PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Tuesday, September 1st 2015 http://isc.sans.edu/podcastdetail.html?id=4637, (Tue, Sep 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Encryption of "data at rest" in servers, (Tue, Sep 1st)
Over in the SANS ISC discussion forum, a couple of readers have started a good discussion https://isc.sans.edu/forums/Encryption+at+rest+what+am+I+missing/959 a…

Gift card from Marriott?, (Tue, Sep 1st)
Always nice when the spammers are so forthcoming to send their latest crud directly to our SANS ISC honeypot account. The current incarnation Subject: Re: Yo…

Detecting file changes on Microsoft systems with FCIV, (Mon, Aug 31st)
Microsoft releases often interesting tools to help systemadministratorsand incident handlers to investigate suspicious activities on Windows systems. In 2012, t…

ISC StormCast for Monday, August 31st 2015 http://isc.sans.edu/podcastdetail.html?id=4635, (Mon, Aug 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Automating Metrics using RTIR REST API, (Sat, Aug 29th)
Metrics are an important part of incident response. You should know your average time to detect compromised systems and how successful phishing campaigns are ag…

Packet Storm
Latest Security Tool Files
Fwknop Port Knocking Utility 2.6.7
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilt…

OpenSSH 7.1p1
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all…

Faraday 1.0.13
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, index…

oclHashcat For NVidia 1.37
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

oclHashcat for AMD 1.37
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

Viproy VoIP Penetration / Exploitation Kit 2.99.1
Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in…

Wireshark Analyzer 1.12.7
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

NetRipper Smart Traffic Sniffer
NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privil…

OpenSSH 7.0p1
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all…


SecurityFocus
General Security Vulnerabilities
Vuln: SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness…

Vuln: Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability
Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability…

Vuln: Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability
Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability…

Vuln: Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities
Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities…

Bugtraq: [security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information
[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information…

Bugtraq: [security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information
[security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information…

Bugtraq: [SECURITY] [DSA 3346-1] drupal7 security update
[SECURITY] [DSA 3346-1] drupal7 security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
IBM Storwize V7000 Unified ACL Security Bypass
Synopsis : The remote host is affected by an ACL security bypass vulnerability. Description : The remote IB…

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : A flaw w…

RHEL 7 : kernel-rt (RHSA-2015:1565)
Synopsis : The remote Red Hat host is missing one or more security updates. Description : Updated kernel-rt…

RHEL 7 : qpid-cpp (RHSA-2015:0660)
Synopsis : The remote Red Hat host is missing one or more security updates. Description : Updated qpid-cpp…

openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)
Synopsis : The remote openSUSE host is missing a security update. Description : This update to Thunderbird…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:1698-1: pacemaker bug fix update
Red Hat Enterprise Linux: Updated pacemaker packages that fix one bug are now available for Red Hat Enterpris…

RHSA-2015:1694-1: Moderate: gdk-pixbuf2 security update
Red Hat Enterprise Linux: Updated gdk-pixbuf2 packages that fix one security issue are now available for Red…

RHSA-2015:1695-1: Important: jakarta-taglibs-standard security update
Red Hat Enterprise Linux: Updated jakarta-taglibs-standard packages that fix one security issue are now avail…

RHSA-2015:1697-2: Low: Red Hat Storage 2.1 - 60 Day Retirement Notice
This is the 60-day notification for the retirement of Red Hat Storage 2.1.

RHBA-2015:1689-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix several bugs are now available for Red Hat Enterpr…

RHBA-2015:1690-1: kross-interpreters bug fix update
Red Hat Enterprise Linux: Updated kross-interpreters packages that fix one bug are now available for Red Hat…

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 46.0
Revision Note: V46.0 (August 11, 2015): Added the 3087916 update to the Current Update section.Summary: Micros…

3057154 - Update to Harden Use of DES Encryption - Version: 1.0
Revision Note: V1.0 (July 14, 2015): Summary: Microsoft is announcing the availability of an update to harden…

3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege - Version: 1.0
Severity Rating: ImportantRevision Note: V1.0 (July 14, 2015): Advisory publishedSummary: Microsoft is releasi…

2962393 - Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client - Version: 2.0
Revision Note: V2.0 (June 9, 2015): Added the 3062760 update to the Juniper VPN Client Update section.Summary:…

3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published.Summary: Microsoft is announcing the availability of an…

Cisco
Security Advisories
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applicat…

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) p…

Row Hammer Privilege Escalation Vulnerability
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3)…

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
plcture-store.com (2015/08/27_19:10)
Host: plcture-store.com/JPG_095927, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/JPG_092027, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/JPG_13322, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/jpg_133226, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/JPG_133226, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/jpg_195726, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/JPG_195726, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/jpg_21122, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…

plcture-store.com (2015/08/27_19:36)
Host: plcture-store.com/jpg_211224, IP address: 37.140.192.241, ASN: 197695, Country: RU, Description: Trojan.Backdoor…


© 2001-2015 Procyon Labs / Randal T. Rioux