The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Delicious/tag/security

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • Maligno 1.3 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • PoisonShell PHP Backdoor PoisonShell is a simple PHP shell that has several options.
  • Packet Fence 4.4.0 PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration. […]
  • Lynis Auditing Tool 1.6.1 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • Codetective 0.8 Codetective is an analysis tool to determine the crypto/encoding algorithm used according to traces of its representation. It can be used as a standalone version or as a volatility plugin for memory analysis. Written in Python.
  • wtmpclean 0.8.1 wtmpClean is a tool for Unix which clears a given user from the wtmp database.
  • Paranoic Scan 1.7 Paranoic is a simple vulnerability scanner written in Perl.
  • Spiped 1.4.0 Spiped (pronounced “ess-pipe-dee”) is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on. […]
  • Lynis Auditing Tool 1.6.0 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • RedHat Checklist Script This script is designed to perform a security evaluation against industry best practices, over RedHat and RedHat based systems, to detect configuration deviations. It was developed due to the need to ensure that the servers within the author’s workplace would comply with specific policies. As this t. […]
  • Nmap Port Scanner 6.47 Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). N. […]
  • SSDP Amplification Scanner SSDP amplification scanner written in Python. Makes use of Scapy.
  • oclHashcat For AMD 1.30 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • oclHashcat For NVidia 1.30 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • Maligno 1.2 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Melkor ELF Fuzzer 1.0 Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melko. […]

CNET Download.com Security Software New Releases

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • USB & WiFi Flash Drive 1.3 Code Execution USB & WiFi Flash Drive version 1.3 suffers from a code execution vulnerability.
  • WordPress Slideshow Gallery 1.4.6 Shell Upload WordPress Slideshow Gallery plugin version 1.4.6 shell upload exploit.
  • Microsoft Security Bulletin Re-Release For September, 2014 This bulletin summary notes that MS14-055 has undergone a major revision increment as of September 15, 2014.
  • EMC Documentum Content Server 7.x / 6.x Privilege Escalation EMC Documentum Content Server contains fixes for multiple privilege escalation vulnerabilities that can be potentially leveraged by a malicious attacker to compromise the affected system. Versions affected include 7.1, 7.0, 6.7 SP2, and prior to 6.7 SP2.
  • Red Hat Security Advisory 2014-1245-01 Red Hat Security Advisory 2014-1245-01 – Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. It was found that if a KDC served multiple realms, certain requests could cause th. […]
  • Red Hat Security Advisory 2014-1194-01 Red Hat Security Advisory 2014-1194-01 – The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone,. […]
  • Red Hat Security Advisory 2014-1246-01 Red Hat Security Advisory 2014-1246-01 – Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to poten. […]
  • Red Hat Security Advisory 2014-1244-01 Red Hat Security Advisory 2014-1244-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. It contains a DNS server, a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating. […]
  • Red Hat Security Advisory 2014-1243-01 Red Hat Security Advisory 2014-1243-01 – Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, loc. […]
  • Ubuntu Security Notice USN-2347-1 Ubuntu Security Notice 2347-1 – Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Djang. […]
  • OSSEC 2.8 umask Clear Text Passwords OSSEC version 2.8 inherits the umask of the user when adding cleartext passwords to the .passlist file, allowing for them to be world-readable instead of setting the permissions explicitly.
  • CM Browser SOP Bypass The CM browser as shipped on the Qmobile Noir A20 suffers from a same-origin bypass vulnerability.
  • ALCASAR 2.8.1 Remote Root Code Execution ALCASAR versions 2.8.1 and below suffer from a remote code execution vulnerability.
  • Open-Xchange 7.6.0 XSS / SSRF / Traversal Open-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities.
  • Briefcase 4.0 Code Execution / Local File Inclusion Briefcase version 4.0 suffers from code execution and local file inclusion vulnerabilities.
  • PASSWORDS’14 Norway Call For Papers The PASSWORDS’14 Norway Call For Papers has been announced. It will take place December 8th through the 10th, 2014 in Trondheim, Norway.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme