The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Delicious/tag/security

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • Lynis Auditing Tool 1.6.0 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • RedHat Checklist Script This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was developed due to the need to ensure that the servers within the author’s workplace would comply with specific policies. As this t. […]
  • Nmap Port Scanner 6.47 Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). N. […]
  • SSDP Amplification Scanner SSDP amplification scanner written in Python. Makes use of Scapy.
  • oclHashcat For AMD 1.30 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • oclHashcat For NVidia 1.30 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Maligno 1.2 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Melkor ELF Fuzzer 1.0 Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melko. […]
  • Viproy VoIP Penetration / Exploitation Kit 2.0 Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.
  • GnuPG 2.0.26 GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such. […]
  • I2P 0.9.14.1 I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Suricata IDPE 2.0.3 Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnya. […]
  • Samhain File Integrity Checker 3.1.2 Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding re. […]
  • Mandos Encrypted File System Unattended Reboot Utility 1.6.8 The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encry. […]
  • OpenSSL Toolkit 1.0.1i OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Adobe ColdFusion MX6 Password Decryptor This tool enables you to retrieve the plain text password for ColdFusion MX6.

CNET Download.com Security Software New Releases

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

Vulnerabilities

Security Videos & Podcasts

Other Stuff

A feed could not be found at http://www.rssitfor.me/getrss?name=wikileaks

wikileaks on Twitter

Files ≈ Packet Storm

  • In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author’s new tools for analysis of compressed RAM. These tools are integrated in. […]
  • NRPE 2.15 Remote Command Execution NRPE version 2.15 remote command execution exploit written in Python.
  • DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
  • Jappix Cross Site Scripting Jappix suffers from a persistent cross site scripting vulnerability.
  • Lynis Auditing Tool 1.6.0 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • F5 BIG-IP 11.5.1 Cross Site Scripting F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.
  • Aerohive Hive Manager / Hive OS Complete Fail Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.
  • ActualAnalyzer Remote Command Execution ActualAnalyzer remote command execution exploit that leverages an eval.
  • PhpWiki Ploticus Command Injection Proof of concept exploit for PhpWiki that demonstrates a remote command injection vulnerability via the Ploticus module.
  • XRMS Blind SQL Injection / Command Execution XRMS blind SQL injection exploit that leverages $_SESSION poisoning and achieves remote command execution.
  • Debian Security Advisory 3014-1 Debian Linux Security Advisory 3014-1 – Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.
  • Red Hat Security Advisory 2014-1103-01 Red Hat Security Advisory 2014-1103-01 – In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide update. […]
  • Debian Security Advisory 3013-1 Debian Linux Security Advisory 3013-1 – Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code. […]
  • Ubuntu Security Notice USN-2327-1 Ubuntu Security Notice 2327-1 – Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.
  • Plogger Authenticated Arbitrary File Upload Plogger versions prior to 1.0-RC1 suffer from a remote authenticated arbitrary file upload vulnerability.
  • Firefox WebIDL Privileged Javascript Injection This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox’s Javascript APIs.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme