PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Wednesday, April 1st 2015 http://isc.sans.edu/podcastdetail.html?id=4421, (Wed, Apr 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Rig Exploit Kit Changes Traffic Patterns, (Wed, Apr 1st)
Sometime within the past month, Rig exploit kit (EK) changed URL structure." /> Notice the PHPSSESID and ?req= patterns in the above example." /> Now, we…

ISC StormCast for Tuesday, March 31st 2015 http://isc.sans.edu/podcastdetail.html?id=4419, (Tue, Mar 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Select Star from PCAP - Treating Packet Captures as Databases, (Tue, Mar 31st)
Have you ever had to work with a large packet capture, and after getting past the initial stage of being overwhelmed by a few million packets, find that are sti…

YARA Rules For Shellcode, (Mon, Mar 30th)
I had a guest diary entry about my XORSearch tool using shellcode detection rules from Frank Boldewins OfficeMalScanner. To detect malicious documents, Frank co…

ISC StormCast for Monday, March 30th 2015 http://isc.sans.edu/podcastdetail.html?id=4417, (Sun, Mar 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150322
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

MIMEDefang Email Scanner 2.76
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing…

Samhain File Integrity Checker 3.1.5
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can…

oclHashcat For NVidia 1.35
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

oclHashcat For AMD 1.35
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

OpenSSL Toolkit 1.0.2a
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…

TOR Virtual Network Tunneling Tool 0.2.5.11
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

SSLsplit 0.4.11
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation…

pyClamd 0.3.14
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instea…


SecurityFocus
General Security Vulnerabilities
Vuln: WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities
WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities…

Vuln: Oracle Java SE CVE-2014-6549 Remote Java SE Vulnerability
Oracle Java SE CVE-2014-6549 Remote Java SE Vulnerability…

Vuln: Oracle Java SE CVE-2015-0412 Remote Java SE Vulnerability
Oracle Java SE CVE-2015-0412 Remote Java SE Vulnerability…

Vuln: Oracle Java SE CVE-2015-0406 Remote Java SE Vulnerability
Oracle Java SE CVE-2015-0406 Remote Java SE Vulnerability…

Bugtraq: ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability
ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability…

Bugtraq: [SECURITY ANNOUNCEMENT] CVE-2015-0225
[SECURITY ANNOUNCEMENT] CVE-2015-0225…

Bugtraq: [SECURITY] [DSA 3210-1] wireshark security update
[SECURITY] [DSA 3210-1] wireshark security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Cisco IOS XR DHCPv4 Message Saturation DoS
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The remote Cisco AS…

ManageEngine Desktop Central < 9 Build 90135 Unauthenticated Admin Password Reset
Synopsis : The remote web server contains a Java web application that contains an authentication bypass vulne…

Ubuntu 14.04 / 14.10 : jakarta-taglibs-standard vulnerability (USN-2551-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing one or more security-relate…

SuSE 11.3 Security Update : postgresql91 (SAT Patch Number 10389)
Synopsis : The remote SuSE 11 host is missing one or more security updates. Description : The PostgreSQL da…

Scientific Linux Security Update : postgresql on SL6.x, SL7.x i386/x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : An infor…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:0769-1: libvirt bug fix update
Red Hat Enterprise Linux: Updated libvirt packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2015:0772-1: openssl bug fix update
Red Hat Enterprise Linux: Updated openssl packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2015:0774-1: Red Hat Network Tools rhnpush bug fix update
Red Hat Enterprise Linux: An updated rhnpush package that fixes two bugs is now available for Red Hat Network…

RHEA-2015:0770-1: Red Hat Enterprise MRG Realtime 2.5 enhancement update
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are now a…

RHSA-2015:0768-1: Low: Red Hat Enterprise Linux 5.9 Extended Update Support Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise Linux 5.9 E…

RHSA-2015:0771-1: Important: thunderbird security update
Red Hat Enterprise Linux: An updated thunderbird package that fixes multiple security issues is now available…

Microsoft
Security Advisories
3050995 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (March 26, 2015): Advisory rereleased to announce that the update for supported editions o…

3046310 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (March 19, 2015): Advisory rereleased to announce that the update for supported editions o…

3033929 - Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2 - Version: 1.0
Revision Note: V1.0 (March 10, 2015): Advisory published.Summary: Microsoft is announcing the reissuance of an…

3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass - Version: 2.0
Severity Rating: ImportantRevision Note: V2.0 (March 10, 2015): Advisory updated to reflect publication of sec…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 38.0
Revision Note: V38.0 (March 10, 2015): Added the 3044132 update to the Current Update section.Summary: Microso…

Cisco
Security Advisories
GNU glibc gethostbyname Function Buffer Overflow Vulnerability
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This…

Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Row Hammer Privilege Escalation Vulnerability
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3)…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software c…

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an…

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/p2603us21.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/2603uk11.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/2603uk12.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/p2603us11.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/p2603us12.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.249.3.66 (2015/03/28_05:29)
Host: -, IP address: 46.249.3.66/winbox/winbox.exe, ASN: 34456, Country: RU, Description: Trojan.Upatre…

image-png.us (2015/03/28_05:29)
Host: image-png.us/screenshot_10_8, IP address: 81.177.135.151, ASN: 8342, Country: RU, Description: Trojan.Backdoor…

image-png.us (2015/03/28_05:29)
Host: image-png.us/UPDATE.php?F1=1, IP address: 81.177.135.151, ASN: 8342, Country: RU, Description: Trojan.Backdoor…

send-image.us (2015/03/28_05:29)
Host: send-image.us/g3.php?f1=1, IP address: 81.177.135.151, ASN: 8342, Country: RU, Description: Trojan.Backdoor…


© 2001-2015 Procyon Labs / Randal T. Rioux