The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Delicious/tag/security

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • Redis Portscan Utility This python script port scans a host using a redis server.
  • iTunes Manifest.mbdb Parser This python script parses the Manifest.mbdb binary database file from iTunes Backup and prints CSV output.
  • Lynis Auditing Tool 1.5.8 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • SILC (Secure Internet Live Conferencing) Client 1.1.11 SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC netwo. […]
  • Otori 0.3 This is a Metasploit-style module system specifically for XXE exploit code. This allows a common interface, including the ability to automate downloads of numerous files, or automatically walk the directory structure if the vulnerable system is based on Java.
  • pyClamd 0.3.10 pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
  • Packet Fence 4.3.0 PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration. […]
  • Lynis Auditing Tool 1.5.7 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • GNU Privacy Guard 1.4.18 GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such. […]
  • AIEngine 0.8 AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • XSSYA Cross Site Scripting Scanner XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls.
  • SMTPTX 1.0 Beta SMTPTX is a very simple and basic tool used for sending simple email and to do some basic email testing from a pentester perspective. It is able to send messages without depending on knowing a specific MTA/SMTP server beforehand. It handles the MX record resolution itself and connects to the relevan. […]
  • IDGuard 0.60 IDGuard is a platform for preventing network-layer fingerprinting on the network.
  • Suricata IDPE 2.0.2 Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnya. […]
  • r2dr2 UDP DrDoS Amplification Tool r2dr2 is a UDP amplification attack tool for committing DRDoS denial of service attacks.
  • Maligno 1.1 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

CNET Download.com Security Software New Releases

  • Combofix 07/29/14 – Scan for spyware and remove it from your computer.
  • Dashlane 07/29/14 – Automate and simplify your everyday online life.
  • Password Safe 07/29/14 – Keep all your passwords securely in encrypted form.
  • AdwCleaner 07/28/14 – Search and remove unwanted adware and toolbars from your computer.
  • KSnetManager 07/27/14 – Control computer time usage and choose exactly which websites are to allow.
  • Kaspersky Anti-Virus 2015 07/27/14 – Protect your PC against viruses, spyware, Trojans, worms, rootkits, and bots.
  • WebCruiser Web Vulnerability Scanner 07/25/14 – Scan and test your Web site for security vulnerabilities.
  • Lock My PC Free Edition 07/25/14 – Lock your PC when you leave it unattended.
  • CleanBadur 07/25/14 – Detect and remove W32/Badur Trojan.
  • Refog Free Keylogger 07/25/14 – Record all of your keyboard activities as well as language specific characters.

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • Oxwall 1.7.0 Remote Code Execution Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in ‘/admin/settings/user’ script thru the ‘avatar’ and ‘bigAvatar’ POST parameters. This can be exploited to execute arbitrary PHP code by uploading a mal. […]
  • Oxwall 1.7.0 Cross Site Request Forgery / Cross Site Scripting Oxwall version 1.7.0 (builds 7907 and 7906) suffer from cross site request forgery and cross site scripting vulnerabilities.
  • HP Security Bulletin HPSBGN02936 HP Security Bulletin HPSBGN02936 – A potential security vulnerability has been identified with HP and H3C VPN Firewall Module Products. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). Revision 1 of this advisory.
  • SQLmap Cheatsheet 1.0 This is a very thorough cheatsheet for using SQLmap.
  • Redis Portscan Utility This python script port scans a host using a redis server.
  • Parallels Tools 9.0 Privilege Escalation Parallels Tools version 9.0 for Windows suffers from an unquoted search path local privilege escalation vulnerability.
  • iTunes Manifest.mbdb Parser This python script parses the Manifest.mbdb binary database file from iTunes Backup and prints CSV output.
  • Ground Zero Summit (G0S) 2014 Call For Papers The Ground Zero Summit (G0S) 2014 Call For Papers has been announced. It will take place November 13th through the 16th, 2014 in New Delhi.
  • Web Encryption Extension Authentication Bypass Web Encryption Extension (WEE) suffers from an authentication bypass vulnerability.
  • ZeroCMS 1.0 Cross Site Scripting ZeroCMS version 1.0 suffers from a persistent cross site scripting vulnerability.
  • Red Hat Security Advisory 2014-0949-01 Red Hat Security Advisory 2014-0949-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel’s ptrace subsystem allowed a traced process’ instruction pointer to be set to a non-canonical memory address without forcing the non-sysre. […]
  • Debian Security Advisory 2991-1 Debian Linux Security Advisory 2991-1 – Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using. […]
  • Debian Security Advisory 2990-1 Debian Linux Security Advisory 2990-1 – It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, pos. […]
  • Gentoo Linux Security Advisory 201407-05 Gentoo Linux Security Advisory 201407-5 – Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code. Versions less than 1.0.1h-r1 are affected.
  • DirPHP 1.0 Local File Inclusion DirPHP version 1.0 suffers from a local file inclusion vulnerability.
  • Barracuda Networks Spam / Virus Firewall 5.1.3 XSS Barracuda Networks Spam and Virus Firewall version 5.1.3 suffers from a cross site scripting vulnerability.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme