PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Friday, August 22nd 2014 http://isc.sans.edu/podcastdetail.html?id=4117, (Fri, Aug 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Now supporting OpenIOC via our API!, (Thu, Aug 21st)
The SANS Internet Storm Center is proud to announce the release of our first OpenIOC format API call. We have been hard at work writing a method that serves our…

ISC StormCast for Thursday, August 21st 2014 http://isc.sans.edu/podcastdetail.html?id=4115, (Thu, Aug 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Social Engineering Alive and Well, (Wed, Aug 20th)
The muse for this diary is far from hot off the press. Many of you may have already come across the click through scam on Facebook reporting a video recording t…

ISC StormCast for Wednesday, August 20th 2014 http://isc.sans.edu/podcastdetail.html?id=4113, (Wed, Aug 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Tuesday, August 19th 2014 http://isc.sans.edu/podcastdetail.html?id=4111, (Tue, Aug 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
oclHashcat For AMD 1.30.7
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

oclHashcat For NVidia 1.30.7
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

Maligno 1.2
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS…

Melkor ELF Fuzzer 1.0
Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), inst…

Viproy VoIP Penetration / Exploitation Kit 2.0
Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in…

GnuPG 2.0.26
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

I2P 0.9.14.1
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

Suricata IDPE 2.0.3
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

Samhain File Integrity Checker 3.1.2
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can…


SecurityFocus
General Security Vulnerabilities
Vuln: OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability…

Vuln: OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability…

Vuln: OpenSSL CVE-2014-3470 Denial of Service Vulnerability
OpenSSL CVE-2014-3470 Denial of Service Vulnerability…

Vuln: Oracle Java SE CVE-2014-4227 Remote Security Vulnerability
Oracle Java SE CVE-2014-4227 Remote Security Vulnerability…

Bugtraq: [SECURITY] [DSA 2940-1] libstruts1.2-java security update
[SECURITY] [DSA 2940-1] libstruts1.2-java security update…

Bugtraq: [SECURITY] [DSA 3008-1] php5 security update
[SECURITY] [DSA 3008-1] php5 security update…

Bugtraq: ToorCon 16 Call For Papers!
ToorCon 16 Call For Papers!


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
phpMyAdmin 4.0.x < 4.0.10.2 / 4.1.x < 4.1.14.3 / 4.2.x < 4.2.7.1 Multiple XSS Vulnerabilities (PMASA-2014-8 - PMASA-2014-9)
Synopsis : The remote web server hosts a PHP application that is affected by multiple vulnerabilities. Descr…

EMC Documentum D2 Privilege Escalation (ESA-2014-067)
Synopsis : The remote host is affected by a privilege escalation vulnerability. Description : The remote ho…

EMC Documentum D2 Detection
Synopsis : A content management client was detected on the remote host. Description : The remote host is ru…

Gurock TestRail < 3.1.3 XSS
Synopsis : The remote host is running a test management and quality assurance web application affected by an…

Gurock TestRail Detection
Synopsis : A test management and quality assurance web application was detected on the remote host. Descript…

Sourcefire
Vulnerability Research Team
Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

The Windows 8.1 Kernel Patch Protection
In the last 3 months we have seen a lot of machines compromised by Uroburos (a kernel-mode rootkit that spread…

Microsoft Update Tuesday August 2014: Media Center and Internet Explorer
Another Update Tuesday has arrived, this time bringing us a total of nine bulletins covering a total of 37 CVE…

Apple ID Harvesting, now this is a good phish.
Phishing isn't new.  "So, why are you writing about it?", you ask.I received this one today and it was ve…

Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer
This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’r…

RHEL
Red Hat Errata
RHBA-2014:1085-1: gtk2 bug fix update
Red Hat Enterprise Linux: Updated gtk2 packages that fix one bug are now available for Red Hat Enterprise Lin…

RHSA-2014:1084-1: Moderate: openstack-nova security, bug fix, and enhancement update
Red Hat Enterprise Linux: Updated openstack-nova packages that fix two security issues, several bugs, and add…

RHSA-2014:1087-1: Important: Red Hat JBoss Web Server 2.1.0 update
Red Hat Enterprise Linux: Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bu…

RHSA-2014:1088-1: Important: Red Hat JBoss Web Server 2.1.0 update
Red Hat Enterprise Linux: Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bu…

RHBA-2014:1079-1: hwcert-client-1.6.5 bug fix update
Red Hat Enterprise Linux: Updated hwcert-client-1.6.5 packages that fix bugs are now available for Red Hat En…

RHBA-2014:1080-1: ccid bug fix update
Red Hat Enterprise Linux: Updated ccid packages that fix one bug are now available for Red Hat Enterprise Lin…

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 27.0
Revision Note: V27.0 (August 12, 2014): Added the 2982794 update to the Current Update section.Summary: Micros…

2915720 - Changes in Windows Authenticode Signature Verification - Version: 1.4
Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce th…

2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for suppo…

2960358 - Update for Disabling RC4 in .NET TLS - Version: 1.2
Revision Note: V1.2 (July 8, 2014): Advisory revised to announce a Microsoft Update Catalog detection change f…

2871997 - Update to Improve Credentials Protection and Management - Version: 2.0
Revision Note: V2.0 (July 8, 2014): Rereleased advisory to announce the release of updates 2973351 and 2919355…

Cisco
Security Advisories
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing…

Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated acc…

Cisco Wide Area Application Services Remote Code Execution Vulnerability
A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when co…

Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated…

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an…

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Softwar…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 22338…
W32.Virut.Gen.D-163
Count: 12505…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7265…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6879…
Heuristics.Phishing.Email.SSL-Spoof
Count: 6029…
Worm.Mydoom.I
Count: 4221…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4054…
PUA.Script.PDF.EmbeddedJS-1
Count: 3775…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
notes.art-partner.net (2014/08/22_02:52)
Host: notes.art-partner.net/sm64, IP address: 62.76.188.80, ASN: 57010, Country: RU, Description: Trojan.StealRAT…

notes.art-partner.net (2014/08/22_02:52)
Host: notes.art-partner.net/sm32, IP address: 62.76.188.80, ASN: 57010, Country: RU, Description: Trojan.StealRAT…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/osco.txt, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of Perl.IRCBot…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/vulns, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of vulnerability scanner…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/sod.txt, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of Perl.IRCBot…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/wp.txt, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Part of Perl.IRCBot…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/test.py, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Python.Scanner…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/spender.tgz, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Exploit…

www.toll-net.be (2014/08/19_04:34)
Host: www.toll-net.be/images/stories/slowpost.txt, IP address: 194.7.157.205, ASN: 702, Country: BE, Description: Exploit.DOS…


© 2014 Procyon Labs / Randal T. Rioux