The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • TRENDnet TEW-818RDU PIN Disclosure TRENDnet TEW-818RDU versions 1 (“ac1900″) and 2 (“ac3200″) PIN disclosure exploit.
  • Htcap Analysis Tool Alpha 0.1 Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to. […]
  • AESshell 0.7 AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.
  • Find DNS Scanner find_dns is a tool that scans networks looking for DNS servers.
  • Smalisca 0.2 Smalisca is a static code analysis tool for Smali files.
  • Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150616 Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
  • Packet Fence 5.2.0 PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration. […]
  • Wireshark Analyzer 1.12.6 Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • OpenSSL Toolkit 1.0.2c OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • VBScan Vulnerability Scanner VBScan is a black box vBulletin vulnerability scanner written in perl.
  • OpenSSL Toolkit 1.0.2b OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • TOR Virtual Network Tunneling Tool 0.2.6.9 Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizatio. […]
  • Bro Network Security Monitor 2.4 Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has succ. […]
  • Samhain File Integrity Checker 3.1.6 Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding re. […]
  • pyClamd 0.3.15 pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
  • BruteX 1.1 BruteX is a bash script that wraps nmap, hydra, and wfuzz to perform scanning with automatic brute forcing.

CNET Download.com Security Software New Releases

  • FileGuard 06/29/15 – Protect your files and folders with a password.
  • Power Spy 06/29/15 – Monitor and log keystrokes, chats, emails, website visits on PC.
  • ProtectX Pro 06/29/15 – Protect important business or personal data
  • WebKilit 06/29/15 – Access a firewalled server from a host with dynamic IP address.
  • Combofix 06/29/15 – Scan for spyware and remove it from your computer.
  • LightLogger KeyLogger 06/29/15 – Record keystrokes and monitor user activity on PC.
  • RogueKiller 06/29/15 – Scan and kill malicious processes on your Windows PC.
  • RogueKiller (64 bit) 06/29/15 – Scan and kill malicious processes on your Windows PC.
  • Best Folder Encryptor 06/29/15 – Protect files and folders with quick, safe encryption and abundant options.
  • Junkware Removal Tool 06/29/15 – Remove unwanted toolbars and adwares on PC.

Exploits

Exploit Files ≈ Packet Storm

1337day is gone

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • Debian Security Advisory 3297-1 Debian Linux Security Advisory 3297-1 – It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration. […]
  • Ubuntu Security Notice USN-2657-1 Ubuntu Security Notice 2657-1 – It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
  • Red Hat Security Advisory 2015-1196-01 Red Hat Security Advisory 2015-1196-01 – PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same ti. […]
  • Red Hat Security Advisory 2015-1195-01 Red Hat Security Advisory 2015-1195-01 – PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same ti. […]
  • Red Hat Security Advisory 2015-1193-01 Red Hat Security Advisory 2015-1193-01 – Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using. […]
  • Red Hat Security Advisory 2015-1194-01 Red Hat Security Advisory 2015-1194-01 – PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same ti. […]
  • Watchguard XCS 10.0 SQL Injection / Command Execution The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution and privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 and below are affe. […]
  • CollabNet Subversion Edge Management CSRF The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.
  • WedgeOS 4.0.4 Arbitrary File Read / Command Execution Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, and command execution via the system update functionality. Versions 4.0.4 and below are. […]
  • CollabNet Subversion Edge Management Tail LFI The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile “filename” parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.
  • CollabNet Subversion Edge Management Missing Password Check The management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing t. […]
  • NetIQ Access Manager 4.0 SP1 XXE Injection NetIQ Access Manager is vulnerable to XXE injection attacks.
  • CollabNet Subversion Edge Management Unsalted Hashes The CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.
  • CollabNet Subversion Edge Management Multiple Logins The CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.
  • Courier Heap Overflow / Out Of Bounds Read Access Courier mail server versions before 0.75 suffer from out of bounds read access and heap overflow vulnerabilities.
  • CollabNet Subversion Edge Management Brute Forcing The CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme