SecLists.Org Security Mailing List Archive
Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all using the Site Search box above.
Insecure.Org Lists
Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.
Previous Quarter
Archived Posts
RSS Feed
About ListRemoving scan options in the UI does not remove them in the address line Eitan Caspi (Feb 24)
Hello,
I use zenmap 7.92 on window 10, latest build, 21H2.
When editing an existing profile and at the command line there is a use of
-sT and -sU and -T4 - when changing these options from the UI drop-down
lists to "None" - they are not removed from the profile's command line at
the top.
Changing to other values, that are not "none", from within each option type
- works fine and updates the command line with the...
can not set option and profile Bernard (Feb 24)
Greetings Kind Regards Thank You for providing Zenmap 7.92 for Windows
10 . The attached GIF demonstrates setting the -6 option causes the
selected profile to be cleared then selecting the profile causes the
-6 option to disappear ad infinitum . I may be doing something wrong
as I know nothing re/ networks so I beg your indulgence . I merely
copied the address from All Settings . Network & Internet . Status .
View hardware and connection...
packet-trace inconsistent paacman via dev (Feb 23)
I've noticed when using the packet-trace option that Nmap doesn't always display all packets sent and received.
For example doing a syn scan all the packets (SYN, ACK, Reset) are shown but doing a connect scan does not. Is this by
design for some reason?_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Re: Most popular ports updated last Robin Wood (Feb 19)
I'd have thought that most boxes that have 443 open also have 80 but there
will still be some older boxes that have just 80.
Robin
Re: Most popular ports updated last Esa Jokinen via dev (Feb 19)
The port frequency information seems to be rather old; from Sep 5, 2008
commit 415bcdf1a64472a85b90158cf5cde8594443ef68 [1], and the open-
frequency column still has the same values for HTTP(S):
http 80/tcp 0.484143 # World Wide Web HTTP
http 80/udp 0.035767 # World Wide Web HTTP
https 443/tcp 0.208669 # secure http (SSL)
https 443/udp 0.010840
More recent statistics gathered from...
Most popular ports updated last paacman via dev (Feb 17)
When was the last time the most popular ports been updated in the nmap-services file? I'm wondering about the usage
frequency, it shows http is the most opened port, I would think https is now the most open port._______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Re: Nmap 25th anniversary Arturo 'Buanzo' Busleiman (Feb 16)
I am SO +1 on this. Where?
Nmap 25th anniversary Sebastian Garcia (Feb 15)
Hi awesome community!
Hey, this Sep 1st, 2022 is going to be the 25th anniversary of our beloved
Nmap. I believe it is a good moment to do something and celebrate. A
quarter century is not something many tools live to see, with such a
continuous energy, effort and impact in our community.
What about doing something? A conference? flyers on the street? the largest
nmap hackers online call of the century? Organising a 'Scan your network
and...
[NSE] Problems with authentication in ms-sql in Nmap 7.91+ Paulino Calderon (Jan 14)
Hey,
I was wondering if anyone familiar with the MS-SQL protocol knows what
might be happening here. The dev branch version crashes at the moment
when scanning Microsoft SQL Server 2005 9.00.3042; SP2:
NSE: [ms-sql-brute M:b41d0c xx.xx.xx.xx] MSSQL-SSRP: SSRP Data:
ServerName;XXXX;InstanceName;MSSQLSERVER;IsClustered;No;Version;9.00.3042.00;tcp;1433;;
NSE: [ms-sql-brute M:b41d0c xx.xx.xx.xx] MSSQL-SSRP: SSRP Substrings:...
Special MAC Addresses Toni Ruottu (Jan 02)
Hi!
I encountered two interesting MAC address reuse cases while exploring
Commodore 64 networking. I'm wondering if these two cases are mere
exceptions. If there are lots of MAC addresses with special meanings it
might be nice if nmap shipped with a list of them and warned the user when
one of them is encountered.
RR-Net is perhaps the most used NIC for C64 networking. According to the
manufacturer documentation some models of the NIC do...
[no subject] Le Aluminarti (Dec 16)
Re: [nmap/nmap] Replace deprecated CPEs for Microsoft IIS. #2401 (PR #2402) Esa Jokinen via dev (Dec 10)
On Tue, 2021-12-07 at 15:07 -0800, nnposter <notifications () github com>
wrote:
(From https://github.com/nmap/nmap/pull/2402)
I was wondering the same. According to CONTRIBUTING.md, GitHub should
be used for pull requests. The changes are manually added to the
Subversion repository and synced back from there. However, the document
also states that the GitHub repository should be read only.
In my opinion the documented workflow seems a...
Q: "nmap as a service" monitoring project? Jacek Wielemborek (Dec 09)
Hi,
I'd like to continuously port-scan given IPs and get informed once any
of the ports opens or closes. Is there any (preferably open source)
project that works this way?
Cheers,
Jacek "d33tah" Wielemborek
nc -kle 'cat largefile' doesn't transmit correctly Tobias Girstmair (Nov 27)
Hi folks,
I'm using ncat as a simple web server, as described in
https://nmap.org/ncat/guide/ncat-tricks.html#ncat-httpserv . The file
I'm serving is relatively large (80kB), and I noticed that it gets
mangled very often: a section of over a kilobyte is missing from the
middle (at packet boundaries; e.g. after 44888 bytes using 1448 sized
packets).
This seems to only happen when using --exec or --sh-exec; not when
piping the same file...
Re: smb NSE scripts with special characters password Carlos Gomes - FCHS (Nov 25)
Sorry, but both links are not working.
Also I did not understand what list are we talking about :D
Em qua., 24 de nov. de 2021 às 18:11, Oliver Aldridge <oliver () aldridge net>
escreveu:
Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.
Npcap 1.60 Release: Code Hardening, Compatibility, and Bug Fixes Gordon Fyodor Lyon (Dec 08)
Hi Nmap (and Npcap) hackers! I hope you're enjoying the start of the
holidays. For your first stocking stuffer, we're happy to release Npcap
Version 1.60! We also released (but never actually announced) Version 1.55
in September. We put out Versions 1.12 and 1.11 of the SDK too. None of
these try to wow you with major new features. We're excited about a lot of
those in the pipeline, but we focused the last few months on...
Nmap 7.92 Defcon Release! Gordon Fyodor Lyon (Aug 07)
Hi folks. Many of us can't attend Defcon in person this year due to global
pandemic, but we won't let that stop our traditional Defcon Nmap release!
We just posted Nmap 7.92 to https://nmap.org/download.html. It includes
dozens of performance improvements, feature enhancements, and bug fixes
that we've made over the last 10 months.
The biggest improvement (at least for Windows users) is the inclusion of
version 1.50 of Npcap (...
Npcap 1.50 Release Brings Nmap & Wireshark to Windows ARM devices Gordon Fyodor Lyon (Jun 28)
Hi folks. The Nmap Project is pleased to release Npcap version 1.50 at
https://npcap.org. There are many improvements in this release, but the
one we're most excited about is support for the ARM architecture! This
allows apps like Nmap and Wireshark to run for the first time on a newer
generation of hardware which often includes all-day battery life and
always-on LTE/5G capabilities. Devices vary from the $349 Samsung Galaxy
Book Go...
Npcap 1.30 Released: Raw WiFi + Better Performance Gordon Fyodor Lyon (Apr 12)
Hi folks. The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did....
Npcap 1.20 released Gordon Fyodor Lyon (Mar 16)
Nmap/Npcap Community:
I'm happy to report the release of version 1.20 of the Npcap Windows packet
capturing/sending driver! It's the first release of 2021 and includes
better capabilities for selecting timestamp methods as well as many other
improvements and bug fixes. These include updating the underlying libpcap
library to version 1.10 and building our installer now with NSIS 3. More
details on all this are available from the...
Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Backdoor.Win32.XLog.21 / Authentication Bypass Race Condition malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2906b5dc5132dd1319827415e837168f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.XLog.21
Vulnerability: Authentication Bypass Race Condition
Description: The malware listens on TCP port 5553. Third-party attackers
who can reach the system before a password has been set can logon using
default credentials of...
Backdoor.Win32.Xingdoor / Denial of Service malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/89000e259ffbd107b7cc9bac66dcdcf5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Xingdoor
Vulnerability: Denial of Service
Description: The malware "System_XingCheng" listens on TCP port 7016.
Attackers who can send a specially crafted packet, can trigger an int 3
"\xcc" breakpoint debug...
Backdoor.Win32.Wisell / Stack Buffer Overflow (SEH) malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wisell
Vulnerability: Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5277. Attackers who can reach
the infected system can send a specially crafted packet triggering a stack
buffer overflow overwriting...
Backdoor.Win32.FTP.Lana.01.d / Port Bounce Scan malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Port Bounce Scan
Description: The malware listens on TCP port 9003. Third-party intruders
who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT Command...
Backdoor.Win32.FTP.Lana.01.d / Weak Hardcoded Credentials malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.FTP.Lana.01.d
Vulnerability: Weak Hardcoded Credentials
Family: Lana
Type: PE32
MD5: ea9ab5983a6fa71e31907e74d4ddbab6
Vuln ID: MVID-2022-0539
Dropped files: sersvc32.exe
Disclosure: 04/06/2022
Description: The malware listens in TCP...
Backdoor.Win32.Verify.h / Unauthenticated Remote Command Execution malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/82641dabbb1f73dd775e200466a07ec1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Verify.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP ports 1906 and 1907. Third-party
adversaries who can reach an infected host on either port can gain access
and or run any OS...
Backdoor.Win32.Ptakks.XP.a / Insecure Credential Storage malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/e087725b01dded75d85a20db58335fa8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Ptakks.XP.a
Vulnerability: Insecure Credential Storage
Description: The default password for the backdoor FTP is stored in
cleartext within the ptakks.ini file.
Family: Ptakks
Type: PE32
MD5: e087725b01dded75d85a20db58335fa8
Vuln...
Backdoor.Win32.Wisell / Unauthenticated Remote Command Execution malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wisell
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5277. Third-party adversaries
who can reach an infected host can run any OS commands.
Family: Wisell
Type: PE32
MD5:...
Backdoor.Win32.Bifrose.uw / Insecure Permissions malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9e4f942c60044feef0fb48538ffac383.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Bifrose.uw
Vulnerability: Insecure Permissions
Description: The malware writes a ".EXE" file with insecure permissions to
c drive granting change (C) permissions to the authenticated user group.
Standard users can rename...
Backdoor.Win32.Easyserv.11.c / Insecure Transit malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/3b5564e88a0b8a41e4fd730891e635cc.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Easyserv.11.c
Vulnerability: Insecure Transit
Description: The malware makes outbound C2 connection to TCP port 5558.
Credentials are sent over the network in plaintext and the payload looks
exactly like that used by XLog malware...
Backdoor.Win32.Tiny.a / Unauthenticated Remote Command Execution malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9fa664bc52e1aa46a09ac51aaa6c7384.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Tiny.a
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7777. Third-party attackers
who can reach an infected system can run any OS commands hijacking the
compromised host.
Family:...
Backdoor.Win32.Wollf.h / Unauthenticated Remote Command Execution malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/867c6b432ccd4aa51adc5e2722a4b144.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware runs with SYSTEM integrity and listens on TCP
port 7614. Third-party adversaries who can reach an infected host can
run commands made available...
Backdoor.Win32.Delf.ps / Information Disclosure malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/cf3c08afa6c2d49ba36ed0f895893d71.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Delf.ps
Vulnerability: Information Disclosure
Description: The malware listens on TCP port 80. Third-party adversaries
who can reach an infected host can generate and download screenshots of the
systems desktop.
Family: Delf
Type:...
Backdoor.Win32.Jokerdoor / Weak Hardcoded Credentials malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/a6437375fff871dff97dc91c8fd6259f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Jokerdoor
Vulnerability: Weak Hardcoded Credentials
Family: Jokerdoor
Type: PE32
MD5: a6437375fff871dff97dc91c8fd6259f
Vuln ID: MVID-2022-0531
Dropped files: Random name "awup.exe"
Disclosure: 04/02/2022
Description: The...
Backdoor.Win32.Wollf.h / Unauthenticated Remote Command Execution malvuln (Apr 07)
Discovery / credits: Malvuln - malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/867c6b432ccd4aa51adc5e2722a4b144.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Wollf.h
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware runs with SYSTEM integrity and listens on TCP port
7614. Third-party adversaries who can reach an infected host can run
commands made available...
Other Excellent Security Lists
Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Re: [SECURITY] [DSA 4628-1] php7.0 security update Timesportsall (Jan 16)
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
------------------------------------------------------------------------
-
Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047
CVE-2019-11050 CVE-2020-7059...
Re: BugTraq Shutdown tommypickle (Jan 16)
All old school hackers from UPT remember and want to show respect. Thanks for everything.
On Second Thought... alias (Jan 16)
Bugtraq has been a valuable institution within the Cyber Security community for
almost 30 years. Many of our own people entered the industry by subscribing to it
and learning from it. So, based on the feedback weâve received both from the
community-at-large and internally, weâve decided to keep the Bugtraq list running.
Weâll be working in the coming weeks to ensure that it can remain a valuable asset
to the community for years to...
BugTraq Shutdown alias (Jan 15)
2020 was quite the year, one that saw many changes. As we begin 2021, we wanted
to send one last note to our friends and supporters at the SecurityFocus BugTraq
mailing list. As many of you know, assets of Symantec were acquired by Broadcom
in late 2019, and some of those assets were then acquired by Accenture in 2020
(https://newsroom.accenture.com/news/accenture-completes-acquisition-of-broadco
ms-symantec-cyber-security-...
Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open Vic Vandal (Feb 03)
We are pleased to announce that CarolinaCon-15 will be on April 26th-28th 2019 in Charlotte NC at the Renaissance
Charlotte Suites. All who are interested in speaking on any topic in the realm of hacking, cybersecurity, technology,
science, robotics or any related field are invited to submit a proposal to present at the con. Full disclosure that
technology or physical security exploitation type submissions are most desirable for this storied...
Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
44CON 2018 - 12th-14th September, London (UK) Steve (Feb 28)
44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training
on the 10th and 11th of September, a free evening event on the 12th of September, and a full two-day conference on the
13th and 14th of September. The event takes place at the ILEC Conference Centre near Earls Court, London. 44CON 2018
includes catering, private bus bar and Gin O'Clock breaks. Early Bird discounted...
RootedCON Security Conference - 1-3 March, Madrid (Spain) omarbv (Feb 11)
On the occasion of the ninth edition of RootedCON, the most important
computer security conference in the country, around 2,000 hackers will
meet to discuss new questions and researchs about the cybersecurity
world, with its risks and threats. National and international experts
have included in their agendas this mandatory appointment to discuss new
vulnerabilities, viruses, and other threats, they will also talk about
countermeasures in order...
Info Security News — Carries news items (generally from mainstream sources) that relate to security.
Ransomware: Why one city chose to the pay the ransom after falling victim InfoSec News (Aug 12)
https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/
By Danny Palmer
ZDNet.com
August 12, 2020
A US city has explained why it gave into the demands of cyber criminals
and paid a ransom demand of $45,000 following a ransomware attack.
Lafayette, Colorado fell victim to ransomware on July 27, which encrypted
the city's computer networks and caused disruptions to phone services,
email and...
0-days, a failed patch, and a backdoor threat. Update Tuesday highlights InfoSec News (Aug 12)
https://arstechnica.com/information-technology/2020/08/update-tuesday-fixes-2-0days-and-botched-patch-for-a-backdoor-threat/
By Dan Goodin
Ars Technica
08/12/2020
Microsoft on Tuesday patched 120 vulnerabilities, two that are notable
because they’re under active attack and a third because it fixes a
previous patch for a security flaw that allowed attackers to gain a
backdoor that persisted even after a machine was updated.
Zero-day...
OCR warns hospitals of HIPAA compliance scams InfoSec News (Aug 12)
https://www.healthcareitnews.com/news/ocr-warns-hospitals-apparent-hipaa-compliance-scams
By Mike Miliard
Healthcare IT News
August 11, 2020
The Office for Civil Rights at the U.S. Department of Health and Human
Services has warned health systems about what appears to be something of
an old-fashioned and low-tech phishing attempt: fraudulent postcards, most
addressed to hospital privacy officers, that warn of noncompliance with a
mandatory...
The Secret SIMs Used By Criminals to Spoof Any Number InfoSec News (Aug 12)
https://www.vice.com/en_us/article/n7w9pw/russian-sims-encrypted
By Joseph Cox
Vice.com
August 12, 2020
The unsolicited call came from France. Or at least that's what my phone
said. When I picked up, a man asked if I worked with the National Crime
Agency, the UK's version of the FBI. When I explained, no, as a journalist
I don't give information to the police, he said why he had contacted me.
"There are these special SIM...
North Korean Hacking Group Attacks Israeli Defense Industry InfoSec News (Aug 12)
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html
By Ronen Bergman and Nicole Perlroth
nytimes.com
Aug. 12, 2020
TEL AVIV -- Israel claimed Wednesday that it had thwarted a cyberattack by
a North Korea-linked hacking group on its classified defense industry.
The Defense Ministry said the attack was deflected “in real time” and that
there was no “harm or disruption” to its computer systems.
However,...
FBI says an Iranian hacking group is attacking F5 networking devices InfoSec News (Aug 11)
https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/
By Catalin Cimpanu
Zero Day
ZDNet.com
August 10, 2020
A group of elite hackers associated with the Iranian government has been
detected attacking the US private and government sector, according to a
security alert sent by the FBI last week.
While the alert, called a Private Industry Notification, didn't identify
the hackers by name,...
Pen Test Partners: Boeing 747s receive critical software updates over 3.5" floppy disks InfoSec News (Aug 11)
https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walkthrough/
By Gareth Corfield
The Register
08/10/2020
DEF CON -- Boeing 747-400s still use floppy disks for loading critical
navigation databases, Pen Test Partners has revealed to the infosec
community after poking about one of the recently abandoned aircraft.
The eye-catching factoid emerged during a DEF CON video interview of PTP's
Alex Lomas, where the man...
US Cyber Command is using unclassified networks to fight election interference InfoSec News (Aug 10)
https://www.c4isrnet.com/cyber/2020/08/10/us-cyber-command-is-using-unclassified-networks-to-fight-election-interference/
By Mark Pomerleau
C4ISRNET.com
08/10/2020
WASHINGTON -- U.S. Cyber Command is using unclassified networks and
publicly available communication platforms as it works to prevent foreign
interference in the next presidential election, a CYBERCOM official has
revealed.
“From a CYBERCOM standpoint, one of the big changes...
New England guardsmen test their skills in Cyber Yankee 2020 InfoSec News (Aug 03)
https://www.c4isrnet.com/cyber/2020/08/03/new-england-guardsmen-test-their-skills-in-cyber-yankee-2020/
By Mark Pomerleau
C4ISRNET.com
08/03/2020
Members of the National Guard from New England states concluded a two-week
cyber exercise that sought to test the cyber skills of guardsmen and
critical infrastructure operators.
Cyber Yankee 2020, which took place July 21-31 in New Hampshire, involved
more than 200 National Guard members and...
Travel management company CWT hands over $4.5M following ransomware attack InfoSec News (Aug 03)
https://siliconangle.com/2020/08/02/travel-management-company-cwt-hands-4-5m-following-ransomware-attack/
By Duncan Riley
SiliconAngle.com
08/02/2020
Business travel management company CWT Global B.V. is the latest company
to pay a ransom demand following a ransomware attack.
According to report Friday by Reuters, the company paid $4.5 million to
those behind the ransomware after the attack knocked some 30,000 of the
company’s computers...
DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns InfoSec News (Aug 03)
https://www.cyberscoop.com/taidoor-malware-report-china-cisa-dod-fbi/
By Shannon Vavra
CYBERSCOOP
August 3, 2020
The U.S. government publicly put forth information Monday that exposed
malware used in Chinese government hacking efforts for more than a decade.
The Chinese government has been using malware, referred to as Taidoor, to
target government agencies, entities in the private sector, and think
tanks since 2008, according to a joint...
Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets InfoSec News (Aug 03)
https://www.theregister.com/2020/08/03/leaky_s3_buckets/
By Shaun Nichols in San Francisco
The Register
3 Aug 2020
The massive amounts of exposed data on misconfigured AWS S3 storage
buckets is a catastrophic network breach just waiting to happen, say
experts.
The team at Truffle Security says its automated search tools were able to
stumble across some 4,000 open Amazon S3 buckets that included data
companies would not want public, things...
House Republicans introduce legislation to give states $400 million for elections InfoSec News (Aug 03)
https://thehill.com/policy/cybersecurity/510362-house-republicans-introduce-legislation-to-give-states-400-million-for
By Maggie Miller
The Hill
08/03/2020
A group of House Republicans on Monday introduced legislation that would
appropriate $400 million to states to address election challenges stemming
from the COVID-19 pandemic.
The Emergency Assistance for Safe Elections (EASE) Act would designate
$200 million to assist with sanitizing...
Zoom private meeting passwords were easily crackable InfoSec News (Jul 30)
https://www.itnews.com.au/news/zoom-private-meeting-passwords-were-easily-crackable-551095
By Juha Saarinen
itnews.com.au
July 31, 2020
The automatically generated passwords protecting private Zoom meetings
could be cracked with relative ease, allowing access to sensitive
conferences, a researcher has discovered.
Web site developer Tom Anthony decided on March 31 this year to see if he
could crack the password for private Zoom meetings....
Pentagon needs access to defense companies' networks to hunt cyberthreats, says commission InfoSec News (Jul 30)
https://www.c4isrnet.com/cyber/2020/07/30/pentagon-needs-access-to-defense-companies-networks-to-hunt-cyberthreats-says-commission/
By Mark Pomerleau
C4ISRNET.com
July 30, 2020
WASHINGTON -- The Pentagon must be able to hunt cyberthreats on the
private networks of defense companies in order to strengthen national
cybersecurity, according to one of the leaders of the Cyber Solarium
Commission.
Rep. Mike Gallagher, R-Wis., who co-chairs the...
Firewall Wizards — Tips and tricks for firewall administrators
Revival? Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.
Paul
IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list
Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Faraday Beta V3.0 Released Francisco Amato (Jul 04)
Faraday helps you to host your own vulnerability management platform
now and streamline your team in one place.
We are pleased to announce the newest version of Faraday v3.0. In this
new version we have made major architecture changes to adapt our
software to the new challenges of cyber security. We focused on
processing large data volumes and to making it easier for the user to
interact with Faraday in its environment.
To install it you can...
Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Re: GraphQL Jim Manico via Dailydave (Mar 05)
For many years GraphQL implementations have had massive issues with
access control/authorization and denial of service. This is a common
problem when you are essentially give a database prompt to the client.
GraphQL is better off on the back end only, IMO.
At OWASP we have an older cheatsheet on this topic that gets a lot of hits.
https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html
If you have suggestions to make this...
GraphQL Dave Aitel via Dailydave (Mar 05)
One of the best ways to get more performance out of your networked system
is to trust the client more. This is always a bad idea from a
security perspective, as everyone on this list knows, but it's fun to see
it reincarnated a thousand times in different bodies.
So for example if your web application has endless structured data always
changing and you're sick of writing REST APIs and middleware you start
thinking - what if instead, I...
General Relativity is Not Evenly Distributed Dave Aitel via Dailydave (Feb 11)
[image: image.png]
If cities were 100% accurately represented by video games, Miami would of
course be *GTA: Vice City*, a story of simplistic corruption garishly lit
and stuck in 2002 forever. It's traditional to hate on Miami, right until
you make some crypto money and decide to move there into a condominium with
a stunning view and an equally stunning lack of maintenance or foresight
around rising water tables.
Seattle, on the other...
Re: Cyber Threat Intelligence vs Megafauna Konrads Klints via Dailydave (Feb 09)
Biology in its beautiful variety has a problem for taxonomist absolutists - new species keep on being discovered. Thus
strategy that aims to find and classify everyone is doomed. Same in cyberz - it's good that we know about prominent
members but little varieties unless game changing are boring and useless for strategic decision making.
Same sort of goes with C2. C2 is one of the requirements for most varieties of CNE. It makes a lot of...
Cyber Threat Intelligence vs Megafauna Dave Aitel via Dailydave (Jan 27)
https://twitter.com/SecurePeacock/status/1486156096259637250?s=20
[image: image.png]
So I wanted to respond to this post which starts "If someone exploits an
0day they still have to setup C2 - this is where TTPs are generated that
Blue Teams can win against". And I think for the past year I've gone on a
huge journey of discovery, annoying my Cyber Threat Intelligence friends to
no end as I ask annoying questions like "After...
RootedCON 2022 Call For Papers is open! omarbv--- via Dailydave (Jan 02)
______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|
*** /RootedCON'2022 - Main activity ***
-=] About RootedCON
RootedCON is a technology congress that will be developed in Madrid
(Spain) from 10 - 12 of march 2022....
Some cool projects - JOERN Dave Aitel via Dailydave (Dec 09)
Lately all I've been doing is data science but I've been trying to keep up
with some of the cool work happening in the cybers as well. One project I
think is especially cool is the Joern Ghidra2CPG project.
https://twitter.com/fabsx00/status/1466302205019971586?s=20
https://joern.io/blog/joern-supports-binary/
The theory is that you can use the Ghidra decompiler, then have a code
property graph, which they store in a special purpose...
PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.
BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast
Hello all,
For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.
Basically, we are trying to be edgy and different.
You may want to come...
BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,
In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...
BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!
How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!
Ready for another awesome BHIS webcast? Dakota is back and...
Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...
Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!
CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...
Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,
I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.
The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...
Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.
Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************
Summary
=======
The following CVE has undergone a minor revision
increment:
* CVE-2018-8172
Revision Information:
=====================
- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...
Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************
Summary
=======
The following CVEs and advisory have undergone a minor revision
increment:
* CVE-2018-8454
* CVE-2018-8552
* ADV990001
Revision Information:
=====================
- CVE-2018-8454 | Windows Audio Service...
Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************
Summary
=======
The following CVE has undergone a minor revision increment:
* CVE-2018-8512
Revision Information:
=====================
- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...
Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************
Summary
=======
The following CVE been added to the October 2018 Security updates:
* CVE-2018-8569
Revision Information:
=====================
- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...
Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2010-3190
Revision Information:
=====================
- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...
Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************
Summary
=======
The following CVE has undergone a minor revision increment:
* CVE-2018-8531
Revision Information:
=====================
- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...
Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************
Summary
=======
The following CVE been added to the October 2018 Security updates:
* CVE-2018-8292
Revision Information:
=====================
- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...
Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment:
* MS11-025
Revision Information:
=====================
- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...
Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************
This summary lists security updates released for October 9, 2018.
Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.
Please note the...
Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************
Summary
=======
The following CVE has undergone a major revision increment:
* CVE-2018-0952
Revision Information:
=====================
- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...
Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************
Security Advisories Released or Updated on September 12, 2018
===================================================================
* Microsoft Security Advisory ADV180022
- Title: Windows Denial of Service Vulnerability
-...
Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************
Summary
=======
The following CVEs have undergone a minor revision increment:
* CVE-2018-8421
* CVE-2018-8468
Revision Information:
=====================
- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...
Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************
This summary lists security updates released for September 11, 2018.
Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....
Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************
Summary
=======
The following CVE has undergone a major revision increment:
* CVE-2018-8154
Revision Information:
=====================
- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...
Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************
Security Advisories Released or Updated on September 11, 2018
===================================================================
* Microsoft Security Advisory ADV180002
- Title: Guidance to mitigate speculative execution...
Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community
Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:
A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...
I don't quite understand this double talk. Could someone explain to me:
A spokesperson from Verizon said that...
Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038
As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...
The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2
Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.
Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...
Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):
-----
A. Michael Froomkin:
The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...
The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html
I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?
If they could put cameras in...
Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):
In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...
CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.
Mozilla Releases Security Update for Thunderbird US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Mozilla Releases Security Update for Thunderbird [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird ] 07/17/2020
10:50 AM EDT
Original release date: July 17, 2020
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit
some of these...
Microsoft Releases Security Update for Edge US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Microsoft Releases Security Update for Edge [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/microsoft-releases-security-update-edge ] 07/17/2020 10:53 AM
EDT
Original release date: July 17, 2020
Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit
this vulnerability to drop...
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation US-CERT (Jul 17)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation [
https://us-cert.cisa.gov/ncas/alerts/aa20-198a ] 07/16/2020 08:09 AM EDT
Original release date: July 16, 2020
Summary
"This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) and Pre-ATT&CK
frameworks....
CISA Releases Emergency Directive on Critical Microsoft Vulnerability US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
CISA Releases Emergency Directive on Critical Microsoft Vulnerability [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability
] 07/16/2020 03:28 PM EDT
Original release date: July 16, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive...
Apple Releases Security Updates US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Apple Releases Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/apple-releases-security-updates ] 07/16/2020 11:17 AM EDT
Original release date: July 16, 2020
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of
these vulnerabilities to take control of an...
Malicious Activity Targeting COVID-19 Research, Vaccine Development US-CERT (Jul 16)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Malicious Activity Targeting COVID-19 Research, Vaccine Development [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/malicious-activity-targeting-covid-19-research-vaccine-development
] 07/16/2020 07:16 AM EDT
Original release date: July 16, 2020
In response to malicious activity targeting COVID-19 research and vaccine development in the United...
Cisco Releases Security Updates for Multiple Products US-CERT (Jul 15)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Cisco Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products ]
07/15/2020 03:19 PM EDT
Original release date: July 15, 2020
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote
attacker...
Oracle Releases July 2020 Security Bulletin US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Oracle Releases July 2020 Security Bulletin [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/oracle-releases-july-2020-security-bulletin ] 07/14/2020
05:21 PM EDT
Original release date: July 14, 2020
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A
remote attacker could...
Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome-0 ] 07/14/2020 04:51
PM EDT
Original release date: July 14, 2020
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit...
Google Releases Security Updates for Chrome US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Google Releases Security Updates for Chrome [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome ] 07/14/2020 02:45 PM
EDT
Original release date: July 14, 2020
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit to...
Microsoft Releases July 2020 Security Updates US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Microsoft Releases July 2020 Security Updates [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-releases-july-2020-security-updates ] 07/14/2020
02:13 PM EDT
Original release date: July 14, 2020
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could
exploit some of these...
Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-addresses-wormable-rce-vulnerability-windows-dns-server
] 07/14/2020 02:14 PM EDT
Original release date: July 14, 2020
Microsoft has released a security update to address a remote code execution (RCE)...
Adobe Releases Security Updates for Multiple Products US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Adobe Releases Security Updates for Multiple Products [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/adobe-releases-security-updates-multiple-products ]
07/14/2020 01:18 PM EDT
Original release date: July 14, 2020
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit
some of...
Apache Releases Security Advisories for Apache Tomcat US-CERT (Jul 14)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
Apache Releases Security Advisories for Apache Tomcat [
https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/apache-releases-security-advisories-apache-tomcat ]
07/14/2020 11:33 AM EDT
Original release date: July 14, 2020
The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat.
An attacker...
AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java US-CERT (Jul 13)
Cybersecurity and Infrastructure Security Agency Logo
National Cyber Awareness System:
AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java [ https://us-cert.cisa.gov/ncas/alerts/aa20-195a ]
07/13/2020 07:07 PM EDT
Original release date: July 13, 2020
Summary
On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287 [
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287 ],...
Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 John Helmert III (Apr 08)
I'm sorry, I misread the descriptions. That version refers to WPE
WebKit rather than WebKitGTK.
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 John Helmert III (Apr 08)
The issue I described last time has come up again here [1]. 2.36.0 was
released on March 21, almost three weeks ago now, and its WSA was
released today. Why the long wait?
Three of these issues are fixed in 2.36.0 and 2.34.7, but I can't find
a release for 2.34.7 [2][3]. Is it released yet?
[1] https://www.openwall.com/lists/oss-security/2022/01/23/1
[2] https://webkitgtk.org/news.html
[3] https://webkitgtk.org/releases/
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 Carlos Alberto Lopez Perez (Apr 08)
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004
------------------------------------------------------------------------
Date reported : April 08, 2022
Advisory ID : WSA-2022-0004
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2022-0004.html
WPE WebKit Advisory URL :...
Re: zgrep, xzgrep: arbitrary-file-write vulnerability Axel Beckert (Apr 08)
Hi,
Ouch.
JFTR, if you have replaced GNU's zgrep with zgrep from zutils
(https://www.nongnu.org/zutils/zutils.html; allows to use z* tools
with many compression formats, also mixed in a single command), then
this exploit does not work:
abe@c6:~/tmp/zgrep-PoC $ touch foo.gz
abe@c6:~/tmp/zgrep-PoC $ echo foo | gzip > "$(printf '|\n;e cowsay pwned\n#.gz')"
abe@c6:~/tmp/zgrep-PoC $ zgrep foo *.gz
|
;e cowsay pwned...
CVE-2022-1158: Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region Qiuhao Li (Apr 08)
-- [ Description
When KVM updates a guest's page table entry, it first tries to pin the page
with get_user_pages_fast(). If it fails and vma-->flags has VM_PFNMAP, it
will calculate the physical address, map the page to the kernel address
space and write the update [1]:
pfn = ((vaddr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
paddr = pfn << PAGE_SHIFT;
table = memremap(paddr, PAGE_SIZE, MEMREMAP_WB);
if (!table)...
Re: zgrep, xzgrep: arbitrary-file-write vulnerability Levente Polyak (Apr 08)
CVE-2022-1271 has been assigned to this issue.
Cheers,
Levente
Re: zgrep, xzgrep: arbitrary-file-write vulnerability Jakub Wilk (Apr 08)
* Jim Meyering <jim () meyering net>, 2022-04-07, 11:44:
As mentioned in the xz patch, if you have GNU sed, you get not just file
write, but direct code execution.
PoC:
$ touch foo.gz
$ echo foo | gzip > "$(printf '|\n;e cowsay pwned\n#.gz')"
$ zgrep foo *.gz
_______
< pwned >
-------
\ ^__^
\ (oo)\_______
(__)\ )\/\...
Announce: OpenSSH 9.0 released Damien Miller (Apr 07)
OpenSSH 9.0 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information...
zgrep, xzgrep: arbitrary-file-write vulnerability Jim Meyering (Apr 07)
All previous versions of gzip and xzutils are affected.
xzutils released this patch today:
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig
gzip-1.12 was released today, with the fix:
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz
https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz.sig
CVE-2022-26612: Apache Hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows Gautham Banasandra (Apr 07)
Severity: high
Description:
The unTar function [1] uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes:
if(Shell.WINDOWS) {
// Tar is not native to Windows. Use simple Java based implementation for
// tests and simple tar archives
unTarUsingJava(inFile, untarDir, gzipped);
}
else {
// spawn tar utility to untar archive for full fledged unix behavior such
// as resolving symlinks in tar archives...
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
Paolo's patch:
https://www.spinics.net/lists/kvm/msg273052.html
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Qiuhao Li (Apr 07)
We sent the report to oss-security as instructed by linux-distro.
As Paolo said, /dev/kvm can be accessed by an unprivileged local user.
So it's a Dos. It also seems like there is a kernel NPD issue on oss
before: https://www.openwall.com/lists/oss-security/2022/04/02/5
We are willing to cooperate with the final decision of the CVE issuer
and oss-security.
Personally, I agree with Paolo this is not a scary bug. No embargo makes
it be...
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
Oh, indeed. So it's a local DoS for systems with user-accessible
/dev/kvm and panic_on_oops=1, like RHEL and its rebuilds. Makes sense
to have a CVE ID, then. (I assume that mmap_min_addr works.)
Alexander
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Paolo Bonzini (Apr 07)
Alexander,
indeed it doesn't cross guest-host boundaries. However, /dev/kvm is
accessible by unprivileged users, so it should be treated like any other
unprivileged NULL pointer dereference in Linux. I do not apply an
embargo for those bugs, but whether to assign a CVE is not my choice.
(As an aside, this is the third fuzzing bug reported for KVM on
security () kernel org and linux-distros, but I think only one of them was
really...
Re: Linux kernel: x86/kvm: null-ptr-deref in kvm_dirty_ring_push Solar Designer (Apr 07)
Further in the linux-distros thread, this got assigned CVE-2022-1263,
however is this really a security issue - in other words, is a security
boundary crossed in triggering the bug? I think it is not, and if so
the CVE ID should probably be rejected. From the PoC:
In fact, also in the linux-distros thread it was promptly agreed that
this doesn't need an embargo - perhaps precisely because of no security
relevance? If so, that should have...
Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.
Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,
The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.
We talk about managing technical people in this episode. We also discuss operational security. Have a...
Educause Security Discussion — Securing networks and computers in an academic environment.
Covid Test Kit Singapore Covid Test Kit Singapore (Oct 01)
Covid Test Kit
Order test kit for your company now! Stay Safe! Free Delivery in Singapore
Easy to use
HSA Approved
Click on the link below to open the message in a browser:
https://www.covidtestkit.info/so/b3Nmx3jmr/c?w=X7fgda-LWUeRP6mC6I6qXRUzGOxDt64oN8eoV7oJkUE.eyJ1IjoiaHR0cHM6Ly93d3cuY292aWR0ZXN0a2l0LmluZm8vc28vYjNObXgzam1yP2xhbmd1YWdlVGFnPWVuIiwibSI6Im1haWwiLCJjIjoiOGE5YzNiMGMtMjYwMC00ODQ3LTgzMGItMTVmN2U4NzA3YzVjIn0
You've received...
Internet Issues and Infrastructure
NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
Re: People trying to sell "ARIN Leads" John Curran (Apr 08)
Sabri -
Please forward each solicitation (in full with headers) to us via <compliance@ arin.net>
(Unique emails that are only used in the Whois entry are the easiest violations to pursue by far - so reporting such
activity can make a huge difference.)
Thanks!
/John
John Curran
President and CEO
American Registry for Internet Numbers
Re: Puerto Rico (island-wide) power outage Sean Donelan (Apr 08)
https://www.fcc.gov/document/puerto-rico-power-outage-communications-status-report-april-8-2022
Cable and wireline companies reported 267,111 subscribers out of service
in the disaster area in Puerto Rico; this may include the loss of
telephone, television, and/or Internet services.
Island-wide cell sites out of service is 18.6% (average). Outages in
individual municipos ranges up to 66.7% (Luquillo). 416 cell sites out of
service (2,235...
Re: People trying to sell "ARIN Leads" Sabri Berisha (Apr 08)
----- On Apr 8, 2022, at 11:40 AM, nanog () jima us wrote:
Hi,
You don't want to know how much spam I get on
"thisipspaceisnotforsale () cluecentral net". Including, ironically, from IPv4
brokers.
Obviously, that email address is not being used for my Amazon account.
Thanks,
Sabri
Re: People trying to sell "ARIN Leads" Rob Seastrom (Apr 08)
I know of nobody who would do any such thing. ;-)
-r
RE: People trying to sell "ARIN Leads" nanog () jima us (Apr 08)
Of course, plausible deniability goes out the window when you receive sales emails on an address that ONLY exists in
ARIN Whois.
But no one would put a "canary trap" email in ARIN Whois...right?
- Jima
Weekly Global IPv4 Routing Table Report Routing Table Analysis Role Account (Apr 08)
This is an automated weekly mailing describing the state of the Global
IPv4 Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.
Daily listings are sent to bgp-stats () lists apnic net.
For historical data, please see https://thyme.apnic.net.
If you have any comments please contact Philip Smith <pfsinoz...
Spoofer Report for NANOG for Mar 2022 CAIDA Spoofer Project (Apr 08)
In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these...
Re: People trying to sell "ARIN Leads" Tom Beecher (Apr 08)
I hear if they just moved to V6 and hosted email with Google, those emails
would just never arrive.
Re: People trying to sell "ARIN Leads" Randy Bush (Apr 08)
of course. i presume they signed the lrsa.
randy
Ready to compromise? was RE: V6 still not supported Pascal Thubert (pthubert) via NANOG (Apr 08)
Dear all
Following advice from thus list, I updated the YADA I-Draft (latest is
https://www.ietf.org/archive/id/draft-thubert-v6ops-yada-yatt-03.html, more to come soon if feedback is heard) and
proposed it to the v6ops WG at the IETF.
For memory, the main goal here is to find a compromise as opposed to yet another transition solution, though it can be
used as a side effect to move along the ladder. The compromise does not change IPv4 or...
Re: People trying to sell "ARIN Leads" Jon Lewis (Apr 08)
All the time. Note, their domain is hosted by Google and their email is
hosted by Microsoft. Complaints to either provider tend to fall on deaf
ears. If you reply asking for pricing, you'll likely be contacted from
yet another domain.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
StackPath, Sr. Neteng | therefore you are
_________...
Re: "Permanent" DST Mark Tinka (Apr 08)
Rwanda and Uganda are bordering one another in East Africa - but are 1hr
apart. It's the oddest thing, considering the sun rises and falls at the
same time for both.
Mark.
Re: People trying to sell "ARIN Leads" John Curran (Apr 08)
Jon -
You can forward such solicitations to compliance () arin net<mailto:compliance () arin net> - we’ll send them an
appropriate nasty letter. Definitely send any solicitation of unique contact data on Whois records to us - we do
pursue misuse aggressively.
(With regard to this particular spam, I’d note there is an entire ecosystem of these “lead/demand” companies, and they
aren’t generally selling the ARIN Whois data but...
People trying to sell "ARIN Leads" Jon Sands (Apr 07)
Does anyone else get email offers like the below? I get them at least
once a week from various companies I've never heard of, I'm sure they
pop up under different names constantly for obvious reasons. Crap like
this I imagine is why a few of my POC emails listed on my ARIN assets
get constant spam, I can't imagine how many places there are like this
scraping then selling ARIN data to marketing outlets. name and email in
the...
Re: Puerto Rico (island-wide) power outage Sean Donelan (Apr 07)
FCC Activates Disaster Information Reporting for Puerto Rico
https://www.fcc.gov/document/fcc-activates-disaster-information-reporting-puerto-rico
Reports are requested at 9:00 a.m. on Friday, April 8 and every day after
that by 10:00 a.m. until DIRS is deactivated.
Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
Terrazas de Nuñez con Amenities La Capitana Real Estate (Apr 08)
Mas Oportunidades para vos haciendo click aqui
Consultas haciendo click aqui
La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA
3 De Febrero 820 2°D (CABA 1426), Ruta Nacional N 8 KM.52 (Pilar)
hace click aquí para reenviar este email a un amigo
Para...
clientes de CLARO consultar por mas beneficios Movistar Negocios (Apr 05)
@font-face{
font-family:"Times New Roman";
}
@font-face{
font-family:"宋体";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Wingdings";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Arial";
}
p.MsoNormal{
mso-style-name:Normal;
mso-style-parent:"";...
clientes de CLARO consultar por mas beneficios Movistar Negocios (Apr 01)
@font-face{
font-family:"Times New Roman";
}
@font-face{
font-family:"宋体";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Wingdings";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Arial";
}
p.MsoNormal{
mso-style-name:Normal;
mso-style-parent:"";...
[Invitación exclusiva] Evalúa oportunidades de Inversión en USA. ¡Ingresa para verlas en vivo! el foro de inversiones (Mar 31)
body,div[style*="margin: 16px
0"],html{margin:0!important}body,html{padding:0!important;height:100%!important;width:100%!important}*{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}table,td{mso-table-lspace:0!important;mso-table-rspace:0!important}table{border-spacing:0!important;border-collapse:collapse!important;margin:0
auto!important}table table...
Casas en Ayres del Pilar, Lagartos CC, Belgrano, etc La Capitana Real Estate (Mar 29)
🍀 + Verde + Libre + Aire + Espacio ☀️
ALQUILER y VENTA
Casa en Miraflores CC en ALQUILER , mas informacion haciendo click aqui
Casa en Ayres de Pilar en ALQUILER y VENTA, mas informacion haciendo click aqui
Casa en Los Cardales CC en ALQUILER y VENTA, mas informacion haciendo click aqui
La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633...
Quiero más información de Añelo Nuevo soldati.com (Mar 25)
Haga click aquí para reenviar este email a otra persona
Para remover su dirección de esta lista haga <a
href="https://ml15.gpserver4.com/unsuscribe.php?id=wuwwiiswrryusyqquosroi";>click aquí</a>
Palermo Pre-Venta con BALCON TERRAZA y PARRILLA PROPIA La Capitana Real Estate (Mar 25)
🎯 Tenemos el Proyecto que estas buscando 👀
Para Vivir o Invertir
Mas Oportunidades para vos haciendo click aqui
Consultas haciendo click aqui
La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA
3 De Febrero 820 2°D (CABA 1426), Ruta Nacional N 8 KM.52 (Pilar)
...
Converti tu Pesos en DOLARES, Lanzamiento Preventa, COLAGIALES La Capitana (Mar 21)
Mas Oportunidades para vos haciendo click aqui
Consultas haciendo click aqui
💰Converti tus Pesos en Dolares 💵
🎯 Tenemos el Proyecto que estas buscando👀 Para Vivir o Invertir
🍾🍷 Balcones Amplios, Parrillas, Terrazas, Jardines y Patios Propios 🍻 🍹
La Capitana Real Estate de Marisa...
Quiero más información de Añelo Nuevo soldati.com (Mar 21)
Haga click aquí para reenviar este email a otra persona
Para remover su dirección de esta lista haga <a
href="https://ml15.gpserver4.com/unsuscribe.php?id=wuwwiiswrryusyqqwtsroi";>click aquí</a>
Altos de Nuñez con Amenities La Capitana (Mar 17)
🎯 Tenemos el Proyecto que estas buscando👀 Para Vivir o Invertir
Mas Oportunidades para vos haciendo click aqui
Consultas haciendo click aqui
💰Converti tus Pesos en Dolares 💵
🍾🍷 Balcones Amplios, Parrillas, Terrazas, Jardines y Patios Propios 🍻 🍹
La Capitana Real Estate de Marisa G. Snatman,...
Cuotas en Pesos sin Banco, MUY FACIL, podes obtener el credito con el desarrollista directo La Capitana (Mar 15)
podes obtener tu CREDITO con el CONSTRUCTOR DIRECTAMENTE
CUOTAS en PESOS sin Banco, MUY FACIL
Hasta 240 cuotas 7 % anual mas UVAS con 30% al boleto
Para Vivir o Invertir
Se Alquilan Muy Facilmente
La Capitana Real Estate de Marisa G. Snatman,
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA,
3 De Febrero 820 2°D (CABA 1426), Ruta Nacional N 8 KM.52 (Pilar)
hace...
Locales y Cocheras La Capitana (Mar 11)
...
Save The Date: Conoce cómo y dónde invertir en Real Estate en Estados Unidos. ¡Primera edición del 2022! el foro de inversiones (Mar 11)
Foro de Inversiones
/* CLIENT-SPECIFIC STYLES */
#outlook a { padding: 0; }
.ReadMsgBody { width: 100%; } .ExternalClass { width: 100%; }
.ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass
div, .ExternalClass * { line-height: 100%; }
body, table, td, a { font-family: Verdana, Arial, sans-serif;-webkit-text-size-adjust: 100%;...
📢 Departamentos Full amenities en Belgrano desde US 56.700 a pagar en cuotas 💪 Einversiones (Mar 10)
Haga click aquí para reenviar este email a otra persona
*Enviamos tu Campaña a Nuestras Bases*
podes ver nuestros Trabajos y BASES haciendo click aqui
Para remover su dirección de esta lista haga <a
href="https://ml15.gpserver4.com/unsuscribe.php?id=wuwwiiswrryustpoywsroi";>click aquí</a>
clientes de CLARO consultar por mas beneficios Movistar Negocios (Mar 07)
@font-face{
font-family:"Times New Roman";
}
@font-face{
font-family:"宋体";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Wingdings";
}
@font-face{
font-family:"Calibri";
}
@font-face{
font-family:"Arial";
}
p.MsoNormal{
mso-style-name:Normal;
mso-style-parent:"";...
The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Risks Digest 33.12 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Friday 1 April 2022 Volume 33 : Issue 12
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.12>
The current issue can also be found at
<...
Risks Digest 33.11 RISKS List Owner (Mar 28)
RISKS-LIST: Risks-Forum Digest Monday 28 March 2022 Volume 33 : Issue 11
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.11>
The current issue can also be found at
<...
Risks Digest 33.10 RISKS List Owner (Mar 21)
RISKS-LIST: Risks-Forum Digest Monday 21 March 2022 Volume 33 : Issue 10
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.10>
The current issue can also be found at
<...
Risks Digest 33.09 RISKS List Owner (Mar 15)
RISKS-LIST: Risks-Forum Digest Monday 14 March 2022 Volume 33 : Issue 09
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.09>
The current issue can also be found at
<...
Risks Digest 33.08 RISKS List Owner (Mar 05)
RISKS-LIST: Risks-Forum Digest Saturday 5 March 2022 Volume 33 : Issue 08
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.08>
The current issue can also be found at
<...
Risks Digest 33.07 RISKS List Owner (Feb 25)
RISKS-LIST: Risks-Forum Digest Friday 25 February 2022 Volume 33 : Issue 07
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.07>
The current issue can also be found at
<...
Risks Digest 33.06 RISKS List Owner (Feb 18)
RISKS-LIST: Risks-Forum Digest Friday 18 February 2022 Volume 33 : Issue 06
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.06>
The current issue can also be found at
<...
Risks Digest 33.05 RISKS List Owner (Feb 09)
RISKS-LIST: Risks-Forum Digest Wednesday 9 January 2022 Volume 33 : Issue 05
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.05>
The current issue can also be found at
<...
Risks Digest 33.04 RISKS List Owner (Jan 27)
RISKS-LIST: Risks-Forum Digest Thursday 27 January 2022 Volume 33 : Issue 04
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.04>
The current issue can also be found at
<...
Risks Digest 33.03 RISKS List Owner (Jan 22)
RISKS-LIST: Risks-Forum Digest Saturday 22 January 2022 Volume 33 : Issue 03
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.03>
The current issue can also be found at
<...
Risks Digest 33.02 RISKS List Owner (Jan 15)
RISKS-LIST: Risks-Forum Digest Saturday 15 January 2021 Volume 33 : Issue 02
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.02>
The current issue can also be found at
<...
Risks Digest 33.01 RISKS List Owner (Jan 08)
RISKS-LIST: Risks-Forum Digest Saturday 8 December 2021 Volume 33 : Issue 01
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.01>
The current issue can also be found at
<...
BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.
Upstart crime site woos Raid Forums orphans Matthew Wheeler (Apr 06)
https://www.csoonline.com/article/3655637/upstart-crime-site-woos-raid-forums-orphans.html#tk.rss_news
Breach Forums launches as alternative to mysteriously torpedoed illicit
cybercrime community.
John P. Mello Jr.By John P. Mello Jr.
Contributor, CSO | APR 1, 2022 1:26 PM PDT
A new crime site for hackers is positioning itself as an alternative to
Raid Forums, a popular watering hole for threat actors before it was
mysteriously taken down in...
Germany Closes Russian Darknet Marketplace Hydra Matthew Wheeler (Apr 06)
https://www.ibtimes.com/germany-closes-russian-darknet-marketplace-hydra-3462317
Germany Closes Russian Darknet Marketplace Hydra
By Femke COLBORNE
04/05/22 AT 7:21 AM
German police said Tuesday they have taken down Russian-language illegal
darknet marketplace Hydra, the largest such network in the world, and
seized bitcoins worth 23 million euros ($25 million).
Founded in 2015, Hydra sold illegal drugs but also stolen credit card data,...
US sanctions Russia's largest darknet market and crypto exchange Garantex Matthew Wheeler (Apr 06)
https://cointelegraph.com/news/us-sanctions-russia-s-largest-darknet-market-and-crypto-exchange-garantex
US sanctions Russia's largest darknet market and crypto exchange Garantex
The sanctions were part of an international effort aimed at “[disrupting
the] proliferation of malicious cybercrime services, dangerous drugs and
other illegal offerings.”
The United States Department of the Treasury’s Office of Foreign Assets
Control has...
New security requirements introduced for medical device manufacturers Matthew Wheeler (Apr 06)
https://www.scmagazine.com/analysis/device-security/new-security-requirements-introduced-for-medical-medical-device-manufacturers
New security requirements introduced for medical device manufacturers
Jessica Davis
Medical devices are a critical part of healthcare infrastructure. A pair of
bipartisan bills aim to tackle device security challenges by adding
requirements for manufacturers.
Sens. Tammy Baldwin, D-Wisconsin, and Bill Cassidy, MD,...
New cyber bill calls for shadow IT assessment at VA Matthew Wheeler (Apr 04)
https://defensesystems.com/cyber/2022/03/new-cyber-bill-calls-shadow-it-assessment-va/363864/
New cyber bill calls for shadow IT assessment at VA
Adam MazmanianBy Adam Mazmanian,
Executive Editor
MARCH 31, 2022 10:49 AM ET
The bill tasks VA with obtaining an independent cybersecurity review of the
agency's most critical systems.
A new bipartisan bill would require the Department of Veterans Affairs to
contract for an independent...
Satellite modems nexus of worst cyberattack of Ukraine war Terrell Byrd (Apr 04)
https://www.msn.com/en-us/news/world/satellite-modems-nexus-of-worst-cyberattack-of-ukraine-war/ar-AAVG1wc
Amalicious software command that immediately crippled tens of thousands of
modems across Europe anchored the cyberattack on a satellite network used
by Ukraine’s government and military just as Russia invaded, the satellite
owner disclosed Wednesday.
The owner, U.S.-based Viasat, issued a statement providing details for the
first time of...
Apple, Meta turned over user data to hackers using forged requests: report Terrell Byrd (Apr 04)
https://www.msn.com/en-us/news/politics/apple-meta-turned-over-user-data-to-hackers-using-forged-requests-report/ar-AAVGIsj
Apple and Facebook parent company Meta turned over user data last year to
hackers pretending to be law enforcement officials, Bloomberg reported,
citing three people familiar with the matter.
The companies provided user details such as addresses, phone numbers and IP
addresses in mid-2021 to the hackers, sources told...
Hive ransomware group claims to steal California health plan patient data Terrell Byrd (Mar 31)
https://venturebeat.com/2022/03/29/hive-ransomware-group-claims-to-steal-california-health-plan-patient-data/
The Hive ransomware group, known for attacking healthcare organizations,
posted on its darkweb site that it has stolen 850,000 personally
identifiable information (PII) records from the Partnership HealthPlan of
California.
The organization’s website currently consists of a landing page that says
the health plan has been...
Exclusive: SolarWinds CEO calls for an end to 'victim shaming' Terrell Byrd (Mar 31)
https://www.techradar.com/au/news/exclusive-solarwinds-ceo-calls-for-an-end-to-victim-shaming
SolarWinds CEO Sudhakar Ramakrishna has called for an end to cyberattack
“victim shaming”, which he says contributes to an unwillingness among
companies to share vital intelligence.
In an exclusive interview with TechRadar Pro, Ramakrishna spoke about the
difficulties his company faced in the aftermath of the infamous hack, which
came to light in...
Zero-Day Vulnerability Discovered in Java Spring Framework Matthew Wheeler (Mar 31)
https://www.darkreading.com/application-security/zero-day-vulnerability-discovered-in-java-spring-framework
A proof-of-concept exploit allows remote compromises of Spring Web
applications.
Robert Lemos
Contributing Writer
March 30, 2022
Spring Framework
A zero-day vulnerability found in the popular Java Web application
development framework Spring likely puts a wide variety of Web apps at risk
of remote attack, security researchers...
Axie Infinity’s Ronin bridge halted after a massive $600 million hack Matthew Wheeler (Mar 31)
https://www.businessinsider.in/investment/news/axie-infinitys-ronin-bridge-halted-after-a-massive-600-million-hack/articleshow/90539665.cms
The Ronin wallet is popular amongst play-to-earn games, and Axie Infinity
is amongst the most popular such games in the world.
Axie Infinity’s user base dropped 10% in the last 24 hours.
Sky Mavis has said that the company is working with law enforcement to
track the hack.
The Ronin bridge for popular...
Why metrics are crucial to proving cybersecurity programs’ value Matthew Wheeler (Mar 31)
https://www.csoonline.com/article/3655096/why-metrics-are-crucial-to-proving-cybersecurity-programs-value.html
Methodologies to measure the effectiveness of cybersecurity efforts exist.
Tying them to the real world is the trick.
By Cynthia Brumfield
CSO | MAR 30, 2022 2:00 AM PDT
As solutions to managing cybersecurity threats increase, surprisingly few
metrics are available on how well these methods work to secure
organizational assets. The...
$10M bounty on Russian hackers who targeted a nuclear power plant Terrell Byrd (Mar 30)
https://www.bostonherald.com/2022/03/25/russian-officials-charged-in-years-old-energy-sector-hacks-2/
Four Russian officials, including hackers with a government intelligence
agency, have been charged with the malicious hacking of critical
infrastructure around the globe including the U.S. energy and aviation
sectors between 2012 and 2018, the U.S. Justice Department and British
Foreign Office announced.
Among the thousands of computers...
From ‘partner’ to ‘regulatory enforcer’: CISA takes on complex cyber incident reporting mandate Terrell Byrd (Mar 30)
https://federalnewsnetwork.com/cybersecurity/2022/03/from-partner-to-regulatory-enforcer-cisa-takes-on-complex-cyber-incident-reporting-mandate/
The Cybersecurity and Infrastructure Security Agency is embarking on a
complex, potentially lengthy process to make new cyber incident reporting
requirements a reality, marking a significant regulatory shift for the
partnership-focused agency.
The omnibus spending bill signed by President Joe Biden...
Optimistic father of LAPSUS$ hacking suspect says he’s going to try to stop him using computers Terrell Byrd (Mar 30)
https://grahamcluley.com/optimistic-father-of-lapsus-hacking-suspect-says-hes-going-to-try-to-stop-him-using-computers/
British police arrested seven people earlier this week in relation to a
wave of attacks launched by the LAPSUS$ hacking group, against firms such
as Microsoft, NVIDIA, Ubisoft, Samsung, and Okta.
LAPSUS$ has become notorious not only for its successful breaches, but also
the brazen way it has attempted to recruit rogue...
Open Source Tool Development
Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,
Welcome to nullcon se7en!
$git commit -a <sin>
<sin> := wrath | pride | lust | envy | greed | gluttony | sloth
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...
Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.
This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.
The deadline for submissions is the 15th of September, 2015.
.[x]. About Ruxcon .[x]....
Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
You have been unsubscribed from the Wireshark-users mailing list wireshark-users-bounces (Mar 07)
You have been unsubscribed from the Wireshark-dev mailing list wireshark-dev-bounces (Mar 07)
You have been unsubscribed from the Wireshark-announce mailing list wireshark-announce-bounces (Mar 07)
wireshark-announce resubscription requested Wireshark announcements (Mar 07)
Hi all,
As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-announce. If you
wish to continue to receive emails from this list, please visit
https://www.wireshark.org/mailman/listinfo/wireshark-announce
and resubscribe. Thank you for your time and patience in this matter.
wireshark-dev resubscription requested Gerald Combs (Mar 07)
Hi all,
As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-dev. If you wish
to continue to receive emails from this list, please visit
https://www.wireshark.org/mailman/listinfo/wireshark-dev
and resubscribe. Thank you for your time and patience in this matter.
wireshark-users resubscription requested Gerald Combs (Mar 07)
Hi all,
As per the message below, this is your reminder that you are about to be unsubscribed from wireshark-users. If you wish
to continue to receive emails from this list, please visit
https://www.wireshark.org/mailman/listinfo/wireshark-users
and resubscribe. Thank you for your time and patience in this matter.
Re: wireshark extension for a Kernel Module (like Usbmon) Guy Harris (Mar 06)
You do it in libpcap.
Then:
if you have a version of Wireshark that's linked with your version of libpcap;
and if kpnode_findalldevs() works, so that its devices show up in Wireshark when it calls pcap_findalldevs();
and if kpnode_create() works, so that it can be opened in Wireshark when it calls pcap_create() on a kpnode
device and it can be activated with pcap_activate();
and if dumpcap - which is the...
wireshark extension for a Kernel Module (like Usbmon) Christian (Mar 06)
Hello out there, I created a kernel probe module and I want to watch the
outputs of this module with pcap/Wireshark. Just like usbmon. So I
defined a char device in the dev-directory /dev/kpnode from which the
pcap interface can read the output of that module. In order to enable
Wireshark to read from this device, I started to place a handler
function into libpcap:
In pcap.c I put in
#ifdef PCAP_SUPPORT_KPNODE
#include "pcap-kpnode.h"...
wireshark-announce resubscription requested Wireshark announcements (Mar 03)
Hi all,
As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.
On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...
wireshark-users resubscription requested Gerald Combs (Mar 03)
Hi all,
As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.
On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...
wireshark-dev resubscription requested Gerald Combs (Mar 03)
Hi all,
As you may have heard, the Wireshark project is now sponsored by Sysdig, Inc. ("Sysdig"). As part of this acquisition,
Sysdig will operate Wireshark's infrastructure, including this mailing list and you must renew your subscription to
this list in order to continue to receive emails.
On Monday, March 7, I will resend this message as a reminder, then unsubscribe everyone from the following mailing
lists:...
Re: First 4 bytes in SNMP application data chuck c (Mar 03)
Whoops - typo on the version.
value=1 is snmpv2c
https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-snmp.c#L2115
static const value_string snmp_Version_vals[] = {
{ 0, "version-1" },
{ 1, "v2c" },
{ 2, "v2u" },
{ 3, "snmpv3" },
{ 0, NULL }
};
Not sure that I've ever seen v2u or v2p out in the wild.
https://www.ibm.com/docs/en/zos/2.4.0?topic=protocols-snmpv2...
Re: First 4 bytes in SNMP application data Jaap Keuter (Mar 03)
Hi,
What you’re looking at is the SNMP encoding according to the Basic Encoding Rules[2] (BER). These octets define the BER
structure.
For example a 64 octet SNMPv3 message starts as such:
SNMPv3Message ::= SEQUENCE {
30 3E
msgVersion INTEGER ( 0 .. 2147483647 ),
02 01 03
Where 30 defines a sequence, 3E the length, 02 an integer, 01 length of one and 03 the version number.
[1]...
Re: First 4 bytes in SNMP application data chuck c (Mar 03)
SNMP (https://datatracker.ietf.org/doc/html/rfc1157) uses ASN.1 BER (
https://en.wikipedia.org/wiki/X.690#BER_encoding) to define the data.
"These types of encodings are commonly called type–length–value (TLV)
encodings"
(See https://datatracker.ietf.org/doc/html/rfc1592 for a packet diagram)
It's a bit confusing since there is no 0x30 in the BER tags list. Looking
farther down into the details it's explained:
"In...
First 4 bytes in SNMP application data Chandra Japan (Mar 03)
Hi Wireshark Team,
Please let me know
what does first 4 bytes in SNMP Data indicate
because I could see from 5th byte I see version and other things
Regards
Chandramohan
Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Re: Snort-devel Digest, Vol 57, Issue 9 Oleksandr Serhiienko -X (oserhiie - SOFTSERVE INC at Cisco) via Snort-devel (Apr 08)
Dorian,
There are four policy configuration files provided in Snort3 GitHub repo (under "lua" directory). Each of them provides
a specific level of how deeply inspection will be performed. However, the cost to pay is Snort3 performance which
reflects on network throughput when traffic goes through Snort3.
The list of policies (from "faster" to "slower"):
1. connectivity.lua
2. balanced.lua
3....
after heard the advice from oleksandr to edit for remove the rules on the snort.lua file i load only 600 rules and snort exiting without launch any scan what i should do ??? Dorian ROSSE via Snort-sigs (Apr 08)
hello,
i am mad because i have listened oleksandr to remove the rules on the snort.lua file finaly i run only 600 rules
without launch any scan :
'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b
--------------------------------------------------
o")~ Snort++ 3.1.21.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading...
Snort Subscriber Rules Update 2022-04-07 Research (Apr 07)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the file-image,
file-office, file-other, file-pdf, indicator-obfuscation,
indicator-shellcode, protocol-scada and server-webapp rule sets to
provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:...
Re: Snort-devel Digest, Vol 57, Issue 9 Dorian ROSSE via Snort-devel (Apr 06)
Dear Oleksandr,
What policies is the must adviced with snort.lua and snort_defaults.lua ?
Thanks you in advance for your answer,
Have a nice week,
Regards.
Dorian Rosse.
________________________________
From: Oleksandr Serhiienko -X (oserhiie - SOFTSERVE INC at Cisco) <oserhiie () cisco com>
Sent: Tuesday, April 5, 2022 1:01:04 PM
To: Dorian ROSSE <dorianbrice () hotmail fr>
Cc: snort-devel () lists snort org <snort-devel ()...
Snort Subscriber Rules Update 2022-04-05 Research (Apr 05)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the browser-chrome,
file-multimedia, file-other, malware-cnc, malware-other, os-other,
os-windows, protocol-scada, server-apache and server-webapp rule sets
to provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:...
Re: Snort-devel Digest, Vol 57, Issue 9 Oleksandr Serhiienko -X (oserhiie - SOFTSERVE INC at Cisco) via Snort-devel (Apr 05)
Dorian,
You should include only one policy at a time (balanced.lua, max-detect.lua, etc.).
Do not include multiple policies in one file, it doesn’t make sense.
Thanks,
Oleksandr Serhiienko <oserhiie () cisco com>
From: Dorian ROSSE <dorianbrice () hotmail fr>
Date: Monday, 4 April 2022, 10:41
To: Oleksandr Serhiienko -X (oserhiie - SOFTSERVE INC at Cisco) <oserhiie () cisco com>
Cc: snort-devel () lists snort org...
Re: Snort-devel Digest, Vol 57, Issue 9 Dorian ROSSE via Snort-devel (Apr 04)
Dear Oleksandr,
Now I fall on following error :
'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b
--------------------------------------------------
o")~ Snort++ 3.1.21.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:...
Re: Snort-devel Digest, Vol 57, Issue 9 Dorian ROSSE via Snort-devel (Apr 04)
Dear oleksandr,
This should be a line of command like these :
'include snort_defaults.lua'
I am not understand why I have more than one time this line but I will check this,
Thanks you in advance for your time,
Have a nice week,
Regards.
Dorian Rosse.
________________________________
From: Oleksandr Serhiienko -X (oserhiie - SOFTSERVE INC at Cisco) <oserhiie () cisco com>
Sent: Monday, April 4, 2022 7:46:25 AM
To: Dorian...
Re: Snort-devel Digest, Vol 57, Issue 9 Dorian ROSSE via Snort-devel (Apr 04)
Dear Oleksandr,
I launch the line of command following :
'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b'
I can't open alert_json.txt i haven't the rights and the line of command show more top happening thoses loop in the
window for crash on an error unknown :
'Finished snort_defaults.lua:
Loading snort.lua:
Loading snort_defaults.lua:
ERROR:...
Re: Snort-devel Digest, Vol 57, Issue 9 Dorian ROSSE via Snort-devel (Apr 04)
Dear Oleksandr,
I launch the line of command following :
'sudo /usr/local/bin/snort -c /usr/local/etc/snort/snort.lua -s 65535 -k all -l /var/log/snort -i enp0s25 -m 0x1b'
I can't open alert_json.txt i haven't the rights and the line of command show more bottom happening thoses loop in the
window :
'Finished snort_defaults.lua:
Loading snort.lua:
Loading snort_defaults.lua:'
thank you in advance to answer what...
Re: Snort-devel Digest, Vol 57, Issue 9 Oleksandr Serhiienko -X (oserhiie - SOFTSERVE INC at Cisco) via Snort-devel (Apr 03)
Hello Dorian,
You probably have multiple inclusions of 'snort_defaults.lua' in your snort.lua, which is causing the loop.
It’s enough to include it, as any other file you need to include, only once.
Please, avoid multiple inclusions of the same files in your 'snort.lua'.
Thanks,
Oleksandr Serhiienko <oserhiie () cisco com>
From: Dorian ROSSE <dorianbrice () hotmail fr>
Date: Sunday, 3 April 2022, 18:51
To:...
Snort Subscriber Rules Update 2022-03-31 Research (Mar 31)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the exploit-kit,
file-office, os-windows, policy-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Snort Subscriber Rules Update 2022-03-29 Research (Mar 29)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the browser-ie,
malware-cnc, malware-other, policy-social, policy-spam, protocol-scada,
protocol-telnet and server-webapp rule sets to provide coverage for
emerging threats from these technologies.
For a complete list of new and modified rules please see:...
Re: Historical rule versions Joel Esler via Snort-sigs (Mar 28)
Hello Eric,
This data is not published.
Historical rule versions Eric Pauley via Snort-sigs (Mar 28)
Hello,
As part of a research project I am looking for historical data on Snort
rules published in recent years, especially older revisions of rules and
publication dates/times. Is there any way to get access to these?
More Lists
We also maintain archives for these lists (some are currently inactive):
- Declan McCullagh's Politech
- TCPDump/LibPCAP Dev
- Security Incidents
- Vulnerability Development
- Vulnerability Watch
Related Resources
Read some old-school private security digests such as Zardoz at SecurityDigest.Org
We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.