PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Tuesday, March 3rd 2015 http://isc.sans.edu/podcastdetail.html?id=4379, (Tue, Mar 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

How Do You Control the Internet of Things Inside Your Network?, (Mon, Mar 2nd)
Klaus Vesthammer recently tweetedthat ">The Internet of Things is just like the regular Internet, just without software patches. We have a flood of announcement…

ISC StormCast for Monday, March 2nd 2015 http://isc.sans.edu/podcastdetail.html?id=4377, (Mon, Mar 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Advisory: Seagate NAS Remote Code Execution, (Sun, Mar 1st)
Beyond Binary is reporting a vulnerability affecting SeagatesBusiness Storage line of NAS devices and possibly other Seagate NAS products. These arefairly commo…

Let's Encrypt!, (Fri, Feb 27th)
As I have stated in the past,I am not a fan of all of the incomprehensible warning messages that average users are inundated with, and almost universally fail t…

DDOS are way down? Why?, (Fri, Feb 27th)
I have been tracking DDOS volume and patterns for a few years. We have seen the attacks move from DNS to NTP, to chargenthen on to SSDP and occasionally QOTD. I…

Packet Storm
Latest Security Tool Files
tmap 0.1
tmap is a fast multi-threaded port scanner that tunnels through TOR.

Cross Site Tracer Script
Cross Site Tracer is a python script to check remote web servers for cross-site tracing.

GNU Privacy Guard 2.0.27
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

GNU Privacy Guard 1.4.19
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

Secure rm 1.2.15
Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prev…

Lynis Auditing Tool 2.0.0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Suricata IDPE 2.0.7
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

I2P 0.9.18
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

Maligno 2.0
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS…


SecurityFocus
General Security Vulnerabilities
Vuln: Drupal Global Redirect Module Open Redirection Vulnerability
Drupal Global Redirect Module Open Redirection Vulnerability…

Vuln: Bitweaver 'rankings.php' Local File Include Vulnerability
Bitweaver 'rankings.php' Local File Include Vulnerability…

Vuln: IBM DB2 Administration Server (DAS) 'validateUser()' Stack Buffer Overflow Vulnerability
IBM DB2 Administration Server (DAS) 'validateUser()' Stack Buffer Overflow Vulnerability…

Vuln: ENOVIA Unspecified Security Vulnerability
ENOVIA Unspecified Security Vulnerability…

Bugtraq: [ MDVSA-2015:053 ] tomcat6
[ MDVSA-2015:053 ] tomcat6…

Bugtraq: [ MDVSA-2015:052 ] tomcat
[ MDVSA-2015:052 ] tomcat…

Bugtraq: [ MDVSA-2015:051 ] sympa
[ MDVSA-2015:051 ] sympa…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
F5 Networks BIG-IP : ASM < 11.6.0 Response Body XSS
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The F5 Networks App…

Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The remote Cisco de…

Cisco IOS XE GNU GNU C Library (glibc) Buffer Overflow (CSCus69731) (GHOST)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The remote Cisco de…

Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The remote Cisco de…

Siemens SIMATIC S7-1200 PLC Web Server Detection
Synopsis : The remote web server is for managing and monitoring PLC systems. Description : The remote devic…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:0281-1: Satellite 5.7 bug fix update
RHN Satellite and Proxy: Updated spacewalk-java, spacewalk-web, spacewalk-backend, satellite-branding, spacec…

RHBA-2015:0282-1: Red Hat Network Tools rhnpush bug fix update
Red Hat Enterprise Linux: An updated rhnpush package that fixes one bug is now available for Red Hat Network…

RHSA-2015:0284-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix multiple security issues and several bugs are now…

RHSA-2015:0285-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue and three bugs are now availabl…

RHSA-2015:0286-1: Low: Red Hat Enterprise Linux 6.4 Extended Update Support Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux 6.4 E…

RHBA-2015:0273-1: ksh bug fix update
Red Hat Enterprise Linux: Updated ksh packages that fix one bug are now available for Red Hat Enterprise Linu…

Microsoft
Security Advisories
3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.3
Revision Note: V2.3 (February 16, 2015): Revised advisory to announce the planned date for disabling SSL 3.0 b…

3004375 - Update for Windows Command Line Auditing - Version: 1.0
Revision Note: V1.0 (February 10, 2015): Advisory published.Summary: Microsoft is announcing the availability…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 37.0
Revision Note: V37.0 (February 5, 2015): Added the 3021953 update to the Current Update section.Summary: Micro…

3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 2.0
Revision Note: V2.0 (November 11, 2014): Advisory updated to reflect publication of security bulletin.Summary:…

2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. M…

Cisco
Security Advisories
Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authentic…

GNU glibc gethostbyname Function Buffer Overflow Vulnerability
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This…

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) prot…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Net…

Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
uertebamurquebloktreinen.buyerware.net (2015/03/03_11:31)
Host: uertebamurquebloktreinen.buyerware.net/lists/97442438510254392549, IP address: 176.31.125.191, ASN: 16276, Country: FR, Description: exploit kit…

traspalaciorubicell.whygibraltar.co.uk (2015/03/03_12:53)
Host: traspalaciorubicell.whygibraltar.co.uk/lists/12641652781055296900, IP address: 176.31.125.191, ASN: 16276, Country: FR, Description: exploit kit…

www.vipcpms.com (2015/02/28_14:36)
Host: www.vipcpms.com/watch?key=e722a8eea048590dd97760d8b657327b&scrWidth=1680&scrHeight=1050&tz=0, IP address: 209.200.44.228, ASN: 27257, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/click.php?c=246&key=l8s861364oq1y6w08t9kjkq1&pl_id=1286, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/lp/sd/en/lp4/index.php?c=300&l=524&subid=21841780391, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/lp/sd/en/lp4/files/bootstrap.css, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/lp/sd/en/lp4/files/bootstrap-responsive.css, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/go.php?c=255&l=387&subid=21843049645, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/jump/?jl=66968484, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…


© 2001-2015 Procyon Labs / Randal T. Rioux