This message, shown during Windows upgrades, is going to be salt in the wound.

Enlarge / This message, shown during Windows upgrades, is going to be salt in the wound.

Just over a month since its initial release, Microsoft is making the Windows 10 October 2018 Update widely available today. The update was withdrawn shortly after its initial release due to the discovery of a bug causing data loss.

New Windows 10 feature updates use a staggered, ramping rollout, and this (re)release is no different. Initially, it'll be offered only to two groups of people: those who manually tell their system to check for updates (and that have no known blocking issues due to, for example, incompatible anti-virus software), and those who use the media-creation tool to download the installer. If all goes well, Microsoft will offer the update to an ever-wider range of Windows 10 users over the coming weeks.

For the sake of support windows, Microsoft is treating last month's release as if it never happened; this release will receive 30 months of support and updates, with the clock starting today. The same is true for related products; Windows Server 2019 and Windows Server, version 1809, are both effectively released today.

Read 8 remaining paragraphs | Comments

 
Adobe Acrobat and Reader CVE-2018-15979 Information Disclosure Vulnerability
 
Adobe Photoshop CC CVE-2018-15980 Information Disclosure Vulnerability
 
SAP Basis CVE-2018-2478 Remote Code Execution Vulnerability
 
SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability
 
SAP NetWeaver Knowledge Management CVE-2018-2477 XML External Entity Injection Vulnerability
 
SAP BusinessObjects Business Intelligence CVE-2018-2483 Security Bypass Vulnerability
 
IBM DB2 Multiple Privilege Escalation Vulnerabilities
 

Posted by InfoSec News on Nov 12

https://www.cyberscoop.com/forescout-securitymatters-113m-acquisition/

By Zaid Shoorbajee
CYBERSCOOP
NOV 9, 2018

ForeScout Technologies, a network security company that focuses on
internet-of-things, operational technology and cloud computing, announced
on Thursday that it acquired OT security company SecurityMatters for $113
million.

With the increasing convergence of IT and OT, the purchase is meant boost
ForeScout's ability to...
 

Posted by InfoSec News on Nov 12

https://techcrunch.com/2018/11/12/with-the-paris-call-macron-wants-to-limit-cyberattacks/

By Romain Dillet
Techcrunch.com
November 12, 2018

French President Emmanuel Macron gave a speech at the Internet Governance
Forum at the UNESCO in Paris. While the IGF has been around for a while,
it hasn’t been as active as some would have hoped.

That's why the French government is issuing the Paris Call, a short
three-page document on...
 

Posted by InfoSec News on Nov 12

https://www.newsweek.com/who-dimed-out-american-traitor-super-spy-robert-hanssen-1196080

By Jeff Stein
Newsweek.com
11/1/18

For over two decades, students of the spy wars between Russia and America
have pondered one of the great remaining mysteries of the Cold War: Who
finally dimed out Robert Hanssen, the FBI turncoat said to be the most
destructive traitor in the annals of U.S. intelligence?

Now we know, according to an posthumously...
 

Posted by InfoSec News on Nov 12

https://motherboard.vice.com/en_us/article/3k9zzk/hacking-team-hacker-phineas-fisher-has-gotten-away-with-it

By Lorenzo Franceschi-Bicchierai
Motherboard.Vice.com
Nov 12 2018

At 3:15 a.m. local Italian time on July 5, 2015, the usually quiet Twitter
account of the infamous spyware company Hacking Team posted a confusing
message: "Since we have nothing to hide, we're publishing our emails,
files, and source code."

The company,...
 

Posted by InfoSec News on Nov 12

https://www.independent.co.uk/life-style/gadgets-and-tech/news/pakistan-banks-data-stolen-dark-web-hackers-cyber-security-breach-a8630176.html

By Anthony Cuthbertson
The Independent
November 12, 2018

Hackers sole customer data from "almost all major Pakistani banks" and
placed it on the dark web, the country's cyber-crime chief has revealed.

The comments from Mohammad Shoaib, director of Pakistan's Federal
Investigation...
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

There are a number of IP Reputation services available for public consumption.  A personal favorite was the Packetmail IP Rep service which unexpectedly shut down in September.  Looking for an IP reputation API to replace Packetmail in some of my scripts lead me to Neutrino and their many APIs which can be used to query many facets of an IP.  While their host-reputation API provides an adequate replacement for Packetmail, what got my attention was another Neutrino API, ip-blocklist, which, in my opinion, can be used as a wet finger estimate of potential badness of any IP.  

Once you have signed up for a Neutrino user-id and API Key, you can access the APIs through a web interface or programmatically via the APIs.  The free API account is limited by the number of queries per day, but provides enough capability for the casual user who just wants to check out an IP.  

According to the ip-blocklist API documentation:

"IP blocklist will detect the following categories of IP addresses:

  • Malware and spyware
  • Criminal netblocks
  • Tor nodes
  • Proxies and VPNs
  • Spiders
  • Bots and botnets
  • Spammers
  • Exploit scanners"

The people at Neutrino do the aggregation of the various blocklists (including DShield) and provide you an easy way of measuring the general badness of an IP.  So the next time you see an IP scanning your webserver you can run it through the Neutrino ip-blocklist API and get an idea of how nasty others think it is.

I threw together a quick python script (included below) to use the Neutrino ip-blocklist API. When the script is run for an IP on Daniel Austin's Tor Node list the resulting output is:

$python ipblocklist.py 1.172.112.36

Neutrino Blocklist Service

IP:  1.172.112.36
On Blocklist:  True
Number of Blocklists:  1
Last Seen:  2018-11-12 17:27:10
Proxy:  False
Tor:  True
VPN:  False
Malware:  False
Spyware:  False
Dshield:  False
Hijacked:  False
Spider:  False
Bot:  False
SpamBot:  False
ExploitBot:  False
List of Blocklists:
[u'tor']
 

When run for an IP on the DShield Blocklist the resulting output is:

$python ipblocklist.py 196.52.43.0

Neutrino Blocklist Service

IP:  196.52.43.0
On Blocklist:  True
Number of Blocklists:  1
Last Seen:  2018-11-11 17:25:16
Proxy:  False
Tor:  False
VPN:  False
Malware:  False
Spyware:  False
Dshield:  True
Hijacked:  False
Spider:  False
Bot:  False
SpamBot:  False
ExploitBot:  False
List of Blocklists:
[u'dshield']
 

Sorry, I was unable to find any nastier IPs to show the results, but I think you can see the potential.

---------------------- ipblocklist.py script -------------------------------------

#!/usr/bin/env python
#
import sys, getopt, argparse, requests, json
import urllib, urllib2
import time

def ipblocklist_host(ip):

   NEUTRINO_URL = 'https://neutrinoapi.com/ip-blocklist'
   NEUTRINO_USERID = '<YOUR-NEUTRINO-USERID>'
   NEUTRINO_API_KEY = '<YOUR-NEUTRINO-API-KEY>'

   NEUTRINO_PARAMS = {
      'user-id': NEUTRINO_USERID,
      'api_key': NEUTRINO_API_KEY,
      'ip': ip
   }

   req = urllib2.Request(NEUTRINO_URL, urllib.urlencode(NEUTRINO_PARAMS))
   response = urllib2.urlopen(req)
   result = json.loads(response.read())

   print "\n\nNeutrino Blocklist Service\n"
   print "IP: ", result['ip']
   print "On Blocklist: ", result['is-listed']
   print "Number of Blocklists: ", result['list-count']
   print "Last Seen: ", time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime(result['last-seen']))
   print "Proxy: ", result['is-proxy']
   print "Tor: ", result['is-tor']
   print "VPN: ", result['is-vpn']
   print "Malware: ", result['is-malware']
   print "Spyware: ", result['is-spyware']
   print "Dshield: ", result['is-dshield']
   print "Hijacked: ", result['is-hijacked']
   print "Spider: ", result['is-spider']
   print "Bot: ", result['is-bot']
   print "SpamBot: ", result['is-spam-bot']
   print "ExploitBot: ", result['is-exploit-bot']
   if result['list-count'] > 0:
      print "List of Blocklists: \n", result['blocklists']

   return;

def main():

   parser = argparse.ArgumentParser()
   parser.add_argument('IP', help="IP address")
   args=parser.parse_args()

   ipblocklist_host(args.IP)

main()   # invoke main
 

P.S. I only use Python for quick and dirty tools for personal use. I am sure this script could be written a whole lot better by someone with actual skill in Python. (-;

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status