PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
UDP port 1434 directed attack to AS13489 IP ranges, (Fri, May 24th)
We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:…

ISC StormCast for Thursday, May 23rd 2013 http://isc.sans.edu/podcastdetail.html?id=3326, (Thu, May 23rd)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

MoVP II, (Thu, May 23rd)
Volatility is a Python framework for performing memory forensics. If you haven't tried it yet I highly recommend it. The Volatility Month of Volatility Plug…

Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html, (Thu, May 23rd)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame, (Wed, May 22nd)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222, (Wed, May 22nd)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Packet Storm
Latest Security Tool Files
Obeseus Distributed Denial Of Service Detector 7.1a
Obeseus is a light-weight, high-speed ip DDOS detector that has been designed to run on an Intel probe running an advanced 10 Gb/s FPGA card. It detects TCP floods, Fragment F…

360-FAAR Firewall Analysis Audit And Repair 0.4.4
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

CodeCrypt 1.1
codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Sanewall 1.0.2
Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It a…

ipset 6.19
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used…

Packet Fence 4.0.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Bing LFI / RFI Scanner
This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.

Sanewall 1.1.1
Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It a…

NTDS Hash Decoder 01.b
This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database.

SecurityFocus
General Security Vulnerabilities
Vuln: Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability
Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability…

Vuln: Cisco Wireless LAN Controller CVE-2013-1235 Remote Denial of Service Vulnerability
Cisco Wireless LAN Controller CVE-2013-1235 Remote Denial of Service Vulnerability…

Vuln: Cisco WebEx Social CVE-2013-1245 Multiple Security Bypass Vulnerabilities
Cisco WebEx Social CVE-2013-1245 Multiple Security Bypass Vulnerabilities…

Vuln: Cisco Unified Communications Manager CVE-2013-1240 Local Information Disclosure Vulnerability
Cisco Unified Communications Manager CVE-2013-1240 Local Information Disclosure Vulnerability…

Bugtraq: [SECURITY] [DSA 2675-2] libxvmc regression update
[SECURITY] [DSA 2675-2] libxvmc regression update…

Bugtraq: [security bulletin] HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information
[security bulletin] HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information…

Bugtraq: [SECURITY] [DSA 2692-1] libxxf86vm security update
[SECURITY] [DSA 2692-1] libxxf86vm security update…

Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
OpenSMTPD TLS Blocking Socket Remote DoS
Synopsis : The remote mail server is affected by a denial of service vulnerability. Description : The remot…

PHP 5.4.x < 5.4.13 Information Disclosure
Synopsis : The remote web server uses a version of PHP that is potentially affected by an information disclos…

PHP 5.3.x < 5.3.23 Information Disclosure
Synopsis : The remote web server uses a version of PHP that is potentially affected by an information disclos…

FreeBSD : otrs -- information disclosure (a5b24a6b-c37c-11e2-addb-60a44c524f57)
Synopsis : The remote FreeBSD host is missing a security-related update. Description : The OTRS Project rep…

FreeBSD : otrs -- XSS vulnerability (661bd031-c37d-11e2-addb-60a44c524f57)
Synopsis : The remote FreeBSD host is missing a security-related update. Description : The OTRS Project rep…
Sourcefire
Vulnerability Research Team
Java Web Start or as it should be called "Sure go ahead and run what you like"
Late last month, Immunity published a blog post concerning a new way to escape the Java security warnings usin…

Microsoft Update Tuesday: Update for IE8 0-day and More
Today is Update Tuesday and Microsoft is releasing updates for 33 CVEs across 10 bulletins. We'll be discussin…

Changing the IMEI, Provider, Model, and Phone Number in the Android emulator
PincerI was having a look at the Pincer family of Android malware and came across some code designed to hinder…

25 years of vulnerabilities: 1988-2012, the report
We here at the VRT are all about backing up opinions with facts, and there are a lot of opinions about the nat…

Life Cycle and Detection of an Exploit Kit
Exploit kits may not be as hot a topic as the recently released Mandiant Report, but they're still an importan…
RHEL
Red Hat Errata
RHBA-2013:0858-1: coreutils bug fix update
Red Hat Enterprise Linux: Updated coreutils packages that fix one bug are now available for Red Hat Enterpris…

RHBA-2013:0859-1: perl-Test-Memory-Cycle bug fix update
Red Hat Enterprise Linux: An updated perl-Test-Memory-Cycle package that fixes one bug is now available for R…

RHBA-2013:0860-1: mod_auth_kerb bug fix update
Red Hat Enterprise Linux: Updated mod_auth_kerb packages that fix one bug are now available for Red Hat Enter…

RHSA-2013:0849-2: Important: KVM image security update
The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. T…

RHBA-2013:0851-1: perl-CGI-Session bug fix update
Red Hat Enterprise Linux: An updated perl-CGI-Session package that fixes one bug is now available for Red Hat…

RHBA-2013:0853-1: Red Hat Network Satellite server bug fix update
RHN Satellite and Proxy: Updated Red Hat Network Satellite server packages that fix one bug are now available…
Microsoft
Security Advisories
Microsoft Security Advisory (2820197): Update Rollup for ActiveX Kill Bits - Version: 1.0
Revision Note: V1.0 (May 14, 2013): Advisory published. Summary: Microsoft is releasing a new set o…

Microsoft Security Advisory (2847140): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0
Revision Note: V2.0 (May 14, 2013): Advisory updated to reflect publication of security bulletin. S…

Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - Version: 12.1
Revision Note: V12.1 (May 14, 2013): Revised advisory to show the correct update and KB article numbers for up…

Microsoft Security Advisory (2846338): Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution - Version: 1.0
Revision Note: V1.0 (May 14, 2013): Advisory published. Summary: Microsoft is releasing this securi…
Cisco
Security Advisories
Multiple Vulnerabilities in Cisco Unified Computing System
Managed and standalone Cisco Unified Computing System (UCS) deployments contain one or more of the vulnerabili…

Multiple Vulnerabilities in Cisco NX-OS-Based Products
Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 S…

Cisco Device Manager Command Execution Vulnerability
Cisco Device Manager contains a vulnerability that could allow an unauthenticated, remote attacker to execute…

Multiple Vulnerabilities in Cisco ASA Software
Cisco ASA Software is affected by the following vulnerabilities: IKE Version 1 Denial of Service Vulnerab…

Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of serv…

Cisco Network Admission Control Manager SQL Injection Vulnerability
Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated rem…

Cisco TelePresence Infrastructure Denial of Service Vulnerability
Cisco TelePresence multipoint control unit (MCU) and Cisco TelePresence Server contain a vulnerability that co…
DistroWatch
Latest Linux/BSD Distribution Releases Latest Linux/BSD Software Releases
05/24 Proxmox 3.0 (VE)

05/24 Clonezilla 2.1.2-7

05/24 Deepin 12.12-rc

05/23 SuperX 2.0

 05/24 phpMyAdmin 4.0.2
phpMyAdmin: a tool written in PHP intended to handle the administration of MySQL over the web…
05/24 linux 3.9.4
Linux kernel: a UNIX clone written from scratch by Linus Torvalds…
05/23 synaptic 0.80.1
Synaptic: a graphical front-end for APT…
05/23 NVIDIA 319.23
NVIDIA: a proprietary display driver for Linux, FreeBSD and Solaris…
05/23 lftp 4.4.7
LFTP: a sophisticated FTP/HTTP client, file transfer program…
05/21 MesaLib 9.1.3
MesaLib: a 3D graphics library…
05/21 blender 2.67a
Blender: a very fast and versatile 3D modeller and renderer…
Malware Domain List
yougube.com (2013/05/20_18:00)
Host: yougube.com, IP address: 199.223.209.169, ASN: 25847, Country: US, Description: Redirects to Rogue.FakeFlashPlayer…

youtuhe.com (2013/05/20_18:00)
Host: youtuhe.com, IP address: 174.140.17.100, ASN: 32311, Country: US, Description: Redirects to Rogue.FakeFlashPlayer…

flashplayerupdate.trusted-downloads.org (2013/05/20_18:00)
Host: flashplayerupdate.trusted-downloads.org/33/, IP address: 199.223.209.169, ASN: 25847, Country: US, Description: Rogue.FakeFlashPlayer…

dls.nicdls.com (2013/05/20_18:00)
Host: dls.nicdls.com/p/157/FlashPlayer/415/526, IP address: 37.59.180.17, ASN: 16276, Country: FR, Description: Rogue.FakeFlashPlayer…

youtibe.com (2013/05/20_20:35)
Host: youtibe.com, IP address: 173.193.106.10, ASN: 36351, Country: US, Description: Redirects to Rogue.FakeFlashPlayer…

103.4.218.22:8080 (2013/05/12_14:55)
Host: -, IP address: 103.4.218.22:8080//get/e3943d7369aa6add911aca18b3a507f4.exe, ASN: 131472, Country: TH, Description: Trojan.FakeAlert…

180.235.132.29:8080 (2013/05/12_14:55)
Host: -, IP address: 180.235.132.29:8080//get/e3943d7369aa6add911aca18b3a507f4.exe, ASN: 55639, Country: HK, Description: Trojan.FakeAlert…

208.88.5.229:8080 (2013/05/12_14:55)
Host: -, IP address: 208.88.5.229:8080//get/e3943d7369aa6add911aca18b3a507f4.exe, ASN: 36218, Country: CA, Description: Trojan.FakeAlert…

217.8.253.250:8080 (2013/05/12_14:55)
Host: -, IP address: 217.8.253.250:8080//get/e3943d7369aa6add911aca18b3a507f4.exe, ASN: 20738, Country: GB, Description: Trojan.FakeAlert…

© 2013 Procyon Labs / Randal T. Rioux

- advertisement -