Whitepaper called Nazca: Detecting Malware Distribution in Large-Scale Networks. In this paper, they study how clients in real-world networks download and install malware, and present Nazca, a system that detects infections in large scale networks. Nazca does not operate on individual connections, nor looks at properties of the downloaded programs or the reputation of the servers hosting them. Instead, it looks at the telltale signs of the malicious network infrastructures that orchestrate these malware installation that become apparent when looking at the collective traffic produced and becomes apparent when looking at the collective traffic produced by many users in a large network. Being content agnostic, Nazca does not suffer from coverage gaps in reputation databases (blacklists), and is not susceptible to code obfuscation. They have run Nazca on seven days of traffic from a large Internet Service Provider, where it has detected previously-unseen malware with very low false positive rates.
032e0a68647df30e19b1e6384d3777c89aaa648d1c9fa02c224a00ccae04a680
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
6df617ee79fb23beec2f85b10909b8120664dc293d9dff1a3386c94869b72931
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
731927c2cdea60e3c6b3a504b188025b7654cc0b172066013234b7695648d60e
REcon 2014 is a computer security conference for reverse engineers, hackers, and enthusiasts. It is held annually in Montreal, Canada and the Call For Papers has been announced.
47927abb89bab2ac193c1a5d1a0d65f0ddafa6868756ed6f19820e7f1271d7b6
File Hub version 1.9.1 suffers from remote code execution and local file inclusion vulnerabilities.
fb2b943db8bc3e86e07c39ad67f7b3baed8d871ca32abfab010521177ba59b0a
My PDF Creator and DE DM version 1.4 suffers from local file inclusion and file upload vulnerabilities.
cc81c0b63733f6dd75f11423ad214819b47b184980b8f221c00c8841c9555a0d
ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
80cfd1f2cb606a00ce131d4f55531bcda605931849efe12331e37b5a2a1bba48
This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from an URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.
0ae51161a01d969079b5ae31c9e558381714eaaed892cb6da032845477f29e85
Gentoo Linux Security Advisory 201402-17 - Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Versions less than or equal to 3.02-r4 are affected.
1f006b1e25e6174b446336d6d342e87c3bc6c5a1719a0776210c16b2b5afe4ca
Mandriva Linux Security Advisory 2014-038 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service or possibly gain privileges via a crafted application. The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. The updated packages provides a solution for these security issues.
e2c4547e50770bd3df69abde587f4db32a1c9a1954a305f2d7cf5ee05330a99e
Mandriva Linux Security Advisory 2014-037 - This updates provides ffmpeg version 0.5.13 and 0.10.11, which fixes several unspecified security vulnerabilities and other bugs which were corrected upstream.
d03ad4b69e70137039a435da637b88b2ab53aefeb86a0f09b73159e3835520d7
Mandriva Linux Security Advisory 2014-036 - Varnish before 3.0.5 allows remote attackers to cause a denial of service via a GET request with trailing whitespace characters and no URI. Also, the services have been converted from SysV init scripts to systemd-native services, which should allow for more consistent behavior.
fc02cb3564571294ca8fbe0363d8e7dd5c8f5669e65f5fa32a4f6ddb9224686e
Mandriva Linux Security Advisory 2014-035 - The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c.
931cc541f67fd6e0d62d7e1e7506f2812d8e4e5308cd9f5cc5bd2921b946d1a5
Debian Linux Security Advisory 2862-1 - Several vulnerabilities have been discovered in the chromium web browser.
b90e47244d4361de2a4c1e7689a91eb7c5d6021b03e6810350c33bf2949ef1cd
Debian Linux Security Advisory 2861-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.
ba2d4742d86e1523c1ae2d5dddb4735ff294e3ccbb690646000820894c4b5493