PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Critical Cisco ASA IKEv2/v2 Vulnerability. Active Scanning Detected, (Wed, Feb 10th)
Cisco released an advisory revealing a critical vulnerability in Ciscos ASA software. Devices are vulnerable if they are configured to terminate IKEv1 or IKEv2…

ISC Stormcast For Thursday, February 11th 2016 http://isc.sans.edu/podcastdetail.html?id=4863, (Thu, Feb 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Tomcat IR with XOR.DDoS, (Thu, Feb 11th)
Apache Tomcat is a java based web service that is used for different applications. While you may have it running in your environment, you may not be familiar wi…

Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor, (Wed, Feb 10th)
I am currently working on an easy way to turn a Raspberry Pi into a DShield sensor. If you would like to, you can try the current beta version of the software.

ISC Stormcast For Wednesday, February 10th 2016 http://isc.sans.edu/podcastdetail.html?id=4861, (Wed, Feb 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Adobe Patch Tuesday - February 2016, (Tue, Feb 9th)
APSB16-03: Adobe Photoshop CC and Bridge CC 3 critical vulnerabilities that could lead to code execution with a priority rating of 3 (low): CVE-2016-0951, CV…

Packet Storm
Latest Security Tool Files
360-FAAR Firewall Analysis Audit And Repair 0.5.6
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

IPSet Bash Completion 2.7
ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete op…

ArpON Arp Handler Inspection 3.0
ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspe…

IPTables Bash Completion 1.4
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only i…

360-FAAR Firewall Analysis Audit And Repair 0.5.5
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

I2P 0.9.24
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

360-FAAR Firewall Analysis Audit And Repair 0.5.4
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

VBScan Vulnerability Scanner 0.1.4
VBScan is a black box vBulletin vulnerability scanner written in perl.

Suricata IDPE 3.0
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…


SecurityFocus
General Security Vulnerabilities
Vuln: JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability
JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability…

Vuln: Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
Oracle Java SE CVE-2015-2625 Remote Security Vulnerability…

Vuln: Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability…

Vuln: Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability
Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability…

Bugtraq: Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability
Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability…

Bugtraq: Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox…

Bugtraq: Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Google Chrome < 48.0.2564.109 Multiple Vulnerabilities (Mac OS X)
Synopsis : The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities. Des…

Google Chrome < 48.0.2564.109 Multiple Vulnerabilities
Synopsis : The remote Windows host contains a web browser that is affected by multiple vulnerabilities. Desc…

PHP 7.x < 7.0.2 Multiple Vulnerabilities
Synopsis : The remote web server uses a version of PHP that is affected by multiple vulnerabilities. Descrip…

PHP prior to 5.5.x < 5.5.31 / 5.6.x < 5.6.17 Multiple Vulnerabilities
Synopsis : The remote web server uses a version of PHP that is affected by multiple vulnerabilities. Descrip…

Ubuntu 14.04 / 15.10 : nginx vulnerabilities (USN-2892-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing one or more security-relate…

Sourcefire
Vulnerability Research Team
Bedep Lurking in Angler's Shadows
This post is authored by Nick Biasini. In October 2015, Talos released our detailed investigation of the Angle…

Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabili…

The Internet of Things Is Not Always So Comforting
This post is authored by Alex Chiu. Over the past few years, the Internet of Things (IoT) has emerged as reali…

Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities
Vulnerabilities Discovered by Yves Younan of Cisco Talos.Talos is releasing an advisory for four vulnerabiliti…

Bypassing MiniUPnP Stack Smashing Protection
This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson SchultzSummaryMiniUPnP is commonly use…

RHEL
Red Hat Errata
RHBA-2016:0160-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat Enterprise L…

RHEA-2016:0162-1: coreutils Shift_JIS enhancement update
Red Hat Enterprise Linux: Updated coreutils Shift_JIS packages that add one enhancement are now available for…

RHEA-2016:0163-1: ksh Shift_JIS enhancement update
Red Hat Enterprise Linux: Updated ksh Shift_JIS packages that add one enhancement are now available for Red H…

RHSA-2016:0157-1: Moderate: python-django security update
Red Hat Enterprise Linux: Updated python-django packages that fix one security issue are now available for Re…

RHSA-2016:0158-1: Moderate: python-django security update
Red Hat Enterprise Linux: Updated python-django packages that fix one security issue are now available for Re…

RHSA-2016:0166-1: Critical: flash-plugin security update
Red Hat Enterprise Linux: An updated Adobe Flash Player package that fixes multiple security issues is now av…

Microsoft
Security Advisories
3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NE…

2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enabl…

3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is releasing a new set of Active…

3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing a policy change to…

3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing the availability o…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
vrot.stervapoimenialena.info (2016/02/11_09:36)
Host: vrot.stervapoimenialena.info/megaadvertize/?keyword=18437f616abd9e3a755c36507bd79b3, IP address: 178.62.65.99, ASN: 202109, Country: EU, Description: leads to exploit kit…

www.pieiron.co.uk (2016/02/01_13:14)
Host: www.pieiron.co.uk/, IP address: 146.185.29.100, ASN: 29302, Country: GB, Description: compromised site leads to EK…

dilas.edarbipatients.com (2016/02/01_15:17)
Host: dilas.edarbipatients.com/wp/linkimg/getImage.asp, IP address: 89.40.181.60, ASN: 9009, Country: RO, Description: leads to exploit kit…

kolman.flatitleandescrow.com (2016/02/01_15:17)
Host: kolman.flatitleandescrow.com/wp-contents/scripts/tools.js?link=aHR0cDovL3d3dy5zZW1hbmEuZXMv, IP address: 82.146.36.115, ASN: 29182, Country: RU, Description: leads to exploit kit…

sicuxp.sinerjimspor.com (2016/01/29_07:39)
Host: sicuxp.sinerjimspor.com/servicelogin/accedi.php, IP address: 213.138.109.61, ASN: 35425, Country: GB, Description: Banking phishing…

deleondeos.com (2016/01/29_07:39)
Host: deleondeos.com/img/script.php?tup1.jpg, IP address: 95.105.27.11, ASN: 24955, Country: RU, Description: trojan…

deleondeos.com (2016/01/29_07:39)
Host: deleondeos.com/img/script.php?tup2.jpg, IP address: 176.106.31.227, ASN: 52043, Country: RU, Description: trojan…

deleondeos.com (2016/01/29_07:39)
Host: deleondeos.com/img/script.php?tup3.jpg, IP address: 176.104.18.152, ASN: 41435, Country: UA, Description: trojan…

wonchangvacuum.com.my (2016/01/27_11:21)
Host: wonchangvacuum.com.my/libraries/pear/mandate.htm, IP address: 103.6.196.156, ASN: 46015, Country: MY, Description: Phishing…


© 2001-2015 Procyon Labs / Randal T. Rioux