Hackin9

In follow up to yesterdays discussion re invoking OS commands with Rs system function, I wanted to show you just a bit of how straightforward it is to then use the resulting data.

After grabbing the Windowssecurity event log with a call to Log Parser and writing it out to CSV, you have numerous options driven by whats interesting to you.Perhaps youre interested in counts per Event ID to say what your Top 10 events are. The issue is, that Log Parser just grabbed all of the">secevt - read.columns(security.csv,c(EventID,TimeWritten,EventTypeName,Message), sep=,)">EventID, TimeWritten, EventTypeName, Message">columns into a new data frame, the contents of which are stored in">the other 11 columns are no longer cluttering to the in-memory data set. Want to count Event IDs?">ct "> x freq
1 1108 734
2 4611 4
3 4616 1
4 4624 159
5 4634 49
6 4648 272
7 4656 2653
8 4658 1900
9 ">srt ">top10 "> x freq
22 4703 81437
9 4662 27602
7 4656 2653
8 4658 1900
16 4690 931
1 1108 734
14 4688 618
15 4689 617
35 4957 400
11 4664 ">Bam, fast and flexible. My security event log has 81,437 Event ID 4703 (A user right was adjusted)entries, these parsed quickly from 118,154 total entries (147MB local file).How about visualizations of that same data? Yep, it all starts with something as simple as">Hopefully youre intrigued regarding options and available capabilities here. Feel free to comment or email me if youd like furtherinformation or resources with which">|">">

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Computer scientists have devised an attack on the Tor privacy network that in certain cases allows them to deanonymize hidden service websites with 88 percent accuracy.

Such hidden services allow people to host websites without end users or anyone else knowing the true IP address of the service. The deanonymization requires the adversary to control the Tor entry point for the computer hosting the hidden service. It also requires the attacker to have previously collected unique network characteristics that can serve as a fingerprint for that particular service. Tor officials say the requirements reduce the effectiveness of the attack. Still, the new research underscores the limits to anonymity on Tor, which journalists, activists, and criminals alike rely on to evade online surveillance and monitoring.

"Our goal is to show that it is possible for a local passive adversary to deanonymize users with hidden service activities without the need to perform end-to-end traffic analysis," the researchers from the Massachusetts Institute of Technology and Qatar Computing Research Institute wrote in a research paper. "We assume that the attacker is able to monitor the traffic between the user and the Tor network. The attacker’s goal is to identify that a user is either operating or connected to a hidden service. In addition, the attacker then aims to identify the hidden service associated with the user."

Read 6 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
phpFileManager 0.9.8 Remote Command Execution
 

The froxlor Server Management Panel islightweight server management software. Your Handler on Duty was unaware of foxlor, if diary readers are users, feel free to comment or email regarding your user experience and past security issues.

Per froxlor:">|">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LinuxSecurity.com: Security fix for CVE-2015-5600
 
LinuxSecurity.com: Security fix for CVE-2015-3245, CVE-2015-3246
 
LinuxSecurity.com: Ghostscript could be made to crash or run programs if it processed aspecially crafted file.
 
LinuxSecurity.com: Handle terminal control characters in scp progressmeter (#1247204) -- Security fix
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: SQLite could be made to crash or run programs if it processed speciallycrafted queries.
 
LinuxSecurity.com: HPLIP could be tricked into downloading a different GPG key whenperforming printer plugin installations.
 
LinuxSecurity.com: Add epoch again. New version. Close bug #1105202 again. Own /etc/xrdp/pulse directory. Reapply service file changes again. Fix sesman default configuration again.
 
HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators
 

Posted by InfoSec News on Jul 31

http://www.defenseone.com/technology/2015/07/hack-critical-infrastructure/118756/

By Patrick Tucker
Defense One
July 31, 2015

Cyber-aided physical attacks on power plants and the like are a growing
concern. A pair of experts is set to reveal how to pull them off — and how
to defend against them.

How easy would it be to pull off a catastrophic cyber attack on, say, a
nuclear power plant? At next week’s Black Hat and Def Con cybersecurity...
 
[SECURITY] [DSA 3321-1] xmltooling security update
 

Infosecurity Magazine

SANS Announces Recruitment Fair for Top Infosec Candidates
Infosecurity Magazine
Cybersecurity training organization the SANS Institute has announced its first ever recruitment fair, designed to bring employers and fully-trained information security candidates closer together. The SANS Cyber Academy Recruitment Fair will be held in ...

and more »
 

Posted by InfoSec News on Jul 31

http://venturebeat.com/2015/07/30/researcher-says-can-hack-gms-onstar-app-open-vehicle-start-engine/

By Bernie Woodall in Detroit
and Jim Finkle in Boston
Reuters
July 30, 2015

BOSTON/DETROIT (Reuters) – A researcher is advising drivers not to use a
mobile app for the General Motors OnStar vehicle communications system,
saying hackers can exploit a security flaw in the product to unlock cars
and start engines remotely.

“White-hat”...
 

Posted by InfoSec News on Jul 31

http://freebeacon.com/national-security/intel-assessment-obama-admin-response-to-cyber-encourages-more-attacks/

By Bill Gertz
Follow @BillGertz
Washington Free Beacon
July 28, 2015

The United States will continue to suffer increasingly damaging cyber
attacks against both government and private sector networks as long as
there is no significant response, according to a recent U.S. intelligence
community assessment.

Disclosure of the...
 

Posted by InfoSec News on Jul 31

http://www.govexec.com/oversight/2015/07/fbi-and-congress-are-investigating-if-meth-lab-exploded-federal-building/118751/

By Eric Katz
Govexec.com
July 30, 2015

A federal employee may have recently learned the hard way that cooking
meth should be left to the chemistry experts.

The FBI and a congressional committee are investigating whether a federal
worker was manufacturing methamphetamine in a federal building after a
room exploded earlier...
 

Posted by InfoSec News on Jul 31

http://www.computerworld.com/article/2955005/security/critical-bind-denialofservice-flaw-could-disrupt-large-portions-of-the-internet.html

By Lucian Constantin
IDG News Service
July 30, 2015

Attackers could exploit a new vulnerability in BIND, the most popular
Domain Name System (DNS) server software, to disrupt the Internet for many
users.

The vulnerability affects all versions of BIND 9, from BIND 9.1.0 to BIND
9.10.2-P2, and can be...
 
Internet Storm Center Infocon Status