The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140925 Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
  • Hakabana 0.2.1 Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.
  • TOR Virtual Network Tunneling Tool 0.2.4.24 Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizatio. […]
  • IPTables Bash Completion 1.3 iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic. […]
  • IPSet List 3.2.1 ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.
  • I2P 0.9.15 I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Suricata IDPE 2.0.4 Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnya. […]
  • Lynis Auditing Tool 1.6.2 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • Secure rm 1.2.14 Secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
  • IPSet Bash Completion 2.6 ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
  • AIEngine 0.9 AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • UFONet 0.3b UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.
  • DAWIN – Distributed Audit and Wireless Intrustion Notification DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory. […]
  • Project Kakilles 0.3 Kakilles is a perl script that spawns an HTTP proxy and lets you modify user-agent, content, and cookie headers.
  • Maligno 1.3 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • PoisonShell PHP Backdoor PoisonShell is a simple PHP shell that has several options.

CNET Download.com Security Software New Releases

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • PHPCompta/NOALYSS 6.7.1 5638 Remote Command Execution PHPCompta/NOALYSS version 6.7.1 5638 suffers from a remote command execution vulnerability.
  • WordPress Content Audit 1.6 Blind SQL Injection WordPress Content Audit plugin version 1.6 suffers from a remote SQL injection vulnerability.
  • PXE Exploit Server This Metasploit module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing the payload on the hard drive of any Windows partition seen. Note: the displayed IP address of a target is the addres. […]
  • Pure-FTPd External Authentication Bash Environment Variable Code Injection This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.
  • XShock 0.1 XShock is a python script that exploits the recent bash vulnerability. It includes four reverse shells that can be used during the attack.
  • Red Hat Security Advisory 2014-1351-01 Red Hat Security Advisory 2014-1351-01 – Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use. […]
  • Red Hat Security Advisory 2014-1352-01 Red Hat Security Advisory 2014-1352-01 – The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in th. […]
  • Bash Me Some More This is information regarding more bash vulnerabilities and how the original bash patches are ineffective.
  • Epicor Password Disclosure / Cross Site Scripting Epicor suffers from cross site scripting and password disclosure vulnerabilities.
  • VMware Security Advisory 2014-0010 VMware Security Advisory 2014-0010 – VMware product updates address Bash security vulnerabilities.
  • Packet Storm New Exploits For September, 2014 This archive contains all of the 158 exploits added to Packet Storm in September, 2014.
  • Debian Security Advisory 3040-1 Debian Linux Security Advisory 3040-1 – Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trig. […]
  • Debian Security Advisory 3041-1 Debian Linux Security Advisory 3041-1 – Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.
  • HP Security Bulletin HPSBMU03112 HP Security Bulletin HPSBMU03112 – Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosur. […]
  • HP Security Bulletin HPSBST02958 HP Security Bulletin HPSBST02958 – A potential security vulnerability has been identified with the HP MPIO Device Specific Module Manager. The vulnerability could be exploited locally to allow the execution of arbitrary code with privilege elevation. Revision 1 of this advisory.
  • Textpattern 4.5.5 Cross Site Scripting Textpattern version 4.5.5 suffers from a cross site scripting vulnerability.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme