PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Friday, October 31st 2014 http://isc.sans.edu/podcastdetail.html?id=4217, (Fri, Oct 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

CSAM Month of False Postives - False Positives from Management, (Thu, Oct 30th)
Often the start of a problem and its solution is receiving a call from a manger, project manager or other non-technical decision maker. Youll know going in that…

NIST 800-150 Draft Document "Guide to Cyber Threat Information Sharing" Released - http://csrc.nist.gov/publications/drafts/800-150/sp800_150_draft.pdf, (Thu, Oct 30th)
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States…

Hacking with the Oldies!, (Thu, Oct 30th)
Recently we seem to have a theme of new bugs in old code - first (and very publically) openssl and bash. This past week weve had a bunch more, less public but s…

ISC StormCast for Thursday, October 30th 2014 http://isc.sans.edu/podcastdetail.html?id=4215, (Thu, Oct 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Wonderful World of CMS strikes again, (Wed, Oct 29th)
I think that I will start this Diary with the following statement: If you use an open source CMS, and you do not update it frequently, there is a very high c…

Packet Storm
Latest Security Tool Files
DAVOSET 1.2.1
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

FireHOL 2.0.0
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…

TOR Virtual Network Tunneling Tool 0.2.5.10
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20141022
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20141022
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

OpenSSL 6.7p1 bl0wsshd00r67p1 Backdoor
bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.

Packet Fence 4.5.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

TOR Virtual Network Tunneling Tool 0.2.4.25
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

AIEngine 0.10
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…


SecurityFocus
General Security Vulnerabilities
Vuln: PHP 'libxmlrpc/xmlrpc.c' Buffer Overflow Vulnerability
PHP 'libxmlrpc/xmlrpc.c' Buffer Overflow Vulnerability…

Vuln: PHP 'exif_thumbnail()' Function Heap Based Buffer Overflow Vulnerability
PHP 'exif_thumbnail()' Function Heap Based Buffer Overflow Vulnerability…

Vuln: PHP CVE-2014-3669 Denial of Service Vulnerability
PHP CVE-2014-3669 Denial of Service Vulnerability…

Vuln: PHP 'donote()' Function Out-of-Bounds Read Vulnerability
PHP 'donote()' Function Out-of-Bounds Read Vulnerability…

Bugtraq: Call for Papers - WorldCIST'15 - Azores, Deadline: November 23
Call for Papers - WorldCIST'15 - Azores, Deadline: November 23…

Bugtraq: [slackware-security] wget (SSA:2014-302-01)
[slackware-security] wget (SSA:2014-302-01)…

Bugtraq: [security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)
[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
SSLv3 Padding Oracle On Downgraded Legacy Encryption in Cisco ASA Software (cisco-sa-20141015-poodle) (POODLE)
Synopsis : The remote device is affected by a man-in-the-middle (MitM) information disclosure vulnerability k…

Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)
Synopsis : The remote host is affected by multiple vulnerabilities. Description : The version of Oracle Ent…

Oracle Enterprise Data Quality Director Detection
Synopsis : The remote host is running a data quality tool. Description : Oracle Enterprise Data Quality Dir…

Oracle Enterprise Data Quality Dashboard Detection
Synopsis : The remote host is running a dashboard application for a data quality tool. Description : Oracle…

IBM WebSphere Portal CKEditor XSS (PI24992, PI26456)
Synopsis : The remote Windows host has web portal software installed that is affected by a cross-site scripti…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2014:1734-1: yum-rhn-plugin bug fix update
Red Hat Enterprise Linux: An updated yum-rhn-plugin package that fixes one bug is now available for Red Hat E…

RHBA-2014:1735-1: Red Hat Network Tools python-rhsm bug fix update
Red Hat Enterprise Linux: Updated python-rhsm packages that fix one bug are now available for Red Hat Network…

RHBA-2014:1736-1: xfsdump bug fix update
Red Hat Enterprise Linux: Updated xfsdump packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2014:1742-1: mongodb24 bug fix update
Red Hat Enterprise Linux: Updated mongodb24 packages that fix one bug are now available as part of Red Hat So…

RHBA-2014:1745-1: nodejs010 bug fix update
Red Hat Enterprise Linux: Updated nodejs010 packages that fix one bug are now available as part of Red Hat So…

RHBA-2014:1761-1: perl bug fix update
Red Hat Enterprise Linux: Updated perl packages that fix one bug are now available for Red Hat Enterprise Lin…

Microsoft
Security Advisories
3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 1.1
Revision Note: V1.1 (October 30, 2014): Advisory updated to include additional acknowledgments.Summary: Micros…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.0
Revision Note: V2.0 (October 29, 2014): Revised advisory to announce the deprecation of SSL 3.0, to clarify th…

2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. M…

2977292 - Update for Microsoft EAP Implementation that Enables the Use of TLS - Version: 1.0
Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability o…

2871997 - Update to Improve Credentials Protection and Management - Version: 4.0
Revision Note: V4.0 (October 14, 2014): Rereleased advisory to announce the release of updates that provide ad…

Cisco
Security Advisories
GNU Bash Environment Variable Command Injection Vulnerability
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) prot…

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Apache HTTPd Range Header Denial of Service Vulnerability
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping range…

Cisco IOS Software RSVP Vulnerability
A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Ci…

Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
bilinguist.hospice-house.com (2014/10/29_13:41)
Host: bilinguist.hospice-house.com/u6c9fd6q0d.php, IP address: 95.211.194.77, ASN: 16265, Country: NL, Description: exploit kit…

virt0.travel-net.com (2014/10/29_13:41)
Host: virt0.travel-net.com/phpadmin/setup/hptq38qn.php?id=8110755, IP address: 206.132.180.96, ASN: 14502, Country: CA, Description: iframe leads to exploit kit…

locacao.maxcarehospicefoundation.org (2014/10/29_13:54)
Host: locacao.maxcarehospicefoundation.org/26i1g6dpn5.php, IP address: 162.244.33.31, ASN: 14576, Country: US, Description: exploit kit…

itsallaboutrice.com (2014/10/23_20:52)
Host: itsallaboutrice.com/documents/doc.php, IP address: 66.7.201.55, ASN: 33182, Country: US, Description: leads to trojan download…

vid-ham.com (2014/10/23_20:52)
Host: vid-ham.com/media/pdf.exe, IP address: 174.142.90.231, ASN: 32613, Country: CA, Description: trojan…

orcolan.com (2014/10/09_13:05)
Host: orcolan.com/PNHGyRLT.php?id=98836693, IP address: 72.249.166.57, ASN: 30496, Country: US, Description: Exploit…

www.sasenergia.pt (2014/10/09_13:05)
Host: www.sasenergia.pt/images/highslide/highslide-with-gallery.js, IP address: 176.221.32.120, ASN: 8426, Country: PT, Description: Compromised site leading to exploit…

exkn0md6fh.qsdgi.com (2014/10/07_04:23)
Host: exkn0md6fh.qsdgi.com/azomytze3q, IP address: 5.135.230.183, ASN: 16276, Country: FR, Description: RIG EK…

www.yehuam.com (2014/10/07_04:23)
Host: www.yehuam.com/dist/video.php?l=1, IP address: 198.15.122.221, ASN: 20454, Country: US, Description: Leads to exploit, Malvertising…


© 2014 Procyon Labs / Randal T. Rioux