SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all using the Site Search box above.

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

Re: ncat: Windows build difficulties David Fifield (Aug 15)
It's strange that there haven't been other reports of the same problem,
but the way to file a bug report is with a GitHub issue:
https://github.com/nmap/nmap/blob/d66644be63e64a94687160da005d65cbf0b51280/CONTRIBUTING.md#bug

Re: ncat: Windows build difficulties Adam Baxter (Aug 11)
Interestingly, https://github.com/microsoft/vcpkg/tree/master/ports/nmap carries a number of patches which might be
useful here upstream, too.

--Adam

Re: ncat: Windows build difficulties Adam Baxter (Aug 11)
Hi David,

Good catch, thanks. At the time of writing, "CompileAsCpp" is set in 3 places in
https://svn.nmap.org/nmap/ncat/ncat.vcxproj. What's the process to get this changed?

--Adam

Re: ncat: Windows build difficulties David Fifield (Aug 11)
I think this error occurs when trying to compile C code with a C++
compiler. The pointer conversion is implicit in C but must be explicit
in C++.

I'm not sure how the C++ compiler came to be used, though—maybe check
the changes you made to the solution file.

ncat: Windows build difficulties Adam Baxter (Aug 11)
Hi,
I'm attempting to build ncat statically for Windows using VS2022 and I've run into the following issues:
* applink.c missing from static build of openssl 3.0.5 - fixed by downloading
https://github.com/openssl/openssl/blob/master/ms/applink.c into the correct path

* vcxproj/sln file not set up to build ncat for x64 - fixed by fiddling with the solution configuration. I'm not sure
how this was generated but I could provide a...

Report a Bug of Zenmap zjjncsn via dev (Aug 10)
????7.92(????)
??????Nmap??????????Nmap??????????????????????????????????????????Nmap????????????????????????????????????????????

version 7.92(Chinese)
When I'm in nmap output tab, it can display normally. But once I switch to another tab and switch back, it can't
display. And the output box will be gray. (Look at the video.)
Sorry for my poor English.

Shining Chen
zjjncsn () qq com...

Re: Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library Gordon Fyodor Lyon (Jun 20)
Hi Shivani. Thanks for the report. Those two vulnerabilities are in the
PCRE2 (2nd generation) PCRE library. Although we plan to upgrade to PCRE2
soon, Nmap is currently still using the 1st generation PCRE which is not
susceptible to these bugs. When we do upgrade, we will be sure to use a
fixed version of PCRE2.

Also, Nmap version 4.6 and 5.21 are ancient and well worth upgrading for
other reasons.

On Mon, Jun 20, 2022 at 1:47 PM Sharma,...

Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library Sharma, Shivani via dev (Jun 20)
Hi Team,
We are using Nmap 4.6 and 5.21 in our project and scan tool reports one vulnerability to Nmap which is related to PCRE2.
As per vulnerabilities ,CVE-2022-1586: This involves a unicode property matching issue in JIT-compiled regular
expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVE-2022-1587: This comes with PCRE2 library in the get_recurse_data_length() function of the...

dhcp script not being seen as open? Mike . (Jun 20)
was testing with my router today i noticed this. sent out a dhcp OFFER i am assuming that is what the script is
sending out, and i notice i get back OPEN/FILTERED. if i am receiving a reply back, why is nmap not seeing this,
marking that as such, and calling it OPEN? it is receiving a valid packet response. am i missing something? here is the
output>

from the nmap side of the NSE debug on

NSE: Script scanning 192.168.0.1.
Initiating NSE...

PR, dhcp6, added duid types Christoph Barthel via dev (Jun 20)
https://github.com/nmap/nmap/pull/2487

Hello dev's,

I discovered an issue while using the broadcast-dhcp6-discover script.
The script is using the dhcp6.lua script in which the CLIENTID parser
returned for an DUID != 1. So I added, according to RFC3315, the
remaining two DUIDs (DUID-LL, DUID-EN).

Note: For DUID-EN the vendor based enterprise number will be skipped.

https://datatracker.ietf.org/doc/html/rfc3315#section-9.1

Re: Where to report incorrect mac prefixes Esa Jokinen via dev (Jun 01)
It seems my earlier reply to this has stuck somewhere. I have a pull
request #2479 open on GitHub to update the nmap-mac-prefixes file,
including a Python script that parses and converts the IEEE source data
from the updated format.

Esa Jokinen @oh2fih

Where to report incorrect mac prefixes Joey Seal (May 17)
I occasionally encounter the wrong vendor after running an NMAP scan, where
can I report this?

Missing ssh hostkeys when running at scale Loone, Sami (May 04)
Hello nmap devs,

I'm writing in hope that a oneliner pull request could get a bit of attention.

https://github.com/nmap/nmap/pull/2338

In short, ssh hostkey scan script intermittently ends up missing some of the
expected keys when running at scale. The patch is to fix nmap ssh packet
encoding for multiprecision integers.

I've recently added a hacky shell script to the pull request to make it a bit
easier to reproduce the issue...

Re: Writing high-performance npcap application Daniel Miller (Apr 29)
Jan,

Thanks for your interest in Npcap! I'll try to answer questions inline
below.

On Wed, Apr 27, 2022 at 1:21 PM Jan Danielsson <jan.m.danielsson () gmail com>
wrote:

Questions can also be posted as Issues on our Github page, but the nmap-dev
mailing list is also publicly archived, so it works well for this type of
discussion.

I believe most of the performance difference there would be because Npcap
so far does not support a...

Writing high-performance npcap application Jan Danielsson (Apr 27)
Hello,

[The npcap page said it was ok to use nmap mailing list for npcap
related questions. If there's a more appropriate forum, please point me
to it.]

I'm working on an application that requires very high transfer rates
of raw ethernet packets. As a reference, we use libpcap on unixy
platforms and are able to saturate a 1Gbit/s link, with zero packet
loss. A few customers need Windows support, so we're looking...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.

Npcap 1.60 Release: Code Hardening, Compatibility, and Bug Fixes Gordon Fyodor Lyon (Dec 08)
Hi Nmap (and Npcap) hackers! I hope you're enjoying the start of the
holidays. For your first stocking stuffer, we're happy to release Npcap
Version 1.60! We also released (but never actually announced) Version 1.55
in September. We put out Versions 1.12 and 1.11 of the SDK too. None of
these try to wow you with major new features. We're excited about a lot of
those in the pipeline, but we focused the last few months on...

Nmap 7.92 Defcon Release! Gordon Fyodor Lyon (Aug 07)
Hi folks. Many of us can't attend Defcon in person this year due to global
pandemic, but we won't let that stop our traditional Defcon Nmap release!
We just posted Nmap 7.92 to https://nmap.org/download.html. It includes
dozens of performance improvements, feature enhancements, and bug fixes
that we've made over the last 10 months.

The biggest improvement (at least for Windows users) is the inclusion of
version 1.50 of Npcap (...

Npcap 1.50 Release Brings Nmap & Wireshark to Windows ARM devices Gordon Fyodor Lyon (Jun 28)
Hi folks. The Nmap Project is pleased to release Npcap version 1.50 at
https://npcap.org. There are many improvements in this release, but the
one we're most excited about is support for the ARM architecture! This
allows apps like Nmap and Wireshark to run for the first time on a newer
generation of hardware which often includes all-day battery life and
always-on LTE/5G capabilities. Devices vary from the $349 Samsung Galaxy
Book Go...

Npcap 1.30 Released: Raw WiFi + Better Performance Gordon Fyodor Lyon (Apr 12)
Hi folks. The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did....

Npcap 1.20 released Gordon Fyodor Lyon (Mar 16)
Nmap/Npcap Community:

I'm happy to report the release of version 1.20 of the Npcap Windows packet
capturing/sending driver! It's the first release of 2021 and includes
better capabilities for selecting timestamp methods as well as many other
improvements and bug fixes. These include updating the underlying libpcap
library to version 1.10 and building our installer now with NSIS 3. More
details on all this are available from the...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Re: typeorm CVE-2022-33171 Tobias Schneider (Aug 19)
Someone should tell Snyk about the risks of "Supply Chain vulnerabilities"
...

(and yes this is a vulnerability, nice find!)

LoL'ing at Maintainer.

Cheers, @haxel0rd.

Trovent Security Advisory 2110-01 / Insecure data storage in Polar Flow Android application Stefan Pietsch (Aug 19)
# Trovent Security Advisory 2110-01 #
#####################################

Insecure data storage in Polar Flow Android application
#######################################################

Overview
########

Advisory ID: TRSA-2110-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2110-01
Affected product: Polar Flow Android mobile application (fi.polar.polarflow)
Affected version: 5.7.1
Vendor:...

APPLE-SA-2022-08-18-1 Safari 15.6.1 Apple Product Security via Fulldisclosure (Aug 19)
APPLE-SA-2022-08-18-1 Safari 15.6.1

Safari 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213414.

WebKit
Available for: macOS Big Sur and macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: An out-of-bounds write issue was...

APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1 Apple Product Security via Fulldisclosure (Aug 19)
APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1

iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213412.

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with...

APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1 Apple Product Security via Fulldisclosure (Aug 19)
APPLE-SA-2022-08-17-2 macOS Monterey 12.5.1

macOS Monterey 12.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213413.

Kernel
Available for: macOS Monterey
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: An out-of-bounds write issue was addressed...

[CVE-2022-2536] Transposh <= 1.0.8.1 “tp_translation” Authorization Bypass Julien Ahrens (RCE Security) (Aug 19)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Incorrect Authorization [CWE-863]
Date found: 2022-07-23
Date published: 2022-08-16
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2022-2536

2. CREDITS...

Win32.Ransom.BlueSky / Arbitrary Code Execution malvuln (Aug 15)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Win32.Ransom.BlueSky
Vulnerability: Arbitrary Code Execution
Description: The BlueSky ransomware looks for and executes arbitrary DLLs
in its current working directory. Therefore, we can hijack a vuln DLL,
execute our own code, control...

Zyxel IPC 3605N & 4605N / Remote shell access Eric Urban (Aug 15)
Hello everyone,

I have identified that the Zyxel IPC 3605N and 4605N IP based security
cameras have multiple flaws. Combining these together leads to the ability
for an attacker to remotely install root shell access on the device.

A web server installed for UPnP purposes allows the plaintext passwords to
be retrieved by anyone. This grants access to the web administration
interface. From there, a tarball can be downloaded, modified with a...

Re: typeorm CVE-2022-33171 Andrii Kostenko via Fulldisclosure (Aug 15)
I found what I think is a vulnerability in the latest typeorm 0.3.7.
TypeORM v0.3 has a new findOneBy method instead of findOneById() and it is
the only way to get a record by id

Sending undefined as a value in this method removes this parameter from the
query. This leads to the data exposure.

For example:
Users.findOneBy({id: req.query.id}) with /?id=12345 produces SELECT * FROM
Users WHERE id=12345 LIMIT 1 while removing id from the query...

CVE-2022-2590: Linux kernel privilege escalation vulnerability Turritopsis Dohrnii Teo En Ming (Aug 11)
Subject: CVE-2022-2590: Linux kernel privilege escalation vulnerability

Good day from Singapore,

Just sharing this Linux kernel security vulnerability.

Article: CVE-2022-2590: Linux kernel privilege escalation vulnerability
Link: https://securityonline.info/cve-2022-2590-linux-kernel-privilege-escalation-vulnerability/

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore

Backdoor.Win32.Guptachar.20 / Insecure Credential Storage malvuln (Aug 08)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Guptachar.20
Vulnerability: Insecure Credential Storage
Description: The malware runs a web server on TCP port 2015 (default) and
uses BASIC authentication. The credentials "hacker01:imchampgr8" get stored
in a...

Backdoor.Win32.Bushtrommel.122 / Unauthenticated Remote Command Execution malvuln (Aug 04)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bushtrommel.122
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 31745 and 1030. Adversaries
who can reach infected hosts can run commands made available by the...

Backdoor.Win32.Bushtrommel.122 / Authentication Bypass malvuln (Aug 04)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bushtrommel.122
Vulnerability: Authentication Bypass
Description: The malware listens on TCP port 31745 runs an ftp server on
port 1030. Attackers who can reach infected systems can logon using any
username/password...

Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow malvuln (Aug 04)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/783a191e7944e1af84ec0fa96d933f30.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jokerdoor
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 27374. Attackers who can reach
an infected system can send a large payload and trigger a classic stack
buffer overflow...

Backdoor.Win32.Destrukor.20 / Unauthenticated Remote Command Execution malvuln (Aug 01)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Destrukor.20
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 6969. Third-party adversaries
who can reach infected hosts can run commands made available by the...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Re: [SECURITY] [DSA 4628-1] php7.0 security update Timesportsall (Jan 16)
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
------------------------------------------------------------------------
-

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047
CVE-2019-11050 CVE-2020-7059...

Re: BugTraq Shutdown tommypickle (Jan 16)
All old school hackers from UPT remember and want to show respect. Thanks for everything.

On Second Thought... alias (Jan 16)
Bugtraq has been a valuable institution within the Cyber Security community for
almost 30 years. Many of our own people entered the industry by subscribing to it
and learning from it. So, based on the feedback weâve received both from the
community-at-large and internally, weâve decided to keep the Bugtraq list running.
Weâll be working in the coming weeks to ensure that it can remain a valuable asset
to the community for years to...

BugTraq Shutdown alias (Jan 15)
2020 was quite the year, one that saw many changes. As we begin 2021, we wanted
to send one last note to our friends and supporters at the SecurityFocus BugTraq
mailing list. As many of you know, assets of Symantec were acquired by Broadcom
in late 2019, and some of those assets were then acquired by Accenture in 2020
(https://newsroom.accenture.com/news/accenture-completes-acquisition-of-broadco
ms-symantec-cyber-security-...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open Vic Vandal (Feb 03)
We are pleased to announce that CarolinaCon-15 will be on April 26th-28th 2019 in Charlotte NC at the Renaissance
Charlotte Suites. All who are interested in speaking on any topic in the realm of hacking, cybersecurity, technology,
science, robotics or any related field are invited to submit a proposal to present at the con. Full disclosure that
technology or physical security exploitation type submissions are most desirable for this storied...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

44CON 2018 - 12th-14th September, London (UK) Steve (Feb 28)
44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training
on the 10th and 11th of September, a free evening event on the 12th of September, and a full two-day conference on the
13th and 14th of September. The event takes place at the ILEC Conference Centre near Earls Court, London. 44CON 2018
includes catering, private bus bar and Gin O'Clock breaks. Early Bird discounted...

RootedCON Security Conference - 1-3 March, Madrid (Spain) omarbv (Feb 11)
On the occasion of the ninth edition of RootedCON, the most important
computer security conference in the country, around 2,000 hackers will
meet to discuss new questions and researchs about the cybersecurity
world, with its risks and threats. National and international experts
have included in their agendas this mandatory appointment to discuss new
vulnerabilities, viruses, and other threats, they will also talk about
countermeasures in order...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Ransomware: Why one city chose to the pay the ransom after falling victim InfoSec News (Aug 12)
https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/

By Danny Palmer
ZDNet.com
August 12, 2020

A US city has explained why it gave into the demands of cyber criminals
and paid a ransom demand of $45,000 following a ransomware attack.

Lafayette, Colorado fell victim to ransomware on July 27, which encrypted
the city's computer networks and caused disruptions to phone services,
email and...

0-days, a failed patch, and a backdoor threat. Update Tuesday highlights InfoSec News (Aug 12)
https://arstechnica.com/information-technology/2020/08/update-tuesday-fixes-2-0days-and-botched-patch-for-a-backdoor-threat/

By Dan Goodin
Ars Technica
08/12/2020

Microsoft on Tuesday patched 120 vulnerabilities, two that are notable
because they’re under active attack and a third because it fixes a
previous patch for a security flaw that allowed attackers to gain a
backdoor that persisted even after a machine was updated.

Zero-day...

OCR warns hospitals of HIPAA compliance scams InfoSec News (Aug 12)
https://www.healthcareitnews.com/news/ocr-warns-hospitals-apparent-hipaa-compliance-scams

By Mike Miliard
Healthcare IT News
August 11, 2020

The Office for Civil Rights at the U.S. Department of Health and Human
Services has warned health systems about what appears to be something of
an old-fashioned and low-tech phishing attempt: fraudulent postcards, most
addressed to hospital privacy officers, that warn of noncompliance with a
mandatory...

The Secret SIMs Used By Criminals to Spoof Any Number InfoSec News (Aug 12)
https://www.vice.com/en_us/article/n7w9pw/russian-sims-encrypted

By Joseph Cox
Vice.com
August 12, 2020

The unsolicited call came from France. Or at least that's what my phone
said. When I picked up, a man asked if I worked with the National Crime
Agency, the UK's version of the FBI. When I explained, no, as a journalist
I don't give information to the police, he said why he had contacted me.

"There are these special SIM...

North Korean Hacking Group Attacks Israeli Defense Industry InfoSec News (Aug 12)
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html

By Ronen Bergman and Nicole Perlroth
nytimes.com
Aug. 12, 2020

TEL AVIV -- Israel claimed Wednesday that it had thwarted a cyberattack by
a North Korea-linked hacking group on its classified defense industry.

The Defense Ministry said the attack was deflected “in real time” and that
there was no “harm or disruption” to its computer systems.

However,...

FBI says an Iranian hacking group is attacking F5 networking devices InfoSec News (Aug 11)
https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/

By Catalin Cimpanu
Zero Day
ZDNet.com
August 10, 2020

A group of elite hackers associated with the Iranian government has been
detected attacking the US private and government sector, according to a
security alert sent by the FBI last week.

While the alert, called a Private Industry Notification, didn't identify
the hackers by name,...

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks InfoSec News (Aug 11)
https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walkthrough/

By Gareth Corfield
The Register
08/10/2020

DEF CON -- Boeing 747-400s still use floppy disks for loading critical
navigation databases, Pen Test Partners has revealed to the infosec
community after poking about one of the recently abandoned aircraft.

The eye-catching factoid emerged during a DEF CON video interview of PTP's
Alex Lomas, where the man...

US Cyber Command is using unclassified networks to fight election interference InfoSec News (Aug 10)
https://www.c4isrnet.com/cyber/2020/08/10/us-cyber-command-is-using-unclassified-networks-to-fight-election-interference/

By Mark Pomerleau
C4ISRNET.com
08/10/2020

WASHINGTON -- U.S. Cyber Command is using unclassified networks and
publicly available communication platforms as it works to prevent foreign
interference in the next presidential election, a CYBERCOM official has
revealed.

“From a CYBERCOM standpoint, one of the big changes...

New England guardsmen test their skills in Cyber Yankee 2020 InfoSec News (Aug 03)
https://www.c4isrnet.com/cyber/2020/08/03/new-england-guardsmen-test-their-skills-in-cyber-yankee-2020/

By Mark Pomerleau
C4ISRNET.com
08/03/2020

Members of the National Guard from New England states concluded a two-week
cyber exercise that sought to test the cyber skills of guardsmen and
critical infrastructure operators.

Cyber Yankee 2020, which took place July 21-31 in New Hampshire, involved
more than 200 National Guard members and...

Travel management company CWT hands over $4.5M following ransomware attack InfoSec News (Aug 03)
https://siliconangle.com/2020/08/02/travel-management-company-cwt-hands-4-5m-following-ransomware-attack/

By Duncan Riley
SiliconAngle.com
08/02/2020

Business travel management company CWT Global B.V. is the latest company
to pay a ransom demand following a ransomware attack.

According to report Friday by Reuters, the company paid $4.5 million to
those behind the ransomware after the attack knocked some 30,000 of the
company’s computers...

DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns InfoSec News (Aug 03)
https://www.cyberscoop.com/taidoor-malware-report-china-cisa-dod-fbi/

By Shannon Vavra
CYBERSCOOP
August 3, 2020

The U.S. government publicly put forth information Monday that exposed
malware used in Chinese government hacking efforts for more than a decade.

The Chinese government has been using malware, referred to as Taidoor, to
target government agencies, entities in the private sector, and think
tanks since 2008, according to a joint...

Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets InfoSec News (Aug 03)
https://www.theregister.com/2020/08/03/leaky_s3_buckets/

By Shaun Nichols in San Francisco
The Register
3 Aug 2020

The massive amounts of exposed data on misconfigured AWS S3 storage
buckets is a catastrophic network breach just waiting to happen, say
experts.

The team at Truffle Security says its automated search tools were able to
stumble across some 4,000 open Amazon S3 buckets that included data
companies would not want public, things...

House Republicans introduce legislation to give states $400 million for elections InfoSec News (Aug 03)
https://thehill.com/policy/cybersecurity/510362-house-republicans-introduce-legislation-to-give-states-400-million-for

By Maggie Miller
The Hill
08/03/2020

A group of House Republicans on Monday introduced legislation that would
appropriate $400 million to states to address election challenges stemming
from the COVID-19 pandemic.

The Emergency Assistance for Safe Elections (EASE) Act would designate
$200 million to assist with sanitizing...

Zoom private meeting passwords were easily crackable InfoSec News (Jul 30)
https://www.itnews.com.au/news/zoom-private-meeting-passwords-were-easily-crackable-551095

By Juha Saarinen
itnews.com.au
July 31, 2020

The automatically generated passwords protecting private Zoom meetings
could be cracked with relative ease, allowing access to sensitive
conferences, a researcher has discovered.

Web site developer Tom Anthony decided on March 31 this year to see if he
could crack the password for private Zoom meetings....

Pentagon needs access to defense companies' networks to hunt cyberthreats, says commission InfoSec News (Jul 30)
https://www.c4isrnet.com/cyber/2020/07/30/pentagon-needs-access-to-defense-companies-networks-to-hunt-cyberthreats-says-commission/

By Mark Pomerleau
C4ISRNET.com
July 30, 2020

WASHINGTON -- The Pentagon must be able to hunt cyberthreats on the
private networks of defense companies in order to strengthen national
cybersecurity, according to one of the leaders of the Cyber Solarium
Commission.

Rep. Mike Gallagher, R-Wis., who co-chairs the...

Firewall Wizards — Tips and tricks for firewall administrators

Revival? Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.

Paul

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Faraday Beta V3.0 Released Francisco Amato (Jul 04)
Faraday helps you to host your own vulnerability management platform
now and streamline your team in one place.

We are pleased to announce the newest version of Faraday v3.0. In this
new version we have made major architecture changes to adapt our
software to the new challenges of cyber security. We focused on
processing large data volumes and to making it easier for the user to
interact with Faraday in its environment.

To install it you can...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Phase changes in international relations Dave Aitel via Dailydave (Aug 22)
Right now, there is a, to put it mildly, ongoing discussion between
proponents of coercion and deterrence in cyber policy, and adherents of a
new theory, called *persistent engagement.* Maybe the sum total of the
people in the argument is less than a thousand, but as academic circles go,
it heavily influences the US Defense Department and IC, and through that,
the rest of the world, so it is fun to watch. Also obviously it has added
to infosec...

Re: Defcon 30 Ken Pfeil via Dailydave (Aug 21)
As usual, Halvar, great thoughts to ponder.

I’m kind of fond of my glasses, although I’ve yet to hit the point of yelling “get off my lawn”. If you look back we
should be proud of what we’ve built (be it on stilts at times) but never lose sight of where that ship seems to be
sailing to.

A lot of us are at the “tail end” of our careers, with many building that career on “unmentionables”. It was good to us
then, fairly good...

Re: Defcon 30 Richard Thieme via Dailydave (Aug 21)
So well said. When I was given an “Uber contributor” acknowledgement last week after 26 years speaking at Def Con, it
felt like a “lifetime achievement award” and we all know what that means.

I just started the third book in the Möbius trilogy and have speeches slated so not done yet. But life is certainly
different in every way.

Thanks for saying that.

Sent from my iPad

Re: Defcon 30 Thomas Dullien via Dailydave (Aug 20)
Hey,

One of the benefits of aging is that one gets to focus deteriorating
eyesight on the past through rose-tinted glasses. Fond memories of times
that feel simpler in retrospect, but didn't feel simple as they were
happening.

Software, like a tide that keeps rising, has eaten the world, and ARM cores
outnumber humans.

A lot of us have built lives, careers, and considerable material comfort on
top of something that people told us to stop...

Re: Defcon 30 Thomas Quinlan via Dailydave (Aug 19)
Hey Dave,

More and more, I think it’s to prepare things for the next generation. It’s easy to think that way when the 7 y/o boy
who seems to have budded from me (with only some of his mother’s characteristics) is listening to a Stairway to Heaven
Cover (by FirstToEleven) while coding in Scratch on an iPad I couldn’t have dreamed of as a child (though I started at
on computers 6 myself, some forty plus years ago), but we have an...

Defcon 30 Dave Aitel via Dailydave (Aug 16)
As you wander the halls of the inaptly named Caesar's Forum, amidst a
living sea of the most neurodiverse Clan humanity has ever seen, you cannot
help but stop for a second to close your eyes amidst the cacophony and
mentally exclaim, "Look. Look at the world we have created!"

Sitting in the one cafe in the Paris hotel with food, a
tattooed thirty-something who has been to Defcon twice gives you advice on
how to do the conference....

The top of the whale Dave Aitel via Dailydave (Jun 24)
People think that finding vulnerabilities is about finding holes in code.
But at some level it's not really about that. It's about understanding that
the code itself is a hole in the swirling chaos of the world and just
letting a little bit of that chaos in allows you to illuminate the whole
thing.

Spending time in Seattle is a little bit like buying a pair of high-powered
binoculars to look down the train tracks at that weird light...

Using microarchitecture bugs to beat authenticated pointers. Dave Aitel via Dailydave (Jun 11)
If you've walked through the Underworld long enough, you've run into
demons. Or maybe it's the other way around - by running into enough demons,
you might realize you are walking through the Underworld. And by making
friends with them, if you are lucky, you might realize you are a demon
yourself.

[image: image.png]
My brother in Zeus - this is just tempting the Fates.

Every so often an exploit from the Underworld is found. Maybe...

Computer Science Dave Aitel via Dailydave (May 26)
I remember when fuzzing was just sending long strings to RPC programs, and
tapping the cloaca of all Unix programs, the signal handler, to see
what came out. But now, to be a hacker, you have to be a scientist.

Computer science is a real thing. But most computer scientists I know can't
explain how to do it because it comes out sounding like a deep dive into a
dungeons and dragons campaign run by toddlers. And perhaps, the hardest
thing with...

SBOMs and Jellyfish Dave Aitel via Dailydave (Apr 22)
The most annoying thing with talking to computer scientists about anything
is they will look at any problem that remotely touches software and ask you
"Is that the right data structure? Are you ... sure?"

Like, this is what happens to every programming language - it's why you get
NaN or an empty list for any given arbitrary code fragment in Javascript.
People had a normal data structure, say a dictionary, and were like "What...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Mozilla Releases Security Update for Thunderbird US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Mozilla Releases Security Update for Thunderbird [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird ] 07/17/2020
10:50 AM EDT
Original release date: July 17, 2020

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit
some of these...

Microsoft Releases Security Update for Edge US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Releases Security Update for Edge [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/microsoft-releases-security-update-edge ] 07/17/2020 10:53 AM
EDT
Original release date: July 17, 2020

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit
this vulnerability to drop...

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation [
https://us-cert.cisa.gov/ncas/alerts/aa20-198a ] 07/16/2020 08:09 AM EDT
Original release date: July 16, 2020

Summary

"This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) and Pre-ATT&CK
frameworks....

CISA Releases Emergency Directive on Critical Microsoft Vulnerability US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

CISA Releases Emergency Directive on Critical Microsoft Vulnerability [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability
] 07/16/2020 03:28 PM EDT
Original release date: July 16, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive...

Apple Releases Security Updates US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Apple Releases Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/apple-releases-security-updates ] 07/16/2020 11:17 AM EDT
Original release date: July 16, 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of
these vulnerabilities to take control of an...

Malicious Activity Targeting COVID-19 Research, Vaccine Development US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Malicious Activity Targeting COVID-19 Research, Vaccine Development [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/malicious-activity-targeting-covid-19-research-vaccine-development
] 07/16/2020 07:16 AM EDT
Original release date: July 16, 2020

In response to malicious activity targeting COVID-19 research and vaccine development in the United...

Cisco Releases Security Updates for Multiple Products US-CERT (Jul 15)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Cisco Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products ]
07/15/2020 03:19 PM EDT
Original release date: July 15, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote
attacker...

Oracle Releases July 2020 Security Bulletin US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Oracle Releases July 2020 Security Bulletin [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/oracle-releases-july-2020-security-bulletin ] 07/14/2020
05:21 PM EDT
Original release date: July 14, 2020

Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A
remote attacker could...

Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome-0 ] 07/14/2020 04:51
PM EDT
Original release date: July 14, 2020

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit...

Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome ] 07/14/2020 02:45 PM
EDT
Original release date: July 14, 2020

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit to...

Microsoft Releases July 2020 Security Updates US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Releases July 2020 Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-releases-july-2020-security-updates ] 07/14/2020
02:13 PM EDT
Original release date: July 14, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could
exploit some of these...

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-addresses-wormable-rce-vulnerability-windows-dns-server
] 07/14/2020 02:14 PM EDT
Original release date: July 14, 2020

Microsoft has released a security update to address a remote code execution (RCE)...

Adobe Releases Security Updates for Multiple Products US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Adobe Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/adobe-releases-security-updates-multiple-products ]
07/14/2020 01:18 PM EDT
Original release date: July 14, 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit
some of...

Apache Releases Security Advisories for Apache Tomcat US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Apache Releases Security Advisories for Apache Tomcat [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/apache-releases-security-advisories-apache-tomcat ]
07/14/2020 11:33 AM EDT
Original release date: July 14, 2020

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat.
An attacker...

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java US-CERT (Jul 13)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java [ https://us-cert.cisa.gov/ncas/alerts/aa20-195a ]
07/13/2020 07:07 PM EDT
Original release date: July 13, 2020

Summary

On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287 [
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287 ],...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

CVE-2022-34916: Apache Flume: Improper Input Validation (JNDI Injection) in JMSMessageConsumer Ralph Goers (Aug 20)
Description:

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration
uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue
is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.

This issue is being tracked as FLUME-3428

Credit:

Apache Flume would like to thank Frentzen Amaral for...

Re: Linux kernel: stack-out-of-bounds in profile_pc Greg KH (Aug 18)
It would have been helpful to notify the developers and maintainers of
this code that there is an issue. They will not see a random email on
the oss-security mailing list as they are not subscribed here.

To find who is responsible for this code, use the get_maintainers.pl
script in the kernel tree. The output for it for this problem is:

$ ./scripts/get_maintainer.pl arch/x86/kernel/time.c
Thomas Gleixner <tglx () linutronix de>...

Linux kernel: stack-out-of-bounds in profile_pc 黄晓 (Aug 18)
Hello:

I found a bug through the syzkaller fuzz tool, you need to set CONFIG_KASAN=y, the crash information is displayed
as out-of-bounds reading, I am weak and unable to analyze the harm of this bug.
The bug program cannot be reproduced stably and needs to be run multiple times.

Kernel version: 5.18.14
gcc version: 9.4.0

[ 49.449543] ==================================================================
[...

CVE-2022-35278: Apache ActiveMQ Artemis: HTML Injection in ActiveMQ Artemis Web Console Justin Bertram (Aug 18)
Description:

An attacker could show malicious content and/or redirect users to a
malicious URL in the web console by using HTML in the name of an address or
queue.

Mitigation:

Upgrade to Apache ActiveMQ Artemis 2.24.0.

Credit:

Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar
Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting
this issue.

Re: CVE-2022-2585 - Linux kernel POSIX CPU timer UAF Thadeu Lima de Souza Cascardo (Aug 18)
This has been merged as commit e362359ace6f87c201531872486ff295df306d13.

The PoC should be built with the name poc as that is what it tries to exec.

#define _GNU_SOURCE
#include <sched.h>
#include <time.h>
#include <unistd.h>
#include <sys/wait.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>

static int timer_uaf(void *d)
{
timer_t tid;
struct itimerspec its;...

Re: CVE-2022-2588 - Linux kernel cls_route UAF Thadeu Lima de Souza Cascardo (Aug 18)
This has been merged as commit 9ad36309e2719a884f946678e0296be10f0bb4c1.

And here is the PoC.

#define _GNU_SOURCE
#include <sched.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/wait.h>
#include <stdlib.h>
#include <string.h>
#include <linux/pkt_sched.h>

#include <sys/types.h>
#include <sys/ipc.h>
#include...

Re: CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF Thadeu Lima de Souza Cascardo (Aug 18)
These have been merged as commits:

470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2
95f466d22364a33d183509629d0879885b4f547e
36d5b2913219ac853908b0f1c664345e04313856

And here is the PoC. It should be linked to libmnl and libnftnl.

#include <netdb.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
#include <libnftnl/table.h>
#include <libnftnl/set.h>
#include <libnftnl/object.h>
#include...

Landlock news #2 Mickaël Salaün (Aug 17)
Hi,

Here is the second Landlock newsletter! It's been a while and there is
some news to catch up.

Official website: https://landlock.io
Previews newsletter:
https://lore.kernel.org/landlock/2df4887a-1710-bba2-f49c-cd5b785bb565 () digikod net/

Kernel
------

### Linux distributions

Landlock is now supported by default in major Linux distributions:
* Alpine Linux
* Arch Linux
* chromeOS (including for Linux 5.10)
* Debian Sid
* Fedora 35
*...

CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag Ash Berlin-Taylor (Aug 16)
Description:

Apache Airflow Docker's Provider shipped with an example DAG that was
vulnerable to (authenticated) remote code exploit of code on the
Airflow worker host.

Mitigation:

Disable loading of example DAGs or upgrade the
apache-airflow-providers-docker to 3.0.0 or above

Credit:

Thanks to Kai Zhao of 3H Secruity Team for reporting this

Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 15)
Hi,

attached is the reproducer. When run without arguments, it will test
with a memfd that is sealed for writes.

upstream, 5.18-stable and 5.19-stable are still to be fixed. The fix is
on its way upstream and us already in -next, so I suppose it should all
be fixed fairly soonish.

Multiple DNS Cache poisoning vulnerabilities in dproxy and drpoxy-nexgen (CVE-2022-33988, CVE-2022-33989, CVE-2022-33990, CVE-2022-33991) Philipp Jeitner (SIT) (Aug 13)
We hereby disclose the discovery of multiple DNS Cache poisoning
vulnerabilities in the dproxy(-nexgen) DNS forwarder. dproxy is a
caching DNS forwarder/proxy which is unmaintained since about 2004, yet
it is still used in some residential router firmwares. Because the
project is unmaintained, there are no patches available for the
described issues.

Our findings are published in our 2022 paper "XDRI Attacks - and - How
to Enhance...

Fixed DNS UDP port in totd DNS forwarder (CVE-2022-34294) Philipp Jeitner (SIT) (Aug 13)
We hereby disclose the discovery of a DNS Cache poisoning vulnerability
in totd DNS forwarder. totd is a non-caching DNS forwarder/proxy which
has not been further developed for a long time, yet it is still used in
some residential router firmwares. Because the projects age, there are
no patches available for the described issues.

Our findings are published in our 2022 paper "XDRI Attacks - and - How
to Enhance Resilience of...

Multiple DNS Cache poisoning vulnerabilities in dnrd DNS forwarder (CVE-2022-33993, CVE-2022-33992) Philipp Jeitner (SIT) (Aug 13)
We hereby disclose the discovery of multiple DNS Cache poisoning
vulnerabilities in the dnrd DNS forwarder. dnrd is a caching DNS
forwarder/proxy which is unmaintained since about 2007, yet it is still
used in some residential router firmwares. Because the project is
unmaintained, there are no patches available for the described issues.

Our findings are published in our 2022 paper "XDRI Attacks - and - How
to Enhance Resilience of...

CVE-2022-37401: Apache OpenOffice Weak Master Keys Carl B. Marcum (Aug 12)
Severity: important

Description:

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The
stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master
key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to
a brute force attack if an attacker has access to the...

CVE-2022-37400: Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password Carl B. Marcum (Aug 12)
Severity: important

Description:

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The
stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the
required initialization vector for encryption was always the same which weakens the security of the encryption making
them vulnerable if an attacker has access to the...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

Educause Security Discussion — Securing networks and computers in an academic environment.

Covid Test Kit Singapore Covid Test Kit Singapore (Oct 01)
Covid Test Kit

Order test kit for your company now! Stay Safe! Free Delivery in Singapore

Easy to use

HSA Approved

Click on the link below to open the message in a browser:
https://www.covidtestkit.info/so/b3Nmx3jmr/c?w=X7fgda-LWUeRP6mC6I6qXRUzGOxDt64oN8eoV7oJkUE.eyJ1IjoiaHR0cHM6Ly93d3cuY292aWR0ZXN0a2l0LmluZm8vc28vYjNObXgzam1yP2xhbmd1YWdlVGFnPWVuIiwibSI6Im1haWwiLCJjIjoiOGE5YzNiMGMtMjYwMC00ODQ3LTgzMGItMTVmN2U4NzA3YzVjIn0

You've received...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Yet another BGP hijacking towards AS16509 Siyuan Miao (Aug 22)
Just noticed another thing:

➜ ~ whois -h whois.ripe.net -- "--list-versions AS1299" | tail -n10
2862 2022-07-11T14:44:49Z ADD/UPD
2863 2022-07-27T11:17:25Z ADD/UPD
2864 2022-08-02T08:43:02Z ADD/UPD
2865 2022-08-10T12:11:29Z ADD/UPD

*2866 2022-08-17T10:47:43Z ADD/UPD2867 2022-08-18T12:53:37Z ADD/UPD*
% This query was served by the RIPE Database Query Service version 1.103
(WAGYU)

➜ ~ whois -h whois.ripe.net --...

Yet another BGP hijacking towards AS16509 Siyuan Miao (Aug 22)
Hi folks,

Recently I read a post regarding the recent incident of Celer Network and
noticed a very interesting and successful BGP hijacking towards AS16509.

The attacker AS209243 added AS16509 to their AS-SET and a more specific
route object for the /24 where the victim's website is in ALTDB:
(Below is our IRRd4 server NRTM logging, UTC timezone)

irrd.log-20220817.gz:31106270-ADD 96126

irrd.log-20220817.gz:31106280-...

DNS-OARC 39 Call for Contributions John Todd (Aug 22)
OARC 39 will be a two-day hybrid meeting held on 22 & 23 October in
Belgrade, Serbia at 10:00 AM (Local time - CEST (UTC+02:00)) The onsite
part of the meeting will be colocated with RIPE 85.

The Programme Committee is seeking contributions from the community.

All DNS-related subjects and suggestions for discussion topics are
welcome. For inspiration, we provide a non-exhaustive list of ideas:

- Operations: Any operational gotchas,...

Re: dump of NOS config examples Vincent Bernat (Aug 22)
Here are some real word configurations:
https://github.com/jerikan-network/cmdb/tree/generated-public/output
(including IOS, JunOS and IOS-XR, but no NX-OS).

Re: dump of NOS config examples guardian . wheel9069 (Aug 22)
No, config references are not real configs. For the most part they don’t have object names, indentation, control chars,
or any of the other things you deal with in real configs.

Ahh, I had not thought of the practice tests!! That is a great idea. The “answer keys” of a bunch of config practice
tests should be as close as you get to real configs without being real configs.

Anyone know where a big dump of various vendor practice tests...

Re: Anyone from Cloudflare peering about? Bryan Holloway (Aug 21)
Heard from not one, not two, but THREE folks at Cloudflare!

Now that's service.

Thanks, everyone!

Anyone from Cloudflare peering about? Bryan Holloway (Aug 21)
Trying to fix a peer and not getting much traction through peering@ ...

Feel free to contact me off-list. Thanks!

Re: dump of NOS config examples Jay Hennigan (Aug 20)
Most vendors publish a command reference document that lists and
describes every possible configuration command including all of the
random ugly ones.

Would this be sufficient or are you looking for working random ugly
configurations? Vendor certification practice tests could be another source.

dump of NOS config examples guardian . wheel9069 (Aug 20)
Hi,

I am looking for a large dump of example, real but scrubbed, whatever, nx-os, junos, panos, ios, eos, hell any common
NOS, configs. (Right now I really need nx-os but I'll get to the rest soon)

To be clear, I am not looking for anyone's private config or network info. I just need a large sample of configs to
test some config parsing code I have. Looking for every random ugly feature / config option out there. The bigger and...

Re: if you make the peace today i will call mr.obama VOLKAN KIRIK (Aug 20)
piss of so what?

what can u do?

you all bunch of fucking morons

do something about putin

why dont you give nuclear to UA?

if you dont say stop, you can not say stop (later)

21.08.2022 05:46 tarihinde Jeremy Chequer yazdı:

Re: if you make the peace today i will call mr.obama VOLKAN KIRIK (Aug 20)
maybe they know that i am the really real god.

i have metatron at my back.

lol

21.08.2022 05:46 tarihinde Jeremy Chequer yazdı:

Re: if you make the peace today i will call mr.obama Jeremy Chequer (Aug 20)
If you have beef with Cognet or HE why not just take it up with them instead of involving the whole list in your spam
every few days? You rehashed a thread that hadn't seen any activity in 9 years and now just keep spamming everyone
trying to get your point across.

Yes, it is annoying that Cognet and HE don't peer with each other. You're not the only one who doesn't like it and
Cognet has previously cut off other peers as...

Re: (off list) Re: cogent and henet not peering VOLKAN KIRIK (Aug 20)
we have both anal and oral service. thats why.

i also fuck women. dont care as long as its a hole

21.08.2022 05:19 tarihinde Mike Lyon yazdı:

[correction fluid] if you make the peace today i will call mr.obama VOLKAN KIRIK (Aug 20)
if you *dont* make the peace today i will call mr.obama

i mean the biden. and shut down your operations both

white house should call me immediately.

ps. turkish translator is required.

however i may correct him/her in case of bad translation

isnt this list moderated or.. trolling allowed!??

why correction fluid: i am confused after i couldnt shutdown both nsps
so i decided to shutdown both

if you make the peace today i will call mr.obama VOLKAN KIRIK (Aug 20)
if you make the peace today i will call mr.obama

i mean the biden. and shut down your operations both

white house should call me immediately.

ps. turkish translator is required.

however i may correct him/her in case of bad translation

isnt this list moderated or.. trolling allowed!??

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

“La Mejor Inversión Inmobiliaria” Solanas (Aug 22)
Invertí en un lugar que nunca te va a dejar de sorprender

 

 

 

 

Para remover su dirección de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywtoisroi";>click aquí</a>

Gulf Exp Project Engineer, Maintenance Engineer, QA/QC Engineer, Design Engineer_CV RESUME (Aug 20)
*APPLYING FOR: PROJECT ENGINEER, MAINTENANCE ENGINEER, QA/QC ENGINEER,
DESIGN ENGINEER*

NAME : SHAIK

*Email : aman.sg () rediffmail com <aman.sg () rediffmail com>,
cresume () yahoo com <cresume () yahoo com> *

Respected Sir,

*Career Statement:*

Extensive Project Engineer, Maintenance Engineer, QA/QC Engineer, Design
Engineer with knowledge of handling projects. Seeking a responsible
position as a engineer with a view...

INVITATION TO ATTEND A SEMINAR ON PROJECT MONITORING, EVALUATION, ACCOUNTABILITY AND LEARNING (PMEAL) ON 5TH TO 16TH SEPTEMBER 2022 Skills for Africa Training Institute (Aug 18)
<https://133IK.trk.elasticemail.com/tracking/click?d=4RSOGeS5HI6KFJixQpykUH7SBDSj0A2EdHdcqqEk-KMkPvEcib-XG5qoTWw7Oc4ngrquig-5NwFZpD0qx_2tBq3OEOIYllXK75ABh_Z6I63cDfYqiOmiLZqXkFzJuVGuWYDxY61jWq8UWmx9zrRZ51w1>
SEMINAR
ON PROJECT MONITORING, EVALUATION, ACCOUNTABILITY AND LEARNING (PMEAL) ON 5TH TO
16TH SEPTEMBER 2022

<...

Parque Centenario, AMENITIES - SUM - SOLARIUM - PISCINA - PARRILLA Marisa (Aug 17)

 ...

INVITATION TO ATTEND A TRAINING COURSE ON INFORMATION SECURITY AND DATA MANAGEMENT Data-Afrique consultancy (Aug 16)

<http://tracking.data-afriqueconsultancy.or.ke/tracking/click?d=oDah7l8kg8fRX4v_Dq9CJ8fKCK7MLa9PexMMw99FlDBkezJxBTHpoNb4sbb-8aNhjiZtjKOo_b2fPG0PDDHlcL5ubJHrn8RRGx8_pndnQkUa17S2QMuN4KQPBkTkEmYBAeKJwGEGcFXHsC2NSTpI7i_RozSVJYQwgCTDmEPwffKimq_Hl9KefHJ7KaXiNIJV4cp_m0TbDM6mwUcWxY1UPhRn8JAt_hit-hlxqHrasa6qxsIjhvQg7JzMxxOxnw5pbenhWOWy4ePLHQfSK5carigY3j5RjZ8x-0bcNICJyPnEMO2920bMSxMjecmnxvYqYA2>
TRAINING COURSE ON INFORMATION SECURITY AND DATA...

Highland Park Country Club, Alquiler y Venta Marisa (Aug 11)

 

Venta o Alquiler

La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA
3 De Febrero 820 2°D (CABA 1426),  Ruta Nacional N 8 KM.52 (Pilar)

 

Haga click aquí para reenviar este email a otra persona

 

Para remover su dirección de esta lista haga <a
href="...

Saavedra, 2 ambientes a estrenar con pronta entrega La Capitana (Aug 08)

 ...

INVITATION TO ATTEND A STRATEGIC CRISIS MANAGEMENT AND CORPORATE RISK REDUCTION SEMINAR ON 12TH TO 16TH SEPTEMBER, 2022 Skills for Africa Training Institute (Aug 08)
<https://133IK.trk.elasticemail.com/tracking/click?d=4RSOGeS5HI6KFJixQpykUH7SBDSj0A2EdHdcqqEk-KOxadRR1gJhVuU0KfhL1AoUZ6vORawaIwja2jO38SU8PVrY5NbQIVSLhcm-8tccg0_cq3qH14xJs8AnDxeV9wvuvtzvX22hDLpWMfM2AAN5uZo1>
STRATEGIC CRISIS MANAGEMENT AND CORPORATE RISK REDUCTION SEMINAR ON
12THTO 16TH SEPTEMBER, 2022

<...

ml15.gpserver4.com - Competitive Based Strategy - Pricing USD 100 pm Sourabh (Aug 05)
Dear Team,

Hope you are doing well.

It is my pleasure to let you know that we are offering SEO services for
only *$100/pm*, we can include 5 to 10 best keywords in the work process.
The audit report and the scope of work are defined below, please review and
let me know your thoughts to discuss further.

*Let me analyze the technical factors first, please review the
below-specified issues.*

*On-page Factors*

*Factors*

*Analysis *

*Action*...

Proyectos, Cañitas, Belgrano, Palermo, Vte. Lopez, Caballito, etc Marisa (Aug 03)

Converti tus Pesos en Dolares

Mas Oportunidades para vos haciendo click aqui

 

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),  Ruta Nacional N 8 KM.52 (Pilar)

 

 

 

 

 

 

 

Para remover su dirección de esta lista haga <a...

Emprendimientos, Palermo, Belgrano, Nuñez, Saavedra, Caballito, Parque Centenario, etc Marisa (Jul 27)

Balcones Amplios, Parrillas, Terrazas, Jardines y Patios Propia

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Mas Oportunidades para vos haciendo click aqui

 

 

 

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De...

Casas en Ayres del Pilar, Lagartos CC, Belgrano, etc La Capitana (Jul 22)

🍀 + Espacio + Verde + Libre + Aire ☀️

 

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),  Ruta Nacional N 8 KM.52 (Pilar)

 

 

 

 

 

Para remover su dirección de esta lista haga <a
href="...

Altos de Nuñez con Amenities La Capitana Real Estate (Jul 19)

Mas Oportunidades para vos haciendo click aqui

 

 

La Capitana Real Estate de Marisa G. Snatman,

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA,

3 De Febrero 820 2°D (CABA 1426),  Ruta Nacional N 8 KM.52 (Pilar)

 

 

 

 

Para remover su dirección de esta lista haga <a
href="...

Proyectos, Cañitas, Belgrano, Palermo, Vte. Lopez, Caballito, etc La Capitana (Jul 08)

Converti tus Pesos en Dolares

Mas Oportunidades para vos haciendo click aqui

 

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),  Ruta Nacional N 8 KM.52 (Pilar)

 

 

 

 

 

 

 

Para remover su dirección de esta lista haga <a...

Proyectos, Cañitas, Belgrano, Palermo, Vte. Lopez, Caballito, etc La Capitana (Jul 07)

Converti tus Pesos en Dolares

Mas Oportunidades para vos haciendo click aqui

 

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),  Ruta Nacional N 8 KM.52 (Pilar)

 

 

 

 

 

 

 

Para remover su dirección de esta lista haga <a...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 33.40 RISKS List Owner (Aug 20)
RISKS-LIST: Risks-Forum Digest Saturday 20 August 2022 Volume 33 : Issue 40

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.40>
The current issue can also be found at
<...

Risks Digest 33.39 RISKS List Owner (Aug 16)
RISKS-LIST: Risks-Forum Digest Tuesday 16 August 2022 Volume 33 : Issue 39

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.39>
The current issue can also be found at
<...

Risks Digest 33.38 RISKS List Owner (Aug 12)
RISKS-LIST: Risks-Forum Digest Friday 12 August 2022 Volume 33 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.38>
The current issue can also be found at
<...

Risks Digest 33.37 RISKS List Owner (Aug 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 August 2022 Volume 33 : Issue 37

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.37>
The current issue can also be found at
<...

Risks Digest 33.36 RISKS List Owner (Aug 03)
RISKS-LIST: Risks-Forum Digest Wednesday 3 August 2022 Volume 33 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.36>
The current issue can also be found at
<...

Risks Digest 33.35 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Monday 1 August 2022 Volume 33 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.35>
The current issue can also be found at
<...

Risks Digest 33.34 RISKS List Owner (Jul 23)
RISKS-LIST: Risks-Forum Digest Saturday 23 July 2022 Volume 33 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.34>
The current issue can also be found at
<...

Risks Digest 33.33 RISKS List Owner (Jul 19)
RISKS-LIST: Risks-Forum Digest Tuesday 19 July 2022 Volume 33 : Issue 33

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.33>
The current issue can also be found at
<...

Risks Digest 33.32 RISKS List Owner (Jul 09)
RISKS-LIST: Risks-Forum Digest Saturday 9 July 2022 Volume 33 : Issue 32

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.32>
The current issue can also be found at
<...

Risks Digest 33.31 RISKS List Owner (Jul 02)
RISKS-LIST: Risks-Forum Digest Saturday 2 July 2022 Volume 33 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.31>
The current issue can also be found at
<...

Risks Digest 33.30 RISKS List Owner (Jun 20)
RISKS-LIST: Risks-Forum Digest Monday 20 June 2022 Volume 33 : Issue 30

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.30>
The current issue can also be found at
<...

Risks Digest 33.29 RISKS List Owner (Jun 16)
RISKS-LIST: Risks-Forum Digest Thursday 16 June 2022 Volume 33 : Issue 29

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.29>
The current issue can also be found at
<...

Risks Digest 33.28 RISKS List Owner (Jun 14)
RISKS-LIST: Risks-Forum Digest Tuesday 14 June 2022 Volume 33 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.28>
The current issue can also be found at
<...

Risks Digest 33.27 RISKS List Owner (Jun 10)
RISKS-LIST: Risks-Forum Digest Friday 10 June 2022 Volume 33 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.27>
The current issue can also be found at
<...

Risks Digest 33.26 RISKS List Owner (Jun 07)
RISKS-LIST: Risks-Forum Digest Tuesday 7 June 2022 Volume 33 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.26>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Healthcare organizations face rising ransomware attacks – and are paying up Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/

Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.

The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do...

A digital conflict between Russia and Ukraine rages on behind the scenes of war Matthew Wheeler (Jun 03)
https://wskg.org/npr_story_post/a-digital-conflict-between-russia-and-ukraine-rages-on-behind-the-scenes-of-war/

SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a
senior U.S. intelligence official told British outlet Sky News that the
U.S. is running offensive cyber operations in support of Ukraine.

“My job is to provide a series of options to the secretary of defense and
the president, and so that’s what I do,” said...

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Matthew Wheeler (Jun 03)
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

The Parrot traffic direction system (TDS) that came to light earlier this
year has had a larger impact than previously thought, according to new
research.

Sucuri, which has been tracking the same campaign since February 2019 under
the name "NDSW/NDSX," said that "the malware was one of the top infections"
detected in 2021, accounting for more than...

FBI, CISA: Don't get caught in Karakurt's extortion web Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/

The Feds have warned organizations about a lesser-known extortion gang
Karakurt, which demands ransoms as high as $13 million and, some
cybersecurity folks say, may be linked to the notorious Conti crew.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury
Department outlined technical details about how Karakurt operates, along
with actions to take,...

DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of
three domains used by cybercriminals to trade stolen personal information
and facilitate distributed denial-of-service (DDoS) attacks for hire.

This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the
former of which allowed its users to traffic hacked personal data and
offered a...

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

An advanced persistent threat (APT) actor aligned with Chinese state
interests has been observed weaponizing the new zero-day flaw in Microsoft
Office to achieve code execution on affected systems.

"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using
URLs to deliver ZIP archives which contain Word Documents that use the
technique,"...

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command Matthew Wheeler (Jun 02)
https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/

US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.

In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify...

SideWinder Hackers Launched Over a 1, 000 Cyber Attacks Over the Past 2 Years Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

An "aggressive" advanced persistent threat (APT) group known as SideWinder
has been linked to over 1,000 new attacks since April 2020.

"Some of the main characteristics of this threat actor that make it stand
out among the others, are the sheer number, high frequency and persistence
of their attacks and the large collection of encrypted and obfuscated...

Hackers are Selling US University Credentials Online, FBI Says Matthew Wheeler (May 31)
https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says

The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.

The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope...

Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

Interpol on Monday announced the arrest of three suspected global scammers
in Nigeria for using remote access trojans (RATs) such as Agent Tesla to
facilitate malware-enabled cyber fraud.

"The men are thought to have used the RAT to reroute financial
transactions, stealing confidential online connection details from
corporate organizations, including oil and gas...

U.S. Warns Against North Korean Hackers Posing as IT Freelancers Matthew Wheeler (May 18)
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Highly skilled software and mobile app developers from the Democratic
People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in
hopes of landing freelance employment in an attempt to enable the regime's
malicious cyber intrusions.

That's according to a joint advisory from the U.S. Department of State, the
Department of the...

FBI and NSA say: Stop doing these 10 things that let the hackers in Matthew Wheeler (May 18)
https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/

Cyber attackers regularly exploit unpatched software vulnerabilities, but
they "routinely" target security misconfigurations for initial access, so
the US Cybersecurity and Infrastructure Security Agency (CISA) and its
peers have created a to-do list for defenders in today's heightened threat
environment.

CISA, the FBI and National...

Fifth of Businesses Say Cyber-Attack Nearly Broke Them Matthew Wheeler (May 18)
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

A fifth of US and European businesses have warned that a serious
cyber-attack nearly rendered them insolvent, with most (87%) viewing
compromise as a bigger threat than an economic downturn, according to
Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France,
Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox
Cyber...

Hacker And Ransomware Designer Charged For Use And Sale Of Ransomware, And Profit Sharing Arrangements With Cybercriminals Matthew Wheeler (May 18)
https://www.shorenewsnetwork.com/2022/05/16/hacker-and-ransomware-designer-charged-for-use-and-sale-of-ransomware-and-profit-sharing-arrangements-with-cybercriminals/

A criminal complaint was unsealed today in federal court in Brooklyn, New
York, charging Moises Luis Zagala Gonzalez (Zagala), also known as
“Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and
Venezuela who resides in Venezuela, with attempted...

State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts

Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.

The average ransom paid by organizations that had data encrypted in their...

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...

Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]....

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

You have been unsubscribed from the Wireshark-users mailing list wireshark-users-bounces (Mar 07)

You have been unsubscribed from the Wireshark-dev mailing list wireshark-dev-bounces (Mar 07)

You have been unsubscribed from the Wireshark-announce mailing list wireshark-announce-bounces (Mar 07)

wireshark-announce resubscription requested Wireshark announcements (Mar 07)
Hi all,

As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-announce. If you
wish to continue to receive emails from this list, please visit

https://www.wireshark.org/mailman/listinfo/wireshark-announce

and resubscribe. Thank you for your time and patience in this matter.

wireshark-dev resubscription requested Gerald Combs (Mar 07)
Hi all,

As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-dev. If you wish
to continue to receive emails from this list, please visit

https://www.wireshark.org/mailman/listinfo/wireshark-dev

and resubscribe. Thank you for your time and patience in this matter.

wireshark-users resubscription requested Gerald Combs (Mar 07)
Hi all,

As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-users. If you wish
to continue to receive emails from this list, please visit

https://www.wireshark.org/mailman/listinfo/wireshark-users

and resubscribe. Thank you for your time and patience in this matter.

Re: wireshark extension for a Kernel Module (like Usbmon) Guy Harris (Mar 06)
You do it in libpcap.

Then:

if you have a version of Wireshark that's linked with your version of libpcap;

and if kpnode_findalldevs() works, so that its devices show up in Wireshark when it calls pcap_findalldevs();

and if kpnode_create() works, so that it can be opened in Wireshark when it calls pcap_create() on a kpnode
device and it can be activated with pcap_activate();

and if dumpcap - which is the...

wireshark extension for a Kernel Module (like Usbmon) Christian (Mar 06)
Hello out there, I created a kernel probe module and I want to watch the
outputs of this module with pcap/Wireshark. Just like usbmon. So I
defined a char device in the dev-directory /dev/kpnode from which the
pcap interface can read the output of that module. In order to enable
Wireshark to read from this device, I started to place a handler
function into libpcap:
In pcap.c I put in
#ifdef PCAP_SUPPORT_KPNODE
#include "pcap-kpnode.h"...

wireshark-announce resubscription requested Wireshark announcements (Mar 03)
Hi all,

As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.

On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...

wireshark-users resubscription requested Gerald Combs (Mar 03)
Hi all,

As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.

On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...

wireshark-dev resubscription requested Gerald Combs (Mar 03)
Hi all,

As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.

On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...

Re: First 4 bytes in SNMP application data chuck c (Mar 03)
Whoops - typo on the version.
value=1 is snmpv2c

https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-snmp.c#L2115
static const value_string snmp_Version_vals[] = {
{ 0, "version-1" },
{ 1, "v2c" },
{ 2, "v2u" },
{ 3, "snmpv3" },
{ 0, NULL }
};

Not sure that I've ever seen v2u or v2p out in the wild.
https://www.ibm.com/docs/en/zos/2.4.0?topic=protocols-snmpv2...

Re: First 4 bytes in SNMP application data Jaap Keuter (Mar 03)
Hi,

What you’re looking at is the SNMP encoding according to the Basic Encoding Rules[2] (BER). These octets define the BER
structure.

For example a 64 octet SNMPv3 message starts as such:

SNMPv3Message ::= SEQUENCE {

30 3E

msgVersion INTEGER ( 0 .. 2147483647 ),

02 01 03

Where 30 defines a sequence, 3E the length, 02 an integer, 01 length of one and 03 the version number.

[1]...

Re: First 4 bytes in SNMP application data chuck c (Mar 03)
SNMP (https://datatracker.ietf.org/doc/html/rfc1157) uses ASN.1 BER (
https://en.wikipedia.org/wiki/X.690#BER_encoding) to define the data.

"These types of encodings are commonly called type–length–value (TLV)
encodings"

(See https://datatracker.ietf.org/doc/html/rfc1592 for a packet diagram)

It's a bit confusing since there is no 0x30 in the BER tags list. Looking
farther down into the details it's explained:
"In...

First 4 bytes in SNMP application data Chandra Japan (Mar 03)
Hi Wireshark Team,

Please let me know

what does first 4 bytes in SNMP Data indicate

because I could see from 5th byte I see version and other things

Regards
Chandramohan

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Snort Subscriber Rules Update 2022-08-18 Research (Aug 18)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc,
os-linux, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Dorian ROSSE via Snort-devel (Aug 17)
dear Russ,

this time snort find libhs.pc but it doesn't build hyperscan so we are lucky because i have found the problem this was
systemd too much older i have download and install for kinetic ubuntu instead the old not up to date around libsystemd
too build for kinetic on my jammy install thus i attach two file the build_snort5.log where libsystemd is up to date
too libhs.pc is found unfornately hyperscan isn't built and i attach...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Dorian ROSSE via Snort-devel (Aug 17)
No message preview for long message of 340983 bytes.

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Dorian ROSSE via Snort-devel (Aug 17)
your snort doesn't work in inline and it is broken because i can't launch any scan so it is set up in daq passive the
previous snort was set up in inline for block the hack and i got a error when i launch the line of command below
unfornately i ask if i launch the line of command ccmake because your set up use the depandencies by the file
exntension so however the PKG_CONFIG_PATH drive to the good folder without send the building of...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Dorian ROSSE via Snort-devel (Aug 17)
dear Russ,

your snort doesn't work in inline it is set up in daq passive the previous snort was set up in inline for block the
hack and i got a error when i launch the line of command below unfornately i ask if i launch the line of command ccmake
because your set up use the depandencies by the file exntension so however the PKG_CONFIG_PATH drive to the good folder
without send the building of snort 3 with this directory :...

Is it possible to access uri in ips option plugin Batuhan Arda Kibrit via Snort-devel (Aug 17)
Hi,

Is it possible to access uri in ips option plugin. I try to use http inspector in my own plugin to access it but i
cant make it.

Thanks in advance for your interest

Batuhan

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Dorian ROSSE via Snort-devel (Aug 17)
I send a new time the file asked,

Thanks you in advance for your work,

Regards.

Dorian Rosse.
________________________________
From: Russ Combs (rucombs) <rucombs () cisco com>
Sent: Monday, August 15, 2022 2:57:29 PM
To: Dorian ROSSE <dorianbrice () hotmail fr>; snort-devel () lists snort org <snort-devel () lists snort org>
Subject: Re: snort3 can't build fully thus i think remove my subscribing of snort because i...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Aug 17)
Dorian,

That successfully built Snort 3 and installed at:

/home/dorianrosse/snort3_src/snort3-master/walrus3/install/bin/snort

Why do you say that you need to run ccmake?

1. Send the path where you want to install Snort if the above is not satisfactory.

2. I assume you want to use jemalloc. I will add that to the build script.

3. For hyperscan, send the full path to libhs.pc. It might be at /usr/local/lib/pkgconfig/libhs.pc.

I'll...

Snort Subscriber Rules Update 2022-08-16 Research (Aug 16)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-webkit,
os-mobile and server-webapp rule sets to provide coverage for emerging
threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Dorian ROSSE via Snort-devel (Aug 15)
i have set up PKG_CONFIG_PATH then i have launch with the line of command below unfornately the makefile are broken :

''':~/snort3_src/snort3-master$ ./configure_cmake.sh --prefix=/usr/bin/
--with-luajit-libraries=~/snort_src/LuaJIT-2.0.5/ --with-luajit-includes=~/snort_src/LuaJIT-2.0.5/ --enable-jemalloc
--with-openssl=~/snort_src/openssl-1.1.1q/include/ --with-dnet-libraries=~/snort_src/libdnet-1.11/include/...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Aug 15)
Dorian,

You shouldn't need ccmake. If the build failed, some --with-* and/or PKG_CONFIG_PATH tweaks may be needed. Send the log
requested previously if you want further assistance.

Russ

________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Monday, August 15, 2022 8:27 AM
To: Russ Combs (rucombs) <rucombs () cisco com>; snort-devel () lists snort org <snort-devel () lists snort org>...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Aug 14)
Dorian,

/home/dorianrosse/.local/bin/cmake was at least part of the problem. Now that it is moved out of the way, it looks like
the normal cmake is accessible.

Go back to the original snort_build.sh, start in your home directory, and try again:

sh build_snort.sh walrus3 &> build_snort3.log

Then send build_snort3.log.

Russ
________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Sunday, August...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Aug 14)
Dorian,

That's suspicious. Can you send or paste that file?

What do you get when you do this?

mv /home/dorianrosse/.local/bin/cmake /home/dorianrosse/.local/bin/cmake.ignore
which cmake

Russ
________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Sunday, August 14, 2022 9:51 AM
To: Russ Combs (rucombs) <rucombs () cisco com>; snort-devel () lists snort org <snort-devel () lists snort org>...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Aug 14)
Dorian,

What does this output?

file /home/dorianrosse/.local/bin/cmake

Russ
________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Sunday, August 14, 2022 9:10 AM
To: Russ Combs (rucombs) <rucombs () cisco com>; snort-devel () lists snort org <snort-devel () lists snort org>
Subject: RE: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both...

Re: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort Russ Combs (rucombs) via Snort-devel (Aug 14)
Dorian,

What do these commands output?

which cmake
alias cmake

Russ
________________________________
From: Dorian ROSSE <dorianbrice () hotmail fr>
Sent: Saturday, August 13, 2022 4:07 PM
To: Russ Combs (rucombs) <rucombs () cisco com>; snort-devel () lists snort org <snort-devel () lists snort org>
Subject: RE: snort3 can't build fully thus i think remove my subscribing of snort because i can't build both snort...

More Lists

We also maintain archives for these lists (some are currently inactive):

Related Resources

Read some old-school private security digests such as Zardoz at SecurityDigest.Org

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.