A professional espionage group has targeted a variety of Eastern European governments and security organizations with attacks aimed at stealing political and state secrets, security firm FireEye stated in a report released on Tuesday.

The group, dubbed APT28 by the company, has targeted high level officials in Eastern European countries such as Georgia, and security organizations such as the North Atlantic Treaty Organization (NATO). While Russian and Ukrainian cybercriminal groups are known to conduct massive campaigns aimed at stealing money and financial information, APT28 focuses solely on political information and state secrets, according to FireEye.

The report argues that the group is closely tied to Russia and likely part of Moscow’s intelligence apparatus.

Read 8 remaining paragraphs | Comments

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
GNU Wget CVE-2014-4877 Symlink Vulnerability
phpfusion (Search Page) Denial of Service Vulnerability
IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA
[security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code
Re: vulnerabilities in libbfd (CVE-2014-beats-me)
[SECURITY] [DSA 3058-1] torque security update
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

SANS Institute Offers a MacBook Air or $800 Discount to InfoSec Professionals
Virtual-Strategy Magazine (press release)
BETHESDA, Md., Oct. 28, 2014 /PRNewswire-USNewswire/ -- SANS Online Training announces a special opportunity to receive a new MacBook Air laptop, a Toshiba Portege Z30 laptop, or an $800 discount on online courses with SANS' top-rated cyber ...

and more »
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in mariadb: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS [More...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: libxml2 could be made to consume resources if it processed a speciallycrafted file.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk: Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet [More...]
LinuxSecurity.com: Updated ctags package fixes security vulnerability: A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop [More...]
LinuxSecurity.com: Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries [More...]
LinuxSecurity.com: Updated ejabberd packages fix security vulnerability: A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set (CVE-2014-8760). [More...]
LinuxSecurity.com: Updated lua and lua5.1 packages fix security vulnerability: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code [More...]
LinuxSecurity.com: New glibc packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
Aurich Lawson / Thinkstock

Welcome to Ars UNITE, our week-long virtual conference on the ways that innovation brings unusual pairings together. Today, a look at how everyone involved with the modern cloud is looking to improve its security. Join us this afternoon for a live discussion on the topic with article author Sean Gallagher and his expert guests; your comments and questions are welcome.

When the technology industry embraced “cloud computing” and made it part of our daily lives, we all made a Faustian bargain. They gave us a way to break free from the expense of owning all the hardware, making computing and storage capacity dirt cheap and available on demand. On the other side, we promised not to worry too much about the fine print.

“In the 2000s we had this wild cloud party,” said Peter Eckersley, technology projects director at the Electronic Frontier Foundation. “That party ended—Edward Snowden crashed that party. And we’ve woken up with a massive privacy and security hangover that companies are now trying to shake.”

Read 35 remaining paragraphs | Comments

Drupal Core CVE-2014-3704 SQL Injection Vulnerability
phpMyAdmin CVE-2014-8326 Multiple Cross Site Scripting Vulnerabilities
PHP 'libxmlrpc/xmlrpc.c' Buffer Overflow Vulnerability
[ MDVSA-2014:210 ] mariadb
[security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution
[security bulletin] HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information
[SECURITY] [DSA 3057-1] libxml2 security update

I will never forget the name of my first server - Rachel. I was very proud to be the person whose job it was to defend Rachel from all types of disruption. To this day I still remember each IP address, user account, service account and application. When patches were installed, I manually verified they had been applied successfully. I diligently reviewed the logs and configured full auditing to let me know the success and failure of just about everything.">I have administered many servers since Rachel, but do not remember as much about them as I do about my first love. Consider this an invitation to fall back in love withyour">How can you do this? The act of actively measuring how well you manage, secure and maintain your severs can very well be the catalyst you need to return back toyourfirst love. Consider creating and sending yourself a daily report that clearly shows its current security posture. What are good candidates for this report? I am glad you asked, Some of my favorites include the following.">Mean time to identify a new service running (or not running anymore)
are certainly many metrics you could track. Pick a few and diligently check themevery day for the next month. Youll be glad you did!">Feel free to use our comment page to let us know what you are doing to remember your first love.


(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Continuing our theme of False Positives this month, Id like to talk about the process of managing false positives we encounter in the course of analysis. False positives will almost always show at some point during a security analysis, which leads to unwanted additional work on the part of either the sysadmins, security teams, or both. Even worse, continued false positives can lead to complacency during analysis, where things are assumed">">Managing false positives in our testing and analysis is part of the overall security process, which can be used to identify and eliminate false positives. ">-Ports, Protocols, and Services baseline (need to know what we have on the wire, and where it">">An ideal scenario in an operating environment may run something like this: A Continuous Monitoring program alerts that a vulnerability exists on a host. A review of the configuration of the host shows that the vulnerability does not exist, and a verification can be made from the traffic logs which reveal that no traffic associated with the vulnerability has transited the wire. The Continuous Monitoring application should be updated to reflect that the specific vulnerability reported on that specific host is a false positive, and should be flagged accordingly in future monitoring. The network monitoring would *not* be updated, because it did not flag a false positive, leaving the defense-in-depth approach in tact.">">Now, this is *ideal*, and a very high level, but it hopefully gives some ideas on how false positives could be managed within the enterprise, and the processes that contribute. We would really like to hear how false positives are managed in other enterprise environments, so let us know. :)

tony d0t carothers --gmail

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Python 'bufferobject.c' Integer Overflow Vulnerability

CSO Online

6 tips for effective security tabletop testing
CSO Online
The tabletop exercise is the opportunity to demonstrate the purpose and value of our InfoSec program.” Make sure the participants know the ground rules of the exercise. “Communicate what is in scope for the exercise and out of scope,” says Elayne ...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Explaining infosec magic to kids
Help Net Security
After talking with my InfoSec peers, I believe many of us often feel that our kids don't truly know what Mom or Dad does on the job because we find it difficult to explain our work to most adults, sometimes even our bosses. Or we think that our kids ...


Shipping Secure Software: Strategy and Tactics for Infosec Managers ...
Infosecurity Magazine
To watch this webinar you'll need an Infosecurity Magazine account. Log in or sign up for your's below. Log In. Email Address. Password Forgotten your password? Or. Sign Up. Get up-to-the-minute news and opinions, plus access to a wide assortment of ...


SC Magazine UK

8 in 10 infosec pros think perimeter security can combat APTs
SC Magazine UK
A new survey from Lieberman Software reveals that almost eight in ten IT security professionals believe that perimeter security technologies like firewalls and anti-malware solutions are sufficient in defending against advanced persistent threats (APTs ...

and more »

Posted by InfoSec News on Oct 27

Forwarded from: William Knowles <wk (at) infosecnews.org>

For years, InfoSec News offered complete news articles for its
subscribers, but after copyright holding companies like Righthaven were
founded in 2010, under the advice of legal counsel, we stopped posting
full articles.

InfoSec News is now offering a new list with full articles, no
advertising, and no public archives.

Full details are at: http://www.infosecnews.org/services/...

Posted by InfoSec News on Oct 27


By David Kravets
Ars Technica
Oct 23 2014

It was an eerie tale. Former US Vice President Dick Cheney announced last
year that he disabled the wireless function of the implanted heart
defibrillator amid fears it could be exploited by terrorists wanting to
kill him.

Cheney's announcement put a face to the fear of possible...

Posted by InfoSec News on Oct 27


The New York Times
OCT. 21, 2014

MADRID — How is it that a baby-faced, 20-year-old university student
skates his way into the coronation celebration of the new king, passes
himself off as a government adviser to reportedly broker a lucrative
business deal, and avoids traffic jams by flashing a fake police light?

That is the...
Internet Storm Center Infocon Status