PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Testing your website for the heartbleed vulnerability with nmap, (Fri, Apr 18th)
We have received reports by many readers about buggy tools to test for the heartbleed vulnerability. Today I want to show you how easy it is to check for this v…

Heartbleed CRL Activity Spike Found, (Wed, Apr 16th)
Update: CloudFlare posted in their blog twice today claiming responsibility for the majority of this spike. Quoting: "If you assume that the global average pric…

ISC StormCast for Friday, April 18th 2014 http://isc.sans.edu/podcastdetail.html?id=3941, (Fri, Apr 18th)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Looking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5, (Thu, Apr 17th)
I received this week a very valuable e-mail from the DNP Technical Committee Chair, Mr. Adrew West, who pointed an excellent observation and it's the very slow…

ISC StormCast for Thursday, April 17th 2014 http://isc.sans.edu/podcastdetail.html?id=3939, (Thu, Apr 17th)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

WinXP and/or Win2003 hanged systems because of SC Forefront Endpoint Protection faulty update, (Wed, Apr 16th)
Reader Philipp reported today a bug affecting his remaining Windows XP machines and Windows 2003 servers. Seems to be that all Windows XP and Windows 2003 machi…

Packet Storm
Latest Security Tool Files
AIEngine 0.6
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

Nmap Port Scanner 6.45
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassi…

Fwknop Port Knocking Utility 2.6.1
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilt…

OpenDNSSEC 1.4.5
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to f…

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140409
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

Lynis Auditing Tool 1.5.0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Zed Attack Proxy 2.3.0 Windows Installer
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wi…

Zed Attack Proxy 2.3.0 Linux Release
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wi…

Zed Attack Proxy 2.3.0 Mac OS X Release
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wi…


SecurityFocus
General Security Vulnerabilities
Vuln: Oracle MySQL Server CVE-2014-2432 Remote Security Vulnerability
Oracle MySQL Server CVE-2014-2432 Remote Security Vulnerability…

Vuln: Oracle MySQL Server CVE-2014-2438 Remote Security Vulnerability
Oracle MySQL Server CVE-2014-2438 Remote Security Vulnerability…

Vuln: Oracle MySQL Client CVE-2014-2440 Remote Security Vulnerability
Oracle MySQL Client CVE-2014-2440 Remote Security Vulnerability…

Vuln: Oracle MySQL Server CVE-2014-2436 Remote Security Vulnerability
Oracle MySQL Server CVE-2014-2436 Remote Security Vulnerability…

Bugtraq: [security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure
[security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diag…

Bugtraq: [security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
[security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)…

Bugtraq: [security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Atmail Webmail 6.x / 7.x < 7.2.0 Multiple Vulnerabilities
Synopsis : The remote web server contains an application that is affected by multiple vulnerabilities. Descr…

Atmail Webmail 6.x < 6.6.4 / 7.x < 7.1.2 Multiple Vulnerabilities
Synopsis : The remote web server contains an application that is affected by multiple vulnerabilities. Descr…

Atmail Webmail 6.6.x < 6.6.3 / 7.x < 7.0.3 File Name Parameter XSS
Synopsis : The remote web server contains an application that is affected by a cross-site scripting vulnerabi…

Atmail Webmail < 6.6.2 Exim Buffer Overflow
Synopsis : The remote web server contains an application that is affected by a buffer overflow vulnerability.

Atmail Webmail < 6.5.0 'DOM processor' Cross-Site Scripting
Synopsis : The remote web server contains an application that is affected by a cross-site scripting vulnerabi…

Sourcefire
Vulnerability Research Team
Heartbleed for OpenVPN
Core to the VRT's mission is challenging the general intrusion detection industry's view of "adequate" vulnera…

Performing the Heartbleed Attack After the TLS Handshake
Over the past several days, many IPS rules for detecting the Heartbleed attack have been suggested that attemp…

Heartbleed Continued - OpenSSL Client Memory Exposed
The Heartbleed vulnerability is bad. Not only does it pose a risk to servers running the vulnerable version of…

Heartbleed Memory Disclosure - Upgrade OpenSSL Now!
Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f.   If you have not upgraded to Open…

Microsoft Update Tuesday: April 2014, two final XP and Office 2003 fixes
It’s the last Microsoft Update Tuesday before the end-of-life of both Windows XP and Office 2003 and Microso…

RHEL
Red Hat Errata
RHBA-2014:0410-1: device-mapper-multipath bug fix update
Red Hat Enterprise Linux: Updated device-mapper-multipath packages that fix one bug are now available for Red…

RHBA-2014:0411-1: util-linux-ng bug fix update
Red Hat Enterprise Linux: Updated util-linux-ng packages that fix one bug are now available for Red Hat Enter…

RHSA-2014:0409-2: Important: python-keystoneclient security update
Red Hat Enterprise Linux: Updated python-keystoneclient packages that fix one security issue are now availabl…

RHSA-2014:0412-1: Critical: java-1.7.0-oracle security update
Red Hat Enterprise Linux: Updated java-1.7.0-oracle packages that fix several security issues are now availab…

RHSA-2014:0413-2: Critical: java-1.7.0-oracle security update
Red Hat Enterprise Linux: Updated java-1.7.0-oracle packages that fix several security issues are now availab…

RHSA-2014:0414-1: Important: java-1.6.0-sun security update
Red Hat Enterprise Linux: Updated java-1.6.0-sun packages that fix several security issues are now available…

Microsoft
Security Advisories
Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution (2953095) - Version: 2.0
Severity Rating: Revision Note: V2.0 (April 8, 2014): Advisory updated to reflect publication of security bull…

Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801) - Version: 22.0
Severity Rating: Revision Note: V22.0 (April 8, 2014): Added the 2942844 update to the Current Update section.

Microsoft Security Advisory (2934088): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0
Severity Rating: Revision Note: V2.0 (March 11, 2014): Advisory updated to reflect publication of security bul…

Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass - Version: 1.1
Severity Rating: Revision Note: V1.1 (February 28, 2014): Advisory revised to announce a detection change in t…

Cisco
Security Advisories
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE…

Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability
A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisc…

Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabil…

Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RS…

Cisco IOS Software SSL VPN Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthent…

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE S…

Cisco AsyncOS Software Code Execution Vulnerability
Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA…

DistroWatch
Latest Linux/BSD Distribution Releases Latest Linux/BSD Software Releases
04/20 Tiny Core 5.3

04/20 Greenie 14.04

04/19 NixOS 13.10.35723

04/19 NetBSD 6.0.5

04/19 MesaLib 10.1.1
MesaLib: a 3D graphics library…
04/18 gstreamer 1.2.4
GStreamer: a multimedia framework with a plugin-based architecture for a variety of platforms…
04/18 nmap 6.46
Nmap: a utility for network exploration or security auditing…
04/17 qemu 2.0.0
QEMU: an open source machine emulator and virtualiser…
04/17 samba 4.1.7
Samba: a free software re-implementation of SMB/CIFS networking protocol…
04/16 wordpress 3.9
WordPress: publishing software for the world wide web…
04/16 calligra 2.8.2
Calligra: an integrated office suite based on the KDE libraries…
Malware Domain List
security-dtspwoag-check.in (2014/04/12_00:13)
Host: security-dtspwoag-check.in/js?t=53616c7465645f5f7e2d5288258224139f51230470c31604c4c8e719a5d4235be674c750dda55069abbe4d9e12db22d8609c369df2547f2f, IP address: 198.50.239.99, ASN: 16276, Country: CA, Description: Browser.Ransomware…

security-siqldspc-check.in (2014/04/12_00:13)
Host: security-siqldspc-check.in/js?t=53616c7465645f5ff8a91dc1fdfe2ba8169352dd7e2c267527ee11857924a861d44d97d3de40d79bf3799e502b748fc8581f02cac606f7e1, IP address: 198.50.239.99, ASN: 16276, Country: CA, Description: Browser.Ransomware…

57.paypal-geldsparen.com (2014/04/12_22:41)
Host: 57.paypal-geldsparen.com/, IP address: 62.152.39.47, ASN: 29076, Country: RU, Description: Paypal phishing…

dron.leandroiriarte.com (2014/04/11_08:11)
Host: dron.leandroiriarte.com/email/exec/mambots/plus.php?feed=79, IP address: 78.46.209.151, ASN: 24940, Country: DE, Description: exploit kit…

casga.sogesca.al (2014/04/11_08:11)
Host: casga.sogesca.al/puzjbe2.html, IP address: 62.75.140.238, ASN: 8972, Country: DE, Description: leads to exploit kit…

cd2.odtoidcwe.info (2014/04/11_08:14)
Host: cd2.odtoidcwe.info/o5ejxcc2z0, IP address: 64.120.207.254, ASN: 21788, Country: US, Description: exploit kit…

m2132.ehgaugysd.net (2014/04/11_11:48)
Host: m2132.ehgaugysd.net/zyso.cgi?18, IP address: 66.96.223.209, ASN: 21788, Country: US, Description: leads to exploit kit…

id405441215-8305493831.h121h9.com (2014/04/09_07:44)
Host: id405441215-8305493831.h121h9.com/, IP address: 146.185.235.8, ASN: 15626, Country: RU, Description: Browser Ransomware…

193.218.144.3 (2014/04/07_18:32)
Host: -, IP address: 193.218.144.3/cp/login/, ASN: 197252, Country: UA, Description: Gozi control panel…


© 2014 Procyon Labs / Randal T. Rioux