The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

CNET is Dead

Y-Combinator

Regular Security News

Social Media

Reddit

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • OpenSSL Toolkit 1.0.2 OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150114 Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
  • oclHashcat For NVidia 1.32 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • oclHashcat+ Advanced GPU Hash Cracking Utility 1.32 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • OpenSSL Toolkit 1.0.1l OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Suricata IDPE 2.0.6 Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnya. […]
  • KeySweeper Stealth Logger KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
  • Lizard Squad Botnet Code This bot code was liberated from the Lizard Squad.
  • Facebook Data Mining Utility This is a php script that can be used to mine friends and metadata of a person from Facebook using their API.
  • Maligno 1.5 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Chatroom 2 This is a chat system composed of a TCP/IP server daemon and its corresponding java client. You can chat with other peers in clear text or AES password-based encryption on your own computer network.
  • Shodan Tool 0.6 Shodan Tool is a perl script that allows you to search for vulnerabilities in Shodan.
  • LFI Image Helper 0.8 This is a simple script to infect images with PHP Backdoors for local file inclusion attacks.
  • OpenSSL Toolkit 1.0.1k OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • PIN-Based P2P Server This tool provides a client and a server that performs peer-to-peer file transfer using a shared, trusted PIN. The server is capable of handling simultaneous connections and transfers according to limitation set as command line argument when executing the server daemon. Written for Unix/Linux system. […]
  • WP-Bruteforce c0d3Lib WordPress Bruteforcing Tool This is a perl script to bruteforce logins on WordPress.

CNET Download.com Security Software New Releases

  • Malwarebytes Anti-Rootkit 01/27/15 – Detect and remove the nastiest malicious rootkits
  • Real Hide IP 01/26/15 – Hide your IP to protect your privacy on the Internet.
  • WebCruiser Web Vulnerability Scanner 01/26/15 – Scan and test your Web site for security vulnerabilities.
  • Stop P-O-R-N 01/26/15 – Ban explicit content from your Internet browser.
  • Spyware Terminator 2015 01/26/15 – Protect a computer against spyware, malware, and adware.
  • ADcleaner 01/26/15 – Block annoying banners and pop-ups.
  • CyberGhost VPN 01/26/15 – Anonymize yourself with your own Virtual Private Network.
  • USB Lock RP 01/26/15 – Protect industrial or office Windows networks from unauthorized use of removable storage devices.
  • GuardAxon 01/26/15 – Encrypt and decrypt files and calculate checksums.
  • Sookasa 01/25/15 – Protect files across the Dropbox cloud and on linked mobile devices.

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

1337day.com

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • Ubuntu Security Notice USN-2476-1 Ubuntu Security Notice 2476-1 – Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sa. […]
  • Red Hat Security Advisory 2015-0086-01 Red Hat Security Advisory 2015-0086-01 – Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
  • Red Hat Security Advisory 2015-0085-01 Red Hat Security Advisory 2015-0085-01 – The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application. […]
  • Ubuntu Security Notice USN-2483-2 Ubuntu Security Notice 2483-2 – USN-2483-1 fixed vulnerabilities in JasPer. This update provides the corresponding fix for the JasPer library embedded in the Ghostscript package. Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked. […]
  • Ubuntu Security Notice USN-2483-1 Ubuntu Security Notice 2483-1 – Jose Duart discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user. […]
  • Ubuntu Security Notice USN-2484-1 Ubuntu Security Notice 2484-1 – Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service.
  • Denial Of Service Attacks In Wireless Networks This whitepaper discusses denial of service attacks carried out in WLANs at the physical and MAC layers. It touches on IEEE 802.11 protocol flaws for handling frames at the MAC layer, preventive measures for DoS attacks, and protocol design suggestions.
  • OpenSchool Community Edition 2.2 XSS / Access Bypass OpenSchool Community Edition version 2.2 suffers from access bypass and cross site scripting vulnerabilities.
  • SWFupload 2.5.0 Cross Frame Scripting SWFupload version 2.5.0 suffers from a cross frame scripting vulnerability.
  • WordPress Revolution Slider Local File Disclosure WordPress Revolution Slider plugin suffers from a local file disclosure vulnerability. Note that this finding houses site-specific data.
  • Cisco Ironport Appliance Privilege Escalation Cisco Ironport appliances are vulnerable to authenticated “admin” privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing “admin” account limitations. The vulnerability is due to weak algorithm i. […]
  • ManageEngine ServiceDesk 9.0 SQL Injection ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote SQL injection vulnerability.
  • ManageEngine ServiceDesk 9.0 User Enumeration ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote user enumeration vulnerability.
  • ManageEngine ServiceDesk Plus 9.0 Privilege Escalation ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.
  • Hack In The Box 2015 AMS Call For Papers The Hack In The Box 2015 AMS Call For Papers closes at the end of January. It will be held May 26th through the 29th, 2015 at De Beurs van Berlage, Amsterdam.
  • ferretCMS 1.0.4-alpha Cross Site Scripting / SQL Injection ferretCMS version 1.0.4-alpha suffers from cross site scripting and remote SQL injection vulnerabilities.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme