PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Traffic pattern change noted in Fiesta exploit kit, (Mon, May 4th)
A few hours ago, Jerome Segura, Senior Security Researcher at Malwarebytes, tweeted about a change in traffic patterns from Fiesta exploit kit (EK) [1].

ISC StormCast for Monday, May 4th 2015 http://isc.sans.edu/podcastdetail.html?id=4467, (Mon, May 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

VolDiff, for memory image differential analysis, (Sun, May 3rd)
VolDiff is a bash script that runs Volatility plugins against memory images captured before and after malware execution providing a differential analysis, helpi…

New release of Samurai Web Testing Framework http://sourceforge.net/projects/samurai/, (Sat, May 2nd)
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncom…

Massive malware spam campain to corporate domains in Colombia, (Fri, May 1st)
There was a massive malware spam campain directed to corporate domains in Colombia. The following was the e-mail received: Now this e-mail has two intere…

ISC StormCast for Friday, May 1st 2015 http://isc.sans.edu/podcastdetail.html?id=4465, (Fri, May 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Clam AntiVirus Toolkit 0.98.7
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible…

NIELD (Network Interface Events Logging Daemon) 0.6.1
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cac…

0d1n 2.0
0d1n is a web security tool for fuzzing various HTTP payloads. It's written in C and uses libcurl.

DAWIN - Distributed Audit and Wireless Intrustion Notification 2.0
DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can ea…

oclHashcat For NVidia 1.36
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

oclHashcat For AMD 1.36
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-ba…

FireHOL 2.0.3
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…

Commix Command Injection Tool
Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test…

Fwknop Port Knocking Utility 2.6.6
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilt…


SecurityFocus
General Security Vulnerabilities
Vuln: OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability
OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability…

Vuln: python-fedora Open Redirection and Cross Site Scripting Vulnerabilities
python-fedora Open Redirection and Cross Site Scripting Vulnerabilities…

Vuln: X.Org libFS 'FSOpenServer()' Memory Corruption Vulnerability
X.Org libFS 'FSOpenServer()' Memory Corruption Vulnerability…

Vuln: Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities
Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities…

Bugtraq: SevDesk v1.1 iOS - Persistent Dashboard Vulnerability
SevDesk v1.1 iOS - Persistent Dashboard Vulnerability…

Bugtraq: [SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities
[SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities…

Bugtraq: [ MDVSA-2015:218 ] glibc
[ MDVSA-2015:218 ] glibc…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Schneider Electric OPC Factory Server (OFS) < 3.5 SP1 ActiveX Object Multiple Buffer Overflows DoS
Synopsis : The remote host is affected by a denial of service vulnerability. Description : The Schneider El…

VMware vCenter Server Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)
Synopsis : The remote host has a virtualization management application installed that is affected by multiple…

Realtek SDK miniigd SOAP Service RCE
Synopsis : The remote device may be affected by a remote code execution vulnerability. Description : The re…

VMware vSphere Update Manager Java Vulnerability (VMSA-2015-0003)
Synopsis : The remote host has an update manager installed that is affected by a Java Runtime Environment (JR…

Cisco Unified Computing System Integrated Management Controller XSRF (CSCuq45477)
Synopsis : The remote device is affected by a cross-site request forgery vulnerability. Description : A vul…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHSA-2015:0919-1: Important: kernel security update
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue are now available for Red Hat E…

RHSA-2015:0921-1: Important: chromium-browser security and bug fix update
Red Hat Enterprise Linux: Updated chromium-browser packages that fix multiple security issues and one bug are…

RHBA-2015:0890-1: cfme (5.3.4) bug fix and enhancement update
Red Hat Enterprise Linux: Updated cfme packages that fix several bugs and add various enhancements are now av…

RHBA-2015:0914-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix two bugs are now available for Red Hat Enterprise…

RHBA-2015:0915-1: dracut bug fix update
Red Hat Enterprise Linux: Updated dracut packages that fix one bug are now available for Red Hat Enterprise L…

RHBA-2015:0916-1: libvirt bug fix update
Red Hat Enterprise Linux: Updated libvirt packages that fix two bugs are now available for Red Hat Enterprise…

Microsoft
Security Advisories
3062591 - Local Administrator Password Solution (LAPS) Now Available - Version: 1.0
Revision Note: V1.0 (May 1, 2015): V1.0 (May 1, 2015): Advisory published.Summary: Microsoft is offering the L…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 39.0
Revision Note: V39.0 (April 15, 2015): Added the 3049508 update to the Current Update section.Summary: Microso…

3045755 - Update to Improve PKU2U Authentication - Version: 1.0
Revision Note: V1.0 (April 14, 2015): Advisory published.Summary: Microsoft is announcing the availability of…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 3.0
Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314…

3050995 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0
Revision Note: V2.0 (March 26, 2015): Advisory rereleased to announce that the update for supported editions o…

Cisco
Security Advisories
Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

GNU glibc gethostbyname Function Buffer Overflow Vulnerability
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This…

Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation S…

Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability
A vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Deskto…

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) prot…

Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
brownblogs.org (2015/04/28_14:15)
Host: brownblogs.org/Document-4.zip, IP address: 216.158.67.76, ASN: 18450, Country: US, Description: trojan…

www.thesparkmachine.com (2015/04/24_19:11)
Host: www.thesparkmachine.com/Antivirus.zip, IP address: 208.113.197.192, ASN: 26347, Country: US, Description: FakeAV…

gurde.tourstogo.us (2015/04/22_15:17)
Host: gurde.tourstogo.us/leefoohopt/ezussoadyz/utufegheer/files/GO49776M.vbs, IP address: 176.31.28.226, ASN: 16276, Country: FR, Description: VBS.Trojan.Downloader…

185.91.175.183 (2015/04/22_15:17)
Host: -, IP address: 185.91.175.183/sas/evzxce.exe, ASN: 42632, Country: RU, Description: Trojan.Backdoor…

web-sensations.com (2015/04/22_15:17)
Host: web-sensations.com/js/jquery-1.40.15.js, IP address: 192.186.238.40, ASN: 26496, Country: US, Description: JS.Exploit…

jstaikos.com (2015/04/22_15:17)
Host: jstaikos.com/51i70l/chbpy.html, IP address: 192.186.209.131, ASN: 26496, Country: US, Description: Script.Exploit…

agsteier.com (2015/04/22_15:17)
Host: agsteier.com/HSBC_BANK_STORAGE-DATA/new-payment.html, IP address: 173.254.28.44, ASN: 46606, Country: US, Description: Script.Exploit…

broadtech.co (2015/04/22_15:17)
Host: broadtech.co/HSBC_BANK-STORAGE_DATA/new-payment.html, IP address: 23.229.160.136, ASN: 26496, Country: US, Description: Script.Exploit…

bilbaopisos.es (2015/04/22_15:17)
Host: bilbaopisos.es/HSBC_BANK.STORAGE-DATA/secure.html, IP address: 216.119.143.194, ASN: 55293, Country: US, Description: Script.Exploit…


© 2001-2015 Procyon Labs / Randal T. Rioux