PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
How Malware Campaigns Employ Google Redirects and Analytics, (Tue, Jun 30th)
The email message sent to the bank employee claimed that the sender received a wire transfer from the recipients organization and that the sender wanted to conf…

ISC StormCast for Tuesday, June 30th 2015 http://isc.sans.edu/podcastdetail.html?id=4549, (Tue, Jun 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Powershell Diaries 2 - Software Inventory, (Mon, Jun 29th)
After last weeks story, hopefully youve got your problem users accounts identified. With that worked out, lets see about finding problem applications. We all…

ISC StormCast for Monday, June 29th 2015 http://isc.sans.edu/podcastdetail.html?id=4547, (Mon, Jun 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The EICAR Test File, (Sun, Jun 28th)
Im sure most of you are familiar with the EICAR (European Institute for Computer Antivirus Research) test file. Your anti-virus application should detect the EI…

Is Windows XP still around in your Network a year after Support Ended?, (Sat, Jun 27th)
This week Computerworld [1] published a story about the US Navy still paying Microsoft millions to support Windows XP when support ended April 8, 2014 [2] and s…

Packet Storm
Latest Security Tool Files
TRENDnet TEW-818RDU PIN Disclosure
TRENDnet TEW-818RDU versions 1 ("ac1900") and 2 ("ac3200") PIN disclosure exploit.

Htcap Analysis Tool Alpha 0.1
Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inse…

AESshell 0.7
AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but als…

Find DNS Scanner
find_dns is a tool that scans networks looking for DNS servers.

Smalisca 0.2
Smalisca is a static code analysis tool for Smali files.

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150616
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

Packet Fence 5.2.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Wireshark Analyzer 1.12.6
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

OpenSSL Toolkit 1.0.2c
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cr…


SecurityFocus
General Security Vulnerabilities
Vuln: Multiple Cisco Products CVE-2015-0744 Denial of Service Vulnerability
Multiple Cisco Products CVE-2015-0744 Denial of Service Vulnerability…

Vuln: OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability…

Vuln: Oracle Java SE CVE-2015-0469 Remote Security Vulnerability
Oracle Java SE CVE-2015-0469 Remote Security Vulnerability…

Vuln: Oracle Java SE CVE-2015-0486 Remote Security Vulnerability
Oracle Java SE CVE-2015-0486 Remote Security Vulnerability…

Bugtraq: [SECURITY] [DSA 3297-1] unattended-upgrades security update
[SECURITY] [DSA 3297-1] unattended-upgrades security update…

Bugtraq: [SECURITY] [DSA 3296-1] libcrypto++ security update
[SECURITY] [DSA 3296-1] libcrypto++ security update…

Bugtraq: novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Ubuntu 12.04 LTS / 14.04 / 14.10 / 15.04 : unattended-upgrades vulnerability (USN-2657-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

SUSE SLED11 / SLES11 Security Update : KVM (SUSE-SU-2015:1152-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : KVM was updated to f…

SUSE SLED12 Security Update : compat-openssl098 (SUSE-SU-2015:1150-1)
Synopsis : The remote SUSE host is missing one or more security updates. Description : This update fixes th…

SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1086-4)
Synopsis : The remote SUSE host is missing one or more security updates. Description : IBM Java 1.7.0 was u…

OracleVM 3.3 : nss (OVMSA-2015-0073)
Synopsis : The remote OracleVM host is missing one or more security updates. Description : The remote Oracl…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:1192-1: openssl bug fix update
Red Hat Enterprise Linux: Updated openssl packages that fix one bug are now available for Red Hat Enterprise…

RHSA-2015:1193-1: Moderate: xerces-c security update
Red Hat Enterprise Linux: An updated xerces-c package that fixes one security issue is now available for Red…

RHSA-2015:1194-1: Moderate: postgresql security update
Red Hat Enterprise Linux: Updated postgresql packages that fix three security issues are now available for Re…

RHSA-2015:1195-1: Moderate: postgresql92-postgresql security update
Red Hat Enterprise Linux: Updated postgresql92-postgresql packages that fix three security issues are now ava…

RHSA-2015:1196-1: Moderate: rh-postgresql94-postgresql security update
Red Hat Enterprise Linux: Updated rh-postgresql94-postgresql packages that fix three security issues are now…

RHBA-2015:1191-1: irqbalance bug fix update
Red Hat Enterprise Linux: Updated irqbalance packages that fix one bug are now available for Red Hat Enterpri…

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 42.0
Revision Note: V42.0 (June 23, 2015): Added the 3074219 update to the Current Update section.Summary: Microsof…

2962393 - Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client - Version: 2.0
Revision Note: V2.0 (June 9, 2015): Added the 3062760 update to the Juniper VPN Client Update section.Summary:…

3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published.Summary: Microsoft is announcing the availability of an…

3062591 - Local Administrator Password Solution (LAPS) Now Available - Version: 1.0
Revision Note: V1.0 (May 1, 2015): V1.0 (May 1, 2015): Advisory published.Summary: Microsoft is offering the L…

3045755 - Update to Improve PKU2U Authentication - Version: 1.0
Revision Note: V1.0 (April 14, 2015): Advisory published.Summary: Microsoft is announcing the availability of…

Cisco
Security Advisories
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Row Hammer Privilege Escalation Vulnerability
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3)…

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authentic…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco IOS Software RSVP Vulnerability
A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Ci…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
lifescience.sysu.edu.cn (2015/06/29_16:20)
Host: lifescience.sysu.edu.cn/filees/guuu16pesche.asp, IP address: 202.116.65.35, ASN: 4538, Country: CN, Description: Leads to exploit…

youngsters.mesomoor.com (2015/06/08_09:48)
Host: youngsters.mesomoor.com/produced/features.js, IP address: 85.143.217.116, ASN: 201848, Country: RU, Description: leads to exploit kit…

librationgacrux.alishazyrowski.com (2015/06/08_09:48)
Host: librationgacrux.alishazyrowski.com/sauerkraut-snaky-aver-flushed/749407903199209269, IP address: 209.133.200.226, ASN: 29802, Country: US, Description: exploit kit…

teamtalker.net (2015/06/07_01:21)
Host: teamtalker.net/download.php, IP address: 94.75.240.108, ASN: 60781, Country: NL, Description: Trojan.Backdoor…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info/Alert/, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info/Alerte_de_s%23U00e9curit%23U00e9/, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info/Error/, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…

windows-crash-report.info (2015/06/04_05:56)
Host: windows-crash-report.info/files.zip, IP address: 104.238.102.226, ASN: 26496, Country: US, Description: Browlock, Fake.TechSupport…


© 2001-2015 Procyon Labs / Randal T. Rioux