PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Apple IOS updates to 7.1.1, OSX Security update 2014-002, Airport Updates - http://support.apple.com/kb/HT1222, http://support.apple.com/kb/HT6208, http://support.apple.com/kb/HT6207, http://support.apple.com/kb/HT6203, (Thu, Apr 24th)
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States…

Fun with Passphrases!, (Thu, Apr 24th)
As systems administrators and security folks, we've all had our fill of our users and customers using simple passwords.  Most operating systems these days…

ISC StormCast for Thursday, April 24th 2014 http://isc.sans.edu/podcastdetail.html?id=3949, (Thu, Apr 24th)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Be Careful what you Scan for!, (Thu, Apr 24th)
After some fun and games at one customer site in particular, I found that the SSL services on the earlier versions of the HP Proiliant Servers iLo ports (iL01 a…

DHCPv6 and DUID Confusion, (Wed, Apr 23rd)
In IPv6, DHCP is taking somewhat a back seat to router advertisements. Many smaller networks are unlikely to use DHCP. However, in particular for Enterprise/lar…

Special Edition of OUCH: Heartbleed - Why Do I Care? http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf, (Wed, Apr 23rd)
--  Alex Stanford - GIAC GWEB, Research Operations Manager, SANS Internet Storm Center (c) SANS Internet Storm Center. http://isc.sans.edu Creative…

Packet Storm
Latest Security Tool Files
OpenStego Free Steganography Solution 0.6.1
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algor…

AIEngine 0.6
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

Nmap Port Scanner 6.45
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassi…

Fwknop Port Knocking Utility 2.6.1
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilt…

OpenDNSSEC 1.4.5
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to f…

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140409
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network…

Lynis Auditing Tool 1.5.0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Zed Attack Proxy 2.3.0 Windows Installer
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wi…

Zed Attack Proxy 2.3.0 Linux Release
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wi…


SecurityFocus
General Security Vulnerabilities
Vuln: Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability…

Vuln: Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability…

Vuln: Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability…

Vuln: WordPress Multiple Security Vulnerabilities
WordPress Multiple Security Vulnerabilities…

Bugtraq: Weak firmware encryption and predictable WPA key on Sitecom routers
Weak firmware encryption and predictable WPA key on Sitecom routers…

Bugtraq: [security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
[security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information…

Bugtraq: [security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information
[security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
Synopsis : The remote host has a virtualization application that is affected by multiple vulnerabilities. De…

VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
Synopsis : The remote host has a virtualization application that is affected by multiple vulnerabilities. De…

VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
Synopsis : The remote host contains software that is affected by multiple vulnerabilities. Description : Th…

VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
Synopsis : The remote host contains software that is affected by multiple vulnerabilities. Description : Th…

VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
Synopsis : The remote host has a virtualization application that is affected by multiple vulnerabilities. De…

Sourcefire
Vulnerability Research Team
Snake Campaign: A few words about the Uroburos Rootkit
Over the past few days, analyzing the new Uroburos (aka Turla) rootkit has been exciting. That's because the s…

VRT Job Postings added
We're hiring, and looking for exceptional candidates to join our expanding team here at the Vulnerability Rese…

Heartbleed for OpenVPN
Core to the VRT's mission is challenging the general intrusion detection industry's view of "adequate" vulnera…

Performing the Heartbleed Attack After the TLS Handshake
Over the past several days, many IPS rules for detecting the Heartbleed attack have been suggested that attemp…

Heartbleed Continued - OpenSSL Client Memory Exposed
The Heartbleed vulnerability is bad. Not only does it pose a risk to servers running the vulnerable version of…

RHEL
Red Hat Errata
RHBA-2014:0430-1: sos enhancement update
Red Hat Enterprise Linux: An updated sos package that fixes one bug is now available for Red Hat Enterprise L…

RHBA-2014:0431-1: pacemaker bug fix update
Red Hat Enterprise Linux: Updated pacemaker packages that fix one bug are now available for Red Hat Enterpris…

RHBA-2014:0425-1: polkit-gnome bug fix update
Red Hat Enterprise Linux: Updated polkit-gnome packages that fix one bug are now available for Red Hat Enterp…

RHBA-2014:0426-1: rhel-guest-image update
Red Hat Enterprise Linux: An updated rhel-guest-image package that includes OpenSSL packages that are not vul…

RHBA-2014:0427-1: rhns bug fix update
RHN Satellite and Proxy: Updated rhns packages and schema upgrade instructions that fix one bug are now avail…

RHBA-2014:0428-1: spacewalk-backend, spacewalk-java, and spacewalk-schema bug fix update
RHN Satellite and Proxy: Updated spacewalk-backend, spacewalk-java, and spacewalk-schema packages that fix on…

Microsoft
Security Advisories
Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution (2953095) - Version: 2.0
Severity Rating: Revision Note: V2.0 (April 8, 2014): Advisory updated to reflect publication of security bull…

Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801) - Version: 22.0
Severity Rating: Revision Note: V22.0 (April 8, 2014): Added the 2942844 update to the Current Update section.

Microsoft Security Advisory (2934088): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0
Severity Rating: Revision Note: V2.0 (March 11, 2014): Advisory updated to reflect publication of security bul…

Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass - Version: 1.1
Severity Rating: Revision Note: V1.1 (February 28, 2014): Advisory revised to announce a detection change in t…

Cisco
Security Advisories
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE…

Cisco IOS Software Network Address Translation Vulnerabilities
The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabil…

Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability
A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisc…

Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RS…

Cisco IOS Software SSL VPN Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthent…

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE S…

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

DistroWatch
Latest Linux/BSD Distribution Releases Latest Linux/BSD Software Releases
04/24 FreeNAS 9.2.1.5

04/23 ExTiX 14.1

04/23 antiX 14-alpha1

04/22 RHEL 7.0-rc

04/23 snort 2.9.6.1
Snort: a light-weight network intrusion detection program…
04/23 clementine 1.2.3
Clementine: a multi-platform music player…
04/22 wireshark 1.10.7
Wireshark: a network protocol analyzer…
04/22 gcc 4.9.0
GNU GCC: the GNU compiler collection…
04/21 bluefish 2.2.6
Bluefish: a GTK+ HTML editor…
04/21 doxygen 1.8.7
Doxygen: a documentation system for C++, Java, C and IDL…
04/20 man-pages 3.65
Man Pages: files containing the manual pages displayed by man…
Malware Domain List
famososvideo.com (2014/04/21_05:33)
Host: famososvideo.com/Aryane_VideoPorno_Amador_parte01.rar, IP address: 187.17.111.101, ASN: 7162, Country: BR, Description: Trojan.Banload…

security-dtspwoag-check.in (2014/04/12_00:13)
Host: security-dtspwoag-check.in/js?t=53616c7465645f5f7e2d5288258224139f51230470c31604c4c8e719a5d4235be674c750dda55069abbe4d9e12db22d8609c369df2547f2f, IP address: 198.50.239.99, ASN: 16276, Country: CA, Description: Browser.Ransomware…

security-siqldspc-check.in (2014/04/12_00:13)
Host: security-siqldspc-check.in/js?t=53616c7465645f5ff8a91dc1fdfe2ba8169352dd7e2c267527ee11857924a861d44d97d3de40d79bf3799e502b748fc8581f02cac606f7e1, IP address: 198.50.239.99, ASN: 16276, Country: CA, Description: Browser.Ransomware…

57.paypal-geldsparen.com (2014/04/12_22:41)
Host: 57.paypal-geldsparen.com/, IP address: 62.152.39.47, ASN: 29076, Country: RU, Description: Paypal phishing…

dron.leandroiriarte.com (2014/04/11_08:11)
Host: dron.leandroiriarte.com/email/exec/mambots/plus.php?feed=79, IP address: 78.46.209.151, ASN: 24940, Country: DE, Description: exploit kit…

casga.sogesca.al (2014/04/11_08:11)
Host: casga.sogesca.al/puzjbe2.html, IP address: 62.75.140.238, ASN: 8972, Country: DE, Description: leads to exploit kit…

cd2.odtoidcwe.info (2014/04/11_08:14)
Host: cd2.odtoidcwe.info/o5ejxcc2z0, IP address: 64.120.207.254, ASN: 21788, Country: US, Description: exploit kit…

m2132.ehgaugysd.net (2014/04/11_11:48)
Host: m2132.ehgaugysd.net/zyso.cgi?18, IP address: 66.96.223.209, ASN: 21788, Country: US, Description: leads to exploit kit…

id405441215-8305493831.h121h9.com (2014/04/09_07:44)
Host: id405441215-8305493831.h121h9.com/, IP address: 146.185.235.8, ASN: 15626, Country: RU, Description: Browser Ransomware…


© 2014 Procyon Labs / Randal T. Rioux