PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Someone is using this? PoS: Compressor, (Mon, Nov 24th)
Hello Dear Readers, This diary comes to you by way of the real world and was taken very recently. Has anyone seen anything like this before? This handler was…

Craigslist Outage, (Mon, Nov 24th)
We were notified this evening by Matt H. that Craigslist is suffering an outage of some sort. Briefly checking the sitefrom the west coast I am finding web acce…

ISC StormCast for Monday, November 24th 2014 http://isc.sans.edu/podcastdetail.html?id=4249, (Mon, Nov 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

More Trouble For Hikvision DVRs, (Mon, Nov 24th)
The Internet of Things is turning against us once more. Rapid 7 is reporting how HikvisionDVRs are vulnerable to at least 3 different remote code execution vuln…

ISC StormCast for Friday, November 21st 2014 http://isc.sans.edu/podcastdetail.html?id=4247, (Fri, Nov 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Google Web "Firing Range" Available, (Thu, Nov 20th)
Google has released a Firing Range for assessing various web application scanners, with what looks like a real focus on Cross Site Scripting. The code was co-de…

Packet Storm
Latest Security Tool Files
Capstone 3.0
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on di…

Clam AntiVirus Toolkit 0.98.5
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

DAVOSET 1.2.3
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Fwknop Port Knocking Utility 2.6.4
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilt…

Packet Fence 4.5.1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Hesperbot Detection Scanner 1.0
Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software f…

DAVOSET 1.2.2
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Advertisement: SolarWinds Log & Event Manager
Need root-cause analysis, log management, and compliance monitoring? SolarWinds(r) LEM is smart security for any IT pro. Download a free trial…

ROP Gadget Tool 5.3
This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.


SecurityFocus
General Security Vulnerabilities
Vuln: Python CGIHTTPServer Module Path Separators Handling Information Disclosure Vulnerability
Python CGIHTTPServer Module Path Separators Handling Information Disclosure Vulnerability…

Vuln: OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability…

Vuln: binutils Multiple Directory Traversal Vulnerabilities
binutils Multiple Directory Traversal Vulnerabilities…

Vuln: OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability…

Bugtraq: Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin
Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin…

Bugtraq: [security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access…

Bugtraq: [ MDVSA-2014:224 ] krb5
[ MDVSA-2014:224 ] krb5…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
GLSA-201411-10 : Asterisk: Multiple Vulnerabilities
Synopsis : The remote Gentoo host is missing one or more security-related patches. Description : The remote…

GLSA-201411-09 : Ansible: Privilege escalation
Synopsis : The remote Gentoo host is missing one or more security-related patches. Description : The remote…

GLSA-201411-08 : Aircrack-ng: User-assisted execution of arbitrary code
Synopsis : The remote Gentoo host is missing one or more security-related patches. Description : The remote…

GLSA-201411-07 : Openswan: Denial of Service
Synopsis : The remote Gentoo host is missing one or more security-related patches. Description : The remote…

SuSE 11.3 Security Update : file (SAT Patch Number 9982)
Synopsis : The remote SuSE 11 host is missing one or more security updates. Description : file was updated…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2014:1886-1: mdadm bug fix update
Red Hat Enterprise Linux: Updated mdadm packages that fix one bug are now available for Red Hat Enterprise Li…

RHEA-2014:1275-1: Red Hat Storage Server 3 Hadoop plug-in enhancement update
Red Hat Enterprise Linux: Updated rhs-hadoop and rhs-hadoop-install packages that adds many enhancements and…

RHEA-2014:1888-1: new packages: rhs-hadoop and rhs-hadoop-install
Red Hat Enterprise Linux: Updated rhs-hadoop and rhs-hadoop-install packages are now available for Red Hat St…

RHBA-2014:1879-1: OpenShift Enterprise 2.0 openshift-enterprise-yum-validator bug fix update
Red Hat Enterprise Linux: Updated packages that fix a bug, including an updated openshift-enterprise-yum-vali…

RHBA-2014:1883-1: webkitgtk and gimp bug fix update
Red Hat Enterprise Linux: Updated webkitgtk and gimp packages that fix two bugs are now available for Red Hat…

RHBA-2014:1884-1: cyrus-sasl bug fix update
Red Hat Enterprise Linux: Updated cyrus-sasl packages that fix one bug are now available for Red Hat Enterpri…

Microsoft
Security Advisories
3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 2.0
Revision Note: V2.0 (November 11, 2014): Advisory updated to reflect publication of security bulletin.Summary:…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 31.0
Revision Note: V31.0 (November 11, 2014): V31.0 (November 11, 2014): Added the 3004150 update to the Current U…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.0
Revision Note: V2.0 (October 29, 2014): Revised advisory to announce the deprecation of SSL 3.0, to clarify th…

2949927 - Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2 - Version: 2.0
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. M…

2871997 - Update to Improve Credentials Protection and Management - Version: 4.0
Revision Note: V4.0 (October 14, 2014): Rereleased advisory to announce the release of updates that provide ad…

Cisco
Security Advisories
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA…

TCP Vulnerabilities in Multiple Non-IOS Cisco Products
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an ex…

GNU Bash Environment Variable Command Injection Vulnerability
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related…

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) prot…

Apache HTTPd Range Header Denial of Service Vulnerability
The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping range…

Multiple Vulnerabilities in Cisco Small Business RV Series Routers
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Ro…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/rBhAfXebysQtjnLkbmOFXNhPHHDOsnA0PEPT1On-N5WX6czDZluIPveKO1Z4mtCuY9ONH2gvINsa19E_eUKQglCR-AKie8VVdtwU, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: Win32/Fynloski.AA…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/uJpWoNczkeLdbrdYxhS-N3TC6pgcR0oWqXX0LB4LM5AAyXpecQech_PCwg4lzK0kTBDtginPt8CfRou7wVQ1tCljJ5oD0FbciMYG, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: MSIL/LockScreen.KV…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/vecgV3HuuBajuEK-o54TDZfCu-GChVa5aw8KhmBqjfmc-ZNar0sgMqvogp99HF9_uD9dWQciapGAyruM-OnTN83jj80Cam05Q9Y_, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: MSIL/Bladabindi.F…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/5x5IsBWxTbTt9yO0HK8cZ6lSbwJU1qIQ5KPilLdB2zNZfS12aC7IkqgsYLDbSokN12pYuodTpu48gB83T2zW5D6Wnvm2FTlEoEVg, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: Win32/Fynloski.AA…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/kOtuJbFe01yRD5yovT4gjfh5Bo2N806-Q6tnlD3-Rv0x9GNyEUOslBPW48-2thdeBhwxX0hE-YS5x07_csY8CAadK5v9bYi8CxKK, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: MSIL/Injector.EVQ…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/meGOh-rfJHLxI_dTuR8w0sOCcLay3vtfzjjMKgA6t3GsFfMNOKrdM-ukxotlrUQWkMjeROFL-M85pLRD47OuLk1iQhmGOTnGx2TK, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: MSIL/ClipBanker.B…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/QEzQ9vk0daira9aClPr6MseALXq9Sfz3_ptNl5LuiLXG6zMyt259Ii8xTPUMl-9PF5nust_trKLfiZ5MYXLcjVw_SZ2DKSBU8Bx7, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: MSIL/Bladabindi.F…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/a1dw1VeLtk2vjJQu0du71aE6_VX5wsxVSsu-Se9fjkVRYbVYUlsU0VP3hRwSAqU7JlNwTD_5sKarYE6YXBXcUz6ed6JiiRxKooek, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: MSIL/Bladabindi.O…

s1.directxex.com (2014/11/21_06:05)
Host: s1.directxex.com/uploads/l4f-5EL7f4F8JlIwopLzbgua09ESCtZHGsSohaV6Zxv9yX3HooMWUIcIyTH53I5DtuB4X0GzfwTu2vVbWY3jXhHUMHf9HGn0hwMM, IP address: 5.135.127.68, ASN: 16276, Country: FR, Description: MSIL/Bladabindi.F…


© 2014 Procyon Labs / Randal T. Rioux