PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Trust But Verify, (Fri, May 29th)
Beintentionalabouthowyouspendyour time.I believe thatevery person can incrementally improve their security program by being intentional about how they spend the…

ISC StormCast for Friday, May 29th 2015 http://isc.sans.edu/podcastdetail.html?id=4505, (Fri, May 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Thursday, May 28th 2015 http://isc.sans.edu/podcastdetail.html?id=4503, (Thu, May 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Angler exploit kit pushing CryptoWall 3.0, (Thu, May 28th)
Introduction In the past two days, Ive infected two hosts from Angler exploit kit (EK) domains at 216.245.213.0/24. Both hosts were infected with CryptoWall…

SYSINTERNALS Update(AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2), (Wed, May 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC StormCast for Wednesday, May 27th 2015 http://isc.sans.edu/podcastdetail.html?id=4501, (Wed, May 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Packet Fence 5.1.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

OATH Toolkit 2.6.0
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP T…

INURLBR Search Scanner 2.1.0
INURL is a php tool written to make searching across multiple engines easier when researching web site targets.

UFONet 0.5b
UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.

AIEngine 1.2
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop si…

TOR Virtual Network Tunneling Tool 0.2.6.8
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

HostBox SSH 0.3
HostBox SSH is a python script will scan servers and routers for insecure SSH configurations.

FTP-Map 0.5
Ftpmap scans remote FTP servers to identify what software and what versions they are running. It uses program-specific fingerprints to discover the name of the software even w…

Wireshark Analyzer 1.12.5
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…


SecurityFocus
General Security Vulnerabilities
Vuln: Drupal Views Module Access Bypass Vulnerability
Drupal Views Module Access Bypass Vulnerability…

Vuln: php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability
php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability…

Vuln: PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability…

Vuln: PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability
PHP OpenSSL Extension 'openssl_x509_parse()' Remote Memory Corruption Vulnerability…

Bugtraq: [security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information
[security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information…

Bugtraq: [security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information
[security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information…

Bugtraq: [security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information
[security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Cisco Prime LAN Management Solution ntpd Multiple Vulnerabilities
Synopsis : A network management system on the remote host is affected by multiple vulnerabilities. Descripti…

Cisco Prime Data Center Network Manager ntpd Multiple Vulnerabilities (uncredentialed check)
Synopsis : A network management system on the remote host is affected by multiple vulnerabilities. Descripti…

SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (LogJam)
Synopsis : The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equ…

AIX NAS Advisory : nas_advisory3.asc
Synopsis : The remote AIX host has a version of NAS installed that is affected by multiple vulnerabilities.

IBM WebSphere Portal Unspecified Open Redirect (PI38632)
Synopsis : The remote Windows host has web portal software installed that is affected by an open redirect vul…

Sourcefire
Vulnerability Research Team
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fail…

Looking Glasses with Bacon
This is my first post on the VRT blog and I would like to introduce myself. I am Mariano Graziano, an Italian…

Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there 

Malware Using the Registry to Store a Zeus Configuration File
This blog was co-authored by Andrea Allievi. A few weeks ago I came across a sample that was reading from…

Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, bec…

RHEL
Red Hat Errata
RHSA-2015:1035-1: Low: Red Hat Enterprise Linux 6.5 Extended Update Support 6-Month Notice
Red Hat Enterprise Linux: This is the Six-Month notification for the retirement of Red Hat Enterprise Linux 6…

RHSA-2015:1036-1: Low: Red Hat Satellite Server 5 - End Of Life Notice
RHN Satellite and Proxy: This is the final notification of the End Of Life (EOL) plans for the following ver…

RHSA-2015:1037-1: Low: Red Hat Satellite Proxy 5 - End Of Life Notice
RHN Satellite and Proxy: This is the final notification of the End Of Life (EOL) plans for the following vers…

RHBA-2015:1032-1: pam bug fix update
Red Hat Enterprise Linux: Updated pam packages that fix one bug are now available for Red Hat Enterprise Linu…

RHBA-2015:1033-1: glibc bug fix update
Red Hat Enterprise Linux: Updated glibc packages that fix one bug are now available for Red Hat Enterprise Li…

RHEA-2015:1029-1: new packages: kmod-tg3
Red Hat Enterprise Linux: New kmod-tg3 packages are now available for Red Hat Enterprise Linux 6.

Microsoft
Security Advisories
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 40.0
Revision Note: V40.0 (May 12, 2015): Added the 3061904 update to the Current Update section.Summary: Microsoft…

3042058 - Update to Default Cipher Suite Priority Order - Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published.Summary: Microsoft is announcing the availability of an…

3062591 - Local Administrator Password Solution (LAPS) Now Available - Version: 1.0
Revision Note: V1.0 (May 1, 2015): V1.0 (May 1, 2015): Advisory published.Summary: Microsoft is offering the L…

3045755 - Update to Improve PKU2U Authentication - Version: 1.0
Revision Note: V1.0 (April 14, 2015): Advisory published.Summary: Microsoft is announcing the availability of…

3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 3.0
Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314…

Cisco
Security Advisories
Multiple Vulnerabilities in ntpd Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Row Hammer Privilege Escalation Vulnerability
On March 9, 2015, new research was published that takes advantage of a flaw in double data rate type 3 (DDR3)…

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could al…

Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by on…

Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authentic…

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities t…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
sei.com.pe (2015/05/12_07:06)
Host: sei.com.pe/Rdxn6uoPA/, IP address: 209.45.69.120, ASN: 3132, Country: PE, Description: trojan…

blog.kosai-city.net (2015/05/12_10:05)
Host: blog.kosai-city.net/6P49biqUvAYrl1/, IP address: 153.122.74.40, ASN: 18068, Country: JP, Description: trojan…

executivecoaching.co.il (2015/05/12_19:41)
Host: executivecoaching.co.il/IsKgVrtvQ/, IP address: 109.226.10.37, ASN: 50463, Country: IL, Description: trojan…

sgs.us.com (2015/05/11_09:30)
Host: sgs.us.com/sU3P6pqaWwkJ/, IP address: 23.253.130.80, ASN: 27357, Country: US, Description: trojan…

www.motivacionyrelajacion.com (2015/05/11_10:05)
Host: www.motivacionyrelajacion.com/Z0H24k7E6A/, IP address: 50.62.31.207, ASN: 26496, Country: US, Description: trojan…

brownblogs.org (2015/04/28_14:15)
Host: brownblogs.org/Document-4.zip, IP address: 216.158.67.76, ASN: 18450, Country: US, Description: trojan…

www.thesparkmachine.com (2015/04/24_19:11)
Host: www.thesparkmachine.com/Antivirus.zip, IP address: 208.113.197.192, ASN: 26347, Country: US, Description: FakeAV…

gurde.tourstogo.us (2015/04/22_15:17)
Host: gurde.tourstogo.us/leefoohopt/ezussoadyz/utufegheer/files/GO49776M.vbs, IP address: 176.31.28.226, ASN: 16276, Country: FR, Description: VBS.Trojan.Downloader…

185.91.175.183 (2015/04/22_15:17)
Host: -, IP address: 185.91.175.183/sas/evzxce.exe, ASN: 42632, Country: RU, Description: Trojan.Backdoor…


© 2001-2015 Procyon Labs / Randal T. Rioux