Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

I spend a lot of time using R, theprogramming language and software environment for statistical computing and graphics. Its incredibly useful for visualization and analysis, consider Data-Driven Security as a great starting point and reference, along with this article,if youre further interested.

One of my recent discoveries (I">system toinvoke">system, in two lines I can call Log Parser, pull the Windows security event log, write it to CSV, and create a data frame out of it that I can then do any number of other cool things with. Note: to pull the Windows security event log you need to be running with elevated privilege and need to run R as admin for this example scenario.

In short:

Set a working directory:">setwd(D:/coding/R/EventVizWork)
Call Log Parser with system:">system(logparser Select * into security.csv from Security -i:evt -o:csv)

Statistics:
-----------
Elements processed: 112155
Elements output: 112155
Execution time: 26.80 seconds

Read the results into a data frame:">secevtlog - read.csv(security.csv)

Tomorrow I">|">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
viagra generic singapore
 
[SECURITY] [DSA 3320-1] openafs security update
 
Samy Kamkar's OwnStar can gain access to GM OnStar cars.

Samy Kamkar, a Los Angeles-based security researcher and hardware hacker, has created a device called OwnStar that can find, unlock, and remote start General Motors cars equipped with OnStar. The hack, which is based on an exploit of OnStar's mobile software communications channel, exposes the credentials of a car's owner when it intercepts communications with OnStar's service. The device will be demonstrated at next week's DefCon security conference in Las Vegas.

The OwnStar device can detect nearby users of the OnStar RemoteLink application on a mobile phone and can then inject packets into the communication stream to the phone, getting it to give up additional information about the user's credentials. Those credentials can then be used to gain access to the vehicle's OnStar account and the full functionality of the OnStar RemoteLink app.

Kamkar says the vulnerability is in the app itself and not the OnStar hardware in GM vehicles. He added that GM and OnStar are working to correct the flaw in the vulnerable mobile application. GM customers who use OnStar can protect themselves for the time being by not using the RemoteLink app.

Read 2 remaining paragraphs | Comments

 
Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
 

A recently disclosed vulnerability in Bind, the most widely used software for translating human-friendly domain names into IP addresses used by servers, makes it possible for lone-wolf attackers to bring down huge swaths of the Internet, a security researcher has warned.

The flaw, which involves the way that Bind handles some queries related to transaction key records, resides in all major versions of the software from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2. Attackers can exploit it by sending vulnerable servers a malformed packet that's trivial to create. Vulnerable servers, in turn, will promptly crash. There are no indications that the vulnerability is being actively exploited in the wild, and the bug wasn't disclosed until a fix was in place. Still, the critical vulnerability underscores the fragility of Bind, which despite its three decades in use and unwieldy code remains the staple for the Internet's domain name system.

Rob Graham, CEO of penetration testing firm Errata Security, reviewed some of the Bind source code and the advisory that Bind developers issued earlier this week and made this sobering assessment:

Read 2 remaining paragraphs | Comments

 
Dell Netvault Backup Remote Denial of Service
 
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.
 
LinuxSecurity.com: ## 7.x-3.3See [SA-CONTRIB-2015-133](https://www.drupal.org/node/2533926)* New token `%site:current-page:path-menu-trail:pb-join:*` is an alternative approach to build breadcrumbs based on path hierarchy.* Fixed #2473109: Destination parameter is present but doesn't work during editing breadcrumb* Other improvements and fixes.
 
LinuxSecurity.com: Fix CSRF issue.- Fix font-awesome paths (bug #1219956)- Add upstream patch to fix PyQt4 import (bug #1219997)- Use python2 macros, fix python3 shebang fixFix fontawesome path
 
LinuxSecurity.com: Fixes salt usage for password wrapping
 
LinuxSecurity.com: fixes CVE-2015-0839
 
LinuxSecurity.com: Fixes salt usage for password wrapping
 
LinuxSecurity.com: ## 7.x-3.3See [SA-CONTRIB-2015-133](https://www.drupal.org/node/2533926)* New token `%site:current-page:path-menu-trail:pb-join:*` is an alternative approach to build breadcrumbs based on path hierarchy.* Fixed #2473109: Destination parameter is present but doesn't work during editing breadcrumb* Other improvements and fixes.
 
LinuxSecurity.com: Update to new version 2.4.16. This update fixed various bugs as well as few security issues.For full changelog, see http://www.apache.org/dist/httpd/CHANGES_2.4.16
 
LinuxSecurity.com: The update adds a patch for the security issue in bug 1241907.
 
LinuxSecurity.com: Attempt to fix this DoS.
 
LinuxSecurity.com: Update to nx-libs 3.5.0.32:- Proper integration of all patches in the source tarballs. Bugs in the tarball generation script and patch file names prohibited inclusion of many patches previously, including security fixes.- Better support for debug (DEBUG, TEST, TRACE and other directives) builds, in part thanks to Nito Martinez.- Build fixes due to underlinking of libdl thanks to Bernard Cafarelli.- Retroactively document correct GPLv2 licensing of previously potentially offending DXPC code.- Help text fixups.- Restart reading if interrupted, gets rid of "Negotiation in stage 10" errors thanks to Vadim Troshchinskiy.- A dozen X.Org Server fixes backported by Ulrich Sibiller.The X2Go Project thanks Bernard Cafarelli, Nito Martinez (Qindel Group), Vadim Troshchinskiy (Qindel Group) and Ulrich Sibiller for their contributions.
 
LinuxSecurity.com: Fix CSRF issue.- Fix font-awesome paths (bug #1219956)- Add upstream patch to fix PyQt4 import (bug #1219997)- Use python2 macros, fix python3 shebang fixFix fontawesome path
 
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]
 

Posted by InfoSec News on Jul 30

http://www.scmp.com/tech/enterprises/article/1845102/united-airlines-hacked-china-linked-group-believed-responsible

Bloomberg
30 July, 2015

The hackers who stole data on tens of millions of US insurance holders and
government employees in recent months breached another big target at
around the same time -- United Airlines.

United, the world’s second-largest airline, detected an incursion into its
computer systems in May or early June,...
 

Posted by InfoSec News on Jul 30

http://english.yonhapnews.co.kr/full/2015/07/30/41/1200000000AEN20150730005700315F.html

Yonhap
2015/07/30

SEOUL, July 30 (Yonhap) -- An Italian cybersecurity firm testified that
North Korea had contacted the company to purchase hacking software
programs, a South Korean opposition lawmaker said Thursday.

South Korea's top intelligence agency recently admitted to purchasing
similar software from the Milan-based Hacking Team, triggering...
 

Posted by InfoSec News on Jul 30

http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/

By Robert Hackett
@rhhackett
Fortune.com
July 29, 2015

It’s not every day that a company can compel hackers to give up. Yet
that’s exactly what CrowdStrike managed to do earlier this year.

CEO and co-founder George Kurtz tells it like this: A besieged customer
needed backup. So Kurtz’s team sent in reinforcements, placed its
cloud-based software sensors across the...
 

Posted by InfoSec News on Jul 30

http://krebsonsecurity.com/2015/07/windows-10-shares-your-wi-fi-with-contacts/

By Brian Krebs
Krebs on Security
July 29, 2015

Starting today, Microsoft is offering most Windows 7 and Windows 8 users a
free upgrade to the software giant’s latest operating system — Windows 10.
But there’s a very important security caveat that users should know about
before transitioning to the new OS: Unless you opt out, Windows 10 will by
default share...
 

Posted by InfoSec News on Jul 30

http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/

By Andy Greenberg
Security
Wired.com
07.29.15

PUT A COMPUTER on a sniper rifle, and it can turn the most amateur shooter
into a world-class marksman. But add a wireless connection to that
computer-aided weapon, and you may find that your smart gun suddenly seems
to have a mind of its own—and a very different idea of the target.

At the Black Hat hacker...
 
Internet Storm Center Infocon Status