PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Thursday, September 18th 2014 http://isc.sans.edu/podcastdetail.html?id=4153, (Thu, Sep 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

IOS8 is out - IOS 8 has arrived and with it the numerous devices that will be updating over the next few days or so your internet connection will be busy. , (Thu, Sep 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Your online background check is now public!, (Wed, Sep 17th)
An email titled "Your online background check is now public" might be half-scary if it was sent to a real person. But if it is a bunch of honeypot email address…

ISC StormCast for Wednesday, September 17th 2014 http://isc.sans.edu/podcastdetail.html?id=4151, (Wed, Sep 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

FreeBSD Denial of Service advisory (CVE-2004-0230), (Tue, Sep 16th)
A vulnerability has been discovered by Johnathan Looney at the Juniper SIRT in FreeBSD (base for Junos and many other products) in th…

New version of Wireshark is available --> https://www.wireshark.org/news/20140916.html, (Tue, Sep 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
DAWIN - Distributed Audit & WIreless Intrusion Notification
DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can ea…

Project Kakilles 0.3
Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.

Maligno 1.3
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS…

PoisonShell PHP Backdoor
PoisonShell is a simple PHP shell that has several options.

Packet Fence 4.4.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Lynis Auditing Tool 1.6.1
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Codetective 0.8
Codetective is an analysis tool to determine the crypto/encoding algorithm used according to traces of its representation. It can be used as a standalone version or as a volat…

wtmpclean 0.8.1
wtmpClean is a tool for Unix which clears a given user from the wtmp database.

Paranoic Scan 1.7
Paranoic is a simple vulnerability scanner written in Perl.


SecurityFocus
General Security Vulnerabilities
Vuln: ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability…

Vuln: ISC BIND NSEC3 Signed Zones Queries Handling Remote Denial of Service Vulnerability
ISC BIND NSEC3 Signed Zones Queries Handling Remote Denial of Service Vulnerability…

Vuln: ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
ISC BIND 9 'libdns' Remote Denial of Service Vulnerability…

Vuln: GNU Automake Local Arbitrary Code Execution Vulnerability
GNU Automake Local Arbitrary Code Execution Vulnerability…

Bugtraq: APPLE-SA-2014-09-17-2 Apple TV 7
APPLE-SA-2014-09-17-2 Apple TV 7…

Bugtraq: APPLE-SA-2014-09-17-1 iOS 8
APPLE-SA-2014-09-17-1 iOS 8…

Bugtraq: Reflected Cross-Site Scripting (XSS) in MODX Revolution
Reflected Cross-Site Scripting (XSS) in MODX Revolution…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Wireshark 1.12.x < 1.12.1 Multiple DoS Vulnerabilities
Synopsis : The remote Windows host contains an application that is affected by multiple denial of service vul…

Wireshark 1.10.x < 1.10.10 Multiple DoS Vulnerabilities
Synopsis : The remote Windows host contains an application that is affected by multiple denial of service vul…

HP Network Node Manager I Remote Code Execution (HPSBMU03075)
Synopsis : The remote host is potentially affected by a remote code execution vulnerability. Description :…

Cisco IOS XR NetFlow and Network Processor (NP) Chip DoS (Typhoon-based Line Cards)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The remote Cisco de…

VMware Security Updates for vCenter Server (VMSA-2014-0008)
Synopsis : The remote host has a virtualization management application installed that is affected by multiple…

Sourcefire
Vulnerability Research Team
Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there…

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

The Windows 8.1 Kernel Patch Protection
In the last 3 months we have seen a lot of machines compromised by Uroburos (a kernel-mode rootkit that spread…

RHEL
Red Hat Errata
RHBA-2014:1257-1: NetworkManager bug fix update
Red Hat Enterprise Linux: Updated NetworkManager packages that fix one bug are now available for Red Hat Ente…

RHBA-2014:1258-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2014:1254-1: firefox bug fix and enhancement update
Red Hat Enterprise Linux: Updated firefox packages that fix several bugs and add various enhancements are now…

RHSA-2014:1255-1: Moderate: krb5 security update
Red Hat Enterprise Linux: Updated krb5 packages that fix one security issue are now available for Red Hat Ent…

RHBA-2014:1195-1: system-config-network bug fix update
Red Hat Enterprise Linux: Updated system-config-network packages that fix numerous bugs are now available for…

RHBA-2014:1196-1: Red Hat Enterprise Linux 5 kernel update
Red Hat Enterprise Linux: Updated kernel packages that fix several bugs, and add various enhancements are now…

Microsoft
Security Advisories
2905247 - Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege - Version: 2.0
Revision Note: V2.0 (September 9, 2014): Advisory rereleased to announce the offering of the security update v…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 28.0
Revision Note: V28.0 (September 9, 2014): Added the 2987114 update to the Current Update section.Summary: Micr…

2871997 - Update to Improve Credentials Protection and Management - Version: 3.0
Revision Note: V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to prov…

2915720 - Changes in Windows Authenticode Signature Verification - Version: 1.4
Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce th…

2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for suppo…

Cisco
Security Advisories
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing…

Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated acc…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

Cisco Wide Area Application Services Remote Code Execution Vulnerability
A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when co…

Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated…

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an…

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Softwar…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
qwe.affairedhonneur.us (2014/09/17_10:11)
Host: qwe.affairedhonneur.us/depqfie59y, IP address: 192.99.197.131, ASN: 16276, Country: CA, Description: exploit kit…

asd.vicentelopez.us (2014/09/17_10:11)
Host: asd.vicentelopez.us/vbign3s2pe, IP address: 192.99.197.133, ASN: 16276, Country: CA, Description: exploit kit…

borneo.aqq79.com (2014/09/17_10:11)
Host: borneo.aqq79.com/wbxx3.html, IP address: 217.23.5.88, ASN: 49981, Country: NL, Description: frame leads to exploit kit…

optilogus.com (2014/09/16_09:59)
Host: optilogus.com/twmfizdfmu/lteqwxftti.html, IP address: 192.185.17.123, ASN: 20013, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…

flashsavant.com (2014/09/16_09:59)
Host: flashsavant.com/cqavunntfg/kuldytebws.html, IP address: 74.91.152.2, ASN: 32392, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…

becomedebtfree.com.au (2014/09/16_09:59)
Host: becomedebtfree.com.au/ttlnlmwbox/ctinpfgeob.html, IP address: 198.57.194.65, ASN: 46606, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…

petitepanda.net (2014/09/16_09:59)
Host: petitepanda.net/emailmmkt/Invoice18642.zip, IP address: 181.224.137.18, ASN: 32475, Country: PA, Description: Compromised site (Sage malspam campaign), Trojan.Upatre…

vicklovesmila.com (2014/09/16_09:59)
Host: vicklovesmila.com/tpfkmryrfl/jjbyrihwib.js, IP address: 184.154.113.179, ASN: 32475, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…

coursstagephoto.com (2014/09/16_09:59)
Host: coursstagephoto.com/hmgjmyuliz/tbjzpxgspx.js, IP address: 69.90.160.65, ASN: 13768, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…


© 2014 Procyon Labs / Randal T. Rioux