The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Delicious/tag/security

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • Spiped 1.4.0 Spiped (pronounced “ess-pipe-dee”) is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on. […]
  • Lynis Auditing Tool 1.6.0 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • RedHat Checklist Script This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was developed due to the need to ensure that the servers within the author’s workplace would comply with specific policies. As this t. […]
  • Nmap Port Scanner 6.47 Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). N. […]
  • SSDP Amplification Scanner SSDP amplification scanner written in Python. Makes use of Scapy.
  • oclHashcat For AMD 1.30 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • oclHashcat For NVidia 1.30 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Maligno 1.2 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Melkor ELF Fuzzer 1.0 Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melko. […]
  • Viproy VoIP Penetration / Exploitation Kit 2.0 Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.
  • GnuPG 2.0.26 GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such. […]
  • I2P 0.9.14.1 I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Suricata IDPE 2.0.3 Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnya. […]
  • Samhain File Integrity Checker 3.1.2 Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding re. […]
  • Mandos Encrypted File System Unattended Reboot Utility 1.6.8 The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encry. […]
  • OpenSSL Toolkit 1.0.1i OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

CNET Download.com Security Software New Releases

  • ESET Smart Security 7 09/01/14 – Protect your PC from all kinds of security vulnerabilities.
  • Combofix 09/01/14 – Scan for spyware and remove it from your computer.
  • Anvi Smart Defender 09/01/14 – Protect computer against viruses, Trojans, adware, spyware, or bots.
  • GlassWire 08/29/14 – Watch your network for threats.
  • Protect-UX 08/29/14 – Provide an access right management tool for Linux and Unix systems.
  • Andriller 08/29/14 – Perform read-only, forensically sound data extractions from Android devices.
  • HitmanPro 3 (32-bit) 08/29/14 – Rescue your computer from viruses and malware.
  • HitmanPro 3 (64-bit) 08/29/14 – Rescue your computer from viruses and malware.
  • Stopzilla AntiVirus 08/29/14 – Work with your current security software to detect and remove threats from your PC.
  • Stopzilla Free AntiVirus 08/29/14 – Work with your current security software to detect and remove threats from your PC.

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • Spiped 1.4.0 Spiped (pronounced “ess-pipe-dee”) is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on. […]
  • Sierra Library Services Platform 1.2_3 XSS / Enumeration Sierra Library Services Platform version 1.2_3 suffers from cross site scripting, user enumeration, and HTTP parameter pollution vulnerabilities.
  • Gentoo Linux Security Advisory 201408-12 Gentoo Linux Security Advisory 201408-12 – Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.
  • Gentoo Linux Security Advisory 201408-11 Gentoo Linux Security Advisory 201408-11 – Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.
  • Gentoo Linux Security Advisory 201408-10 Gentoo Linux Security Advisory 201408-10 – A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.
  • Gentoo Linux Security Advisory 201408-09 Gentoo Linux Security Advisory 201408-9 – Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition. Versions less than 3.6 are affected.
  • Gentoo Linux Security Advisory 201408-08 Gentoo Linux Security Advisory 201408-8 – A vulnerability in file could result in Denial of Service. Versions less than 5.15 are affected.
  • Wing FTP Server Authenticated Command Execution This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.
  • Ubuntu Security Notice USN-2328-1 Ubuntu Security Notice 2328-1 – Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. O. […]
  • Red Hat Security Advisory 2014-1110-01 Red Hat Security Advisory 2014-1110-01 – The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based. […]
  • Gentoo Linux Security Advisory 201408-14 Gentoo Linux Security Advisory 201408-14 – A vulnerability in stunnel might allow remote attackers to gain access to private key information. Versions less than 5.02 are affected.
  • Gentoo Linux Security Advisory 201408-13 Gentoo Linux Security Advisory 201408-13 – Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges. Versions less than 2.7.3 are affected.
  • Microsoft Internet Explorer MS14-029 Memory Corruption Microsoft Internet Explorer memory corruption proof of concept exploit that leverages the vulnerability noted in MS14-029.
  • HTML Help Workshop 1.4 Buffer Overflow HTML Help Workshop version 1.4 SEH buffer overflow exploit.
  • F5 Unauthenticated rsync Access To Remote Root Code Execution When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. Affected includes F5 BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 1. […]
  • In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author’s new tools for analysis of compressed RAM. These tools are integrated in. […]

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme