from Latest topics for ZDNet in Security http://ift.tt/1P6GBaF
Wednesday, September 30, 2015
Kmart customer details hacked
Australian discount homewares chain Kmart is under investigation, following a data breach that occurred in early September which saw the personal details of its online customers hacked.
from Latest topics for ZDNet in Security http://ift.tt/1P6GBaF
from Latest topics for ZDNet in Security http://ift.tt/1P6GBaF
Apple Releases Security Updates for OS X El Capitan, Safari, and iOS
Original release date: September 30, 2015
from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/1O93Kdu
Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code.
Available updates include:
- OS X El Capitan 10.11 for Mac OS X v10.6.8 and later
- Safari 9 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
- iOS 9.0.2 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
US-CERT encourages users and administrators to review Apple security updates for OS X El Capitan, Safari, and iOS and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/1O93Kdu
WinRAR affected by new zero-day vulnerability
A new remote code execution vulnerability affecting the compression utility is less dangerous than first believed.
Read More
from Symantec Connect - Security - Blog Entries http://ift.tt/1KMUtUz
Read More
from Symantec Connect - Security - Blog Entries http://ift.tt/1KMUtUz
Trustwave, Palo Alto Ink Managed Services Alliance
The alliance expands Trustwave managed security to include Palo Alto devices, and Trustwave's threat intel will incorporate the cloud-based WildFire service.
from http://ift.tt/1JDJitg
from http://ift.tt/1JDJitg
Fresh Ransomware Campaign Has a 0% Detection Rate
Heimdal Security has identified the campaign as the fourth major ransomware campaign in the wild since the beginning of September.
from http://ift.tt/1N2f1vV
from http://ift.tt/1N2f1vV
44% of Companies Believe They Can Keep Attackers Off the Network
And, 55% believe they can detect an attacker on the network within minutes, hours or a few days.
from http://ift.tt/1Gidt9j
from http://ift.tt/1Gidt9j
Apple’s “Gatekeeper” in Mac OS X vulnerable to simple bypass
Researcher Patrick Wardle details security weakness in Apple’s “Gatekeeper” in Mac OS X that could allow attackers to run unverified, unsigned code.
Read More
from Symantec Connect - Security - Blog Entries http://ift.tt/1LQ9dEa
Read More
from Symantec Connect - Security - Blog Entries http://ift.tt/1LQ9dEa
USN-2758-1: PHP vulnerabilities
Ubuntu Security Notice USN-2758-1
30th September, 2015
php5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in PHP.
Software description
- php5 - HTML-embedded scripting language interpreter
Details
It was discovered that the PHP phar extension incorrectly handled certain
files. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2015-5589)
It was discovered that the PHP phar extension incorrectly handled certain
filepaths. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-5590)
Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835
Sean Heelan discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6832)
It was discovered that the PHP phar extension incorrectly handled certain
archives. A remote attacker could use this issue to cause files to be
placed outside of the destination directory. (CVE-2015-6833)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6836)
It was discovered that the PHP XSLTProcessor class incorrectly handled
certain data. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2015-6837)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 15.04:
- php5-cli 5.6.4+dfsg-4ubuntu6.3
- php5-cgi 5.6.4+dfsg-4ubuntu6.3
- libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.3
- php5-fpm 5.6.4+dfsg-4ubuntu6.3
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.13
- php5-cgi 5.5.9+dfsg-1ubuntu4.13
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.13
- php5-fpm 5.5.9+dfsg-1ubuntu4.13
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.20
- php5-cgi 5.3.10-1ubuntu3.20
- libapache2-mod-php5 5.3.10-1ubuntu3.20
- php5-fpm 5.3.10-1ubuntu3.20
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
In general, a standard system update will make all the necessary changes.
References
CVE-2015-5589, CVE-2015-5590, CVE-2015-6831, CVE-2015-6832, CVE-2015-6833, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838
from Ubuntu Security Notices http://ift.tt/1YPaL6I
Don't panic: Microsoft mistakenly posted a 'test' Windows update patch
Some had believed Windows Update has been hacked or compromised.
from Latest topics for ZDNet in Security http://ift.tt/1O8plCI
from Latest topics for ZDNet in Security http://ift.tt/1O8plCI
USN-2753-2: LXC regression
Ubuntu Security Notice USN-2753-2
30th September, 2015
lxc regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary
USN-2753-1 introduced a regression in LXC.
Software description
- lxc - Linux Containers userspace tools
Details
USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that
prevented some containers from starting. This regression only affected
containers that had an absolute path specified as a bind mount target in their
configuration file. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Roman Fiedler discovered a directory traversal flaw in lxc-start. A local
attacker with access to an LXC container could exploit this flaw to run
programs inside the container that are not confined by AppArmor or expose
unintended files in the host to the container.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 14.04 LTS:
- lxc 1.0.7-0ubuntu0.6
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices http://ift.tt/1GhMISs
Bugtraq: APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
from SecurityFocus Vulnerabilities http://ift.tt/1O2yhrC
from SecurityFocus Vulnerabilities http://ift.tt/1O2yhrC
Bugtraq: APPLE-SA-2015-09-30-2 Safari 9
APPLE-SA-2015-09-30-2 Safari 9
from SecurityFocus Vulnerabilities http://ift.tt/1PNZPAe
from SecurityFocus Vulnerabilities http://ift.tt/1PNZPAe
Bugtraq: [security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information
[security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information
from SecurityFocus Vulnerabilities http://ift.tt/1O2yhbi
from SecurityFocus Vulnerabilities http://ift.tt/1O2yhbi
Bugtraq: APPLE-SA-2015-09-30-01 iOS 9.0.2
APPLE-SA-2015-09-30-01 iOS 9.0.2
from SecurityFocus Vulnerabilities http://ift.tt/1PNZMEx
from SecurityFocus Vulnerabilities http://ift.tt/1PNZMEx
Bugtraq: Re: Cisco AnyConnect elevation of privileges via DMG install script
Re: Cisco AnyConnect elevation of privileges via DMG install script
from SecurityFocus Vulnerabilities http://ift.tt/1KLLdQE
from SecurityFocus Vulnerabilities http://ift.tt/1KLLdQE
USN-2756-1: rpcbind vulnerability
Ubuntu Security Notice USN-2756-1
30th September, 2015
rpcbind vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
rpcbind could be made to crash or run programs if it received specially crafted network traffic.
Software description
- rpcbind - converts RPC program numbers into universal addresses
Details
It was discovered that rpcbind incorrectly handled certain memory
structures. A remote attacker could use this issue to cause rpcbind to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 15.04:
- rpcbind 0.2.1-6ubuntu3.1
- Ubuntu 14.04 LTS:
- rpcbind 0.2.1-2ubuntu2.2
- Ubuntu 12.04 LTS:
- rpcbind 0.2.0-7ubuntu1.3
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
from Ubuntu Security Notices http://ift.tt/1KLFiep
USN-2755-1: Cyrus SASL vulnerability
Ubuntu Security Notice USN-2755-1
30th September, 2015
cyrus-sasl2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
Summary
Cyrus SASL could be made to crash if it processed specially crafted input.
Software description
- cyrus-sasl2 - Cyrus Simple Authentication and Security Layer
Details
It was discovered that Cyrus SASL incorrectly handled certain invalid
password salts. An attacker could use this issue to cause Cyrus SASL to
crash, resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 15.04:
- libsasl2-2 2.1.26.dfsg1-13ubuntu0.1
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
from Ubuntu Security Notices http://ift.tt/1jz6eoK
Brazilian firm starts selling spy-proof smartphone
The device promises total privacy for calls and messages.
from Latest topics for ZDNet in Security http://ift.tt/1Vnahp2
from Latest topics for ZDNet in Security http://ift.tt/1Vnahp2
Bugtraq: Apache James Server 2.3.2 security vulnerability fixed
Apache James Server 2.3.2 security vulnerability fixed
from SecurityFocus Vulnerabilities http://ift.tt/1KLe7Ah
from SecurityFocus Vulnerabilities http://ift.tt/1KLe7Ah
Bugtraq: Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
from SecurityFocus Vulnerabilities http://ift.tt/1jyAHDd
from SecurityFocus Vulnerabilities http://ift.tt/1jyAHDd
Bugtraq: RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
from SecurityFocus Vulnerabilities http://ift.tt/1KLe73j
from SecurityFocus Vulnerabilities http://ift.tt/1KLe73j
Picking Apart a Decade of Breaches: The Top 5 Breached Industries
Data breaches seem to come so fast these days that sometimes it’s important for us as an industry to take a step back and catch our breath. It’s hard to believe that we’ve already been recording these incidents for a decade. So with that in mind, Trend Micro decided to take 10 years’ worth of US data breach information collated by the non-profit Privacy Rights Clearinghouse (PRC) – and analyzed it to develop insights that organizations can use to better protect themselves. The result is Follow the Data – a two-part report designed to separate myth from reality when it comes to the key data breach trends of the past 10 years.
The report shows clearly that if you’re in healthcare, education, government, retail or finance, your industry has been among the most heavily targeted over this period. In fact, these five account for more than 80% of the total number of publicly disclosed breaches since 2005.
The most popular record types stolen were personally identifiable information (PII); health, financial, education, and payment card data; and credentials. These are easy to monetize and thus make lucrative targets. Health and education data is mostly stolen because they contain PII.
Sector-by-sector
Follow the Data: Analyzing Breaches by Industry is the second part of our analysis and looks at some of the key trends by sector. It’s perhaps not surprising that these five industries suffered the most publicly disclosed breaches. After all, they store some of the most valuable personal and financial data around – so will always be a prime target for cybercriminals. And they’re among the most highly regulated industries, so there’s more chance they’ll have reported any incidents.
Let’s take a brief look at each, from the most heavily breached down.
Healthcare (27%): A big spike from 2010 suggests cybercriminals have found healthcare records increasingly lucrative and defences weak. Interestingly, loss or theft of data accounted for over two-thirds of breaches, also rising significantly post-2010. This could be due to better reporting or an increase in theft. Hacking accounted for less than 10%.
Education (16.8%): Unusually, breaches in education have been in decline, perhaps as hackers switch to more lucrative industries like healthcare. Hacking or malware (34.2%), unintended disclosure (28.9%) and loss/theft (31.4%) were the biggest causes.
Government (15.9%): A recurring pattern here is a major increase in breaches one year and then several years of decline as new policies and procedures are put in place. Loss of portable and other devices contributed to the most breaches (42%). However these have been in decline as hacking attacks increase.
Retail (12.5%): Point of Sale RAM scrapers have been behind an upward trend in incident reports, especially from 2010. Hacking/malware therefore accounts for 47.6% of breaches, followed by loss/theft (22.2%) which has remained steady, and rising insider threats (12.2%) which can largely be explained by skimming.
Financial (9.2%): Similar to the government sector, financial organizations would see a spike in breaches followed by several years of decline as new policies and protocols take effect. Loss/theft is in decline but hacking/malware and insider threats are on the rise.
Going forward
we add in that the report can be used to identify the data most likely to be breached and give organizations a blueprint for updating their security strategy for protecting the most valuable data?
It’s pretty clear from our analysis that whatever industry your organization is in, it’s at risk. That could be from external financially motivated or state-sponsored hackers, malicious insiders, or even employee error or negligence. No organization will be able to provide 100% security against this array of threats. But if they can action the following key principals effectively, security managers will stand the best chance of mitigating risk and reducing the potential impact of an incident:
|
|
Click here to read Trend Micro’s two reports: Follow the Data: Dissecting Data Breaches and Debunking the Myths and Follow the Data: Analyzing Breaches by Industry.
from Trend Micro Simply Security http://ift.tt/1O21jYp
via IFTTT
Firm's sloppy cybersecurity results in SEC action, fine
Lack of pro-active defenses throwing companies into legal trouble post-breach regardless if data stolen or not
from Latest topics for ZDNet in Security http://ift.tt/1jyygAN
from Latest topics for ZDNet in Security http://ift.tt/1jyygAN
Down the Rabbit Hole: Botnet Analysis for Non-Reverse Engineers
This post is authored by Earl Carter & Holger Unterbrink . Overview Talos is often tasked with mapping the backend network for a specific piece of malware. One approach is to first reverse engineer the sample and determine exactly how it operates. But what if there is no time or resources to take the sample apart? This post is going to show how to examine a botnet from the Fareit family, starting with just an IP address. Then, using sandbox communities like Cisco ThreatGRID [...]
from Cisco Blog » Security http://ift.tt/1Lk5YGj
from Cisco Blog » Security http://ift.tt/1Lk5YGj
IBM Security Bulletin: Potential vulnerability exists in Forms Experience Builder based on its use of Apache Groovy (CVE-2015-3253)
IBM Forms Experience Builder utilizes the Apache Groovy open source library that could expose a system to a cross-site request forgery. CVE(s): CVE-2015-3253 Affected product(s) and affected version(s): ...
from IBM Product Security Incident Response Team http://ift.tt/1jywsI0
from IBM Product Security Incident Response Team http://ift.tt/1jywsI0
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Guardium Data Redaction
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.6 that is used by IBM InfoSphere Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates in July 2015. CVE(s):...
from IBM Product Security Incident Response Team http://ift.tt/1PNvAt9
from IBM Product Security Incident Response Team http://ift.tt/1PNvAt9
IBM Security Bulletin: Vulnerabilities in GSKit affect IBM Rational ClearQuest (CVE-2015-1788)
GSKit is an IBM component that is used by IBM Rational ClearQuest. The GSKit that is shipped with IBM Rational ClearQuest contains a security vulnerability. IBM Rational ClearQuest has addressed the applicable CVEs. CVE(s): ...
from IBM Product Security Incident Response Team http://ift.tt/1jywsaX
from IBM Product Security Incident Response Team http://ift.tt/1jywsaX
IBM Security Bulletin: Multiple vulnerabilities in the IBM® Runtime Environments, Java™ Technology Edition, Version 6 affects the IBM InfoSphere Optim Data Masking Solution.
There are multiple vulnerabilities in the IBM Runtime Environments, Java Technology Edition, Version 6 (CVE-2015-0488, CVE-2015-2808,CVE-2015-0410, CVE-2015-1916,CVE-2015-0204 ) that affect the IBM InfoSphere Optim Data Masking Solution. These issues were...
from IBM Product Security Incident Response Team http://ift.tt/1PNvxxp
from IBM Product Security Incident Response Team http://ift.tt/1PNvxxp
IBM Security Bulletin: IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in OpenSSL
The IBM PureData System for Operational Analytics is affected by multiple vulnerabilities in OpenSSL. CVE(s): CVE-2014-3511 , CVE-2014-3512 , CVE-2014-3509 , CVE-2014-3505 , CVE-2014-3506 , ...
from IBM Product Security Incident Response Team http://ift.tt/1PNvxgP
from IBM Product Security Incident Response Team http://ift.tt/1PNvxgP
IT budgets expected to grow slowly in 2016: Security and cloud will suffer
The IT show must go on, but do you know where the most of the IT budget spending will go in 2016? Hint: Think geriatric software.
from Latest topics for ZDNet in Security http://ift.tt/1P5tdUv
from Latest topics for ZDNet in Security http://ift.tt/1P5tdUv
How Android’s evolution has impacted the mobile threat landscape
Significant behavioral changes made to the Android mobile operating system have affected malware and how it applies to non-rooted devices.
Read More
from Symantec Connect - Security - Blog Entries http://ift.tt/1O7JJDW
Read More
from Symantec Connect - Security - Blog Entries http://ift.tt/1O7JJDW
Burning Down the House: Sony was not alone
As the anniversary of the massive Sony breach approaches, the magnitude and devastation of the hack continues to reverberate with the threats U.S. government agencies and enterprises consistently face. We should be cognizant that Sony was not alone.
A recent Trend Micro report, “Cybersecurity and Critical Infrastructure Protection in the Americas,” polled more than 500 CISOs from Argentina to Canada and revealed an ominous phenomenon. Forty four percent of respondents acknowledged that they have experienced a “delete and destroy” attack in 2015. Within the Western Hemisphere it’s clear that punitive attacks have metastasized. In a hearing earlier this month, U.S. Director of National Intelligence James Clapper stated that he believes “the next push on the envelope is going to be the manipulation or the deletion of data.”
Director Clapper is well aware asymmetrical cyber capabilities are being distributed widely. The major dark web forums are exporting destructive payloads including Shamoon, Destover and Cryptowall. As a result, cybercriminals are devising sophisticated and damaging attacks. We have observed that secondary infections are manifesting in numerous targeted attacks. These secondary infections have the capability of deploying disruptive or, often times, destructive malware that could destroy the integrity of information. This punitive tactic is employed to counter incident response.
Security analysts are left wondering if destructive secondary infections are a reaction by adversaries to try and “burn the house down” after it has been pilfered. Alternatively, detonation might be the hallmark of hacktivists purposefully attempting to destroy and/or manipulate the integrity of data. Without question, there’s a movement afoot to hinder, if not completely disrupt, the capacity of incident responders to react to cyber events.
The free fire zone of cyberspace has become dramatically more hostile. In order to successfully thwart this ominous phenomenon, the ‘dwell-time,’ or the amount of time an adversary resides in a system, needs to be dramatically decreased and incident response times improved. The only way this can be accomplished is through integrating breach detection systems with SIEMS and IPS systems.
Rather than having human beings sitting at terminals, machine-to-machine integration would be much more effective. Furthermore, immediately terminating command and control is not always the solution, considering most campaigns include multiple and dynamic C2. Termination of the initial C2 will alert the criminals that they are being surveilled.
Offense must inform defense. Cybersecurity professionals approach these adversaries with stealth to defend against an attack. By adopting more surreptitious monitoring and isolation methods to keep perpetrators at bay, security teams can be better positioned to gain an advantage in the ongoing cat-and-mouse game that continues to evolve in sophistication and aggression. When suffering a virtual home invasion, it is sometimes best not to make your presence known.
from Trend Micro Simply Security http://ift.tt/1O7Cc8r
via IFTTT
TrueCrypt critical flaws revealed: It's time to jump ship
Recently discovered security flaws should push uses handing on to the encryption system to make the move to a safer option.
from Latest topics for ZDNet in Security http://ift.tt/1LjQP82
from Latest topics for ZDNet in Security http://ift.tt/1LjQP82
Bugtraq: Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
from SecurityFocus Vulnerabilities http://ift.tt/1QKTPbr
from SecurityFocus Vulnerabilities http://ift.tt/1QKTPbr
Researchers Expose Widespread Security Flaws in Medical Kit
Patient privacy and safety at risk from IoT vulnerabilities
from http://ift.tt/1j0BCfK
from http://ift.tt/1j0BCfK
Google Play Store increases Android APK Size Limit from 50MB to 100MB
Google is doubling the maximum APK file size on the Play Store from 50 MB to 100 MB. That means... Android app developers can now build higher quality Apps and Games that users love. Of course, for an end user it may affect the overall app performance and installation time, as well as mobile data connectivity. <!-- adsense --> Google Wants Developers to Create Richer Apps By
from The Hacker News http://ift.tt/1KRkv5V
from The Hacker News http://ift.tt/1KRkv5V
Critical WinRAR vulnerability places 500 million users at risk
A severe security flaw discovered in the WinRAR suite could allow hackers to compromise user systems.
from Latest topics for ZDNet in Security http://ift.tt/1LjJ9mh
from Latest topics for ZDNet in Security http://ift.tt/1LjJ9mh
Linux-powered botnet generates giant denial-of-service attacks
Linux won the day as the more secure alternative to Windows, but now its popularity has made it vulnerable, according to Akamai.
from Latest topics for ZDNet in Security http://ift.tt/1PN2Osw
from Latest topics for ZDNet in Security http://ift.tt/1PN2Osw
Subscribe to:
Posts (Atom)