PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
VMware VMSA-2015-0007.3 has been Re-released, (Sat, Feb 13th)
VMware has re-issue VMSA-2015-0007.3 today after they found an earlier fix for CVE-2016-2342 was incomplete. Affected ESXi versions are: 5.0, 5.1 and 5.5. Advis…

ISC Stormcast For Friday, February 12th 2016 http://isc.sans.edu/podcastdetail.html?id=4865, (Fri, Feb 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected, (Wed, Feb 10th)
Cisco released an advisory revealing a critical vulnerability in Ciscos ASA software. Devices are vulnerable if they are configured to terminate IKEv1 or IKEv2…

ISC Stormcast For Thursday, February 11th 2016 http://isc.sans.edu/podcastdetail.html?id=4863, (Thu, Feb 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor, (Wed, Feb 10th)
I am currently working on an easy way to turn a Raspberry Pi into a DShield sensor. If you would like to, you can try the current beta version of the software.

ISC Stormcast For Wednesday, February 10th 2016 http://isc.sans.edu/podcastdetail.html?id=4861, (Wed, Feb 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
A2SV SSL Scanner
A2SV is an SSL scanning tool that checks to see if a service is vulnerable to Heartbleed, Poodle, and CCS injection vulnerabilities.

360-FAAR Firewall Analysis Audit And Repair 0.5.6
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

IPSet Bash Completion 2.7
ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete op…

ArpON Arp Handler Inspection 3.0
ArpON (Arp handler inspectiON) is a portable ARP handler. It detects and blocks all ARP poisoning/spoofing attacks with the Static Arp Inspection (SARPI) and Dynamic Arp Inspe…

IPTables Bash Completion 1.4
iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only i…

360-FAAR Firewall Analysis Audit And Repair 0.5.5
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

I2P 0.9.24
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…

360-FAAR Firewall Analysis Audit And Repair 0.5.4
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

VBScan Vulnerability Scanner 0.1.4
VBScan is a black box vBulletin vulnerability scanner written in perl.


SecurityFocus
General Security Vulnerabilities
Vuln: JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability
JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability…

Vuln: Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
Oracle Java SE CVE-2015-2625 Remote Security Vulnerability…

Vuln: Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability…

Vuln: Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability
Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability…

Bugtraq: [SECURITY] [DSA 3476-1] postgresql-9.4 security update
[SECURITY] [DSA 3476-1] postgresql-9.4 security update…

Bugtraq: [SECURITY] [DSA 3475-1] postgresql-9.1 security update
[SECURITY] [DSA 3475-1] postgresql-9.1 security update…

Bugtraq: KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution
KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Adobe Bridge for Mac Installed
Synopsis : A digital management application is installed on the remote Mac OS X host. Description : Adobe B…

Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)
Synopsis : The remote host has an application installed that is affected by multiple memory corruption vulner…

Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)
Synopsis : The remote host has an application installed that is affected by multiple memory corruption vulner…

Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)
Synopsis : The remote host has an application installed that is affected by multiple memory corruption vulner…

Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)
Synopsis : The remote host has an application installed that is affected by multiple memory corruption vulner…

Sourcefire
Vulnerability Research Team
Bedep Lurking in Angler's Shadows
This post is authored by Nick Biasini. In October 2015, Talos released our detailed investigation of the Angle…

Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabili…

The Internet of Things Is Not Always So Comforting
This post is authored by Alex Chiu. Over the past few years, the Internet of Things (IoT) has emerged as reali…

Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities
Vulnerabilities Discovered by Yves Younan of Cisco Talos.Talos is releasing an advisory for four vulnerabiliti…

Bypassing MiniUPnP Stack Smashing Protection
This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson SchultzSummaryMiniUPnP is commonly use…

RHEL
Red Hat Errata
RHBA-2016:0167-1: Red Hat Enterprise Linux OpenStack Platform Bug Fix Advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat Enterpr…

RHBA-2016:0168-1: python-oslo-messaging bug fix advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat Enterpr…

RHBA-2016:0169-1: openstack-ceilometer bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Telemetry packages that resolve various issues are now available…

RHBA-2016:0170-1: openstack-ceilometer bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Telemetry packages that resolve various issues are now available…

RHBA-2016:0160-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat Enterprise L…

RHEA-2016:0162-1: coreutils Shift_JIS enhancement update
Red Hat Enterprise Linux: Updated coreutils Shift_JIS packages that add one enhancement are now available for…

Microsoft
Security Advisories
3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NE…

2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enabl…

3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing the availability o…

3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing a policy change to…

3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is releasing a new set of Active…

Cisco
Security Advisories
ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
www.pieiron.co.uk (2016/02/01_13:14)
Host: www.pieiron.co.uk/, IP address: 146.185.29.100, ASN: 29302, Country: GB, Description: compromised site leads to EK…

dilas.edarbipatients.com (2016/02/01_15:17)
Host: dilas.edarbipatients.com/wp/linkimg/getImage.asp, IP address: 89.40.181.60, ASN: 9009, Country: RO, Description: leads to exploit kit…

kolman.flatitleandescrow.com (2016/02/01_15:17)
Host: kolman.flatitleandescrow.com/wp-contents/scripts/tools.js?link=aHR0cDovL3d3dy5zZW1hbmEuZXMv, IP address: 82.146.36.115, ASN: 29182, Country: RU, Description: leads to exploit kit…

sicuxp.sinerjimspor.com (2016/01/29_07:39)
Host: sicuxp.sinerjimspor.com/servicelogin/accedi.php, IP address: 213.138.109.61, ASN: 35425, Country: GB, Description: Banking phishing…

deleondeos.com (2016/01/29_07:39)
Host: deleondeos.com/img/script.php?tup1.jpg, IP address: 95.105.27.11, ASN: 24955, Country: RU, Description: trojan…

deleondeos.com (2016/01/29_07:39)
Host: deleondeos.com/img/script.php?tup2.jpg, IP address: 176.106.31.227, ASN: 52043, Country: RU, Description: trojan…

deleondeos.com (2016/01/29_07:39)
Host: deleondeos.com/img/script.php?tup3.jpg, IP address: 176.104.18.152, ASN: 41435, Country: UA, Description: trojan…

wonchangvacuum.com.my (2016/01/27_11:21)
Host: wonchangvacuum.com.my/libraries/pear/mandate.htm, IP address: 103.6.196.156, ASN: 46015, Country: MY, Description: Phishing…

gosciniec-paproc.pl (2016/01/27_11:21)
Host: gosciniec-paproc.pl/lib/excel/kamp.php, IP address: 85.128.248.56, ASN: 15967, Country: PL, Description: Phishing…


© 2001-2015 Procyon Labs / Randal T. Rioux