SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all using the Site Search box above.

Insecure.Org Lists

nmap-dev logo

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

Missing ssh hostkeys when running at scale Loone, Sami (May 04)
Hello nmap devs,

I'm writing in hope that a oneliner pull request could get a bit of attention.

https://github.com/nmap/nmap/pull/2338

In short, ssh hostkey scan script intermittently ends up missing some of the
expected keys when running at scale. The patch is to fix nmap ssh packet
encoding for multiprecision integers.

I've recently added a hacky shell script to the pull request to make it a bit
easier to reproduce the issue...

Re: Writing high-performance npcap application Daniel Miller (Apr 29)
Jan,

Thanks for your interest in Npcap! I'll try to answer questions inline
below.

On Wed, Apr 27, 2022 at 1:21 PM Jan Danielsson <jan.m.danielsson () gmail com>
wrote:

Questions can also be posted as Issues on our Github page, but the nmap-dev
mailing list is also publicly archived, so it works well for this type of
discussion.

I believe most of the performance difference there would be because Npcap
so far does not support a...

Writing high-performance npcap application Jan Danielsson (Apr 27)
Hello,

[The npcap page said it was ok to use nmap mailing list for npcap
related questions. If there's a more appropriate forum, please point me
to it.]

I'm working on an application that requires very high transfer rates
of raw ethernet packets. As a reference, we use libpcap on unixy
platforms and are able to saturate a 1Gbit/s link, with zero packet
loss. A few customers need Windows support, so we're looking...

Zenmap Scan Compare Error Ken Waldrop via dev (Apr 26)
Hello,

I experience the following error when trying to compare saved scans. I tried to copy/paste the text, but I had no
success pasting it after copying. I am running MacOS 12.3.1 and XQuartz 2.8.1.

Ken Waldrop
waldrop01 () icloud com

RE: bug with NSE script john robison (Apr 26)
Hello,

This is the criteria.

nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all 192.168.1.0/24

Here is an example.

NSE Timing: About 99.25% done; ETC: 18:25 (0:00:41 remaining)

NSE: [backorifice-brute] Skipping 'backorifice-brute' portrule, 'ports' argument is missing.

NSE: [backorifice-brute] Skipping 'backorifice-brute' portrule, 'ports' argument is...

bug with NSE script john robison (Apr 26)
NSE: [backorifice-brute] Skipping 'backorifice-brute' portrule, 'ports' argument is missing.

The keeps repeating is disconnects the NSE script multiple times. Waiting 10 minutes for N+.01 second from N=99.00 is
worse than paint drying. LOL.

Best regards,

John

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows

Removing scan options in the UI does not remove them in the address line Eitan Caspi (Feb 24)
Hello,

I use zenmap 7.92 on window 10, latest build, 21H2.

When editing an existing profile and at the command line there is a use of
-sT and -sU and -T4 - when changing these options from the UI drop-down
lists to "None" - they are not removed from the profile's command line at
the top.

Changing to other values, that are not "none", from within each option type
- works fine and updates the command line with the...

can not set option and profile Bernard (Feb 24)
Greetings Kind Regards Thank You for providing Zenmap 7.92 for Windows
10 . The attached GIF demonstrates setting the -6 option causes the
selected profile to be cleared then selecting the profile causes the
-6 option to disappear ad infinitum . I may be doing something wrong
as I know nothing re/ networks so I beg your indulgence . I merely
copied the address from All Settings . Network & Internet . Status .
View hardware and connection...

packet-trace inconsistent paacman via dev (Feb 23)
I've noticed when using the packet-trace option that Nmap doesn't always display all packets sent and received.

For example doing a syn scan all the packets (SYN, ACK, Reset) are shown but doing a connect scan does not. Is this by
design for some reason?_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Re: Most popular ports updated last Robin Wood (Feb 19)
I'd have thought that most boxes that have 443 open also have 80 but there
will still be some older boxes that have just 80.

Robin

Re: Most popular ports updated last Esa Jokinen via dev (Feb 19)
The port frequency information seems to be rather old; from Sep 5, 2008
commit 415bcdf1a64472a85b90158cf5cde8594443ef68 [1], and the open-
frequency column still has the same values for HTTP(S):

http 80/tcp 0.484143 # World Wide Web HTTP
http 80/udp 0.035767 # World Wide Web HTTP
https 443/tcp 0.208669 # secure http (SSL)
https 443/udp 0.010840

More recent statistics gathered from...

Most popular ports updated last paacman via dev (Feb 17)
When was the last time the most popular ports been updated in the nmap-services file? I'm wondering about the usage
frequency, it shows http is the most opened port, I would think https is now the most open port._______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Re: Nmap 25th anniversary Arturo 'Buanzo' Busleiman (Feb 16)
I am SO +1 on this. Where?

Nmap 25th anniversary Sebastian Garcia (Feb 15)
Hi awesome community!

Hey, this Sep 1st, 2022 is going to be the 25th anniversary of our beloved
Nmap. I believe it is a good moment to do something and celebrate. A
quarter century is not something many tools live to see, with such a
continuous energy, effort and impact in our community.

What about doing something? A conference? flyers on the street? the largest
nmap hackers online call of the century? Organising a 'Scan your network
and...

[NSE] Problems with authentication in ms-sql in Nmap 7.91+ Paulino Calderon (Jan 14)
Hey,

I was wondering if anyone familiar with the MS-SQL protocol knows what
might be happening here. The dev branch version crashes at the moment
when scanning Microsoft SQL Server 2005 9.00.3042; SP2:

NSE: [ms-sql-brute M:b41d0c xx.xx.xx.xx] MSSQL-SSRP: SSRP Data:
ServerName;XXXX;InstanceName;MSSQLSERVER;IsClustered;No;Version;9.00.3042.00;tcp;1433;;
NSE: [ms-sql-brute M:b41d0c xx.xx.xx.xx] MSSQL-SSRP: SSRP Substrings:...

nmap-announce logo

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.

Npcap 1.60 Release: Code Hardening, Compatibility, and Bug Fixes Gordon Fyodor Lyon (Dec 08)
Hi Nmap (and Npcap) hackers! I hope you're enjoying the start of the
holidays. For your first stocking stuffer, we're happy to release Npcap
Version 1.60! We also released (but never actually announced) Version 1.55
in September. We put out Versions 1.12 and 1.11 of the SDK too. None of
these try to wow you with major new features. We're excited about a lot of
those in the pipeline, but we focused the last few months on...

Nmap 7.92 Defcon Release! Gordon Fyodor Lyon (Aug 07)
Hi folks. Many of us can't attend Defcon in person this year due to global
pandemic, but we won't let that stop our traditional Defcon Nmap release!
We just posted Nmap 7.92 to https://nmap.org/download.html. It includes
dozens of performance improvements, feature enhancements, and bug fixes
that we've made over the last 10 months.

The biggest improvement (at least for Windows users) is the inclusion of
version 1.50 of Npcap (...

Npcap 1.50 Release Brings Nmap & Wireshark to Windows ARM devices Gordon Fyodor Lyon (Jun 28)
Hi folks. The Nmap Project is pleased to release Npcap version 1.50 at
https://npcap.org. There are many improvements in this release, but the
one we're most excited about is support for the ARM architecture! This
allows apps like Nmap and Wireshark to run for the first time on a newer
generation of hardware which often includes all-day battery life and
always-on LTE/5G capabilities. Devices vary from the $349 Samsung Galaxy
Book Go...

Npcap 1.30 Released: Raw WiFi + Better Performance Gordon Fyodor Lyon (Apr 12)
Hi folks. The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did....

Npcap 1.20 released Gordon Fyodor Lyon (Mar 16)
Nmap/Npcap Community:

I'm happy to report the release of version 1.20 of the Npcap Windows packet
capturing/sending driver! It's the first release of 2021 and includes
better capabilities for selecting timestamp methods as well as many other
improvements and bug fixes. These include updating the underlying libpcap
library to version 1.10 and building our installer now with NSIS 3. More
details on all this are available from the...

fulldisclosure logo

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

some details regarding CVE-2022-24422 / iDRAC VNC authentication christian mock (May 13)
The Dell advisory is a bit low on details, so:

The vulnerability is really just CVE-2006-2369 / CVE-2006-2450, but
wrapped in TLS (we're in the 2020s, our auth bypasses are secure now!)

That means that your vuln scanner might or might not detect it, Nessus
for example does, but Nexpose apparently doesn't.

It also means that metasploit's "realvnc_41_bypass" is not directly
usable, you need to use your favorite TLS...

SEC Consult SA-20220512-0 :: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals SEC Consult Vulnerability Lab, Research via Fulldisclosure (May 12)
SEC Consult Vulnerability Lab Security Advisory < 20220512-0 >
=======================================================================
title: Sandbox Escape with Root Access & Clear-text passwords
product: Multiple Konica Minolta bizhub MFP Printer Terminals
vulnerable version: see vulnerable / tested versions below
fixed version: see solution section below
CVE number: CVE-2022-29586,...

Re: Defense in depth -- the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe Tavis Ormandy (May 12)
They're explaining that you need privileges to attack *other* users. I don't
think anyone is disputing you can "attack" yourself.

I know, I know - we've had this discussion before, and nothing will
convince you that this isn't a vulnerability :)

Tavis.

APT28 FancyBear / Code Execution malvuln (May 10)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: APT28 FancyBear
Vulnerability: Code Execution
Description: FancyBear looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and terminate the malware. The...

Defense in depth -- the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe Stefan Kanthak (May 10)
Hi @ll,

the subject says it all: a 25 year old TRIVIAL signed integer
arithmetic bug (which may well have earned a PhD now) crashes
Windows' command interpreter CMD.exe via its builtin SET command.
See their documentation:
<https://technet.microsoft.com/en-us/library/cc771320.aspx>
<https://technet.microsoft.com/en-us/library/cc754250.aspx>

Classification
~~~~~~~~~~~~~~

<https://cwe.mitre.org/data/definitions/190.html>...

Ransom.Satana / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/46bfd4f1d581d7c0121d2b19a005d3df.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Satana
Vulnerability: Code Execution
Description: Satana searches for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption....

Ransom.Conti / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20f0c736a966142de88dee06a2e4a5b1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Conti
Vulnerability: Code Execution
Description: Conti looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption....

Ransom.Petya / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8ed9a60127aee45336102bf12059a850.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Petya
Vulnerability: Code Execution
Description: Petya looks for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The...

Ransom.Cryakl / Code Execution malvuln (May 07)
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2aea3b217e6a3d08ef684594192cafc8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Cryakl
Vulnerability: Code Execution
Description: Cryakl looks for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The...

Trojan-Ransom.Radamant / Code Execution malvuln (May 07)
Discovery / credits: Malvuln - (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/6152709e741c4d5a5d793d35817b4c3d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Radamant
Vulnerability: Code Execution
Description: Radamant tries to load a DLL named "PROPSYS.dll" and execute a
hidden PE file "DirectX.exe" from the AppData\Roaming directory. Therefore,
we can...

Trojan-Ransom.LockerGoga / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/3b200c8173a92c94441cb062d38012f6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.LockerGoga
Vulnerability: Code Execution
Description: LockerGoga looks for and loads a DLL named "wow64log.dll" in
Windows\System32. Therefore, we can drop our own DLL to intercept and
terminate the malware...

Ransom.CTBLocker / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/de25f04dedaffde1be47ef26dc9a8176.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.CTBLocker
Vulnerability: Code Execution
Description: CTBLocker looks for and executes DLLs in its current
directory. Therefore, we can hijack a vuln DLL, execute our own code,
control and terminate the malware...

Trojan-Ransom.Cerber / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/ae99e6a451bc53830be799379f5c1104.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Cerber
Vulnerability: Code Execution
Description: Cerber looks for and executes DLLs in its current directory.
Therefore, we can hijack a vuln DLL, execute our own code, control and
terminate the malware...

Trojan.Ransom.Cryptowall / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0CFFEE266A8F14103158465E2ECDD2C1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan.Ransom.Cryptowall
Vulnerability: Code Execution
Description: Cryptowall looks for and executes DLLs in its current
directory. Therefore, we can hijack a vuln DLL, execute our own code,
control and terminate the malware...

REvil.Ransom / Code Execution malvuln (May 05)
Discovery / credits: Malvuln - (John Page - aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/4c5c1731481ea8d67ef6076810c49e00.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: REvil.Ransom
Vulnerability: Code Execution
Description: REvil looks for and executes DLLs in its current directory.
Therefore, we can hijack a vuln DLL, execute our own code, control and
terminate the malware pre-encryption. The...

Other Excellent Security Lists

bugtraq logo

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Re: [SECURITY] [DSA 4628-1] php7.0 security update Timesportsall (Jan 16)
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
------------------------------------------------------------------------
-

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047
CVE-2019-11050 CVE-2020-7059...

Re: BugTraq Shutdown tommypickle (Jan 16)
All old school hackers from UPT remember and want to show respect. Thanks for everything.

On Second Thought... alias (Jan 16)
Bugtraq has been a valuable institution within the Cyber Security community for
almost 30 years. Many of our own people entered the industry by subscribing to it
and learning from it. So, based on the feedback we’ve received both from the
community-at-large and internally, we’ve decided to keep the Bugtraq list running.
We’ll be working in the coming weeks to ensure that it can remain a valuable asset
to the community for years to...

BugTraq Shutdown alias (Jan 15)
2020 was quite the year, one that saw many changes. As we begin 2021, we wanted
to send one last note to our friends and supporters at the SecurityFocus BugTraq
mailing list. As many of you know, assets of Symantec were acquired by Broadcom
in late 2019, and some of those assets were then acquired by Accenture in 2020
(https://newsroom.accenture.com/news/accenture-completes-acquisition-of-broadco
ms-symantec-cyber-security-...

basics logo

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open Vic Vandal (Feb 03)
We are pleased to announce that CarolinaCon-15 will be on April 26th-28th 2019 in Charlotte NC at the Renaissance
Charlotte Suites. All who are interested in speaking on any topic in the realm of hacking, cybersecurity, technology,
science, robotics or any related field are invited to submit a proposal to present at the con. Full disclosure that
technology or physical security exploitation type submissions are most desirable for this storied...

pen-test logo

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

44CON 2018 - 12th-14th September, London (UK) Steve (Feb 28)
44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training
on the 10th and 11th of September, a free evening event on the 12th of September, and a full two-day conference on the
13th and 14th of September. The event takes place at the ILEC Conference Centre near Earls Court, London. 44CON 2018
includes catering, private bus bar and Gin O'Clock breaks. Early Bird discounted...

RootedCON Security Conference - 1-3 March, Madrid (Spain) omarbv (Feb 11)
On the occasion of the ninth edition of RootedCON, the most important
computer security conference in the country, around 2,000 hackers will
meet to discuss new questions and researchs about the cybersecurity
world, with its risks and threats. National and international experts
have included in their agendas this mandatory appointment to discuss new
vulnerabilities, viruses, and other threats, they will also talk about
countermeasures in order...

isn logo

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Ransomware: Why one city chose to the pay the ransom after falling victim InfoSec News (Aug 12)
https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/

By Danny Palmer
ZDNet.com
August 12, 2020

A US city has explained why it gave into the demands of cyber criminals
and paid a ransom demand of $45,000 following a ransomware attack.

Lafayette, Colorado fell victim to ransomware on July 27, which encrypted
the city's computer networks and caused disruptions to phone services,
email and...

0-days, a failed patch, and a backdoor threat. Update Tuesday highlights InfoSec News (Aug 12)
https://arstechnica.com/information-technology/2020/08/update-tuesday-fixes-2-0days-and-botched-patch-for-a-backdoor-threat/

By Dan Goodin
Ars Technica
08/12/2020

Microsoft on Tuesday patched 120 vulnerabilities, two that are notable
because they’re under active attack and a third because it fixes a
previous patch for a security flaw that allowed attackers to gain a
backdoor that persisted even after a machine was updated.

Zero-day...

OCR warns hospitals of HIPAA compliance scams InfoSec News (Aug 12)
https://www.healthcareitnews.com/news/ocr-warns-hospitals-apparent-hipaa-compliance-scams

By Mike Miliard
Healthcare IT News
August 11, 2020

The Office for Civil Rights at the U.S. Department of Health and Human
Services has warned health systems about what appears to be something of
an old-fashioned and low-tech phishing attempt: fraudulent postcards, most
addressed to hospital privacy officers, that warn of noncompliance with a
mandatory...

The Secret SIMs Used By Criminals to Spoof Any Number InfoSec News (Aug 12)
https://www.vice.com/en_us/article/n7w9pw/russian-sims-encrypted

By Joseph Cox
Vice.com
August 12, 2020

The unsolicited call came from France. Or at least that's what my phone
said. When I picked up, a man asked if I worked with the National Crime
Agency, the UK's version of the FBI. When I explained, no, as a journalist
I don't give information to the police, he said why he had contacted me.

"There are these special SIM...

North Korean Hacking Group Attacks Israeli Defense Industry InfoSec News (Aug 12)
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html

By Ronen Bergman and Nicole Perlroth
nytimes.com
Aug. 12, 2020

TEL AVIV -- Israel claimed Wednesday that it had thwarted a cyberattack by
a North Korea-linked hacking group on its classified defense industry.

The Defense Ministry said the attack was deflected “in real time” and that
there was no “harm or disruption” to its computer systems.

However,...

FBI says an Iranian hacking group is attacking F5 networking devices InfoSec News (Aug 11)
https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/

By Catalin Cimpanu
Zero Day
ZDNet.com
August 10, 2020

A group of elite hackers associated with the Iranian government has been
detected attacking the US private and government sector, according to a
security alert sent by the FBI last week.

While the alert, called a Private Industry Notification, didn't identify
the hackers by name,...

Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks InfoSec News (Aug 11)
https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walkthrough/

By Gareth Corfield
The Register
08/10/2020

DEF CON -- Boeing 747-400s still use floppy disks for loading critical
navigation databases, Pen Test Partners has revealed to the infosec
community after poking about one of the recently abandoned aircraft.

The eye-catching factoid emerged during a DEF CON video interview of PTP's
Alex Lomas, where the man...

US Cyber Command is using unclassified networks to fight election interference InfoSec News (Aug 10)
https://www.c4isrnet.com/cyber/2020/08/10/us-cyber-command-is-using-unclassified-networks-to-fight-election-interference/

By Mark Pomerleau
C4ISRNET.com
08/10/2020

WASHINGTON -- U.S. Cyber Command is using unclassified networks and
publicly available communication platforms as it works to prevent foreign
interference in the next presidential election, a CYBERCOM official has
revealed.

“From a CYBERCOM standpoint, one of the big changes...

New England guardsmen test their skills in Cyber Yankee 2020 InfoSec News (Aug 03)
https://www.c4isrnet.com/cyber/2020/08/03/new-england-guardsmen-test-their-skills-in-cyber-yankee-2020/

By Mark Pomerleau
C4ISRNET.com
08/03/2020

Members of the National Guard from New England states concluded a two-week
cyber exercise that sought to test the cyber skills of guardsmen and
critical infrastructure operators.

Cyber Yankee 2020, which took place July 21-31 in New Hampshire, involved
more than 200 National Guard members and...

Travel management company CWT hands over $4.5M following ransomware attack InfoSec News (Aug 03)
https://siliconangle.com/2020/08/02/travel-management-company-cwt-hands-4-5m-following-ransomware-attack/

By Duncan Riley
SiliconAngle.com
08/02/2020

Business travel management company CWT Global B.V. is the latest company
to pay a ransom demand following a ransomware attack.

According to report Friday by Reuters, the company paid $4.5 million to
those behind the ransomware after the attack knocked some 30,000 of the
company’s computers...

DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns InfoSec News (Aug 03)
https://www.cyberscoop.com/taidoor-malware-report-china-cisa-dod-fbi/

By Shannon Vavra
CYBERSCOOP
August 3, 2020

The U.S. government publicly put forth information Monday that exposed
malware used in Chinese government hacking efforts for more than a decade.

The Chinese government has been using malware, referred to as Taidoor, to
target government agencies, entities in the private sector, and think
tanks since 2008, according to a joint...

Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets InfoSec News (Aug 03)
https://www.theregister.com/2020/08/03/leaky_s3_buckets/

By Shaun Nichols in San Francisco
The Register
3 Aug 2020

The massive amounts of exposed data on misconfigured AWS S3 storage
buckets is a catastrophic network breach just waiting to happen, say
experts.

The team at Truffle Security says its automated search tools were able to
stumble across some 4,000 open Amazon S3 buckets that included data
companies would not want public, things...

House Republicans introduce legislation to give states $400 million for elections InfoSec News (Aug 03)
https://thehill.com/policy/cybersecurity/510362-house-republicans-introduce-legislation-to-give-states-400-million-for

By Maggie Miller
The Hill
08/03/2020

A group of House Republicans on Monday introduced legislation that would
appropriate $400 million to states to address election challenges stemming
from the COVID-19 pandemic.

The Emergency Assistance for Safe Elections (EASE) Act would designate
$200 million to assist with sanitizing...

Zoom private meeting passwords were easily crackable InfoSec News (Jul 30)
https://www.itnews.com.au/news/zoom-private-meeting-passwords-were-easily-crackable-551095

By Juha Saarinen
itnews.com.au
July 31, 2020

The automatically generated passwords protecting private Zoom meetings
could be cracked with relative ease, allowing access to sensitive
conferences, a researcher has discovered.

Web site developer Tom Anthony decided on March 31 this year to see if he
could crack the password for private Zoom meetings....

Pentagon needs access to defense companies' networks to hunt cyberthreats, says commission InfoSec News (Jul 30)
https://www.c4isrnet.com/cyber/2020/07/30/pentagon-needs-access-to-defense-companies-networks-to-hunt-cyberthreats-says-commission/

By Mark Pomerleau
C4ISRNET.com
July 30, 2020

WASHINGTON -- The Pentagon must be able to hunt cyberthreats on the
private networks of defense companies in order to strengthen national
cybersecurity, according to one of the leaders of the Cyber Solarium
Commission.

Rep. Mike Gallagher, R-Wis., who co-chairs the...

firewall-wizards logo

Firewall Wizards — Tips and tricks for firewall administrators

Revival? Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.

Paul

focus-ids logo

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

webappsec logo

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Faraday Beta V3.0 Released Francisco Amato (Jul 04)
Faraday helps you to host your own vulnerability management platform
now and streamline your team in one place.

We are pleased to announce the newest version of Faraday v3.0. In this
new version we have made major architecture changes to adapt our
software to the new challenges of cyber security. We focused on
processing large data volumes and to making it easier for the user to
interact with Faraday in its environment.

To install it you can...

dailydave logo

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

SBOMs and Jellyfish Dave Aitel via Dailydave (Apr 22)
The most annoying thing with talking to computer scientists about anything
is they will look at any problem that remotely touches software and ask you
"Is that the right data structure? Are you ... sure?"

Like, this is what happens to every programming language - it's why you get
NaN or an empty list for any given arbitrary code fragment in Javascript.
People had a normal data structure, say a dictionary, and were like "What...

Re: GraphQL Jim Manico via Dailydave (Mar 05)
For many years GraphQL implementations have had massive issues with
access control/authorization and denial of service. This is a common
problem when you are essentially give a database prompt to the client.
GraphQL is better off on the back end only, IMO.

At OWASP we have an older cheatsheet on this topic that gets a lot of hits.

https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html

If you have suggestions to make this...

GraphQL Dave Aitel via Dailydave (Mar 05)
One of the best ways to get more performance out of your networked system
is to trust the client more. This is always a bad idea from a
security perspective, as everyone on this list knows, but it's fun to see
it reincarnated a thousand times in different bodies.

So for example if your web application has endless structured data always
changing and you're sick of writing REST APIs and middleware you start
thinking - what if instead, I...

General Relativity is Not Evenly Distributed Dave Aitel via Dailydave (Feb 11)
[image: image.png]

If cities were 100% accurately represented by video games, Miami would of
course be *GTA: Vice City*, a story of simplistic corruption garishly lit
and stuck in 2002 forever. It's traditional to hate on Miami, right until
you make some crypto money and decide to move there into a condominium with
a stunning view and an equally stunning lack of maintenance or foresight
around rising water tables.

Seattle, on the other...

Re: Cyber Threat Intelligence vs Megafauna Konrads Klints via Dailydave (Feb 09)
Biology in its beautiful variety has a problem for taxonomist absolutists - new species keep on being discovered. Thus
strategy that aims to find and classify everyone is doomed. Same in cyberz - it's good that we know about prominent
members but little varieties unless game changing are boring and useless for strategic decision making.

Same sort of goes with C2. C2 is one of the requirements for most varieties of CNE. It makes a lot of...

Cyber Threat Intelligence vs Megafauna Dave Aitel via Dailydave (Jan 27)
https://twitter.com/SecurePeacock/status/1486156096259637250?s=20

[image: image.png]

So I wanted to respond to this post which starts "If someone exploits an
0day they still have to setup C2 - this is where TTPs are generated that
Blue Teams can win against". And I think for the past year I've gone on a
huge journey of discovery, annoying my Cyber Threat Intelligence friends to
no end as I ask annoying questions like "After...

RootedCON 2022 Call For Papers is open! omarbv--- via Dailydave (Jan 02)
______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

*** /RootedCON'2022 - Main activity ***

-=] About RootedCON

RootedCON is a technology congress that will be developed in Madrid
(Spain) from 10 - 12 of march 2022....

pauldotcom logo

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

honeypots logo

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...

microsoft logo

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

funsec logo

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

cert logo

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Mozilla Releases Security Update for Thunderbird US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Mozilla Releases Security Update for Thunderbird [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird ] 07/17/2020
10:50 AM EDT
Original release date: July 17, 2020

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit
some of these...

Microsoft Releases Security Update for Edge US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Releases Security Update for Edge [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/microsoft-releases-security-update-edge ] 07/17/2020 10:53 AM
EDT
Original release date: July 17, 2020

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit
this vulnerability to drop...

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation [
https://us-cert.cisa.gov/ncas/alerts/aa20-198a ] 07/16/2020 08:09 AM EDT
Original release date: July 16, 2020

Summary

"This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) and Pre-ATT&CK
frameworks....

CISA Releases Emergency Directive on Critical Microsoft Vulnerability US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

CISA Releases Emergency Directive on Critical Microsoft Vulnerability [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability
] 07/16/2020 03:28 PM EDT
Original release date: July 16, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive...

Apple Releases Security Updates US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Apple Releases Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/apple-releases-security-updates ] 07/16/2020 11:17 AM EDT
Original release date: July 16, 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of
these vulnerabilities to take control of an...

Malicious Activity Targeting COVID-19 Research, Vaccine Development US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Malicious Activity Targeting COVID-19 Research, Vaccine Development [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/malicious-activity-targeting-covid-19-research-vaccine-development
] 07/16/2020 07:16 AM EDT
Original release date: July 16, 2020

In response to malicious activity targeting COVID-19 research and vaccine development in the United...

Cisco Releases Security Updates for Multiple Products US-CERT (Jul 15)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Cisco Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products ]
07/15/2020 03:19 PM EDT
Original release date: July 15, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote
attacker...

Oracle Releases July 2020 Security Bulletin US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Oracle Releases July 2020 Security Bulletin [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/oracle-releases-july-2020-security-bulletin ] 07/14/2020
05:21 PM EDT
Original release date: July 14, 2020

Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A
remote attacker could...

Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome-0 ] 07/14/2020 04:51
PM EDT
Original release date: July 14, 2020

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit...

Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome ] 07/14/2020 02:45 PM
EDT
Original release date: July 14, 2020

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit to...

Microsoft Releases July 2020 Security Updates US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Releases July 2020 Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-releases-july-2020-security-updates ] 07/14/2020
02:13 PM EDT
Original release date: July 14, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could
exploit some of these...

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-addresses-wormable-rce-vulnerability-windows-dns-server
] 07/14/2020 02:14 PM EDT
Original release date: July 14, 2020

Microsoft has released a security update to address a remote code execution (RCE)...

Adobe Releases Security Updates for Multiple Products US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Adobe Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/adobe-releases-security-updates-multiple-products ]
07/14/2020 01:18 PM EDT
Original release date: July 14, 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit
some of...

Apache Releases Security Advisories for Apache Tomcat US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Apache Releases Security Advisories for Apache Tomcat [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/apache-releases-security-advisories-apache-tomcat ]
07/14/2020 11:33 AM EDT
Original release date: July 14, 2020

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat.
An attacker...

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java US-CERT (Jul 13)
Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java [ https://us-cert.cisa.gov/ncas/alerts/aa20-195a ]
07/13/2020 07:07 PM EDT
Original release date: July 13, 2020

Summary

On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287 [
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287 ],...

oss-sec logo

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

CVE-2022-29162: runc < 1.1.2 incorrect handling of inheritable capabilities in default configuration Aleksa Sarai (May 11)
A security update for runc (v1.1.2) was released to mitigate
CVE-2022-29162, which is a low severity vulnerability related to
mishandling of inheritable capabilities which resulted in an atypical
Linux environment inside containers.

As the inheritable set was a subset of the permitted capabilities (which
are limited) this bug does not affect the container security boundary,
it simply ensures that programs running inside the container do not...

[SECURITY ADVISORY] curl: HSTS bypass via trailing dot Daniel Stenberg (May 10)
HSTS bypass via trailing dot
============================

Project curl Security Advisory, May 11 2022 -
[Permalink](https://curl.se/docs/CVE-2022-30115.html)

VULNERABILITY
-------------

curl's HSTS check could be bypassed to trick it to keep using HTTP.

Using its HSTS support, curl can be instructed to use HTTPS directly instead
of using an insecure clear-text HTTP step even when HTTP is provided in the
URL. This mechanism could be...

[SECURITY ADVISORY] curl: TLS and SSH connection too eager reuse Daniel Stenberg (May 10)
TLS and SSH connection too eager reuse
======================================

Project curl Security Advisory, May 11 2022 -
[Permalink](https://curl.se/docs/CVE-2022-27782.html)

VULNERABILITY
-------------

libcurl would reuse a previously created connection even when a TLS or SSH
related option had been changed that should have prohibited reuse.

libcurl keeps previously used connections in a connection pool for subsequent
transfers to reuse...

[SECURITY ADVISORY] curl: CERTINFO never-ending busy-loop Daniel Stenberg (May 10)
CERTINFO never-ending busy-loop
===============================

Project curl Security Advisory, May 11 2022 -
[Permalink](https://curl.se/docs/CVE-2022-27781.html)

VULNERABILITY
-------------

libcurl provides the `CURLOPT_CERTINFO` option to allow applications to
request details to be returned about a TLS server's certificate chain.

Due to an erroneous function, a malicious server could make libcurl built with
NSS get stuck in a...

[SECURITY ADVISORY] curl: percent-encoded path separator in URL host Daniel Stenberg (May 10)
percent-encoded path separator in URL host
==========================================

Project curl Security Advisory, May 11 2022 -
[Permalink](https://curl.se/docs/CVE-2022-27780.html)

VULNERABILITY
-------------

The curl URL parser wrongly accepts percent-encoded URL separators like '/'
when decoding the host name part of a URL, making it a *different* URL using
the wrong host name when it is later retrieved.

For example, a URL...

[SECURITY ADVISORY] curl: cookie for trailing dot TLD Daniel Stenberg (May 10)
cookie for trailing dot TLD
===========================

Project curl Security Advisory, May 11 2022 -
[Permalink](https://curl.se/docs/CVE-2022-27779.html)

VULNERABILITY
-------------

libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if
the host name is provided with a trailing dot.

curl can be told to receive and send cookies when communicating using
HTTP(S). curl's "cookie engine" can be built with or...

[SECURITY ADVISORY] curl: removes wrong file on error Daniel Stenberg (May 10)
curl removes wrong file on error
================================

Project curl Security Advisory, May 11 2022 -
[Permalink](https://curl.se/docs/CVE-2022-27778.html)

VULNERABILITY
-------------

curl might remove the wrong file when `--no-clobber` is used together with
`--remove-on-error`.

The `--remove-on-error` option tells curl to remove the output file when it
returns an error, and not leave a partial file behind. The `--no-clobber`
option...

Re: Linux kernel: A concurrency use-after-free in bad_flp_intr for latest kernel version Minh Yuan (May 10)
By the way, this race issue has been assigned CVE-2022-1652 by Red Hat.

Minh Yuan <yuanmingbuaa () gmail com> 于2022年5月10日周二 14:59写道:

Linux kernel: A concurrency use-after-free in bad_flp_intr for latest kernel version Minh Yuan (May 10)
Hi everyone,

My fuzzer discovered another concurrency uaf between reset_interrupt and
floppy_end_request in the latest kernel version (5.17.5 for now).

The root cause is that after deallocating current_req in floppy_end_request,
reset_interrupt still holds the freed current_req->error_count and accesses
it concurrently.

Here is the KASAN report:

BUG: KASAN: use-after-free in bad_flp_intr+0x332/0x460

Call Trace:
__dump_stack...

Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Jan Lehnardt (May 09)
This is automated by ASF infrastructure, I sadly have no say over this. But maybe we can a footer with the address next
time :)

Perfect, thanks!
Jan

Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Archange (May 09)
Le 09/05/2022 à 13:41, Jan Lehnardt a écrit :

Sure, you should put this address in copy when posting to oss-security
then, so you would be sure people reply to that one too. ;)

Thanks, so you use a default env file to set the variable and allow
people to easily change it in the case of a clustered setup. Will do so
as well then!

Regards,
Bruno

Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Jan Lehnardt (May 09)
Hi Bruno,

first of all, thanks for maintaining CouchDB for Arch. Secondly, for any security related questions, please do not
hesitate to contact security () couchdb apache org instead of any one of the team individually, as we can’t know if any
of is available at all times (vacations and whatnot :)

As for your questions, see this PR to our packaging infrastructure for how we handle this on Debian and Centos/Rocky:...

Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging Archange (May 09)
Hi,

Le 26/04/2022 à 12:44, Jan Lehnardt a écrit :

Regarding epmd, how is this achieved in the binary packages? Because on
Arch at least, setting `ERL_EPMD_ADDRESS=127.0.0.1` as stated in
https://github.com/apache/couchdb/issues/999#issuecomment-345068280 is
still required. Should Arch make that a default in the systemd service
file? For now this has just been a recommandation for single node
security since 2017
(...

CVE-2022-24903: rsyslog < 8.2204.1 heap buffer overrun Rainer Gerhards (May 05)
Severity: High | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

This is a worst case rating. When syslog best practices are applied
(no Internet access to rsyslog receivers) the severity is lower.
Details below.

Advisory: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243

Advisory content:

### Impact
Modules for TCP syslog reception have a heap buffer overflow when
octet-counted framing is used....

DPDK CVE-2022-0669 Release Notice Jiang, Cheng1 (May 04)
A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

It's an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an
unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are
not closed by the vhost-user slave. By...

securecoding logo

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

educause logo

Educause Security Discussion — Securing networks and computers in an academic environment.

Covid Test Kit Singapore Covid Test Kit Singapore (Oct 01)
Covid Test Kit

Order test kit for your company now! Stay Safe! Free Delivery in Singapore

Easy to use

HSA Approved

Click on the link below to open the message in a browser:
https://www.covidtestkit.info/so/b3Nmx3jmr/c?w=X7fgda-LWUeRP6mC6I6qXRUzGOxDt64oN8eoV7oJkUE.eyJ1IjoiaHR0cHM6Ly93d3cuY292aWR0ZXN0a2l0LmluZm8vc28vYjNObXgzam1yP2xhbmd1YWdlVGFnPWVuIiwibSI6Im1haWwiLCJjIjoiOGE5YzNiMGMtMjYwMC00ODQ3LTgzMGItMTVmN2U4NzA3YzVjIn0

You've received...

Internet Issues and Infrastructure

nanog logo

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Texas ERCOT announces electric grid shortage unseasonably hot weather Michael Thomas (May 13)
I was about to throw shade on Texas until I remembered "oh, PG&E". Never
mind.

Mike

Texas ERCOT announces electric grid shortage unseasonably hot weather Sean Donelan (May 13)
This afternoon, six power generation facilities tripped offline resulting
in the loss of approximately 2,900 MW of electricity. At this time, all
generation resources available are operating. We’re asking Texans to
conserve power when they can by setting their thermostats to 78-degrees or
above and avoiding the usage of large appliances (such as dishwashers,
washers and dryers) during peak hours between 3 p.m. and 8 p.m. through
the...

RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Jakob Heitz (jheitz) via NANOG (May 13)
'RPKI-tested-only' will store all routes that encounter a 'validation-state' test
in the inbound route policy. In that case, when an RPKI server updates a VRP to the
router, it can re-run the inbound policy from the stored route and not require a
refresh request to be sent.

This option saves memory if you use a coarse filter in the route-policy before
the validation test. For example, you use a peer-locking filter to drop...

Weekly Global IPv4 Routing Table Report Routing Table Analysis Role Account (May 13)
This is an automated weekly mailing describing the state of the Global
IPv4 Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net.

For historical data, please see https://thyme.apnic.net.

If you have any comments please contact Philip Smith <pfsinoz...

Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Saku Ytti (May 13)
What does this mean? If any term refers to validation-state, the route
gets stored?

Eg.

if validation-state is valid then
pass
else
drop

a) Would 'RPKI-dropped-only' store everything or nothing?
b) Would 'RPKI-tested-only' store everything?

Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Mark Tinka (May 12)
Awesome!

Mark.

RE: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) Jakob Heitz (jheitz) via NANOG (May 12)
To address the risk of somebody exhausting your memory by dumping a ton of routes on you,
we added two new options to "soft-reconfiguration inbound" in IOS-XR.

RPKI-dropped-only
Saves a copy of only the routes dropped by an RPKI validation-state test in neighbor-in route-policy.

RPKI-tested-only
Saves a copy of only the routes tested in an RPKI validation-state test in neighbor-in route-policy.

This was released in 7.3.1 in Feb 2021....

NANOG 85 Sneak Peek + More Nanog News (May 12)
*NANOG 85 Sneak Peek*
*Meeting Will Take Place Jun. 6 - 8 in Montréal*

REGISTER NOW <https://www.nanog.org/events/nanog-85/> for hours of talks by
industry leaders, networking opportunities + more!
*Coming Soon to the NANOG 85 Stage: *

- Keynote Speaker: Sylvie LaPerrire
- Special IPv6 World Launch Anniversary Day programming
- 4 different panels that will be taking place in Montréal
- Panel: Women in Executive...

Re: Github/gist list of modern telemetry/networking polling tools Tom Beecher (May 12)
I'm also generally a fan of the older 'simple, just work' things , but
influxdb + grafana has absolutely grown on me over time.

Re: Github/gist list of modern telemetry/networking polling tools Tarko Tikan (May 12)
hey,

snmp_exporter
gnmic

feeding to prometheus
+ alertmanager
+ grafana

Building meaningful dashboards and setting up actionable alerts
(relevant for your network) is the hardest part.

RE: Github/gist list of modern telemetry/networking polling tools Rafael Possamai (May 12)
Here is a list: https://github.com/kahun/awesome-sysadmin#monitoring

Personally, I've used smokeping for over a decade (mrtg works too, or rrd and a cron job), as well as librenms/prtg and
as of the last couple of years a software "stack" such as telegraf+influxdb+grafana, although that's more resource
intensive than the old school stuff that just works.

From: NANOG <nanog-bounces+rafael.possamai=bluebirdnetwork.com ()...

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) John McCormac (May 12)
Agree on the effects on smaller legal players.

A domain name does not always have to have a website. This means that
some domain names may have no presence on the Web unless they are
mentioned on a site or in e-mail. With the increased automation of
webhosting control panels, undeveloped domain names may be automatically
parked on the webhoster's or registrar's holding page.

Perhaps if there are lists of new registrations...

Github/gist list of modern telemetry/networking polling tools Drew Weaver (May 12)
Hello,

If you guys are like me I find something that works and I just stick with it.

Now that we're getting to a place where we can re-tool some of our monitoring and telemetry for our network I am
looking for information/recommendations on new tools.

Specifically I am looking a list of NMS, SNMP poller/grapher, sflow/netflow cap/dump tools that people are enjoying.

I know a lot of times people post lists of tools over on github or a...

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Masataka Ohta (May 12)
John McCormac wrote:

Not a problem for large companies or botnet. So, only
small legal players suffer from hiding zone information.

You misunderstand my statement. Domain names not offering
HTTP service can also be collected by web crawling.

Google can also use gmail to collect domain names used by
sent or received e-mails.

Is your concern privacy of "bad" websites?

That's not a problem related to enumeration of domain names....

Re: Question re prevention of enumeration with DNSSEC (NSEC3, etc.) Matt Corallo (May 11)
I have found that some people who are concerned about such things will have LetsEncrypt certs for
many of the same hosts they were worried about - which of course makes the DNS zone enumeration
issue moot - any CA-signed certs are already public these days.

Doesn't make the issue completely moot, but the reality is if you're exposing something to the
internet, there's plenty of ways for it to leak out, so best not to make it...

interesting-people logo

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

PH´s, Deptos, Oficinas, Cocheras, etc La Capitana (May 11)


Recoleta,&nbsp;Laprida al 2100, entre Las Heras y Gutierrez, departamento de 83 m2, muy luminoso, Palier, living
comedor, cocina, entrada de servicio, toilette, dos dormitorios, baño completo con jacuzzi, balcon, Vista a Piscina,
Una cochera y una Baulera, Parque, Piscina, Parrilla, Salon de usos multiple, Gimnasio, Sauna, Seguridad 24 hs, mas
informacion haciendo click aqui

PH en Villa del Parque,&nbsp;Emilio Lamarca...

USA 🇺🇸/ ARGENTINA 🇦🇷 CHINA 🇨🇳/ ARGENTINA 🇦🇷 Somos el servicio de courier más rápido de todos. Compra (May 05)


USA 🇺🇸/ ARGENTINA 🇦🇷&nbsp;&nbsp; CHINA 🇨🇳/ ARGENTINA 🇦🇷

Somos el servicio de courier más rápido de todos.&nbsp;

Sin trámites, ni demoras

Traemos todo en menos de una semana

&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;

&nbsp;

&nbsp;

&nbsp;

CARGA AÉREA / MARÍTIMA

&nbsp;

DIRECTO

&nbsp;

3 salidas semanales&nbsp;

&nbsp;

Consulta precio por kg...

Jubilate en Dolares, GARANTIZADO por BANCOS INTERNACIONALES Oscar (May 05)


JUBILACION en DOLARES, GARANTIZADO por BANCOS INTERNACIONALES

&nbsp;

&nbsp;

Haga click aquí para reenviar este email a otra persona

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=wuwwiiswrryusyqyeusroi";>click aqu&iacute;</a>

PH´s, Deptos, Oficinas, Cocheras, etc La Capitana (May 02)


Departamento - Humberto Primo al 1600, Capital Federal. 64m2, Muy lindo 3 Ambientes con 2 Dormitorios. Baño completo y
cocina semi integrada,&nbsp;Con una construcción sólida, el edificio es un proyecto de Mario Roberto Alvarez, premiado
como mejor proyecto en 1950. es autentico estilo.. •Bajas expensas •Espacio para lavadero&nbsp;•Cocina integrada al
amplio living comedor,&nbsp;precio us89.000.

PH en Villa del...

Emprendimientos, Palermo, Belgrano, Nuñez, Saavedra, Caballito, Parque Centenario, etc La Capitana (Apr 29)


🍾🍷&nbsp;Balcones Amplios, Parrillas, Terrazas, Jardines y Patios Propios&nbsp;🍻 🍹

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

Mas Oportunidades para vos haciendo click aqui

&nbsp;

&nbsp;

Consultas haciendo click aqui

&nbsp;

&nbsp;

💰Converti tus Pesos en Dolares&nbsp;💵

&nbsp;...

Somos el servicio de courier más rápido de todos. Sin trámites, ni demoras. Traemos todo en menos de una sem Azure (Apr 28)


CARGA AÉREA / MARÍTIMA

&nbsp;

DIRECTO

&nbsp;

USA 🇺🇸/ ARGENTINA 🇦🇷 &nbsp;

CHINA 🇨🇳/ ARGENTINA 🇦🇷&nbsp;

&nbsp;

Somos el servicio de courier más rápido de todos.&nbsp;

Sin trámites, ni demoras.&nbsp;

Traemos todo en menos de una semana

&nbsp;

3 salidas semanales&nbsp;

&nbsp;

Consulta precio por kg

&nbsp;

Sin máximos en tus compras

&nbsp;

Sin...

Palermo Pre-Venta con BALCON TERRAZA y PARRILLA PROPIA La Capitana RE (Apr 26)


Mas Oportunidades para vos haciendo click aqui

Consultas haciendo click aqui

&nbsp;

&nbsp;

&nbsp;

&nbsp;

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

&nbsp;

&nbsp;

hace click aquí para reenviar este email a un amigo

&nbsp;

Para remover su...

clientes de CLARO consultar por mas beneficios Movistar Negocios (Apr 25)


@font-face{
font-family:"Times New Roman";
}

@font-face{
font-family:"宋体";
}

@font-face{
font-family:"Calibri";
}

@font-face{
font-family:"Calibri";
}

@font-face{
font-family:"Wingdings";
}

@font-face{
font-family:"Calibri";
}

@font-face{
font-family:"Arial";
}

p.MsoNormal{
mso-style-name:Normal;
mso-style-parent:"";...

Cambio de Cheques y Ahora Tambien e-cheqs, Cheques Electronicos La Capitana (Apr 21)


Consultas haciendo click aqui

Ahora tambien e-chqs

&nbsp;

&nbsp;

hace click aquí para reenviar este email a un amigo

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=wuwwiiswrryusyqrpisroi";>click aqu&iacute;</a>

Highland Park Country Club, Alquiler y Venta La Capitana Real Estate (Apr 19)


Casa en Alquiler Anual, haciendo click aqui

Nuevo Ingreso haciendo click aqui

La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA
3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

Haga click aquí para reenviar este email a otra persona

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="...

Cambio de Cheques y Ahora Tambien e-cheqs, Cheques Electronicos Cambio de Cheques (Apr 14)


Consultas haciendo click aqui

Ahora tambien e-chqs

&nbsp;

&nbsp;

hace click aquí para reenviar este email a un amigo

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver4.com/unsuscribe.php?id=wuwwiiswrryusyqrrtsroi";>click aqu&iacute;</a>

Altos de Nuñez con Amenities La Capitana Real Estate (Apr 12)


&nbsp;

Mas Oportunidades para vos haciendo click aqui

Consultas haciendo click aqui

&nbsp;

&nbsp;

&nbsp;

&nbsp;

La Capitana Real Estate de Marisa G. Snatman,

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA,

3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

&nbsp;

hace click aquí para reenviar este email a un amigo

&nbsp;

&nbsp;...

Buscamos para Clientes Propiedades de Dueños Directos La Capitana (Apr 11)


🔎*BUSCO para CLIENTES*👁️ de Dueños Directos con mucha ganas de vender

&nbsp;

1) Lote en Colegiales dentro de este perimetro Av de Los Incas, Alvarez Thomas, Forest, Federico Lacroze y Cramer, sin
pasar la via, no quiere sobre las avenidas para 1.000/1500m2 vendibles&nbsp;*para abonar CASH*

&nbsp;

2) Lote en Nuñez, Belgrano, Saavedra, Palermo, Villa Crespo, Lomas de Nuñez, Coghlan, USAB 2, 8,66c35 minimo, para...

Terrazas de Nuñez con Amenities La Capitana Real Estate (Apr 08)


&nbsp;

Mas Oportunidades para vos haciendo click aqui

Consultas haciendo click aqui

&nbsp;

&nbsp;

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

&nbsp;

&nbsp;

&nbsp;

hace click aquí para reenviar este email a un amigo

&nbsp;

&nbsp;

Para...

clientes de CLARO consultar por mas beneficios Movistar Negocios (Apr 05)


@font-face{
font-family:"Times New Roman";
}

@font-face{
font-family:"宋体";
}

@font-face{
font-family:"Calibri";
}

@font-face{
font-family:"Calibri";
}

@font-face{
font-family:"Wingdings";
}

@font-face{
font-family:"Calibri";
}

@font-face{
font-family:"Arial";
}

p.MsoNormal{
mso-style-name:Normal;
mso-style-parent:"";...

risks logo

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 33.20 RISKS List Owner (May 13)
RISKS-LIST: Risks-Forum Digest Friday 13 May 2022 Volume 33 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.20>
The current issue can also be found at
<...

Risks Digest 33.19 RISKS List Owner (May 07)
RISKS-LIST: Risks-Forum Digest Saturday 7 May 2022 Volume 33 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.19>
The current issue can also be found at
<...

Risks Digest 33.18 RISKS List Owner (Apr 29)
RISKS-LIST: Risks-Forum Digest Friday 29 April 2022 Volume 33 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.18>
The current issue can also be found at
<...

Risks Digest 33.17 RISKS List Owner (Apr 23)
RISKS-LIST: Risks-Forum Digest Saturday 23 April 2022 Volume 33 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.17>
The current issue can also be found at
<...

Risks Digest 33.16 RISKS List Owner (Apr 19)
RISKS-LIST: Risks-Forum Digest Tuesday 19 April 2022 Volume 33 : Issue 16

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.16>
The current issue can also be found at
<...

Risks Digest 33.15 RISKS List Owner (Apr 18)
RISKS-LIST: Risks-Forum Digest Monday 18 April 2022 Volume 33 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.15>
The current issue can also be found at
<...

Risks Digest 33.14 RISKS List Owner (Apr 12)
RISKS-LIST: Risks-Forum Digest Tuesday 12 April 2022 Volume 33 : Issue 14

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.14>
The current issue can also be found at
<...

Risks Digest 33.13 RISKS List Owner (Apr 09)
RISKS-LIST: Risks-Forum Digest Saturday 9 April 2022 Volume 33 : Issue 13

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.13>
The current issue can also be found at
<...

Risks Digest 33.12 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Friday 1 April 2022 Volume 33 : Issue 12

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.12>
The current issue can also be found at
<...

Risks Digest 33.11 RISKS List Owner (Mar 28)
RISKS-LIST: Risks-Forum Digest Monday 28 March 2022 Volume 33 : Issue 11

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.11>
The current issue can also be found at
<...

Risks Digest 33.10 RISKS List Owner (Mar 21)
RISKS-LIST: Risks-Forum Digest Monday 21 March 2022 Volume 33 : Issue 10

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.10>
The current issue can also be found at
<...

Risks Digest 33.09 RISKS List Owner (Mar 15)
RISKS-LIST: Risks-Forum Digest Monday 14 March 2022 Volume 33 : Issue 09

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.09>
The current issue can also be found at
<...

Risks Digest 33.08 RISKS List Owner (Mar 05)
RISKS-LIST: Risks-Forum Digest Saturday 5 March 2022 Volume 33 : Issue 08

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.08>
The current issue can also be found at
<...

Risks Digest 33.07 RISKS List Owner (Feb 25)
RISKS-LIST: Risks-Forum Digest Friday 25 February 2022 Volume 33 : Issue 07

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.07>
The current issue can also be found at
<...

Risks Digest 33.06 RISKS List Owner (Feb 18)
RISKS-LIST: Risks-Forum Digest Friday 18 February 2022 Volume 33 : Issue 06

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.06>
The current issue can also be found at
<...

dataloss logo

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts

Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.

The average ransom paid by organizations that had data encrypted in their...

New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions Matthew Wheeler (May 04)
https://thehackernews.com/2022/05/new-hacker-group-pursuing-corporate.html

A newly discovered suspected espionage threat actor has been targeting
employees focusing on mergers and acquisitions as well as large corporate
transactions to facilitate bulk email collection from victim environments.

Mandiant is tracking the activity cluster under the uncategorized moniker
UNC3524, citing a lack of evidence linking it to an existing group.
However,...

Fourth Circuit Holds Statements About Importance of Data Security Not Actionable Matthew Wheeler (May 04)
https://www.insideclassactions.com/2022/04/29/fourth-circuit-holds-statements-about-importance-of-data-security-not-actionable/

The Fourth Circuit’s opinion last week in In re Marriott International,
Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful
to companies facing data breach class actions. Following a data breach of
the Starwood guest reservation system, Marriott investors brought
securities claims alleging...

Experts warn that Hive ransomware gang can detect unpatched servers Matthew Wheeler (Apr 26)
https://venturebeat.com/2022/04/25/experts-warn-that-hive-ransomware-attackers-can-detect-unpatched-servers/

The Hive threat group has been targeting organizations across the finance,
energy and healthcare sectors as part of coordinated ransomware attacks
since June 2021.

During the attacks, the group exploits ProxyShell vulnerabilities in MSFT
Exchange servers to remotely execute arbitrary commands and encrypt the
data of companies with this...

Iranian Hacking Group Among Those Exploiting Recently Disclosed VMWare RCE Flaw Matthew Wheeler (Apr 26)
https://www.darkreading.com/attacks-breaches/-iranian-group-among-those-exploiting-recently-disclosed-rce-flaw-in-vmware

An Iranian cyber espionage group that some vendors track as Rocket Kitten
has begun exploiting a recently patched critical vulnerability in VMWare
Workspace ONE Access/Identity Manager technology to deliver the Core Impact
penetration testing tool on vulnerable systems.

VMWare disclosed the remote code execution vulnerability...

Inside a ransomware incident: How a single mistake left a door open for attackers Matthew Wheeler (Apr 26)
https://www.zdnet.com/article/inside-a-ransomware-incident-how-a-single-mistake-left-a-door-open-for-attackers/

A security vulnerability that was left unpatched for three years allowed a
notorious cyber-criminal gang to breach a network and plant ransomware.

The BlackCat ransomware attack against the undisclosed organization took
place in March 2022 and has been detailed by cybersecurity researchers at
Forescout who investigated the incident....

FBI: This ransomware written in the Rust programming language has hit at least 60 targets Matthew Wheeler (Apr 26)
https://www.zdnet.com/article/fbi-this-ransomware-written-in-the-rust-programming-language-has-hit-at-least-60-targets/

The BlackCat ransomware gang has claimed at least 60 victims worldwide.

Written by Liam Tung, Contributor

on April 25, 2022 | Topic: Security

The BlackCat ransomware gang, known for being the first to use ransomware
written in the Rust programming language, has compromised at least 60
organizations worldwide since March...

FBI Shares Information on BlackCat Ransomware Attacks Matthew Wheeler (Apr 22)
https://www.securityweek.com/fbi-shares-information-blackcat-ransomware-attacks

The Federal Bureau of Investigation (FBI) this week published indicators of
compromise (IOCs) associated with the BlackCat Ransomware-as-a-Service
(RaaS).

Initially observed in November 2021 and also tracked as ALPHV and Noberus,
BlackCat is the first ransomware family to be written in the Rust
programming language.

As of March 2022, BlackCat had successfully...

Denonia Malware Shows Evolving Cloud Threats Matthew Wheeler (Apr 22)
https://www.darkreading.com/omdia/denonia-malware-shows-evolving-cloud-threats

Cloud security is constantly evolving and consistently different than
defending on-premises assets. Denonia, a recently discovered serverless
cryptominer drives home the point.

One of the more important points to get across when addressing cloud
security is to make it clear to all involved that cloud security is not
only different, but that it keeps evolving. If...

LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave Matthew Wheeler (Apr 22)
https://www.zdnet.com/article/lemonduck-botnet-plunders-docker-cloud-instances-in-cryptocurrency-crime-wave/

Operators of the LemonDuck botnet are targeting Docker instances in a
cryptocurrency mining campaign.

LemonDuck is cryptocurrency mining malware wrapped up in a botnet
structure. The malware exploits older vulnerabilities to infiltrate cloud
systems and servers, including the Microsoft Exchange ProxyLogon bugs,
EternalBlue, and BlueKeep....

Conn. Senate Passes Sweeping Data Privacy Legislation Matthew Wheeler (Apr 22)
https://www.govtech.com/policy/conn-senate-passes-sweeping-data-privacy-legislation

(TNS) — A wide-ranging data privacy bill that would create rights for
consumers and responsibilities for businesses and Internet carriers who
have become used to harvesting — and sometimes misusing or misplacing —
data, was unanimously approved by the state Senate on Wednesday.

If approved by the House of Representatives and signed into law by Gov. Ned...

Scraping data from websites is not hacking or a crime, rules Appeals Court in US Matthew Wheeler (Apr 19)
https://www.neowin.net/news/scraping-data-from-websites-is-not-hacking-or-a-crime-rules-appeals-court-in-us/

The Ninth Circuit Court of Appeals may have set an important precedent in
the tech world. The court has essentially concluded that “Data Scraping” is
not hacking. Hence, it might not be illegal to scrape data from websites,
and social media platforms, unless there are defensive technologies in
place.

After listening to the arguments...

Biden urged to consider federal digital identity framework Matthew Wheeler (Apr 19)
https://www.biometricupdate.com/202204/biden-urged-to-consider-federal-digital-identity-framework

United States President Joe Biden has been advised to consider putting in
place a nationwide digital identity framework as one of four proposed
measures experts believe will help fight identity theft in the country.

In a letter spotted by GovInfoSecurity, addressed to Biden by identity
security experts and posted to Twitter, the President has been...

Cybersecurity experts warn of ransomware attacks targeting small businesses Matthew Wheeler (Apr 19)
https://fox59.com/news/national-world/ransomware-attacks-targeting-small-businesses/

INDIANAPOLIS — Ransomware attacks are on the rise, according to the FBI’s
Internet Crime Complaint Center. The latest numbers show increases across
the board from the number of incidents to the amount of money bad actors
are demanding to the number of reports made.

Unfortunately, cybersecurity experts say small businesses are being
increasingly targeted....

9 Steps Necessary for Infrastructure Security Matthew Wheeler (Apr 19)
https://www.hackread.com/9-steps-necessary-for-infrastructure-security/

The ever-present threat of cyber security attacks has made IT
infrastructure security a priority for most businesses. Cybercriminals are
nowadays using bots to troll the internet for vulnerabilities.

IT security is of utmost importance in this current age due to the move to
employees working from home (WFH) and services being provided through cloud
technology. Security...

Open Source Tool Development

metasploit logo

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...

Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]....

wireshark logo

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

You have been unsubscribed from the Wireshark-users mailing list wireshark-users-bounces (Mar 07)

You have been unsubscribed from the Wireshark-dev mailing list wireshark-dev-bounces (Mar 07)

You have been unsubscribed from the Wireshark-announce mailing list wireshark-announce-bounces (Mar 07)

wireshark-announce resubscription requested Wireshark announcements (Mar 07)
Hi all,

As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-announce. If you
wish to continue to receive emails from this list, please visit

https://www.wireshark.org/mailman/listinfo/wireshark-announce

and resubscribe. Thank you for your time and patience in this matter.

wireshark-dev resubscription requested Gerald Combs (Mar 07)
Hi all,

As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-dev. If you wish
to continue to receive emails from this list, please visit

https://www.wireshark.org/mailman/listinfo/wireshark-dev

and resubscribe. Thank you for your time and patience in this matter.

wireshark-users resubscription requested Gerald Combs (Mar 07)
Hi all,

As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-users. If you wish
to continue to receive emails from this list, please visit

https://www.wireshark.org/mailman/listinfo/wireshark-users

and resubscribe. Thank you for your time and patience in this matter.

Re: wireshark extension for a Kernel Module (like Usbmon) Guy Harris (Mar 06)
You do it in libpcap.

Then:

if you have a version of Wireshark that's linked with your version of libpcap;

and if kpnode_findalldevs() works, so that its devices show up in Wireshark when it calls pcap_findalldevs();

and if kpnode_create() works, so that it can be opened in Wireshark when it calls pcap_create() on a kpnode
device and it can be activated with pcap_activate();

and if dumpcap - which is the...

wireshark extension for a Kernel Module (like Usbmon) Christian (Mar 06)
Hello out there, I created a kernel probe module and I want to watch the
outputs of this module with pcap/Wireshark. Just like usbmon. So I
defined a char device in the dev-directory /dev/kpnode from which the
pcap interface can read the output of that module. In order to enable
Wireshark to read from this device, I started to place a handler
function into libpcap:
In pcap.c I put in
#ifdef PCAP_SUPPORT_KPNODE
#include "pcap-kpnode.h"...

wireshark-announce resubscription requested Wireshark announcements (Mar 03)
Hi all,

As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.

On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...

wireshark-users resubscription requested Gerald Combs (Mar 03)
Hi all,

As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.

On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...

wireshark-dev resubscription requested Gerald Combs (Mar 03)
Hi all,

As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.

On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...

Re: First 4 bytes in SNMP application data chuck c (Mar 03)
Whoops - typo on the version.
value=1 is snmpv2c

https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-snmp.c#L2115
static const value_string snmp_Version_vals[] = {
{ 0, "version-1" },
{ 1, "v2c" },
{ 2, "v2u" },
{ 3, "snmpv3" },
{ 0, NULL }
};

Not sure that I've ever seen v2u or v2p out in the wild.
https://www.ibm.com/docs/en/zos/2.4.0?topic=protocols-snmpv2...

Re: First 4 bytes in SNMP application data Jaap Keuter (Mar 03)
Hi,

What you’re looking at is the SNMP encoding according to the Basic Encoding Rules[2] (BER). These octets define the BER
structure.

For example a 64 octet SNMPv3 message starts as such:

SNMPv3Message ::= SEQUENCE {

30 3E

msgVersion INTEGER ( 0 .. 2147483647 ),

02 01 03

Where 30 defines a sequence, 3E the length, 02 an integer, 01 length of one and 03 the version number.

[1]...

Re: First 4 bytes in SNMP application data chuck c (Mar 03)
SNMP (https://datatracker.ietf.org/doc/html/rfc1157) uses ASN.1 BER (
https://en.wikipedia.org/wiki/X.690#BER_encoding) to define the data.

"These types of encodings are commonly called type–length–value (TLV)
encodings"

(See https://datatracker.ietf.org/doc/html/rfc1592 for a packet diagram)

It's a bit confusing since there is no 0x30 in the BER tags list. Looking
farther down into the details it's explained:
"In...

First 4 bytes in SNMP application data Chandra Japan (Mar 03)
Hi Wireshark Team,

Please let me know

what does first 4 bytes in SNMP Data indicate

because I could see from 5th byte I see version and other things

Regards
Chandramohan

snort logo

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Snort Subscriber Rules Update 2022-05-12 Research (May 12)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other,
malware-cnc, policy-other, protocol-dns, server-apache and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-05-10 Research (May 10)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2022-23270:
A coding deficiency exists in Point-to-Point Tunneling Protocol that
may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 59726 for Snort2, and
GID 1, SID 300125 for Snort3....

Snort GPLv2 Community Rules Eric Sigurdsson (May 05)
Hi,

What has happened to the Community Rules? I have not got any updates since
April 27.

Eric


Snort Subscriber Rules Update 2022-05-05 Research (May 05)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image,
os-other, protocol-ftp, server-mysql and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-05-03 Research (May 03)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

snort3: appid can not detect ssh Costas Kleopa (ckleopa) via Snort-devel (Apr 28)
Adding the AppID distribution list.

Meridoff can you also tell us what kind of IPS rule are you using for triggering this traffic?

Do you have the complete output of snorts logging when the pcap is tested also?

Thanks,
Costas


Yes, I do. My config (attached too):

HOME_NET = "any"
EXTERNAL_NET = "any"
dofile("/var/lib/snort/snort_defaults.lua")
dofile("/var/lib/snort/file_magic.lua")
references =...

Snort Subscriber Rules Update 2022-04-28 Research (Apr 28)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-office,
file-other, os-windows, policy-other, protocol-dns, server-apache and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: snort3: appid can not detect ssh Meridoff via Snort-devel (Apr 27)
Yes, I do. My config (attached too):

HOME_NET = "any"
EXTERNAL_NET = "any"
dofile("/var/lib/snort/snort_defaults.lua")
dofile("/var/lib/snort/file_magic.lua")
references = default_references
classifications = default_classifications
output = { logdir="/var/log/snort/", show_year=true}
process = { daemon=true }
snort = { ["-e"] = true, ["-M"] = true,...

Re: snort3: appid can not detect ssh Al Lewis (allewi) via Snort-devel (Apr 27)
Hello,

Do you have a config file that you can share?

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Meridoff via Snort-devel <snort-devel () lists
snort org>
Reply-To: Meridoff <oagvozd () gmail com>
Date: Wednesday, April 27, 2022 at 6:58 AM
To: "snort-devel () lists snort...

snort3: appid can not detect ssh Meridoff via Snort-devel (Apr 27)
Hello, I use snort3.1.20 and try to detect appid OpenSsh .
I've setup inspector ssh, binder, stream inspectors, and made ssh request
through router srv1.
All appids are loaded in snort.

No ssh detected, In log I can see:

Mar 18 05:33:07 srv1 snort[1742]: AppIdDbg 10.30.1.2 53008 -> 192.168.1.3
22 6 AS=0 ID=0 New AppId session
Mar 18 05:33:07 srv1 snort[1742]: AppIdDbg 10.30.1.2 53008 -> 192.168.1.3
22 6 AS=0 ID=0 Published event for...

Snort Subscriber Rules Update 2022-04-26 Research (Apr 26)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-flash,
file-pdf, malware-cnc, os-windows and server-other rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-04-21 Research (Apr 21)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other,
malware-cnc, protocol-dns, protocol-voip and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-04-19 Research (Apr 19)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-multimedia,
file-office, file-other, protocol-dns, protocol-imap, server-oracle and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: blocking rules snort 3 Al Lewis (allewi) via Snort-sigs (Apr 19)
Hello,

Snort will need to be inline to block effectively. Are your two hosts able to reach each other when snort is NOT
running (from the two networks in question)? If so then snort is not inline.

Once snort is started it should “bridge” the gap between both networks.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-sigs <snort-sigs-bounces () lists...

blocking rules snort 3 Yvan via Snort-sigs (Apr 18)
<<< image/png; name="9F9C525266624F0E9FB5CE51B700192B.png": Unrecognized >>>

More Lists

We also maintain archives for these lists (some are currently inactive):

Related Resources

Read some old-school private security digests such as Zardoz at SecurityDigest.Org

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.