PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC StormCast for Friday, March 6th 2015 http://isc.sans.edu/podcastdetail.html?id=4385, (Fri, Mar 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

XML: A New Vector For An Old Trick, (Thu, Mar 5th)
October 2014 saw the beginning of an e-mail campaign spamming malicious Microsoft Office documents. Mostly Word documents using the old binary format, but somet…

Cuckoo Sandbox 1.2 released http://cuckoosandbox.org/2015-03-04-cuckoo-sandbox-12.html, (Thu, Mar 5th)
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center.

Anybody Doing Anything About ANY Queries?, (Thu, Mar 5th)
(in an earlier version of this story, I mixed up Firefox with Chrome. AFAIK, it was Firefox, not Chorme, that added DNS ANY queries recently) Recently, Firef…

ISC StormCast for Thursday, March 5th 2015 http://isc.sans.edu/podcastdetail.html?id=4383, (Thu, Mar 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Putty 0.64 released last week (sorry, we missed it) - private-key-not-wiped-2 and diffie-hellman-range-check security issues resolved. See http://www.chiark.greenend.org.uk/~sgtatham/putty/ and http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.ht, (Wed, Mar 4th)
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States…

Packet Storm
Latest Security Tool Files
Wireshark Analyzer 1.12.4
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

tmap 0.1
tmap is a fast multi-threaded port scanner that tunnels through TOR.

Cross Site Tracer Script
Cross Site Tracer is a python script to check remote web servers for cross-site tracing.

GNU Privacy Guard 2.0.27
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

GNU Privacy Guard 1.4.19
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an a…

Secure rm 1.2.15
Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prev…

Lynis Auditing Tool 2.0.0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan f…

Suricata IDPE 2.0.7
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

I2P 0.9.18
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encrypt…


SecurityFocus
General Security Vulnerabilities
Vuln: Drupal Global Redirect Module Open Redirection Vulnerability
Drupal Global Redirect Module Open Redirection Vulnerability…

Vuln: Bitweaver 'rankings.php' Local File Include Vulnerability
Bitweaver 'rankings.php' Local File Include Vulnerability…

Vuln: IBM DB2 Administration Server (DAS) 'validateUser()' Stack Buffer Overflow Vulnerability
IBM DB2 Administration Server (DAS) 'validateUser()' Stack Buffer Overflow Vulnerability…

Vuln: ENOVIA Unspecified Security Vulnerability
ENOVIA Unspecified Security Vulnerability…

Bugtraq: Last Call - Workhsops of CISTI'2015: 10th Iberian Conference on Information Systems and Technologies
Last Call - Workhsops of CISTI'2015: 10th Iberian Conference on Information Systems and Technologies…

Bugtraq: Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability
Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability…

Bugtraq: [ MDVSA-2015:055 ] freetype2
[ MDVSA-2015:055 ] freetype2…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
MS KB3046015: Vulnerability in Schannel Could Allow Security Feature Bypass (FREAK)
Synopsis : The remote Windows host is affected by a security feature bypass vulnerability. Description : Th…

Apache Tomcat 8.0.x < 8.0.15 Multiple Vulnerabilities (POODLE)
Synopsis : The remote Apache Tomcat service is affected by multiple vulnerabilities. Description : Accordin…

Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE)
Synopsis : The remote Apache Tomcat service is affected by multiple vulnerabilities. Description : Accordin…

Apache Tomcat 6.0.x < 6.0.43 Multiple Vulnerabilities (POODLE)
Synopsis : The remote Apache Tomcat service is affected by multiple vulnerabilities. Description : Accordin…

Google Chrome < 41.0.2272.76 Multiple Vulnerabilities (Mac OS X)
Synopsis : The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities. Des…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHBA-2015:0289-2: virtio-win bug fix and enhancement update
Red Hat Enterprise Linux: An updated virtio-win package that fixes several bugs and adds various enhancements…

RHBA-2015:0294-2: libdfp bug fix and enhancement update
Red Hat Enterprise Linux: Updated libdfp packages that fix several bugs and add various enhancements are now…

RHBA-2015:0295-2: virt-viewer bug fix and enhancement update
Red Hat Enterprise Linux: Updated virt-viewer packages that fix several bugs and add various enhancements are…

RHBA-2015:0296-2: kpatch bug fix and enhancement update
Red Hat Enterprise Linux: Updated kpatch packages that fix several bugs and add various enhancements are now…

RHBA-2015:0297-2: spice-gtk bug fix and enhancement update
Red Hat Enterprise Linux: Updated spice-gtk packages that fix several bugs and add various enhancements are n…

RHBA-2015:0299-2: dmraid bug fix and enhancement update
Red Hat Enterprise Linux: Updated dmraid packages that fix one bug and add one enhancement are now available…

Microsoft
Security Advisories
3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass - Version: 1.1
Severity Rating: ImportantRevision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no w…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.3
Revision Note: V2.3 (February 16, 2015): Revised advisory to announce the planned date for disabling SSL 3.0 b…

3004375 - Update for Windows Command Line Auditing - Version: 1.0
Revision Note: V1.0 (February 10, 2015): Advisory published.Summary: Microsoft is announcing the availability…

2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 37.0
Revision Note: V37.0 (February 5, 2015): Added the 3021953 update to the Current Update section.Summary: Micro…

3010060 - Vulnerability in Microsoft OLE Could Allow Remote Code Execution - Version: 2.0
Revision Note: V2.0 (November 11, 2014): Advisory updated to reflect publication of security bulletin.Summary:…

Cisco
Security Advisories
Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authentic…

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) prot…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Net…

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remot…

Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA…

Cisco Secure Access Control System SQL Injection Vulnerability
Cisco Secure Access Control System (ACS) prior to version 5.5 patch 7 is vulnerable to a SQL injection attack…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
uertebamurquebloktreinen.buyerware.net (2015/03/03_11:31)
Host: uertebamurquebloktreinen.buyerware.net/lists/97442438510254392549, IP address: 176.31.125.191, ASN: 16276, Country: FR, Description: exploit kit…

traspalaciorubicell.whygibraltar.co.uk (2015/03/03_12:53)
Host: traspalaciorubicell.whygibraltar.co.uk/lists/12641652781055296900, IP address: 176.31.125.191, ASN: 16276, Country: FR, Description: exploit kit…

www.vipcpms.com (2015/02/28_14:36)
Host: www.vipcpms.com/watch?key=e722a8eea048590dd97760d8b657327b&scrWidth=1680&scrHeight=1050&tz=0, IP address: 209.200.44.228, ASN: 27257, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/click.php?c=246&key=l8s861364oq1y6w08t9kjkq1&pl_id=1286, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/lp/sd/en/lp4/index.php?c=300&l=524&subid=21841780391, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/lp/sd/en/lp4/files/bootstrap.css, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/lp/sd/en/lp4/files/bootstrap-responsive.css, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/go.php?c=255&l=387&subid=21843049645, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…

app.pho8.com (2015/02/28_14:36)
Host: app.pho8.com/jump/?jl=66968484, IP address: 198.58.103.202, ASN: 36351, Country: US, Description: Malvertising, Android.FakeAV…


© 2001-2015 Procyon Labs / Randal T. Rioux