PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Tech tip follow-up: Using the data Invoked with R's system command, (Fri, Jul 31st)
In follow up to yesterdays discussion re invoking OS commands with Rs system function, I wanted to show you just a bit of how straightforward it is to then use…

froxlor Server Management Portal severe security issue, (Fri, Jul 31st)
The froxlor Server Management Panel islightweight server management software. Your Handler on Duty was unaware of foxlor, if diary readers are users, feel free…

Cisco Security Advisory: Cisco ASR 1000 (Aggregation Services Routers) Fragmented Packet DOS Vuln: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k, (Fri, Jul 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Friday, July 31st 2015 http://isc.sans.edu/podcastdetail.html?id=4593, (Fri, Jul 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Tech tip: Invoke a system command in R, (Fri, Jul 31st)
I spend a lot of time using R, theprogramming language and software environment for statistical computing and graphics. Its incredibly useful for visualization…

ISC StormCast for Thursday, July 30th 2015 http://isc.sans.edu/podcastdetail.html?id=4591, (Thu, Jul 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Linux Reverse TCP Shell In Python
Python code that provides a reverse TCP shell.

Packet Fence 5.3.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Lynis Auditing Tool 2.1.1
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Packet Fence 5.3.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Capstone 3.0.4
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on di…

Beltane Web-Based Management For Samhain 1.0.20
Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowle…

Samhain File Integrity Checker 4.0.0
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can…

Pcapteller 0.1
Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign networ…

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150714
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…


SecurityFocus
General Security Vulnerabilities
Vuln: redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability
redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability…

Vuln: Novius OS 'tab' parameter Local File Include Vulnerability
Novius OS 'tab' parameter Local File Include Vulnerability…

Vuln: Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
Oracle Java SE CVE-2015-0488 Remote Security Vulnerability…

Vuln: Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability
Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability…

Bugtraq: phpFileManager 0.9.8 Remote Command Execution
phpFileManager 0.9.8 Remote Command Execution…

Bugtraq: HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators
HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators…

Bugtraq: [SECURITY] [DSA 3321-1] xmltooling security update
[SECURITY] [DSA 3321-1] xmltooling security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
McAfee ePolicy Orchestrator SSL/TLS Certificate Validation Security Bypass Vulnerability
Synopsis : A security management application running on the remote host is affected by a security bypass vuln…

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2701-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing one or more security-relate…

Ubuntu 14.04 : linux vulnerabilities (USN-2700-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing one or more security-relate…

Ubuntu 12.04 LTS / 14.04 / 15.04 : hplip vulnerability (USN-2699-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

Ubuntu 12.04 LTS / 14.04 / 15.04 : sqlite3 vulnerabilities (USN-2698-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHEA-2015:1528-1: Red Hat Enterprise Linux 7.1 Container Image Update
An updated Red Hat Enterprise Linux 7.1 container image is now available.

RHBA-2015:1511-1: CFME 5.4.1 bug fixes, and enhancement update
Red Hat Enterprise Linux: Updated CFME packages that fix several bugs.

RHBA-2015:1524-1: Red Hat JBoss Operations Network Agent RPM 3.3 (update 03)
Red Hat Enterprise Linux: Updated jboss-on-agent packages that fix several bugs and add various enhancements…

RHSA-2015:1526-1: Important: java-1.6.0-openjdk security update
Red Hat Enterprise Linux: Updated java-1.6.0-openjdk packages that fix multiple security issues are now avail…

RHBA-2015:1521-1: less bug fix update
Red Hat Enterprise Linux: Updated less packages that fix one bug are now available for Red Hat Enterprise Lin…

RHBA-2015:1522-1: Red Hat Satellite Proxy server spacewalk-proxy bug fix update
RHN Satellite and Proxy: Updated server spacewalk-proxy packages that fix one bug are now available for Red H…

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 45.0
Revision Note: V45.0 (July 29, 2015): Added the 3074683 update for Windows 10 systems to the Current Update se…

3057154 - Update to Harden Use of DES Encryption - Version: 1.0
Revision Note: V1.0 (July 14, 2015): Summary: Microsoft is announcing the availability of an update to harden…

3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege - Version: 1.0
Severity Rating: ImportantRevision Note: V1.0 (July 14, 2015): Advisory publishedSummary: Microsoft is releasi…

2962393 - Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client - Version: 2.0
Revision Note: V2.0 (June 9, 2015): Added the 3062760 update to the Juniper VPN Client Update section.Summary:…

3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published.Summary: Microsoft is announcing the availability of an…

Cisco
Security Advisories
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applicat…

Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and…

Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) p…

Row Hammer Privilege Escalation Vulnerability
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3)…

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
atlcourier.com (2015/07/20_18:46)
Host: atlcourier.com/wp-content/plugins/cached_data/k1.exe, IP address: 72.52.170.149, ASN: 32244, Country: US, Description: Trojan.P0ny…

www.mondoperaio.net (2015/07/20_18:46)
Host: www.mondoperaio.net/wp-content/plugins/cached_data/k1.exe, IP address: 62.149.144.66, ASN: 31034, Country: IT, Description: Trojan.P0ny…

lifescience.sysu.edu.cn (2015/06/29_16:20)
Host: lifescience.sysu.edu.cn/filees/guuu16pesche.asp, IP address: 202.116.65.35, ASN: 4538, Country: CN, Description: Leads to exploit…

youngsters.mesomoor.com (2015/06/08_09:48)
Host: youngsters.mesomoor.com/produced/features.js, IP address: 85.143.217.116, ASN: 201848, Country: RU, Description: leads to exploit kit…

librationgacrux.alishazyrowski.com (2015/06/08_09:48)
Host: librationgacrux.alishazyrowski.com/sauerkraut-snaky-aver-flushed/749407903199209269, IP address: 209.133.200.226, ASN: 29802, Country: US, Description: exploit kit…

teamtalker.net (2015/06/07_01:21)
Host: teamtalker.net/download.php, IP address: 94.75.240.108, ASN: 60781, Country: NL, Description: Trojan.Backdoor…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info/Alert/, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info/Alerte_de_s%23U00e9curit%23U00e9/, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…


© 2001-2015 Procyon Labs / Randal T. Rioux