PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Thursday, January 29th 2015 http://isc.sans.edu/podcastdetail.html?id=4333, (Thu, Jan 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Adobe Flash Update Available for CVE-2015-0311 & -0312, (Wed, Jan 28th)
Adobe has released an update to the Flash vulnerability CVE-2015-0311 discussed earlier this week here on the ISC. The update released from Adobe addresses Flas…

GHOST glibc gethostbyname() Vulnerability: https://www.youtube.com/watch?v=218JiCBpUTM, (Wed, Jan 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Wednesday, January 28th 2015 http://isc.sans.edu/podcastdetail.html?id=4331, (Wed, Jan 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

VMware Security Advisories - 1 New, 1 Updated, (Wed, Jan 28th)
VMware has released an new and updated security advisory today. The two security advisories, listed below, address numerous vulnerabilities in the VMware platfo…

New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th)
Qualys discovered a criticalbuffer overflow in the gethostbyname() and gethostbyname2() functions in glibc. According to the announcement by Qualys, they were a…

Packet Storm
Latest Security Tool Files
Clam AntiVirus Toolkit 0.98.6
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

Bro Network Security Monitor 2.3.2
Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehens…

OpenSSL Toolkit 1.0.2
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150114
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

oclHashcat For NVidia 1.32
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

oclHashcat+ Advanced GPU Hash Cracking Utility 1.32
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

OpenSSL Toolkit 1.0.1l
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…

Suricata IDPE 2.0.6
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

KeySweeper Stealth Logger
KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM)…


SecurityFocus
General Security Vulnerabilities
Vuln: Linux Kernel 'SMB2_tcon' NULL Pointer Dereference Denial of Service Vulnerability
Linux Kernel 'SMB2_tcon' NULL Pointer Dereference Denial of Service Vulnerability…

Vuln: Linux Kernel 'shmem.c' CVE-2014-4171 Local Denial of Service Vulnerability
Linux Kernel 'shmem.c' CVE-2014-4171 Local Denial of Service Vulnerability…

Vuln: Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability
Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability…

Vuln: Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability
Linux Kernel 'ISOFS' Deadlock Local Denial of Service Vulnerability…

Bugtraq: [SECURITY] [DSA 3143-1] virtualbox security update
[SECURITY] [DSA 3143-1] virtualbox security update…

Bugtraq: Multiple vulnerabilities in MantisBT
Multiple vulnerabilities in MantisBT…

Bugtraq: Two XSS Vulnerabilities in SupportCenter Plus
Two XSS Vulnerabilities in SupportCenter Plus…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Openswan < 2.6.37 Cryptographic Helper Use-After-Free Remote DoS
Synopsis : The remote host is affected by a remote denial of service vulnerability. Description : The remot…

Openswan < 2.6.36 IKE Packet NULL Pointer Dereference Remote DoS
Synopsis : The remote host is affected by a remote denial of service vulnerability. Description : The remot…

Mac OS X : Safari < 6.2.3 / 7.1.3 / 8.0.3 Multiple Vulnerabilities
Synopsis : The remote host contains a web browser that is affected by multiple vulnerabilities. Description…

Apple iOS < 8.1.3
Synopsis : The version of iOS running on the mobile device is affected by multiple vulnerabilities. Descript…

StruxureWare SCADA Expert ClearSCADA Weak Hashing Algorithm
Synopsis : The remote device is using a weak hashing algorithm. Description : The self-signed certificate i…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:0095-1: Red Hat Storage 2.1 bug fix update #6
Red Hat Enterprise Linux: Updated glusterfs and redhat-storage-server packages that fix multiple bugs are now…

RHBA-2015:0096-1: Red Hat Storage Console 2.1 bug fix update 6
Red Hat Enterprise Linux: Updated Red Hat Storage Console packages are now available for use with Red Hat Sto…

RHBA-2015:0097-1: libssh2 bug fix update
Red Hat Enterprise Linux: Updated libssh2 packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2015:0098-1: curl bug fix update
Red Hat Enterprise Linux: Updated curl packages that fix one bug are now available for Red Hat Enterprise Lin…

RHSA-2015:0099-1: Critical: glibc security update
Red Hat Enterprise Linux: Updated glibc packages that fix one security issue are now available for Red Hat En…

RHSA-2015:0100-1: Moderate: libyaml security update
Red Hat Enterprise Linux: Updated libyaml packages that fix one security issue are now available for Red Hat…

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 36.0
Revision Note: V36.0 (January 27, 2015): Added the 3035034 update to the Current Update section.Summary: Micro…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.1
Revision Note: V2.1 (December 9, 2014): Microsoft is announcing the availability of SSL 3.0 fallback warnings…

3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 2.0
Revision Note: V2.0 (November 11, 2014): Advisory updated to reflect publication of security bulletin.Summary:…

2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. M…

2977292 - Update for Microsoft EAP Implementation that Enables the Use of TLS - Version: 1.0
Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability o…

Cisco
Security Advisories
GNU glibc gethostbyname Function Buffer Overflow Vulnerability
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This…

Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authentic…

Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Apache HTTPd Range Header Denial of Service Vulnerability
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping range…

Multiple Vulnerabilities in Cisco Small Business RV Series Routers
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Ro…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
bestkika.crashs.net (2015/01/22_11:05)
Host: bestkika.crashs.net/zp/zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/inc/main.php, IP address: 82.244.160.22, ASN: 12322, Country: FR, Description: trojan…

summitcpas.com (2015/01/16_00:53)
Host: summitcpas.com/wp-content/plugins/davoset/applestore.store1.apple.com.zip, IP address: 64.207.177.234, ASN: 31815, Country: US, Description: Leads to exploit…

sgwohle.serveftp.com (2015/01/16_00:53)
Host: sgwohle.serveftp.com/tdstest/809089d01985770300455b21eb896afd/, IP address: 92.63.87.16, ASN: 44575, Country: LV, Description: Exploit…

magicshares.cf (2015/01/16_07:18)
Host: magicshares.cf/BBEEUkgBT08OVFVW.html, IP address: 108.61.178.128, ASN: 20473, Country: US, Description: exploit kit…

cdn02.heartbleedporn.com:25707 (2015/01/16_07:18)
Host: cdn02.heartbleedporn.com:25707/chart/dict/movies.php?timeline=21, IP address: 95.183.8.133, ASN: 42244, Country: RU, Description: exploit kit…

indianemarket.in (2015/01/15_05:44)
Host: indianemarket.in/Norton_security.exe, IP address: 23.94.156.184, ASN: 36352, Country: US, Description: Trojan.Backdoor…

cdnx1.fireworkvideos.com:25707 (2015/01/15_08:05)
Host: cdnx1.fireworkvideos.com:25707/reports/admin/phpmyadmin/movies.php?timeline=21, IP address: 46.254.18.236, ASN: 42244, Country: RU, Description: exploit kit…

idiotcupid.com (2015/01/15_08:12)
Host: idiotcupid.com/assets/js/ads.php, IP address: 185.45.192.179, ASN: 60117, Country: AE, Description: iframe leads to exploit kit…

prettyboats.ga (2015/01/15_08:12)
Host: prettyboats.ga/UUNRUUgBT08OVFVW.html, IP address: 108.61.188.102, ASN: 20473, Country: US, Description: exploit kit…


© 2001-2015 Procyon Labs / Randal T. Rioux