PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Monday, July 28th 2014 http://isc.sans.edu/podcastdetail.html?id=4079, (Mon, Jul 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Management and Control of Mobile Device Security, (Mon, Jul 28th)
When we talk about mobile devices, all boundaries are gone. Depending where you work, it is likely that your mobile device (phone or tablet) has access to all t…

"Internet scanning project" scans, (Sat, Jul 26th)
A reader, Greg, wrote in with a query on another internet scanning project. He checked out the IP address and it lead to a web site, www[.]internetscanningproj…

Kali 1.0.8 released with UEFI boot support, more info at http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/, (Fri, Jul 25th)
-- Bojan INFIGO IS (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Friday, July 25th 2014 http://isc.sans.edu/podcastdetail.html?id=4077, (Fri, Jul 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Windows Previous Versions against ransomware, (Thu, Jul 24th)
One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VS…

Packet Storm
Latest Security Tool Files
SILC (Secure Internet Live Conferencing) Client 1.1.11
SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to…

Otori 0.3
This is a Metasploit-style module system specifically for XXE exploit code. This allows a common interface, including the ability to automate downloads of numerous files, or a…

pyClamd 0.3.10
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instea…

Packet Fence 4.3.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Lynis Auditing Tool 1.5.7
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

GNU Privacy Guard 1.4.18
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

AIEngine 0.8
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

XSSYA Cross Site Scripting Scanner
XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls.

SMTPTX 1.0 Beta
SMTPTX is a very simple and basic tool used for sending simple email and to do some basic email testing from a pentester perspective. It is able to send messages without depen…


SecurityFocus
General Security Vulnerabilities
Vuln: RETIRED: Skybox Security Multiple Denial of Service Vulnerabilities
RETIRED: Skybox Security Multiple Denial of Service Vulnerabilities…

Vuln: Skybox Security Multiple Security Vulnerabilities
Skybox Security Multiple Security Vulnerabilities…

Vuln: Oracle Java SE CVE-2014-4252 Remote Security Vulnerability
Oracle Java SE CVE-2014-4252 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2014-4262 Remote Security Vulnerability
Oracle Java SE CVE-2014-4262 Remote Security Vulnerability…

Bugtraq: Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability…

Bugtraq: [SECURITY] [DSA 2991-1] modsecurity-apache security update
[SECURITY] [DSA 2991-1] modsecurity-apache security update…

Bugtraq: [SECURITY] [DSA 2990-1] cups security update
[SECURITY] [DSA 2990-1] cups security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Cisco IOS XR OSPFv3 DoS (CSCuj82176)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : The remote Cisco de…

GLSA-201407-05 : OpenSSL: Multiple vulnerabilities
Synopsis : The remote Gentoo host is missing one or more security-related patches. Description : The remote…

Fedora 20 : thunderbird-24.7.0-1.fc20 (2014-8797)
Synopsis : The remote Fedora host is missing a security update. Description : See https://www.mozilla.org/e…

Fedora 20 : cobbler-2.6.3-1.fc20 (2014-8561)
Synopsis : The remote Fedora host is missing a security update. Description : Update to 2.6.3 for CVE-2014-…

Fedora 19 : cobbler-2.6.3-1.fc19 (2014-8545)
Synopsis : The remote Fedora host is missing a security update. Description : Update to 2.6.3 for CVE-2014-…

Sourcefire
Vulnerability Research Team
Apple ID Harvesting, now this is a good phish.
Phishing isn't new.  "So, why are you writing about it?", you ask.I received this one today and it was ve…

Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer
This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’r…

Threat Spotlight: "A String of Paerls", Part 2, Deep Dive
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Godda…

Exceptional behavior: the Windows 8.1 X64 SEH Implementation
In my last post, you may remember how the latest Uroburos rootkit was able to disarm Patchguard on Windows 7.

Detection for PutterPanda, we got this.
Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military…

RHEL
Red Hat Errata
RHBA-2014:0944-1: rhncfg bug fix update
Red Hat Enterprise Linux: Updated rhncfg packages that fix two bugs are now available for Red Hat Network Too…

RHBA-2014:0945-1: mutt bug fix update
Red Hat Enterprise Linux: Updated mutt packages that fix several bugs are now available for Red Hat Enterpris…

RHBA-2014:0946-1: unzip bug fix update
Red Hat Enterprise Linux: Updated unzip packages that fix one bug are now available for Red Hat Enterprise Li…

RHBA-2014:0947-1: cronie bug fix update
Red Hat Enterprise Linux: Updated cronie packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2014:0948-2: aide bug fix update
Red Hat Enterprise Linux: Updated aide packages that fix two bugs are now available for Red Hat Enterprise Li…

RHSA-2014:0949-1: Important: kernel security update
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue are now available for Red Hat E…

Microsoft
Security Advisories
2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for suppo…

2871997 - Update to Improve Credentials Protection and Management - Version: 2.0
Revision Note: V2.0 (July 8, 2014): Rereleased advisory to announce the release of updates 2973351 and 2919355…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 26.0
Revision Note: V26.0 (July 8, 2014): Added the 2974008 update to the Current Update section.Summary: Microsoft…

2960358 - Update for Disabling RC4 in .NET TLS - Version: 1.2
Revision Note: V1.2 (July 8, 2014): Advisory revised to announce a Microsoft Update Catalog detection change f…

Cisco
Security Advisories
Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Cisco TelePresence TC and TE Software are affected by the following vulnerabilities: Six Session Initiati…

Multiple Vulnerabilities in Cisco TelePresence System MXP Series
Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco Wide Area Application Services Remote Code Execution Vulnerability
A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when co…

Cisco IOS Software IPv6 Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that coul…

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an…

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Softwar…

DistroWatch
Latest Linux/BSD Distribution Releases Latest Linux/BSD Software Releases
07/26 Salix 14.1 "Openbox"

07/25 Sceintific 7.0-beta1

07/25 Bio-Linux 8.0.1-beta

07/25 CoreOS 367.1.0

07/28 samba 4.1.10
Samba: a free software re-implementation of SMB/CIFS networking protocol…
07/27 tar 1.28
GNU Tar: a utility for creating tar archives…
07/24 postgresql 9.3.5
PostgreSQL: a relational database management system…
07/24 php 5.5.15
PHP: a server-side HTML embedded scripting language…
07/23 git 2.0.3
Git: an open source version control system…
07/23 lvm 2.02.108
LVM: the logical volume manager…
07/22 exim 4.83
exim: a mail server…
Malware Domain List
94.249.192.105 (2014/07/28_09:24)
Host: -, IP address: 94.249.192.105/index.html, ASN: 12586, Country: DE, Description: leads to ransom trojan message page…

law-enforcement-ocr.bahosss.ru (2014/07/28_09:24)
Host: law-enforcement-ocr.bahosss.ru/js?t=53616c7465645f5fdc73029d4884acc0f7c68721db05e546f3bd3e721e01b9b76d6dbbcf918d95a3fcf0e861ab541e81968f107a0ae2ab13, IP address: 88.198.252.172, ASN: 24940, Country: DE, Description: ransom trojan message page…

cdn3.andhrabhavan.in:9290 (2014/07/25_08:46)
Host: cdn3.andhrabhavan.in:9290/author/anal.php?website=326, IP address: 94.185.82.217, ASN: 47869, Country: SE, Description: exploit kit…

actcare.com.au (2014/07/25_08:46)
Host: actcare.com.au/2013/c4dcmryp.php?id=2554, IP address: 203.170.81.33, ASN: 38719, Country: AU, Description: leads to exploit kit…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/ng15.exe, ASN: 4134, Country: CN, Description: Win32/Cryptor…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/bet15.exe, ASN: 4134, Country: CN, Description: Win32/Cryptor…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/ng.exe, ASN: 4134, Country: CN, Description: W32/Slenfbot.B.gen!Eldorado…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/beta.exe, ASN: 4134, Country: CN, Description: Trojan.Ageny.ED…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/betr7.exe, ASN: 4134, Country: CN, Description: Win32/Cryptor…


© 2014 Procyon Labs / Randal T. Rioux