Hackin9

BBX Capital Corporation Reports Financial Results for the Third Quarter, 2014
Marketwired (press release)
Copies of the documents filed with the SEC by BFC are available free of charge on BFC's website at www.bfcfinancial.com under the tab "Investor Relations - Regulatory Info - SEC Filings" or by directing a request by mail to BFC Financial Corporation ...

and more »
 

This is a guest diary submitted by Chris Sanders. We will gladly forward any responses or please use our comment/forum section to comment publicly.">">If you work with any type of IDS, IPS, or other">detection technology then you have to deal with false positives. One">common">mistake I see people make when managing their indicators and rules is">relying">solely on the rate of false positives that are observed. While false">positive">rate is an important data point, it doesnt encompass everything you">should">consider when evaluating the effectiveness of a rule or indicator. For">instance, consider a scenario where you have a rule that looks for a">specific">">alert tcp $HOME_NET any - $EXTERNAL_NET any">(msg:Random Malware content:|AB BF 09">B7|">">You can see that this rule isnt incredibly">specific as it examines all TCP traffic for four specific outbound bytes.">As a">result, there might be potential for false positives here. In this case, I">ran">this rule on a large network over the course of a month, and it generated">58">false positive alerts. Using that data point alone, it sounds like this">rule">might not be too effective. As a matter of fact, I had a few people who">asked">me if I could disable the rule. However, I didnt because I also">considered the">number of true positive alerts generated from this rule. Over the same">period of time this rule generated 112 true positive alerts. This means">that the rule was effective at catching what it was looking for, but it">still">wasn">">I mention the word precise, because the false">positive">and true positive data points can be combined to form a precision">statistic">using the formula P = TP + (TP + FP). This value, expressed as a">percentage,">can be used to describe exactly how precise a rule is, with higher values">being">more desirable. In the case of our example rule, the rule has 65.9%">precision,">meaning that it successfully detected what it was looking for 65.9% of the">time. That doesnt sound like a rule that should be disabled to me.">Instead, I">was able to conduct more research and further tune the rule by looking for">the">">When examining rules and indicators for their effectiveness, be sure">to consider both true and false positives. You might miss out on favorable">detection if you don">">Blogs:">">http://www.chrissanders.org (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

 
SDDM CVE-2014-7272 Multiple Security Vulnerabilities
 
SDDM CVE-2014-7271 Local Authentication Bypass Vulnerability
 
Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
 
Abby Robinson, UMD301-405-4575Center researchers aim to understand how quantum systems can store, transport, process informationThe University of Maryland (UMD) and the U.S. Department of Commerces National Institute of Standards and ...
 

Hidden services running on the Tor network got major support on Friday when Facebook began offering Tor users a way to connect to its services and not run afoul of the social network’s algorithms for detecting fraudulent usage of accounts.

On Friday, the company added a hidden service address with a .onion top-level domain, facebookcorewwwi.onion [updated to fix address], which allows Tor users to protect their data and identity all the way to Facebook’s datacenters. Hidden services accessed through the Tor network allow both the Web user and website to remain anonymous.

“Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud,” Alec Muffett, a software engineer with Facebook’s security infrastructure group, said in a blog post. “It provides end-to-end communication, from your browser directly into a Facebook datacenter.”

Read 6 remaining paragraphs | Comments

 
[SECURITY] [DSA 3060-1] linux security update
 
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU
 
SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access
 
[SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565)
 
[security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
 
[security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)
 

Nearly a million websites running the popular Drupal content management system had only hours to update their software before attacks likely compromised the systems, thanks to a widespread vulnerability, the Drupal security team warned this week.

On October 15, the security team for the Drupal content management system announced the discovery of a critical security flaw that could allow attackers to steal data or compromise vulnerable sites. Within seven hours of the announcement, attackers had begun broadly scanning for and attacking Drupal sites, according to the project’s security team, which provided the details in an October 29 public service announcement.

“Systematic attacks were launched against a wide variety of Drupal websites in an attempt to exploit this vulnerability,” the group stated in its update. “If you did not update your site within < 7 hours of the bug being announced, we consider it likely your site was already compromised.”

Read 5 remaining paragraphs | Comments

 
ImageMagick DCM Decode Denial of Service Vulnerability
 
ImageMagick 'DeleteImageProfile()' Function Denial of Service Vulnerability
 

Welcome To My Cyber Security Nightmare
Dark Reading
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night. This past year, we have seen some pretty scary stuff happen in cyber security. Since Halloween is almost here, I thought I would ...

 
Oracle Java SE CVE-2014-6513 Remote Security Vulnerability
 
LinuxSecurity.com: Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: An updated wget package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Wget could be made to overwrite files.
 

Posted by InfoSec News on Oct 31

http://www.darkreading.com/attacks-breaches/retailers-now-actively-sharing-cyberthreat-intelligence/d/d-id/1317086

By Kelly Jackson Higgins
Dark Reading
10/30/2014

The retail industry's R-CISC has been up and running for four months now
and is looking for more retailers to sign up.

When a threat alert arrived about a new malware threat during a recent
industry gathering of retailers, a group of them immediately left the room
to check...
 

Posted by InfoSec News on Oct 31

http://www.nytimes.com/2014/10/31/world/europe/new-russian-boldness-revives-a-cold-war-tradition-testing-the-other-side-.html

By DAVID E. SANGER and NICOLE PERLROTH
The New York Times
OCT. 30, 2014

WASHINGTON -- When the White House discovered in recent weeks that its
unclassified computer systems had been breached, intelligence officials
examined the digital evidence and focused on a prime suspect: Russia,
which they believe is using its...
 

Posted by InfoSec News on Oct 31

http://www.csoonline.com/article/2840953/social-engineering/social-engineers-work-in-teams-to-harness-the-power-of-information.html

By Steve Ragan
Salted Hash
CSO Online
Oct 30, 2014

Proving once again that information viewed as harmless can often enable an
attacker, the contestants in this years Social Engineering Capture the
Flag (SECTF) contest at DEF CON 22 worked in teams of two in order to
collect vital information from some of the...
 

Posted by InfoSec News on Oct 31

http://arstechnica.com/security/2014/10/retailers-accuse-credit-unions-of-talking-smack-about-card-breaches/

By Sean Gallagher
Ars Technica
Oct 30, 2014

Reeling from the bad press associated with an ongoing parade of data
breaches caused by criminal infiltration of their payment systems,
representatives of six retail industry associations signed a joint open
letter that pushes back against a vocal critic of retailers'
cyber-security...
 

Posted by InfoSec News on Oct 31

http://www.bankinfosecurity.com/banks-concerns-about-cyberthreats-grow-a-7486

By Tracy Kitten
Bank Info Security
October 28, 2014

Banking leaders say they're substantially more concerned today than they
were just six months ago about cyber-attacks and geopolitical threats
aimed at the global financial system.

That's according to a report covering results of a survey conducted during
the third quarter and published last week by the...
 
Cisco Unified Communications Manager CVE-2014-3373 Multiple Cross Site Scripting Vulnerabilities
 
PHP 'donote()' Function Out-of-Bounds Read Vulnerability
 
Cisco Unified Communications Manager Reports Interface Multiple Cross Site Scripting Vulnerabilities
 
Internet Storm Center Infocon Status