PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Friday Digest - 27 MAR 2015, (Fri, Mar 27th)
JS Malware uptick Weve been seeing an uptick in JS malware (TrojanDownloader:JS/Nemucod.K) loosely disguised as .doc files. The JavaScript is reasonably obfu…

ISC StormCast for Friday, March 27th 2015 http://isc.sans.edu/podcastdetail.html?id=4415, (Fri, Mar 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Thursday, March 26th 2015 http://isc.sans.edu/podcastdetail.html?id=4413, (Thu, Mar 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Pin-up on your Smartphone!, (Thu, Mar 26th)
Yeah, okay, I admit that headline is cheap click bait. Originally, it said Certificate Pinning on Smartphones. If you are more interested in pin-ups on your sma…

Nmap/Google Summer of Code, (Wed, Mar 25th)
The Nmap security scanner project is participating again in its 11th Google Summer of Code. We often get queries from students on how they can get into this fie…

F-Secure: FSC-2015-2: PATH TRAVERSAL VULNERABILITY, (Wed, Mar 25th)
F-Secure has announced a security vulnerability affecting their corporate and consumer protection products. The details are available here:https://www.f-secure.

Packet Storm
Latest Security Tool Files
MIMEDefang Email Scanner 2.76
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing…

Samhain File Integrity Checker 3.1.5
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can…

oclHashcat For NVidia 1.35
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

oclHashcat For AMD 1.35
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

OpenSSL Toolkit 1.0.2a
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…

TOR Virtual Network Tunneling Tool 0.2.5.11
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

SSLsplit 0.4.11
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation…

pyClamd 0.3.14
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instea…

DNS Spider Multithreaded Bruteforcer 0.6
DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.


SecurityFocus
General Security Vulnerabilities
Vuln: WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities
WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities…

Vuln: Oracle Java SE CVE-2014-6549 Remote Java SE Vulnerability
Oracle Java SE CVE-2014-6549 Remote Java SE Vulnerability…

Vuln: Oracle Java SE CVE-2015-0412 Remote Java SE Vulnerability
Oracle Java SE CVE-2015-0412 Remote Java SE Vulnerability…

Vuln: Oracle Java SE CVE-2015-0406 Remote Java SE Vulnerability
Oracle Java SE CVE-2015-0406 Remote Java SE Vulnerability…

Bugtraq: [ MDVSA-2015:077 ] python-numpy
[ MDVSA-2015:077 ] python-numpy…

Bugtraq: [ MDVSA-2015:076 ] python3
[ MDVSA-2015:076 ] python3…

Bugtraq: [ MDVSA-2015:075 ] python
[ MDVSA-2015:075 ] python…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Tenable Passive Vulnerability Scanner Installed (Mac OS X) (credentialed check)
Synopsis : A vulnerability scanner is installed on the remote Mac OS X host. Description : Tenable Passive…

BlackBerry <= 7.1 and 10.x < 10.3.1.1779 SSL/TLS EXPORT_RSA Ciphers Downgrade MitM (FREAK) (KB36811)
Synopsis : The version of BlackBerry OS is affected by the FREAK vulnerability. Description : According to…

BlackBerry Enterprise Server SSL/TLS EXPORT_RSA Ciphers Downgrade MitM (FREAK) (KB36811)
Synopsis : The remote Windows host has an application that is affected by the FREAK vulnerability. Descripti…

Scientific Linux Security Update : setroubleshoot on SL5.x, SL6.x, SL7.x i386/x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : It was f…

Scientific Linux Security Update : ipa and slapi-nis on SL7.x x86_64
Synopsis : The remote Scientific Linux host is missing one or more security updates. Description : The ipa…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:0748-1: amanda bug fix update
Red Hat Enterprise Linux: Updated amanda packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2015:0681-1: Red Hat Storage Console 3.0 enhancement and bug fix update #4
Red Hat Enterprise Linux: Updated rhsc-setup-plugins, org.ovirt.engine-root, otopi, nagios-server-addons, and…

RHBA-2015:0682-1: Red Hat Storage 3.0 enhancement and bug fix update #4
Red Hat Enterprise Linux: Updated glusterfs, glusterfs-geo-replication, glusterfs-rdma, and glusterfs-server…

RHBA-2015:0730-1: sos bug fix update
Red Hat Enterprise Linux: An updated sos package that fixes one bug now available for Red Hat Enterprise Linu…

RHBA-2015:0733-1: java-1.7.0-openjdk bug fix update
Red Hat Enterprise Linux: Updated java-1.7.0-openjdk packages that fix one bug are now available for Red Hat…

RHBA-2015:0734-1: java-1.8.0-openjdk bug fix update
Red Hat Enterprise Linux: Updated java-1.8.0-openjdk packages that fix one bug are now available for Red Hat…

Microsoft
Security Advisories
3050995 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (March 26, 2015): Advisory rereleased to announce that the update for supported editions o…

3046310 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (March 19, 2015): Advisory rereleased to announce that the update for supported editions o…

3033929 - Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2 - Version: 1.0
Revision Note: V1.0 (March 10, 2015): Advisory published.Summary: Microsoft is announcing the reissuance of an…

3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass - Version: 2.0
Severity Rating: ImportantRevision Note: V2.0 (March 10, 2015): Advisory updated to reflect publication of sec…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 38.0
Revision Note: V38.0 (March 10, 2015): Added the 3044132 update to the Current Update section.Summary: Microso…

Cisco
Security Advisories
GNU glibc gethostbyname Function Buffer Overflow Vulnerability
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software c…

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an…

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/p2603us21.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/2603uk11.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/2603uk12.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/p2603us11.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.160.125.167 (2015/03/28_05:29)
Host: -, IP address: 46.160.125.167/p2603us12.pdf, ASN: 6712, Country: UA, Description: Trojan.Upatre…

46.249.3.66 (2015/03/28_05:29)
Host: -, IP address: 46.249.3.66/winbox/winbox.exe, ASN: 34456, Country: RU, Description: Trojan.Upatre…

image-png.us (2015/03/28_05:29)
Host: image-png.us/screenshot_10_8, IP address: 81.177.135.151, ASN: 8342, Country: RU, Description: Trojan.Backdoor…

image-png.us (2015/03/28_05:29)
Host: image-png.us/UPDATE.php?F1=1, IP address: 81.177.135.151, ASN: 8342, Country: RU, Description: Trojan.Backdoor…

send-image.us (2015/03/28_05:29)
Host: send-image.us/g3.php?f1=1, IP address: 81.177.135.151, ASN: 8342, Country: RU, Description: Trojan.Backdoor…


© 2001-2015 Procyon Labs / Randal T. Rioux