PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Windows Previous Versions against ransomware, (Thu, Jul 24th)
One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VS…

ISC StormCast for Thursday, July 24th 2014 http://isc.sans.edu/podcastdetail.html?id=4075, (Thu, Jul 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd)
We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition,…

ISC StormCast for Wednesday, July 23rd 2014 http://isc.sans.edu/podcastdetail.html?id=4073, (Wed, Jul 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Firefox 31.0 released, includes security fixes, see https://www.mozilla.org/security/known-vulnerabilities/firefox.html, (Tue, Jul 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd)
Now that the XMLRPC "pingback" DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the…

Packet Storm
Latest Security Tool Files
SILC (Secure Internet Live Conferencing) Client 1.1.11
SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to…

Otori 0.3
This is a Metasploit-style module system specifically for XXE exploit code. This allows a common interface, including the ability to automate downloads of numerous files, or a…

pyClamd 0.3.10
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instea…

Packet Fence 4.3.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Lynis Auditing Tool 1.5.7
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

GNU Privacy Guard 1.4.18
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

AIEngine 0.8
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

XSSYA Cross Site Scripting Scanner
XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls.

SMTPTX 1.0 Beta
SMTPTX is a very simple and basic tool used for sending simple email and to do some basic email testing from a pentester perspective. It is able to send messages without depen…


SecurityFocus
General Security Vulnerabilities
Vuln: Microsoft Internet Explorer CVE-2014-2803 Remote Memory Corruption Vulnerability
Microsoft Internet Explorer CVE-2014-2803 Remote Memory Corruption Vulnerability…

Vuln: HP Network Virtualization CVE-2014-2625 Security Vulnerability
HP Network Virtualization CVE-2014-2625 Security Vulnerability…

Vuln: Microsoft Internet Explorer CVE-2014-2802 Remote Memory Corruption Vulnerability
Microsoft Internet Explorer CVE-2014-2802 Remote Memory Corruption Vulnerability…

Vuln: OpenSSL CVE-2014-3470 Denial of Service Vulnerability
OpenSSL CVE-2014-3470 Denial of Service Vulnerability…

Bugtraq: Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398…

Bugtraq: [slackware-security] mozilla-thunderbird (SSA:2014-204-03)
[slackware-security] mozilla-thunderbird (SSA:2014-204-03)…

Bugtraq: [slackware-security] mozilla-firefox (SSA:2014-204-02)
[slackware-security] mozilla-firefox (SSA:2014-204-02)…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
IBM Storwize V7000 Unified Service Account Unspecified Local Privilege Escalation
Synopsis : The remote host is potentially affected by an unspecified local privilege escalation vulnerability…

IBM General Parallel File System OpenSSH Memory Corruption
Synopsis : A clustered file system on the remote host is affected by a memory corruption vulnerability relate…

Mozilla Thunderbird < 31.0 Multiple Vulnerabilities
Synopsis : The remote Windows host contains a mail client that is affected by multiple vulnerabilities. Desc…

Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities
Synopsis : The remote Windows host contains a mail client that is affected by multiple vulnerabilities. Desc…

Firefox < 31.0 Multiple Vulnerabilities
Synopsis : The remote Windows host contains a web browser that is affected by multiple vulnerabilities. Desc…

Sourcefire
Vulnerability Research Team
Apple ID Harvesting, now this is a good phish.
Phishing isn't new.  "So, why are you writing about it?", you ask.I received this one today and it was ve…

Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer
This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’r…

Threat Spotlight: "A String of Paerls", Part 2, Deep Dive
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Godda…

Exceptional behavior: the Windows 8.1 X64 SEH Implementation
In my last post, you may remember how the latest Uroburos rootkit was able to disarm Patchguard on Windows 7.

Detection for PutterPanda, we got this.
Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military…

RHEL
Red Hat Errata
RHBA-2014:0929-1: rhevm-dwh 3.3.4-2 bug fix update
Red Hat Enterprise Linux: An updated rhevm-dwh package that fixes a bug is now available.

RHBA-2014:0930-1: openstack-packstack and openstack-puppet-modules bug-fix advisory
Red Hat Enterprise Linux: Updated Packstack packages which resolve various issues are now available for Red H…

RHBA-2014:0931-1: openstack-keystone bug-fix advisory
Red Hat Enterprise Linux: Updated OpenStack Identity service packages which resolve various issues are now av…

RHBA-2014:0932-1: openstack-cinder bug-fix advisory
Red Hat Enterprise Linux: Updated OpenStack Block Storage packages which resolve various issues are now avail…

RHBA-2014:0933-1: openstack-glance and python-glanceclient bug-fix advisory
Red Hat Enterprise Linux: Updated OpenStack Image Service packages which resolve various issues are now avail…

RHBA-2014:0934-1: openstack-ceilometer and python-ceilometerclient bug-fix advisory
Red Hat Enterprise Linux: Updated OpenStack Telemetry packages which resolve various issues are now available…

Microsoft
Security Advisories
2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for suppo…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 26.0
Revision Note: V26.0 (July 8, 2014): Added the 2974008 update to the Current Update section.Summary: Microsoft…

2871997 - Update to Improve Credentials Protection and Management - Version: 2.0
Revision Note: V2.0 (July 8, 2014): Rereleased advisory to announce the release of updates 2973351 and 2919355…

2960358 - Update for Disabling RC4 in .NET TLS - Version: 1.2
Revision Note: V1.2 (July 8, 2014): Advisory revised to announce a Microsoft Update Catalog detection change f…

Cisco
Security Advisories
Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Cisco TelePresence TC and TE Software are affected by the following vulnerabilities: Six Session Initiati…

Multiple Vulnerabilities in Cisco TelePresence System MXP Series
Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco Wide Area Application Services Remote Code Execution Vulnerability
A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when co…

Cisco IOS Software IPv6 Denial of Service Vulnerability
Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that coul…

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability
A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an…

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Softwar…

DistroWatch
Latest Linux/BSD Distribution Releases Latest Linux/BSD Software Releases
07/23 OpenELEC 4.1.2-beta2

07/22 Salix 14.1-rc3 "Openbox"

07/22 Tails 1.1

07/22 Kali 1.0.8

07/24 postgresql 9.3.5
PostgreSQL: a relational database management system…
07/24 php 5.5.15
PHP: a server-side HTML embedded scripting language…
07/23 git 2.0.3
Git: an open source version control system…
07/23 lvm 2.02.108
LVM: the logical volume manager…
07/22 exim 4.83
exim: a mail server…
07/22 util-linux 2.25
util-linux: a collection of essential utilities for Linux systems…
07/21 firefox 31.0
Mozilla Firefox: a web browser for Windows, Linux, MacOS X, FreeBSD and Android…
Malware Domain List
117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/ng15.exe, ASN: 4134, Country: CN, Description: Win32/Cryptor…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/bet15.exe, ASN: 4134, Country: CN, Description: Win32/Cryptor…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/ng.exe, ASN: 4134, Country: CN, Description: W32/Slenfbot.B.gen!Eldorado…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/beta.exe, ASN: 4134, Country: CN, Description: Trojan.Ageny.ED…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/betr7.exe, ASN: 4134, Country: CN, Description: Win32/Cryptor…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/ng2.exe, ASN: 4134, Country: CN, Description: Win32/Injector.BHYG trojan…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/ng1.exe, ASN: 4134, Country: CN, Description: W32/Slenfbot.B.gen!Eldorado…

31.6.71.85 (2014/07/24_09:31)
Host: -, IP address: 31.6.71.85/bet/ngr7.exe, ASN: 59491, Country: PL, Description: Trojan.Krypt…

117.21.191.47 (2014/07/24_09:31)
Host: -, IP address: 117.21.191.47/andr7.exe, ASN: 4134, Country: CN, Description: Win32/Cryptor…


© 2014 Procyon Labs / Randal T. Rioux