PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Friday, December 19th 2014 http://isc.sans.edu/podcastdetail.html?id=4283, (Fri, Dec 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Exploit Kit Evolution During 2014 - Nuclear Pack, (Thu, Dec 18th)
This is a guest diary submitted by Brad Duncan. Nuclear exploit kit (also known as Nuclear Pack) has been around for years. Version 2.0 of Nuclear Pack was r…

ISC StormCast for Thursday, December 18th 2014 http://isc.sans.edu/podcastdetail.html?id=4281, (Thu, Dec 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Is the polkit Grinch Going to Steal your Christmas?, (Wed, Dec 17th)
Alert Logic published a widely publizised blog outlining a common configuration problem with Polkit. To help with dissemination, Alert Logic named the vulnerabi…

Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor, (Wed, Dec 17th)
Researchers at Palo Alto found that many ROM images used for Android smart phones manufactured by Coolpad contain a backdoor, giving an attacker full control of…

ISC StormCast for Wednesday, December 17th 2014 http://isc.sans.edu/podcastdetail.html?id=4279, (Wed, Dec 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Fwknop Port Knocking Utility 2.6.5
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilt…

UFONet 0.4b
UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.

Suricata IDPE 2.0.5
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

PuttyRider DLL Injection
PuttyRider is a tool for performing dll injection of Putty and allows an attacker to inject Linux commands.

NIELD (Network Interface Events Logging Daemon) 0.6.0
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cac…

Hydra Network Logon Cracker 8.1
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and mo…

THC Smartbrute 1.0
THC-smartbrute is a smart card instruction bruteforcing tool.

I2P 0.9.17
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

SSLsplit 0.4.10
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation…


SecurityFocus
General Security Vulnerabilities
Vuln: JasPer 'jpc_dec.c' Multiple Remote Heap Buffer Overflow Vulnerabilities
JasPer 'jpc_dec.c' Multiple Remote Heap Buffer Overflow Vulnerabilities…

Vuln: Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability…

Vuln: GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability…

Vuln: GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability
GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability…

Bugtraq: Apple iOS v8.x - Message Context & Privacy Vulnerability
Apple iOS v8.x - Message Context & Privacy Vulnerability…

Bugtraq: Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability…

Bugtraq: E-Journal CMS (ID) - Multiple Web Vulnerabilities
E-Journal CMS (ID) - Multiple Web Vulnerabilities…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Firebird SQL Server Remote Denial of Service (CVE-2014-9323)
Synopsis : The remote Windows host has an application that is vulnerable to a remote denial of service. Desc…

Firebird SQL Server Installed
Synopsis : An open source database server is installed on the remote host. Description : Firebird SQL Serve…

SSL Custom CA Setup
<br /> Synopsis :<br /> <br /> Configure the SSL certificates for validation of connections.

IPMI v2.0 Password Hash Disclosure
Synopsis : The remote host supports IPMI version 2.0. Description : The remote host supports IPMI v2.0. The…

Scientific Linux Security Update : kernel on SL5.x i386/x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : * A flaw…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2014:2014-1: golang bug fix and enhancement update
Red Hat Enterprise Linux: Updated golang packages that fix several bugs and add various enhancements are now…

RHBA-2014:2015-1: cpufrequtils bug fix update
Red Hat Enterprise Linux: Updated cpufrequtils packages that fix one bug and add one enhancement are now avai…

RHBA-2014:2016-1: libvirt bug fix update
Red Hat Enterprise Linux: Updated libvirt packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2014:2017-1: Red Hat Satellite bug fix update
RHN Satellite and Proxy: Updated spacewalk-backend, spacewalk-java, spacewalk-schema and satellite-schema pac…

RHBA-2014:2018-1: java-1.7.0-openjdk bug fix update
Red Hat Enterprise Linux: Updated java-1.7.0-openjdk packages that fix one bug are now available for Red Hat…

RHEA-2014:2011-1: ksh Shift_JIS enhancement update
Red Hat Enterprise Linux: Updated ksh Shift_JIS packages that add one enhancement are now available for Red H…

Microsoft
Security Advisories
3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.1
Revision Note: V2.1 (December 9, 2014): Microsoft is announcing the availability of SSL 3.0 fallback warnings…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 33.0
Revision Note: V33.0 (December 9, 2014): Added the 3008925 update to the Current Update section.Summary: Micro…

3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 2.0
Revision Note: V2.0 (November 11, 2014): Advisory updated to reflect publication of security bulletin.Summary:…

2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. M…

2977292 - Update for Microsoft EAP Implementation that Enables the Use of TLS - Version: 1.0
Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability o…

Cisco
Security Advisories
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA…

TCP Vulnerabilities in Multiple Non-IOS Cisco Products
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an ex…

Apache HTTPd Range Header Denial of Service Vulnerability
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping range…

Multiple Vulnerabilities in Cisco Small Business RV Series Routers
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Ro…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
austr-post.net (2014/12/18_06:50)
Host: austr-post.net/open/index.php, IP address: 37.230.116.108, ASN: 29182, Country: LU, Description: AusPost Phish, Leads to trojan…

austr-post.net (2014/12/18_06:50)
Host: austr-post.net/open/scripts.js, IP address: 37.230.116.108, ASN: 29182, Country: LU, Description: AusPost Phish, Leads to trojan…

austr-post.net (2014/12/18_06:50)
Host: austr-post.net/open/get_files.php?action=0.4786563355593916, IP address: 37.230.116.108, ASN: 29182, Country: LU, Description: Trojan…

www.matecocinas.com (2014/12/18_11:17)
Host: www.matecocinas.com/productos/mesas/mesa-brenda/4rfv/, IP address: 213.162.195.146, ASN: 13287, Country: ES, Description: AppleId phishing…

andreyzakharov.com (2014/12/18_11:17)
Host: andreyzakharov.com/wp-content/plugins/wp-no-category-base/generic/, IP address: 77.222.56.213, ASN: 44112, Country: RU, Description: redirects to AppleId phishing…

whitehorsetechnologies.net (2014/12/17_21:01)
Host: whitehorsetechnologies.net/images/clients/x/mail.php, IP address: 208.91.199.150, ASN: 19905, Country: VG, Description: Destination of banking phishing…

my-screenshot.net (2014/12/17_23:45)
Host: my-screenshot.net, IP address: 62.76.74.228, ASN: 51408, Country: RU, Description: Trojan.Downloader…

my-screenshot.net (2014/12/17_23:45)
Host: my-screenshot.net/Image6542.png, IP address: 62.76.74.228, ASN: 51408, Country: RU, Description: Trojan.Downloader…

my-screenshot.net (2014/12/17_23:45)
Host: my-screenshot.net/Image6542.png/, IP address: 62.76.74.228, ASN: 51408, Country: RU, Description: Trojan.Downloader…


© 2014 Procyon Labs / Randal T. Rioux