The freshest blend of the latest infosec news headlines. Updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit

Urbanadventurer’s Bookmarks

Tools

Security Tool Files ≈ Packet Storm

  • AnonTwi 1.1b Anontwi is a tool for OAuth2 applications, such as GNUSocial and Twitter, that provides different layers of encryption, privacy methods and proxy features. It contains a GTk+ interface.
  • Fwknop Port Knocking Utility 2.6.7 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect servic. […]
  • OpenSSH 7.1p1 This is a Linux/portable port of OpenBSD’s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Faraday 1.0.13 Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the. […]
  • oclHashcat For NVidia 1.37 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
  • oclHashcat for AMD 1.37 oclHashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
  • Viproy VoIP Penetration / Exploitation Kit 2.99.1 Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.
  • Wireshark Analyzer 1.12.7 Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
  • NetRipper Smart Traffic Sniffer NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.
  • OpenSSH 7.0p1 This is a Linux/portable port of OpenBSD’s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
  • Mandos Encrypted File System Unattended Reboot Utility 1.7.0 The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encry. […]
  • Simple Packet Sender 4.3 Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flo. […]
  • Maligno 2.4 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • mrtparse MRT Parsing Tool 1.3 mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data.. […]
  • Maligno 2.3 Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
  • Pcapteller 0.2 Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP add. […]

CNET Download.com Security Software New Releases

  • RogueKiller (64 bit) 09/04/15 – Scan and kill malicious processes on your Windows PC.
  • RogueKiller 09/04/15 – Scan and kill malicious processes on your Windows PC.
  • Ad-Aware Free Antivirus + 09/04/15 – Protect your personal computer against virus and spyware attacks.
  • KryptoMessage 09/04/15 – Encrypt and decrypt messages, mails, and conversations through cryptographic standards.
  • Ad-Aware Total Security 09/04/15 – Be protected against viruses, spyware, phishing attacks and online scams.
  • Ad-Aware Pro Security 09/04/15 – Be protected against viruses, spyware, phishing attacks and online scams.
  • Best Folder Encryptor 09/03/15 – Protect files and folders with encryption.
  • 360 Total Security Essential 09/03/15 – Keep your system safe from the latest threats.
  • 360 Total Security 09/03/15 – Protect your computer against viruses and other new types of threats.
  • AllInOne Keylogger 09/03/15 – Monitor and record PC activities in a stealth mode, send logs via e-mail, FTP, LAN, or USB.

Exploits

Exploit-DB Updates

Exploit Files ≈ Packet Storm

1337day is gone

Vulnerabilities

Security Videos & Podcasts

Other Stuff

wikileaks on Twitter

Files ≈ Packet Storm

  • Debian Security Advisory 3352-1 Debian Linux Security Advisory 3352-1 – A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service.
  • Slackware Security Advisory – seamonkey Updates Slackware Security Advisory – New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
  • Debian Security Advisory 3351-1 Debian Linux Security Advisory 3351-1 – Several vulnerabilities have been discovered in the chromium web browser.
  • Red Hat Security Advisory 2015-1736-01 Red Hat Security Advisory 2015-1736-01 – Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Improper error handling in the API server can cause the master process to crash. A user with network access to the master co. […]
  • Red Hat Security Advisory 2015-1723-01 Red Hat Security Advisory 2015-1723-01 – OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine. […]
  • Red Hat Security Advisory 2015-1718-01 Red Hat Security Advisory 2015-1718-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU’s RTL8139 emulation implement. […]
  • Windows Registry Only Persistence This Metasploit module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in “CurrentVersion\Run” (depending on privilege and selected method). The payload will be installed completely in registry.
  • Windows Escalate UAC Protection Bypass This Metasploit module will bypass Windows UAC by utilizing the missing .manifest on the script host cscript/wscript.exe binaries.
  • Ubuntu Security Notice USN-2733-1 Ubuntu Security Notice 2733-1 – It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privi. […]
  • Ubuntu Security Notice USN-2731-1 Ubuntu Security Notice 2731-1 – Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel.
  • Ubuntu Security Notice USN-2732-1 Ubuntu Security Notice 2732-1 – Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel.
  • Ubuntu Security Notice USN-2734-1 Ubuntu Security Notice 2734-1 – It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privi. […]
  • Yahoo! Messenger 11.5.0.228 Buffer Overflow Multiple buffer overflow vulnerabilities have been identified in Yahoo! Messenger versions 11.5.0.228 and below.
  • EMC Documentum Content Server Privilege Escalation EMC Documentum Content Server includes a privilege escalation vulnerability that could potentially be exploited by malicious, regular users to perform certain actions as the superuser. Unprivileged Content Server users may potentially escalate their privileges to become a superuser by creating and p. […]
  • Zhone ADSL2+ 4P Authentiation Bypass / Information Disclosure Zhone ADSL2+ 4P Bridge bridge and router suffers from authentication bypass and information disclosure vulnerabilities.
  • Checkmarx CxQL 7.1.5 Sandbox Bypass Checkmarx CxQL versions 7.1.5 and below suffer from a sandbox bypass vulnerability.

Security Blogs

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Colour scheme