PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Syrian Electronic Army attack leads to malvertising, (Thu, Nov 27th)
A number of online services were impacted by what has been referred to by multiple sources as a redirection attack by Syrian Electronic Army (SEA) emanating fro…

ISC StormCast for Wednesday, November 26th 2014 http://isc.sans.edu/podcastdetail.html?id=4253, (Wed, Nov 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Less is, umm, less?, (Tue, Nov 25th)
Following vulnerabilities discovered in tools many Linux and Information Security enthusiasts use such as the strings command and the bash shell, a new series o…

Security update for Adobe Flash player, (Tue, Nov 25th)
Adobe has released an out of band security update for the Adobe Flash player. This is an additional update for CVE-2014-8439. Everyone either update or double c…

Guest diary: Detecting Suspicious Devices On-The-Fly, (Tue, Nov 25th)
If you apply classic hardening rules (keep the patch level, use an AV, enable the firewall and use them with due diligence), modern operating systems are more a…

ISC StormCast for Tuesday, November 25th 2014 http://isc.sans.edu/podcastdetail.html?id=4251, (Tue, Nov 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
AIEngine 1.0
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

Maligno 1.4
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS…

Clam AntiVirus Toolkit 0.98.5
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

Capstone 3.0
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on di…

DAVOSET 1.2.3
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Fwknop Port Knocking Utility 2.6.4
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilt…

Packet Fence 4.5.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Advertisement: SolarWinds Log & Event Manager
Need root-cause analysis, log management, and compliance monitoring? SolarWinds(r) LEM is smart security for any IT pro. Download a free trial…

Hesperbot Detection Scanner 1.0
Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software f…


SecurityFocus
General Security Vulnerabilities
Vuln: PHP 'donote()' Function Out-of-Bounds Read Vulnerability
PHP 'donote()' Function Out-of-Bounds Read Vulnerability…

Vuln: CBN CH6640E and CG6640E Wireless Gateway Series Multiple Security Vulnerabilities
CBN CH6640E and CG6640E Wireless Gateway Series Multiple Security Vulnerabilities…

Vuln: OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability…

Vuln: WordPress Wordfence Firewall Plugin 'wp-admin/admin.php' Cross Site Scripting Vulnerability
WordPress Wordfence Firewall Plugin 'wp-admin/admin.php' Cross Site Scripting Vulnerability…

Bugtraq: [ MDVSA-2014:237 ] perl-Mojolicious
[ MDVSA-2014:237 ] perl-Mojolicious…

Bugtraq: [ MDVSA-2014:236 ] file
[ MDVSA-2014:236 ] file…

Bugtraq: [ MDVSA-2014:235 ] perl-Plack
[ MDVSA-2014:235 ] perl-Plack…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
phpMyAdmin 4.0.x < 4.0.10.6 / 4.1.x < 4.1.14.7 / 4.2.x < 4.2.12 Multiple Vulnerabilities (PMASA-2014-13 - PMASA-2014-16)
Synopsis : The remote web server hosts a PHP application that is affected by multiple vulnerabilities. Descr…

Ubuntu 12.04 LTS / 14.04 / 14.10 : clamav vulnerabilities (USN-2423-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

RHEL 5 / 6 : flash-plugin (RHSA-2014:1915)
Synopsis : The remote Red Hat host is missing a security update. Description : An updated Adobe Flash Playe…

RHEL 7 : ruby (RHSA-2014:1912)
Synopsis : The remote Red Hat host is missing one or more security updates. Description : Updated ruby pack…

RHEL 6 : ruby (RHSA-2014:1911)
Synopsis : The remote Red Hat host is missing one or more security updates. Description : Updated ruby pack…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHEA-2014:1916-1: sed Shift_JIS enhancement update
Red Hat Enterprise Linux: Updated sed Shift_JIS packages that add one enhancement are now available for Red H…

RHBA-2014:1907-1: selinux-policy bug fix update
Red Hat Enterprise Linux: Updated selinux-policy packages that fix one bug are now available for Red Hat Ente…

RHBA-2014:1908-1: lvm2 bug fix update
Red Hat Enterprise Linux: Updated lvm2 packages that fix one bug are now available for Red Hat Enterprise Lin…

RHBA-2014:1909-1: lvm2 bug fix update
Red Hat Enterprise Linux: Updated lvm2 packages that fix one bug are now available for Red Hat Enterprise Lin…

RHEA-2014:1910-1: JON Agent RPM update for JON 3.3
Red Hat Enterprise Linux: package updates: JBoss Operations Network 3.3 jboss-on-agent…

RHSA-2014:1911-1: Moderate: ruby security update
Red Hat Enterprise Linux: Updated ruby packages that fix two security issues are now available for Red Hat En…

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 32.0
Revision Note: V32.0 (November 25, 2014): Added the 3018943 update to the Current Update section.Summary: Micr…

3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 2.0
Revision Note: V2.0 (November 11, 2014): Advisory updated to reflect publication of security bulletin.Summary:…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.0
Revision Note: V2.0 (October 29, 2014): Revised advisory to announce the deprecation of SSL 3.0, to clarify th…

2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. M…

2977292 - Update for Microsoft EAP Implementation that Enables the Use of TLS - Version: 1.0
Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability o…

Cisco
Security Advisories
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

GNU Bash Environment Variable Command Injection Vulnerability
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related…

Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA…

TCP Vulnerabilities in Multiple Non-IOS Cisco Products
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an ex…

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) prot…

Apache HTTPd Range Header Denial of Service Vulnerability
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping range…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
www.uscomphelp.com (2014/11/27_18:24)
Host: www.uscomphelp.com/zeus/, IP address: 162.144.88.48, ASN: 46606, Country: US, Description: Browlock.FakeInfection…

ytzi.co (2014/11/27_18:24)
Host: ytzi.co/main/go.php?c=877&l=3818&subid=1111222923-a45b28aef26bd12e632d2b58289b9d6c, IP address: 54.213.113.44, ASN: 16509, Country: US, Description: Browlock.FakeInfection…

customerservice-247.net (2014/11/27_18:24)
Host: customerservice-247.net/index.html, IP address: 192.254.187.133, ASN: 46606, Country: US, Description: Browlock.FakeInfection…

systemscheckusa.com (2014/11/27_18:24)
Host: systemscheckusa.com/, IP address: 208.94.229.238, ASN: 19710, Country: US, Description: Browlock.FakeInfection…

www.email-login-support.com (2014/11/27_18:24)
Host: www.email-login-support.com/index-10.html, IP address: 192.186.249.4, ASN: 26496, Country: US, Description: Browlock.FakeInfection…

www.dream-squad.com (2014/11/27_18:24)
Host: www.dream-squad.com/9/campaign1421?s1=09_rr_ppc&s2=uspop&s3=bravotube.net&s4=PU_43550, IP address: 80.75.66.98, ASN: 20860, Country: GB, Description: Browlock.FakeInfection…

security-alert.internetsecurityinfo.com (2014/11/27_18:24)
Host: security-alert.internetsecurityinfo.com/, IP address: 67.135.105.218, ASN: 209, Country: US, Description: Browlock.FakeInfection…

97b1c56132dfcdd90f93-0c5c8388c0a5897e648f883e2c86dc72.r54.cf5.rackcdn.com (2014/11/27_18:24)
Host: 97b1c56132dfcdd90f93-0c5c8388c0a5897e648f883e2c86dc72.r54.cf5.rackcdn.com/, IP address: 67.135.105.184, ASN: 209, Country: US, Description: Browlock.FakeInfection…

immediateresponseforcomputer.com (2014/11/27_18:24)
Host: immediateresponseforcomputer.com/index112.htm, IP address: 23.229.170.164, ASN: 26496, Country: US, Description: Browlock.FakeInfection…


© 2014 Procyon Labs / Randal T. Rioux