PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Scanning for Single Critical Vulnerabilities, (Fri, Oct 24th)
Where I work, we have a decentsizedIP space and scanning can be problematic. Within our IP space, we can have ~20 Million IPs available. Traditional scanning us…

Shellshock via SMTP, (Fri, Oct 24th)
Ive received several reports of what appears to be shellshock exploit attempts via SMTP. The sources so far have all be webhosting providers, so Im assuming the…

Are you receiving Empty or "Hi" emails?, (Fri, Oct 24th)
I wanted to perform a little unscientific information gathering, Im working with a small group who think theyre being specifically targeted by these, while I th…

ISC StormCast for Friday, October 24th 2014 http://isc.sans.edu/podcastdetail.html?id=4207, (Fri, Oct 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Digest: 23 OCT 2014, (Thu, Oct 23rd)
A number of items for your consideration today, readers. Thanks as always to our own Rob VandenBrink for pointing out a number of these. In case you missed i…

ISC StormCast for Thursday, October 23rd 2014 http://isc.sans.edu/podcastdetail.html?id=4205, (Thu, Oct 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
TOR Virtual Network Tunneling Tool 0.2.5.10
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20141022
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20141022
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

OpenSSL 6.7p1 bl0wsshd00r67p1 Backdoor
bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.

Packet Fence 4.5.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

TOR Virtual Network Tunneling Tool 0.2.4.25
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

AIEngine 0.10
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

WordPress Brute Forcer
This is a python script that performs brute forcing against WordPress installs using a wordlist.

OpenSSL Toolkit 1.0.1j
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…


SecurityFocus
General Security Vulnerabilities
Vuln: Node.js qs Module Denial of Service Vulnerability
Node.js qs Module Denial of Service Vulnerability…

Vuln: systemd-shim Local Denial of Service Vulnerability
systemd-shim Local Denial of Service Vulnerability…

Vuln: Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability
Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability…

Vuln: GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability
GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability…

Bugtraq: [ MDVSA-2014:209 ] java-1.7.0-openjdk
[ MDVSA-2014:209 ] java-1.7.0-openjdk…

Bugtraq: [ MDVSA-2014:208 ] phpmyadmin
[ MDVSA-2014:208 ] phpmyadmin…

Bugtraq: [ MDVSA-2014:207 ] ejabberd
[ MDVSA-2014:207 ] ejabberd…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Adobe Digital Editions < 4.0.1 Information Disclosure (APSB14-25) (Mac OS X)
Synopsis : The version of Adobe Digital Editions on the remote Mac OS X host is affected by an information di…

Adobe Digital Editions < 4.0.1 Information Disclosure (APSB14-25)
Synopsis : The version of Adobe Digital Editions on the remote Windows host is affected by an information dis…

QuickTime < 7.7.6 Multiple Vulnerabilities (Windows)
Synopsis : The remote Windows host contains an application that is affected by multiple vulnerabilities. Des…

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)
Synopsis : The remote host is affected by an information disclosure vulnerability. Description : The remote…

Cisco AnyConnect Secure Mobility Client < 3.1(5187) (POODLE)
Synopsis : The remote host is affected by an information disclosure vulnerability. Description : The remote…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2014:1698-1: kexec-tools bug fix update
Red Hat Enterprise Linux: Updated kexec-tools packages that fix one bug are now available for Red Hat Enterpr…

RHBA-2014:1699-1: devtoolset-2-eclipse bug fix update
Red Hat Enterprise Linux: Updated devtoolset-2-eclipse packages that fix one bug are now available for Red Ha…

RHBA-2014:1700-1: rsh bug fix update
Red Hat Enterprise Linux: Updated rsh packages that fix two bugs are now available for Red Hat Enterprise Lin…

RHBA-2014:1701-1: systemd bug fix update
Red Hat Enterprise Linux: Updated systemd packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2014:1702-1: chromium-browser bug fix and enhancement update
Red Hat Enterprise Linux: Updated chromium-browser packages that fix several bugs and add various enhancement…

RHBA-2014:1703-1: otopi bug fix update
Red Hat Enterprise Linux: otopi bug fix and enhancement update.

Microsoft
Security Advisories
3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 1.0
Revision Note: V1.0 (October 21, 2014): Advisory published.Summary: Microsoft is aware of a vulnerability affe…

2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. M…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 1.1
Revision Note: V1.1 (October 15, 2014): Advisory revised to include a workaround for disabling the SSL 3.0 pro…

2977292 - Update for Microsoft EAP Implementation that Enables the Use of TLS - Version: 1.0
Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability o…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 30.0
Revision Note: V30.0 (October 14, 2014): Added the 3001237 update to the Current Update section.Summary: Micro…

Cisco
Security Advisories
Cisco IOS Software RSVP Vulnerability
A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Ci…

Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA…

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) prot…

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System
The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the followin…

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability
A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE So…

TCP Vulnerabilities in Multiple Non-IOS Cisco Products
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an ex…

GNU Bash Environment Variable Command Injection Vulnerability
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
itsallaboutrice.com (2014/10/23_20:52)
Host: itsallaboutrice.com/documents/doc.php, IP address: 66.7.201.55, ASN: 33182, Country: US, Description: leads to trojan download…

vid-ham.com (2014/10/23_20:52)
Host: vid-ham.com/media/pdf.exe, IP address: 174.142.90.231, ASN: 32613, Country: CA, Description: trojan…

orcolan.com (2014/10/09_13:05)
Host: orcolan.com/PNHGyRLT.php?id=98836693, IP address: 72.249.166.57, ASN: 30496, Country: US, Description: Exploit…

www.sasenergia.pt (2014/10/09_13:05)
Host: www.sasenergia.pt/images/highslide/highslide-with-gallery.js, IP address: 176.221.32.120, ASN: 8426, Country: PT, Description: Compromised site leading to exploit…

exkn0md6fh.qsdgi.com (2014/10/07_04:23)
Host: exkn0md6fh.qsdgi.com/azomytze3q, IP address: 5.135.230.183, ASN: 16276, Country: FR, Description: RIG EK…

www.yehuam.com (2014/10/07_04:23)
Host: www.yehuam.com/dist/video.php?l=1, IP address: 198.15.122.221, ASN: 20454, Country: US, Description: Leads to exploit, Malvertising…

aveconomic.trailswest.org:15106 (2014/10/01_09:30)
Host: aveconomic.trailswest.org:15106/haddan_files/stories.php, IP address: 87.118.127.230, ASN: 31103, Country: DE, Description: exploit kit…

avecat.missouritheatre.org:15106 (2014/10/01_09:30)
Host: avecat.missouritheatre.org:15106/full/cnstats/clients/stories.php?wink=322, IP address: 87.118.127.230, ASN: 31103, Country: DE, Description: exploit kit…

radiology.starlightcapitaladvisors.net (2014/10/01_09:34)
Host: radiology.starlightcapitaladvisors.net/dr/southeast/steve/dropdown.js, IP address: 85.10.229.207, ASN: 24940, Country: DE, Description: obfuscated script leads to exploit kit…


© 2014 Procyon Labs / Randal T. Rioux