PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Friday, August 29th 2014 http://isc.sans.edu/podcastdetail.html?id=4127, (Fri, Aug 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

False Positive or Not? Difficult to Analyze Javascript, (Fri, Aug 29th)
Our reader Travis sent us the following message: We have had 2 users this morning hit a Forbes page: hxxp://www.forbes.com/sites/jimblasingame/2013/05/0…

ISC StormCast for Thursday, August 28th 2014 http://isc.sans.edu/podcastdetail.html?id=4125, (Thu, Aug 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

One More Day of Trolling in POS Memory, (Wed, Aug 27th)
Further to the recent story on Memory Trolling for PCI data, I was able to spend one more day fishing in memory, I dug a bit deeper and come up with more fun Cr…

Microsoft has modified and re-released MS14-045 - http://support.microsoft.com/kb/2993651 / https://technet.microsoft.com/en-us/library/security/ms14-045.aspx, (Wed, Aug 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Wednesday, August 27th 2014 http://isc.sans.edu/podcastdetail.html?id=4123, (Wed, Aug 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Spiped 1.4.0
Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (…

Lynis Auditing Tool 1.6.0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

RedHat Checklist Script
This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was deve…

Nmap Port Scanner 6.47
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassi…

SSDP Amplification Scanner
SSDP amplification scanner written in Python. Makes use of Scapy.

oclHashcat For AMD 1.30
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

oclHashcat For NVidia 1.30
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

Maligno 1.2
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS…

Melkor ELF Fuzzer 1.0
Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), inst…


SecurityFocus
General Security Vulnerabilities
Vuln: Oracle Java SE CVE-2014-4247 Remote Security Vulnerability
Oracle Java SE CVE-2014-4247 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
Oracle Java SE CVE-2014-4263 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2014-4262 Remote Security Vulnerability
Oracle Java SE CVE-2014-4262 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2014-4223 Remote Security Vulnerability
Oracle Java SE CVE-2014-4223 Remote Security Vulnerability…

Bugtraq: Re: SSH host key fingerprint - through HTTPS
Re: SSH host key fingerprint - through HTTPS…

Bugtraq: WWW File Share Pro v7.0 - Denial of Service Vulnerability
WWW File Share Pro v7.0 - Denial of Service Vulnerability…

Bugtraq: Avira License Application - Cross Site Request Forgery Vulnerability
Avira License Application - Cross Site Request Forgery Vulnerability…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Solaris 10 (sparc) : 138195-04
Synopsis : The remote host is missing Sun Security Patch number 138195-04 Description : Service Tags 1.0: p…

Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : An off-b…

RHEL 5 / 6 / 7 : glibc (RHSA-2014:1110)
Synopsis : The remote Red Hat host is missing one or more security updates. Description : Updated glibc pac…

Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)
Synopsis : The remote Oracle Linux host is missing one or more security updates. Description : From Red Hat…

GLSA-201408-18 : NRPE: Multiple Vulnerabilities
Synopsis : The remote Gentoo host is missing one or more security-related patches. Description : The remote…

Sourcefire
Vulnerability Research Team
Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

The Windows 8.1 Kernel Patch Protection
In the last 3 months we have seen a lot of machines compromised by Uroburos (a kernel-mode rootkit that spread…

Microsoft Update Tuesday August 2014: Media Center and Internet Explorer
Another Update Tuesday has arrived, this time bringing us a total of nine bulletins covering a total of 37 CVE…

Apple ID Harvesting, now this is a good phish.
Phishing isn't new.  "So, why are you writing about it?", you ask.I received this one today and it was ve…

Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer
This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’r…

RHEL
Red Hat Errata
RHBA-2014:1112-1: libvirt bug fix update
Red Hat Enterprise Linux: Updated libvirt packages that fix one bug are now available for Red Hat Enterprise…

RHEA-2014:1111-1: new packages: kmod-rtsx_pci, kmod-rtsx_pci_ms, kmod-rtsx_pci_sdmmc
Red Hat Enterprise Linux: New kmod-rtsx_pci, kmod-rtsx_pci_ms, kmod-rtsx_pci_sdmmc, kmod-memstick_dup, kmod-m…

RHBA-2014:1106-1: finger bug fix update
Red Hat Enterprise Linux: Updated finger packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2014:1107-1: ksh bug fix update
Red Hat Enterprise Linux: Updated ksh packages that fix one bug are now available for Red Hat Enterprise Linu…

RHBA-2014:1108-1: sysstat bug fix update
Red Hat Enterprise Linux: Updated sysstat packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2014:1109-1: sysstat bug fix update
Red Hat Enterprise Linux: Updated sysstat packages that fix one bug are now available for Red Hat Enterprise…

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 27.0
Revision Note: V27.0 (August 12, 2014): Added the 2982794 update to the Current Update section.Summary: Micros…

2915720 - Changes in Windows Authenticode Signature Verification - Version: 1.4
Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce th…

2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for suppo…

2960358 - Update for Disabling RC4 in .NET TLS - Version: 1.2
Revision Note: V1.2 (July 8, 2014): Advisory revised to announce a Microsoft Update Catalog detection change f…

2871997 - Update to Improve Credentials Protection and Management - Version: 2.0
Revision Note: V2.0 (July 8, 2014): Rereleased advisory to announce the release of updates 2973351 and 2919355…

Cisco
Security Advisories
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing…

Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated acc…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

Cisco Wide Area Application Services Remote Code Execution Vulnerability
A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when co…

Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated…

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an…

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Softwar…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
lickscloombsfills.us (2014/08/25_12:46)
Host: lickscloombsfills.us/igf35wx/1, IP address: 64.202.116.154, ASN: 23352, Country: US, Description: exploit kit…

mango.spiritualcounselingtoday.co (2014/08/25_12:50)
Host: mango.spiritualcounselingtoday.co/600244a1d0r9f.html, IP address: 178.32.92.102, ASN: 16276, Country: FR, Description: exploit kit…

notes.art-partner.net (2014/08/22_02:52)
Host: notes.art-partner.net/sm64, IP address: 62.76.188.80, ASN: 57010, Country: RU, Description: Trojan.StealRAT…

notes.art-partner.net (2014/08/22_02:52)
Host: notes.art-partner.net/sm32, IP address: 62.76.188.80, ASN: 57010, Country: RU, Description: Trojan.StealRAT…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/osco.txt, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of Perl.IRCBot…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/vulns, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of vulnerability scanner…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/sod.txt, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of Perl.IRCBot…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/wp.txt, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of Perl.IRCBot…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/test.py, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Python.Scanner…


© 2014 Procyon Labs / Randal T. Rioux