The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • AIEngine 1.0 AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Maligno 1.4 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Clam AntiVirus Toolkit 0.98.5 Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are. […]
  • Capstone 3.0 Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
  • DAVOSET 1.2.3 DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • Fwknop Port Knocking Utility 2.6.4 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect servic. […]
  • Packet Fence 4.5.1 PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration. […]
  • Advertisement: SolarWinds Log & Event Manager Need root-cause analysis, log management, and compliance monitoring? SolarWinds(r) LEM is smart security for any IT pro. Download a free trial
  • Hesperbot Detection Scanner 1.0 Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.
  • DAVOSET 1.2.2 DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
  • ROP Gadget Tool 5.3 This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.
  • Web-Based Firewall Logging Tool 1.01 Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or “drilled-down” all the way to the p. […]
  • Lynis Auditing Tool 1.6.4 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • SSLsplit 0.4.9 SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destin. […]
  • I2P 0.9.16 I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
  • Samhain File Integrity Checker 3.1.3 Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding re. […]

CNET Download.com Security Software New Releases

  • Dashlane 11/27/14 – Automate and simplify your everyday online life.
  • Real Hide IP 11/26/14 – Hide your IP to protect your privacy on the Internet.
  • PC Tattletale Recorder 11/26/14 – Monitor and record PC activities in stealth mode.
  • 9-lab Removal Tool x86 11/26/14 – Protect your computer against all forms of cyber threats.
  • Combofix 11/26/14 – Scan for spyware and remove it from your computer.
  • S.S.E. File Encryptor for PC 11/25/14 – Encrypt your private and confidential files or whole folders.
  • System Security 2009 11/25/14 – Keep away unwanted users from computer.
  • PDF Encrypt 11/25/14 – Encrypt existing PDFs,set permissions and user and owner password.
  • HideMe 11/24/14 – Hide your IP address, protect your online privacy, and bypass firewalls.
  • Classroom Spy Professional 11/24/14 – Monitor PC activities of your kids or employees and lock Internet access when necessarily.

Exploits

Exploit-DB updates

Exploit Files ≈ Packet Storm

1337day.com

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • Pandora FMS SQL Injection Remote Code Execution This Metasploit module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS versions equal to and prior to 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in or. […]
  • xEpan 1.0.1 Cross Site Request Forgery xEpan version 1.0.1 suffers from a cross site request forgery vulnerability.
  • Android WAPPushManager SQL Injection Android versions prior to 5.0 suffer from a remote SQL injection vulnerability in the opt module WAPPushManager.
  • Android SMS Resend Android versions prior to 5.0 allow an unprivileged application the ability to resend all the SMS’s stored in the users phone.
  • Android Settings Pendingintent Leak In Android versions prior to 5.0 and possibly greater than and equal to 4.0, Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is explicitly set) to third party applications. Due to this, a malicious app can use this to broadcast intent with the. […]
  • Device42 Embedded Credentials Device42 DCIM Appliance Manager versions 5.10 and 6.0 have hardcoded credentials and also suffer from remote command injection vulnerabilities.
  • Device42 Traceroute Command Injection Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute.
  • Advertisement: SolarWinds Log & Event Manager Need root-cause analysis, log management, and compliance monitoring? SolarWinds(r) LEM is smart security for any IT pro. Download a free trial
  • Device42 Ping Command Injection Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages ping.
  • Red Hat Security Advisory 2014-1906-01 Red Hat Security Advisory 2014-1906-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different. […]
  • Red Hat Security Advisory 2014-1905-01 Red Hat Security Advisory 2014-1905-01 – In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat’s Global Support Services will no longer be prov. […]
  • Ubuntu Security Notice USN-2422-1 Ubuntu Security Notice 2422-1 – Sebastian Krahmer discovered that the Squid pinger incorrectly handled certain malformed ICMP packets. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.
  • Red Hat Security Advisory 2014-1904-01 Red Hat Security Advisory 2014-1904-01 – Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.0 release serves as a replac. […]
  • Mandriva Linux Security Advisory 2014-228 Mandriva Linux Security Advisory 2014-228 – Multiple vulnerabilities has been discovered and corrected in phpmyadmin including cross site scripting, local file inclusion, and more. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
  • Debian Security Advisory 3076-1 Debian Linux Security Advisory 3076-1 – Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service.
  • HP Security Bulletin HPSBUX03166 SSRT101489 1 HP Security Bulletin HPSBUX03166 SSRT101489 1 – A potential security vulnerability has been identified in the HP-UX running PAM using libpam_updbe in pam.conf(4). This vulnerability could allow remote users to bypass certain authentication restrictions. Revision 1 of this advisory.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme