PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Lazy Coordinated Attacks Against Old Vulnerabilities, (Fri, May 22nd)
Typically we try to device attackers into different groups, all the way from Script Kiddies (no resources, no skills, quite a bit of time/persistance) to more a…

ISC StormCast for Friday, May 22nd 2015 http://isc.sans.edu/podcastdetail.html?id=4495, (Fri, May 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Exploit kits delivering Necurs, (Thu, May 21st)
Introduction In the past few days, weve seenNuclear and Anglerexploit kits (EKs) deliveringmalware identified as Necurs. It certainly isntthe only payload se…

ISC StormCast for Thursday, May 21st 2015 http://isc.sans.edu/podcastdetail.html?id=4493, (Thu, May 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS, (Wed, May 20th)
Theres a new vulnerability in town... The new bug, dubbed LogJam, is a cousin of Freak. But its in the basic design of TLS itself, meaning all Web browsers, and…

ISC StormCast for Wednesday, May 20th 2015 http://isc.sans.edu/podcastdetail.html?id=4491, (Wed, May 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
HostBox SSH 0.3
HostBox SSH is a python script will scan servers and routers for insecure SSH configurations.

FTP-Map 0.5
Ftpmap scans remote FTP servers to identify what software and what versions they are running. It uses program-specific fingerprints to discover the name of the software even w…

Wireshark Analyzer 1.12.5
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

Netsniff-NG High Performance Sniffer 0.5.9
netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not nee…

Capstone 3.0.3
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on di…

DAVOSET 1.2.4
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Faraday 1.0.10
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

Suricata IDPE 2.0.8
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

TOR Virtual Network Tunneling Tool 0.2.6.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…


SecurityFocus
General Security Vulnerabilities
Vuln: Drupal Views Module Access Bypass Vulnerability
Drupal Views Module Access Bypass Vulnerability…

Vuln: ownCloud CVE-2015-3013 Security Bypass Vulnerability
ownCloud CVE-2015-3013 Security Bypass Vulnerability…

Vuln: Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability
Oracle Java SE CVE-2014-6593 Remote Java SE, Java SE Embedded, JRockit Vulnerability…

Vuln: Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
Oracle Java SE CVE-2015-0469 Remote Security Vulnerability…

Bugtraq: [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability
[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability…

Bugtraq: [SECURITY] [DSA 3270-1] postgresql-9.4 security update
[SECURITY] [DSA 3270-1] postgresql-9.4 security update…

Bugtraq: [SECURITY] [DSA 3268-1] ntfs-3g security update
[SECURITY] [DSA 3268-1] ntfs-3g security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Default Password (password) for 'emcupdate' Account
Synopsis : The remote EMC PowerPath virtual appliance can be accessed with a built-in account. Description :…

Cisco ANI Configuration Overwrite DoS (CSCup62167)
Synopsis : The remote device is affected by an denial of service vulnerability. Description : The remote Ci…

ESXi 5.5 < Build 1623387 Multiple Vulnerabilities (remote check)
Synopsis : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. Description : The remot…

Ubuntu 14.04 / 14.10 / 15.04 : python-dbusmock vulnerability (USN-2618-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing one or more security-relate…

Ubuntu 12.04 LTS / 14.04 / 14.10 / 15.04 : fuse vulnerability (USN-2617-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:1022-1: Red Hat Certificate System with Advanced Access enhancement and bug fix update
Red Hat Enterprise Linux: Red Hat Certificate System 8.1 Advanced Access is now available. This update to Re…

RHBA-2015:1018-1: lvm2 bug fix update
Red Hat Enterprise Linux: Updated lvm2 packages that fix one bug are now available for Red Hat Enterprise Lin…

RHBA-2015:1019-1: fence-agents bug fix update
Red Hat Enterprise Linux: Updated fence-agents packages that fix one bug are now available for Red Hat Enterp…

RHSA-2015:1020-1: Critical: java-1.7.1-ibm security update
Red Hat Enterprise Linux: Updated java-1.7.1-ibm packages that fix several security issues are now available…

RHSA-2015:1021-1: Important: java-1.5.0-ibm security update
Red Hat Enterprise Linux: Updated java-1.5.0-ibm packages that fix several security issues are now available…

RHBA-2015:1016-1: bind bug fix update
Red Hat Enterprise Linux: Updated bind packages that fix one bug are now available for Red Hat Enterprise Lin…

Microsoft
Security Advisories
3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published.Summary: Microsoft is announcing the availability of an…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 40.0
Revision Note: V40.0 (May 12, 2015): Added the 3061904 update to the Current Update section.Summary: Microsoft…

3062591 - Local Administrator Password Solution (LAPS) Now Available - Version: 1.0
Revision Note: V1.0 (May 1, 2015): V1.0 (May 1, 2015): Advisory published.Summary: Microsoft is offering the L…

3045755 - Update to Improve PKU2U Authentication - Version: 1.0
Revision Note: V1.0 (April 14, 2015): Advisory published.Summary: Microsoft is announcing the availability of…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 3.0
Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314…

Cisco
Security Advisories
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Row Hammer Privilege Escalation Vulnerability
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3)…

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authentic…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco IOS Software RSVP Vulnerability
A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Ci…

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software c…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
sei.com.pe (2015/05/12_07:06)
Host: sei.com.pe/Rdxn6uoPA/, IP address: 209.45.69.120, ASN: 3132, Country: PE, Description: trojan…

blog.kosai-city.net (2015/05/12_10:05)
Host: blog.kosai-city.net/6P49biqUvAYrl1/, IP address: 153.122.74.40, ASN: 18068, Country: JP, Description: trojan…

executivecoaching.co.il (2015/05/12_19:41)
Host: executivecoaching.co.il/IsKgVrtvQ/, IP address: 109.226.10.37, ASN: 50463, Country: IL, Description: trojan…

sgs.us.com (2015/05/11_09:30)
Host: sgs.us.com/sU3P6pqaWwkJ/, IP address: 23.253.130.80, ASN: 27357, Country: US, Description: trojan…

www.motivacionyrelajacion.com (2015/05/11_10:05)
Host: www.motivacionyrelajacion.com/Z0H24k7E6A/, IP address: 50.62.31.207, ASN: 26496, Country: US, Description: trojan…

brownblogs.org (2015/04/28_14:15)
Host: brownblogs.org/Document-4.zip, IP address: 216.158.67.76, ASN: 18450, Country: US, Description: trojan…

www.thesparkmachine.com (2015/04/24_19:11)
Host: www.thesparkmachine.com/Antivirus.zip, IP address: 208.113.197.192, ASN: 26347, Country: US, Description: FakeAV…

gurde.tourstogo.us (2015/04/22_15:17)
Host: gurde.tourstogo.us/leefoohopt/ezussoadyz/utufegheer/files/GO49776M.vbs, IP address: 176.31.28.226, ASN: 16276, Country: FR, Description: VBS.Trojan.Downloader…

185.91.175.183 (2015/04/22_15:17)
Host: -, IP address: 185.91.175.183/sas/evzxce.exe, ASN: 42632, Country: RU, Description: Trojan.Backdoor…


© 2001-2015 Procyon Labs / Randal T. Rioux