The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • WordPress Brute Forcer This is a python script that performs brute forcing against WordPress installs using a wordlist.
  • OpenSSL Toolkit 1.0.1j OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Lynis Auditing Tool 1.6.3 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • Mobius Forensic Toolkit 0.5.21 Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
  • OpenSSH 6.7p1 This is a Linux/portable port of OpenBSD’s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Mandos Encrypted File System Unattended Reboot Utility 1.6.9 The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encry. […]
  • oclHashcat For NVidia 1.31 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • oclHashcat For AMD 1.31 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • Chatroom Client / Server With AES Encryption Support This is a chat system composed of a TCP/IP server daemon in C and its corresponding java client. You can chat with other peers in clear text or AES password based encryption on your own computer network. The AES password encryption and decryption functions is based on 128 bit key which is padded usi. […]
  • Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140925 Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
  • Hakabana 0.2.1 Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.
  • TOR Virtual Network Tunneling Tool 0.2.4.24 Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizatio. […]
  • IPTables Bash Completion 1.3 iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic. […]
  • IPSet List 3.2.1 ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.
  • I2P 0.9.15 I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Suricata IDPE 2.0.4 Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnya. […]

CNET Download.com Security Software New Releases

  • Ad Muncher 10/19/14 – Block pop-ups in Web browsers and ad-displaying programs.
  • AllInOne Keylogger 10/17/14 – Monitor and record PC activities in a stealth mode, send logs via e-mail, FTP, LAN, or USB.
  • CryptoNG (64-bit) 10/17/14 – Encrypt and decrypt files of any type on any media using the AES-256 bit key length algorithm.
  • CryptoNG (32-bit) 10/17/14 – Encrypt and decrypt files of any type on any media using the AES-256 bit key length algorithm.
  • IObit Malware Fighter 10/17/14 – Scan and remove the deepest malware that your antivirus/antispyware missed.
  • Free File Shredder 10/16/14 – Shred files and folders from your system permanently to keep information secure.
  • The Enigma Protector 10/16/14 – Protect executable files from illegal copying and hacking.
  • Andriller 10/16/14 – Perform read-only, forensically sound data extractions from Android devices.
  • SuperEasy Password Manager Pro 10/16/14 – Store all your passwords and fills in all relevant information when you access websites or accounts.
  • SuperEasy Password Manager Free 10/16/14 – Store all your passwords and fills in all relevant information when you access websites or accounts.

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • MS14-060 Microsoft Windows OLE Package Manager Code Execution This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as “Sandworm”. Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.
  • Linux PolicyKit Race Condition Privilege Escalation A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to polkit-0.9. […]
  • Drupal HTTP Parameter Key/Value SQL Injection This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).
  • Centreon SQL Injection / Command Injection Centreon versions 2.5.2 and below and Centreon Enterprise Server versions 2.2 and below and 3.0 and below suffer from remote SQL injection and remote command injection vulnerabilities.
  • Fonality Trixbox CE 2.8.0.4 Command Execution Fonality Trixbox CE version 2.8.0.4 remote root command execution exploit.
  • Elastix 2.4.0 Stable XSS / CSRF / Command Execution Elastix version 2.4.0 stable suffers from cross site request forgery, remote command execution, and cross site scripting vulnerabilities.
  • Apple Security Advisory 2014-10-16-6 Apple Security Advisory 2014-10-16-6 – iTunes 12.0.1 is now available and addresses 83 vulnerabilities.
  • Apple Security Advisory 2014-10-16-5 Apple Security Advisory 2014-10-16-5 – OS X Server 2.2.5 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would suppor. […]
  • Apple Security Advisory 2014-10-16-4 Apple Security Advisory 2014-10-16-4 – OS X Server 3.2.2 is now available and addresses the SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would suppor. […]
  • Apple Security Advisory 2014-10-16-3 Apple Security Advisory 2014-10-16-3 – OS X Server 4.0 is now available and addresses vulnerabilities in BIND, Wiki server, Xcode server, PostgreSQL, and various other software.
  • Apple Security Advisory 2014-10-16-2 Apple Security Advisory 2014-10-16-2 – Security Update 2014-005 is now available and addresses the OS X Mountain Lion 10.8.5 and OS X Mavericks 10.9.5 SSL 3.0 Poodle bug. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could. […]
  • Apple Security Advisory 2014-10-16-1 Apple Security Advisory 2014-10-16-1 – OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.
  • Debian Security Advisory 3053-1 Debian Linux Security Advisory 3053-1 – Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit.
  • Ubuntu Security Notice USN-2386-1 Ubuntu Security Notice 2386-1 – A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. Seve. […]
  • Drupal Core 7.32 SQL Injection Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.
  • Drupal Core 7.32 SQL Injection Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme