The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

CNET is Dead

Y-Combinator

Regular Security News

There are no items in this feed.

WIRED

Social Media

Reddit

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • oclHashcat For NVidia 1.36 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • oclHashcat For AMD 1.36 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • FireHOL 2.0.3 FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provi. […]
  • Commix Command Injection Tool Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this t. […]
  • Fwknop Port Knocking Utility 2.6.6 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect servic. […]
  • Packet Fence 5.0.1 PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration. […]
  • MIMEDefang Email Scanner 2.78 MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configurati. […]
  • tcpdump 4.7.4 tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.
  • MIMEDefang Email Scanner 2.77 MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configurati. […]
  • T35T-SSH Password Cracker / Scanner This is a php script that uses a pre-defined set of possible passwords and tries them against a given ssh server.
  • Maligno 2.1 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Lynis Auditing Tool 2.1.0 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • Zed Attack Proxy 2.4.0 Windows Installer The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. […]
  • Zed Attack Proxy 2.4.0 Linux Release The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. […]
  • Zed Attack Proxy 2.4.0 Mac OS X Release The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. […]
  • I2P 0.9.19 I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

CNET Download.com Security Software New Releases

  • Combofix 04/27/15 – Scan for spyware and remove it from your computer.
  • RogueKiller 04/27/15 – Scan and kill malicious processes on your Windows PC.
  • RogueKiller (64 bit) 04/27/15 – Scan and kill malicious processes on your Windows PC.
  • 360 Total Security 04/27/15 – Protect your computer against viruses and other new types of threats.
  • Junkware Removal Tool 04/27/15 – Remove unwanted toolbars and adwares on PC.
  • Disconnect 04/24/15 – Protect your devices from hackers and trackers.
  • iSumsoft ZIP Password Refixer 04/24/15 – Unlock password protected ZIP archives.
  • AdwCleaner 04/24/15 – Search and remove unwanted adware and toolbars from your computer.
  • Malwarebytes Anti-Malware 04/23/15 – Detect and quickly remove malicious threats to your computer.
  • HitmanPro.Alert 04/23/15 – Protect your vulnerable software, data and identity against current and future attacks.

Exploits

Exploit-DB Updates

Exploit Files ≈ Packet Storm

1337day.com

Vulnerabilities

Security Videos & Podcasts

Other Stuff

cURL error 7: couldn’t connect to host

wikileaks on Twitter

Files ≈ Packet Storm

  • oclHashcat For NVidia 1.36 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • oclHashcat For AMD 1.36 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • FireHOL 2.0.3 FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provi. […]
  • Ubuntu Security Notice USN-2570-1 Ubuntu Security Notice 2570-1 – An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. An issue was discovered in the Web Audio API implementation in Blink.. […]
  • Open-Xchange Server 6 / OX AppSuite Cross Site Scripting Open-Xchange Server 6 and OX AppSuite versions 7.6.1 and below suffer from multiple cross site scripting vulnerabilities.
  • Elasticsearch Directory Traversal All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch.
  • WordPress 4.2 Cross Site Scripting WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.
  • Ubuntu Security Notice USN-2580-1 Ubuntu Security Notice 2580-1 – It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolate. […]
  • Mandriva Linux Security Advisory 2015-211 Mandriva Linux Security Advisory 2015-211 – glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly. […]
  • Mandriva Linux Security Advisory 2015-210 Mandriva Linux Security Advisory 2015-210 – A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host’s IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU’. […]
  • UniPDF 1.2 Buffer Overflow UniPDF version 1.2 buffer overflow SEH overwrite denial of service proof of concept exploit.
  • Mandriva Linux Security Advisory 2015-209 Mandriva Linux Security Advisory 2015-209 – Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages w. […]
  • Mandriva Linux Security Advisory 2015-208 Mandriva Linux Security Advisory 2015-208 – An issue has been identified in Mandriva Business Server 2’s setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcin. […]
  • Mandriva Linux Security Advisory 2015-207 Mandriva Linux Security Advisory 2015-207 – Updated perl-Module-Signature package fixes the following security Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying the. […]
  • Mandriva Linux Security Advisory 2015-206 Mandriva Linux Security Advisory 2015-206 – When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the. […]
  • Mandriva Linux Security Advisory 2015-205 Mandriva Linux Security Advisory 2015-205 – disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. DonnchaC discovered that Tor clients would crash with an assertion failure upon parsing. […]

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme