis
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Grant Taylor via NANOG (Mar 08)
I argue that Alice should expect to not receive any traffic from
non-globally routed IPs UNLESS her cloud provider has informed her that
she should expect them.
I'd say that they shouldn't send them to her without her acknowledgement
~> consent to receive them.
I disagree.
Nothing prevents someone from filtering bogons without using RFC 6598 as
justification to do so.
I suspect that there are many people using DFZ feeds that...
Spoofer Report for NANOG for Feb 2023 CAIDA Spoofer Project (Mar 08)
In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these...
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Grant Taylor via NANOG (Mar 08)
I would assume ~> expect that any operator of a system being deployed
with a globally routed IP to be well aware if there system was expected
to handle non-globally routed IPs or not. E.g. at $DAY_JOB we
/explicitly/ configured systems to allow ~> support non-globally routed
IPs from RFC 6598 Shared Address Space et al. clients.
Either you're outside of the CGN context or you are explicitly aware
that you are inside of the CGN...
NY Verizon FIOS IPv6 routing issue Robert Blayzor via NANOG (Mar 08)
Any Verizon IP engineers lurking on this list that can contact me about
a recurring and chronic IPv6 routing issue in the upstate NY Verizon
FIOS network. Getting feedback from several customers that have valid
IPv6 PD from FIOS but routing is broken 2-3 hops out in Verizons
network. This is causing major service issues with anyone that has IPv6
enabled.
Happy to provide details or work the proper channels; if only you could
easily find...
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Tom Beecher (Mar 08)
Respectfully, this is exceptionally ignorant.
Team Cymru is not misrepresenting anything. They are very specific and
detailed about which addresses the bogons and fullbogons lists contain.
They also clearly state that individual networks MAY need to make
adjustments based on their circumstances.
Team Cymru CEO, Rob Thomas, studied a frequently attacked website to
If someone is blindly filtering a list of prefixes from a 3rd party without...
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Victor Kuarsingh (Mar 08)
This was the intention of the RFC. As this space was intended to be used
with an AS's network to service CGN needs. That CGN boundary likely ends
before a given customer and/or neighboring network, so it would make sense
that downstream and neighboring networks would filter at their borders.
All that said, if for some reason, a downstream network has 100.64/10
assigned to direct links on an interconnection, that may be a problem.
That type...
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Lukas Tribus (Mar 08)
You know all this if you are the network operator.
If you are the customer of the ISP, let's say a datacenter/cloud
customer and you are deploying Web or Mailservices, you have no idea
whether this ISP will route RFC6598 traffic to you or not and you
certainly will not get informed by the ISP if that ever changes. You
only know about this once you are dropping production traffic from
clients in 100.64/10 and a trouble ticket has found...
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Lukas Tribus (Mar 08)
It very much is.
An autonomous system can contain both "eyeballs" (possibly RFC6598
adressed) and services in datacenters/clouds, it's not *always* a
different ISP.
Perhaps I should have started this topic with a very specific example:
- ISP A has a residential customer "Bob" in RFC6598 space
- ISP A CGNATs Bob if the destination is beyond it's own IP space
- ISP A doesn't CGNAT if the destination is within...
Re: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Lukas Tribus (Mar 08)
Absolutely, everybody's free to drop whatever they like on their gear,
I'm sure there are networks, gear, applied and documented
configurations out there that block 1.1.1.0/24.
That doesn't mean publically available blocklists need to misrepresent
their use-case.
The concern is not about networks that know what they are doing, the
concern is about the rest (and more specifically entities that don't
operate their own ASN)....
Re: Re[2]: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all) Lukas Tribus (Mar 08)
Hello,
I disagree, authoritative and accurate product description and
documentation of the tools used by the public matter a lot. If a
ticket lands on my desk because a third party misuses a tool, I want
to point to a single authoritative source of information.
I know that, you know that. That doesn't solve my problem. What solves
my problem is accurate documentation and education.
This is an operational networking issue that goes beyond...
Re: Request for comments Etienne-Victor Depasquale via NANOG (Mar 08)
Quick (and critical) correction:
bar charts on the ***left*** are from *NOGs;
bar charts on the ***right*** are from commissioned market research.
Cheers,
Etienne
Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Risks Digest 33.64 RISKS List Owner (Mar 07)
RISKS-LIST: Risks-Forum Digest Tuesday 14 March 2023 Volume 33 : Issue 64
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.64>
The current issue can also be found at
<...
Risks Digest 33.63 RISKS List Owner (Feb 25)
RISKS-LIST: Risks-Forum Digest Saturday 25 February 2023 Volume 33 : Issue 63
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.63>
The current issue can also be found at
<...
Risks Digest 33.62 RISKS List Owner (Feb 19)
RISKS-LIST: Risks-Forum Digest Sunday 19 February 2023 Volume 33 : Issue 62
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.62>
The current issue can also be found at
<...
Risks Digest 33.60 RISKS List Owner (Jan 16)
RISKS-LIST: Risks-Forum Digest Monday 15 January 2023 Volume 33 : Issue 60
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.60>
The current issue can also be found at
<...
Risks Digest 33.59 RISKS List Owner (Jan 02)
RISKS-LIST: Risks-Forum Digest Monday 2 January 2023 Volume 33 : Issue 59
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.59>
The current issue can also be found at
<...
Risks Digest 33.58 RISKS List Owner (Dec 18)
RISKS-LIST: Risks-Forum Digest Sunday 18 December 2022 Volume 33 : Issue 58
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.58>
The current issue can also be found at
<...
Risks Digest 33.57 RISKS List Owner (Dec 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 December 2022 Volume 33 : Issue 57
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.57>
The current issue can also be found at
<...
Risks Digest 33.56 RISKS List Owner (Dec 04)
RISKS-LIST: Risks-Forum Digest Sunday 4 December 2022 Volume 33 : Issue 56
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.56>
The current issue can also be found at
<...
Risks Digest 33.55 RISKS List Owner (Dec 02)
RISKS-LIST: Risks-Forum Digest Friday 2 December 2022 Volume 33 : Issue 55
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.55>
The current issue can also be found at
<...
Risks Digest 33.54 RISKS List Owner (Nov 27)
RISKS-LIST: Risks-Forum Digest Sunday 27 November 2022 Volume 33 : Issue 54
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.54>
The current issue can also be found at
<...
Risks Digest 33.53 RISKS List Owner (Nov 22)
RISKS-LIST: Risks-Forum Digest Wednesday 22 November 2022 Volume 33 : Issue 53
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.53>
The current issue can also be found at
<...
Risks Digest 33.52 [Apologies for unconverted characters in 33.51] RISKS List Owner (Nov 13)
RISKS-LIST: Risks-Forum Digest Sunday 13 November 2022 Volume 33 : Issue 52
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.52>
The current issue can also be found at
<...
Risks Digest 33.51 RISKS List Owner (Nov 09)
RISKS-LIST: Risks-Forum Digest Wednesday 9 November 2022 Volume 33 : Issue 51
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.51>
The current issue can also be found at
<...
Risks Digest 33.50 RISKS List Owner (Nov 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 November 2022 Volume 33 : Issue 50
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.50>
The current issue can also be found at
<...
Risks Digest 33.49 RISKS List Owner (Oct 25)
RISKS-LIST: Risks-Forum Digest Tuesday 25 October 2022 Volume 33 : Issue 49
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.49>
The current issue can also be found at
<...
BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.
Healthcare organizations face rising ransomware attacks – and are paying up Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/
Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.
The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do...
A digital conflict between Russia and Ukraine rages on behind the scenes of war Matthew Wheeler (Jun 03)
https://wskg.org/npr_story_post/a-digital-conflict-between-russia-and-ukraine-rages-on-behind-the-scenes-of-war/
SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a
senior U.S. intelligence official told British outlet Sky News that the
U.S. is running offensive cyber operations in support of Ukraine.
“My job is to provide a series of options to the secretary of defense and
the president, and so that’s what I do,” said...
Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Matthew Wheeler (Jun 03)
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html
The Parrot traffic direction system (TDS) that came to light earlier this
year has had a larger impact than previously thought, according to new
research.
Sucuri, which has been tracking the same campaign since February 2019 under
the name "NDSW/NDSX," said that "the malware was one of the top infections"
detected in 2021, accounting for more than...
FBI, CISA: Don't get caught in Karakurt's extortion web Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/
The Feds have warned organizations about a lesser-known extortion gang
Karakurt, which demands ransoms as high as $13 million and, some
cybersecurity folks say, may be linked to the notorious Conti crew.
In a joint advisory [PDF] this week, the FBI, CISA and US Treasury
Department outlined technical details about how Karakurt operates, along
with actions to take,...
DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of
three domains used by cybercriminals to trade stolen personal information
and facilitate distributed denial-of-service (DDoS) attacks for hire.
This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the
former of which allowed its users to traffic hacked personal data and
offered a...
Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html
An advanced persistent threat (APT) actor aligned with Chinese state
interests has been observed weaponizing the new zero-day flaw in Microsoft
Office to achieve code execution on affected systems.
"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using
URLs to deliver ZIP archives which contain Word Documents that use the
technique,"...
US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command Matthew Wheeler (Jun 02)
https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/
US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.
In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify...
SideWinder Hackers Launched Over a 1, 000 Cyber Attacks Over the Past 2 Years Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html
An "aggressive" advanced persistent threat (APT) group known as SideWinder
has been linked to over 1,000 new attacks since April 2020.
"Some of the main characteristics of this threat actor that make it stand
out among the others, are the sheer number, high frequency and persistence
of their attacks and the large collection of encrypted and obfuscated...
Hackers are Selling US University Credentials Online, FBI Says Matthew Wheeler (May 31)
https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says
The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.
The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope...
Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html
Interpol on Monday announced the arrest of three suspected global scammers
in Nigeria for using remote access trojans (RATs) such as Agent Tesla to
facilitate malware-enabled cyber fraud.
"The men are thought to have used the RAT to reroute financial
transactions, stealing confidential online connection details from
corporate organizations, including oil and gas...
U.S. Warns Against North Korean Hackers Posing as IT Freelancers Matthew Wheeler (May 18)
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html
Highly skilled software and mobile app developers from the Democratic
People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in
hopes of landing freelance employment in an attempt to enable the regime's
malicious cyber intrusions.
That's according to a joint advisory from the U.S. Department of State, the
Department of the...
FBI and NSA say: Stop doing these 10 things that let the hackers in Matthew Wheeler (May 18)
https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/
Cyber attackers regularly exploit unpatched software vulnerabilities, but
they "routinely" target security misconfigurations for initial access, so
the US Cybersecurity and Infrastructure Security Agency (CISA) and its
peers have created a to-do list for defenders in today's heightened threat
environment.
CISA, the FBI and National...
Fifth of Businesses Say Cyber-Attack Nearly Broke Them Matthew Wheeler (May 18)
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/
A fifth of US and European businesses have warned that a serious
cyber-attack nearly rendered them insolvent, with most (87%) viewing
compromise as a bigger threat than an economic downturn, according to
Hiscox.
The insurer polled over 5000 businesses in the US, UK, Ireland, France,
Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox
Cyber...
Hacker And Ransomware Designer Charged For Use And Sale Of Ransomware, And Profit Sharing Arrangements With Cybercriminals Matthew Wheeler (May 18)
https://www.shorenewsnetwork.com/2022/05/16/hacker-and-ransomware-designer-charged-for-use-and-sale-of-ransomware-and-profit-sharing-arrangements-with-cybercriminals/
A criminal complaint was unsealed today in federal court in Brooklyn, New
York, charging Moises Luis Zagala Gonzalez (Zagala), also known as
“Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and
Venezuela who resides in Venezuela, with attempted...
State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts
Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.
The average ransom paid by organizations that had data encrypted in their...
Open Source Tool Development
Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Snort Subscriber Rules Update 2023-03-07 Research (Mar 07)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Re: [EXT] : Snort-sigs Digest, Vol 70, Issue 3 (No such file or directory error) Al Lewis (allewi) via Snort-sigs (Mar 02)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the malware-cnc, malware-other, os-windows, policy-other, protocol-scada
and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Re: [EXT] : Snort-sigs Digest, Vol 70, Issue 3 (No such file or directory error) Darryle Merlette via Snort-sigs (Mar 02)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the malware-cnc, malware-other, os-windows, policy-other, protocol-scada
and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2023-03-02 Research (Mar 02)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Re: Snort Subscriber Rules Update 2023-02-28 Al Lewis (allewi) via Snort-sigs (Mar 02)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the malware-cnc,
malware-other, os-windows, policy-other, protocol-scada and server-webapp
rule sets to provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Re: Snort Subscriber Rules Update 2023-02-28 mukesh.jha (Mar 01)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the malware-cnc,
malware-other, os-windows, policy-other, protocol-scada and server-webapp
rule sets to provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2023-02-28 Research (Feb 28)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the malware-cnc,
malware-other, os-windows, policy-other, protocol-scada and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2023-02-23 Research (Feb 23)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the browser-chrome,
file-other and server-webapp rule sets to provide coverage for emerging
threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2023-02-21 Research (Feb 21)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the file-office,
file-other, malware-cnc, malware-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2023-02-16 Research (Feb 16)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the file-image,
file-other, malware-backdoor, malware-other and server-webapp rule sets
to provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2023-02-14 Research (Feb 14)
Talos Snort Subscriber Rules Update
Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.
Details:
Microsoft Vulnerability CVE-2023-21529:
A coding deficiency exists in Microsoft Exchange Server that may lead
to remote code execution.
A previously released rule will detect attacks targeting these
vulnerabilities and has been updated with the appropriate reference
information. It is included in this release...
Snort Subscriber Rules Update 2023-02-09 Research (Feb 09)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the
indicator-compromise, malware-cnc, malware-other, malware-tools,
os-linux, os-windows and server-other rule sets to provide coverage for
emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Re: Fwd: Snort-3.1.52.0 Segmentation Fault Dheeraj Gupta via Snort-devel (Feb 08)
Hi,
Thanks for your response. I have filed a bug report on github -
https://github.com/snort3/snort3/issues/292
It looks like a fix may be released soon.
Thanks,
Dheeraj
On Wed, 8 Feb 2023 at 22:13, Yehor Velykozhon <yvelyk () softserveinc com>
wrote:
Snort Subscriber Rules Update 2023-02-02 Research (Feb 02)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the
indicator-compromise, malware-cnc, malware-tools, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2023-01-31 Research (Jan 31)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the malware-cnc,
malware-other, malware-tools and server-webapp rule sets to provide
coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
More Lists
We also maintain archives for these lists (some are currently inactive):
- Declan McCullagh's Politech
- TCPDump/LibPCAP Dev
- Security Incidents
- Vulnerability Development
- Vulnerability Watch
Related Resources
Read some old-school private security digests such as Zardoz at SecurityDigest.Org
We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.