SymmetricalDataSecurity: June 2016

Thursday, June 30, 2016

Mass General Hospital Suffers Patient Records Breach

USN-3015-1: Oxide vulnerabilities

Ubuntu Security Notice USN-3015-1

30th June, 2016

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

oxide-qt - Web browser engine for Qt (QML plugin)

Details

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash, or execute arbitrary code.
(CVE-2016-1704)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:: liboxideqtcore0 1.15.8-0ubuntu0.16.04.1
Ubuntu 15.10:: liboxideqtcore0 1.15.8-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:: liboxideqtcore0 1.15.8-0ubuntu0.14.04.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1704

from Ubuntu Security Notices http://ift.tt/298aX1c

Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability

A vulnerability in Cisco Configuration Assistant (CCA) could allow an unauthenticated, remote attacker to access sensitive file systems and administrative endpoints without user authentication.

The vulnerability is due to lack of controller mechanisms and input validation checks. An attacker could exploit this vulnerability by running GET queries to the administrative endpoints of the Cloud Network Automation Provisioner (CNAP) Application Programming Interface (API), providing access to other administrative controllers that do not utilize authentication or authorization-checking mechanisms.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/295guzG A vulnerability in Cisco Configuration Assistant (CCA) could allow an unauthenticated, remote attacker to access sensitive file systems and administrative endpoints without user authentication.

The vulnerability is due to lack of controller mechanisms and input validation checks. An attacker could exploit this vulnerability by running GET queries to the administrative endpoints of the Cloud Network Automation Provisioner (CNAP) Application Programming Interface (API), providing access to other administrative controllers that do not utilize authentication or authorization-checking mechanisms.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/295guzG
Security Impact Rating: Medium
CVE: CVE-2016-1441

from Cisco Security Advisory http://ift.tt/295guzG

Building a Secure Architecture with Cisco SAFE

Oculus CEO's Twitter gets Hacked; Hacker declares himself new CEO

Twitter account of another high profile has been hacked!

This time, it is Facebook-owned virtual reality company Oculus CEO

Brendan Iribe

who had his Twitter account hacked Wednesday.

Iribe is the latest in the list of technology chief executives to have had their social media accounts hacked in recent weeks.

Recently, Google's CEO Sundar Pichai, Twitter's ex-CEO Dick Costolo, and Facebook's CEO Mark Zuckerberg, have all fallen victim to similar hacks.

The hacker, who has not been identified yet, changed Iribe's cover photo and replaced his bio to "

im not testing ya security im just having a laugh.

The hack became apparent when a tweet from Iribe Twitter account was made saying: "We here @Oculus are very excited to announce our CEO. @Lid ! :)."

This tweet was followed by another saying:

"Imagine creating the coolest s*** to ever be introduced to gaming and technology but using the same pass for 4 years lol... silly mr CEO!"

All the tweets in question have since been removed from Iribe's Twitter feed, and the account has now been restored.

The hacker later

told

Tech Crunch that he was able to get the hold on Iribe's Twitter account by using his credentials exposed in recent MySpace data breach.

LinkedIn and MySpace Database Posted Online for Download

Independent British researcher Thomas White has now made over

360 million passwords from 2013 MySpace

data breach available on his website.

Not only this, but White is also offering download links for over 167 Million credentials from

2012 LinkedIn data

breach.

Social network for professional LinkedIn was hacked in 2012, but a hacker named Peace made the dataset of over 167 Million emails and passwords, including 117 Million already cracked passwords, available for sale on the underground market.

Myspace, a once-popular social media website, was also hacked in 2013, but the same hacker made the database of more than 360 million users available for sale in an online hacker forum.

Until now, these hundreds of millions of hacked credentials were available only to limited audience, but with this release, anyone can download torrent links offered by White and misuse the credentials to hack more online accounts.

However, White provide this following explanation to justify his move:

"Of course, there is a risk," White told Jeremy Kirk. "People will as a result probably get a few accounts compromised. But once that happens, they will probably reset their passwords now and learn the lesson, rather than learn it in 12 months when they have five more accounts with the same password."

The takeaway:

It is high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

it emerged a data set containing more than 100 million members' emails, and passwords had been released online.

from The Hacker News http://ift.tt/297XtT5

US courts didn't reject a single wiretap request in 2015, says report

IBM Security Bulletin: Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)

Apache Struts vulnerabilities affect WebSphere Application Server and WebSphere Application Server Hypervisor Edition Administration Console.

CVE(s): CVE-2016-1181, CVE-2016-1182

Affected product(s) and affected version(s):

The following Versions of WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition may be affected:

Version 9.0
Version 8.5 and 8.5.5 Full Profile
Version 8.0
Version 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29tkAmX
X-Force Database: http://ift.tt/2974C3a
X-Force Database: http://ift.tt/29tkNpV

from IBM Product Security Incident Response Team http://ift.tt/2974Irq

IBM Security Bulletin: Information disclosure in WebSphere Application Server Liberty (CVE-2016-2923)

There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty for any users of the JAX-RS API.

CVE(s): CVE-2016-2923

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server Liberty for any user of the JAX-RS API

Version 8.5.5 Liberty
Version 8.5 Liberty

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2975owU
X-Force Database: http://ift.tt/28XWbJc

from IBM Product Security Incident Response Team http://ift.tt/2974LUt

IBM Security Bulletin: Unauthorized Access Vulnerability affects IBM Tivoli Storage Manager Client (CVE-2016-2894)

When performing an archive and retrieve operation using a symbolic link, the IBM Tivoli Storage Manager (IBM Spectrum Protect) Client could allow a local user to access files they are otherwise not allowed to access.

CVE(s): CVE-2016-2894

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manager (IBM Spectrum Protect) Client are affected:

7.1.0.0 through 7.1.4.x
(Note there is no 7.1.5)
6.4.0.0 through 6.4.3.2
6.3.0.0 through 6.3.2.5
6.2, 6.1, and 5.5 all levels (these releases are EOS)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29754yj
X-Force Database: http://ift.tt/29tktaN

from IBM Product Security Incident Response Team http://ift.tt/2974yR5

IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-0392)

There is a vulnerability in IBM Spectrum Scale packaged with IBM Spectrum Scale RAID for the Elastic Storage Server and the GPFS Storage Server.

CVE(s): CVE-2016-0392

Affected product(s) and affected version(s):

The Elastic Storage Server versions 4.0, 3.5, 3.0 and 2.5

The GPFS Storage Server versions 2.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28ZE1Eg
X-Force Database: http://ift.tt/29tldws

from IBM Product Security Incident Response Team http://ift.tt/2974Vv0

IBM Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-0392)

A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root.

CVE(s): CVE-2016-0392

Affected product(s) and affected version(s):

IBM Spectrum Scale V4.2.0.0 thru V4.2.0.2

IBM Spectrum Scale V4.1.1.0 thru V4.1.1.6

IBM GPFS V4.1.0.0 thru V4.1.0.8

IBM GPFS V3.5.0.0 thru V3.5.0.30

All older IBM GPFS versions no longer in service

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1Za4mBF
X-Force Database: http://ift.tt/29tldws

from IBM Product Security Incident Response Team http://ift.tt/2974Yaa

IBM Security Bulletin: Vulnerabilities in GnuTLS affect Power Hardware Management Console (CVE-2015-8313, CVE-2015-2806 )

GnuTLS is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs

CVE(s): CVE-2015-2806, CVE-2015-8313

Affected product(s) and affected version(s):

Power HMC V7.9.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29tkADn
X-Force Database: http://ift.tt/1N2N4W2
X-Force Database: http://ift.tt/1Tg5vD7

from IBM Product Security Incident Response Team http://ift.tt/2974y3C

IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager Client (CVE-2016-2542)

InstallShield generates installation executables which are vulnerable to a DLL-planting affecting the IBM Tivoli Storage Manager (IBM Spectrum Protect) Client on Windows platforms.

CVE(s): CVE-2016-2542

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manager (IBM Spectrum Protect) Client are affected on the Windows platform:

7.1.0.0 through 7.1.4.3
6.4.0.0 through 6.4.3.2
6.3.0.0 through 6.3.2.5
6.2, 6.1, and 5.5 all levels (these releases are EOS)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2975ogo
X-Force Database: http://ift.tt/1rhWtyP

from IBM Product Security Incident Response Team http://ift.tt/2974zEw

IBM Security Bulletin: Vulnerabilities in IBM Power Hardware Management Console (CVE-2016-0230)

Power Hardware Management Console (HMC) is vulnerable. Attacker can exploit this to gain access. HMC has addressed applicable CVE

CVE(s): CVE-2016-0230

Affected product(s) and affected version(s):

Power HMC V7.3.0.0
Power HMC V7.9.0.0
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
Power HMC V8.4.0.0
Power HMC V8.5.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2974Lnr
X-Force Database: http://ift.tt/29tkCex

from IBM Product Security Incident Response Team http://ift.tt/2974Szj

Inside the global terror watchlist that secretly shadows millions

Faster Response Times Needed to Combat Cyber Threat

China’s Censorship Tsar Steps Down

Clinton/DNC Hacks Part of Wider Kremlin Campaign – Report

LizardStresser botnet targets IoT devices to launch 400Gbps attacks

Android Trojan malware makes hackers $500,000

Cisco Releases Security Updates

Original release date: June 30, 2016

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT National Cyber Alert System http://ift.tt/29hCPwE

Wednesday, June 29, 2016

IBM Check out the new support experience beta

There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.

CVE(s): CVE-2016-2945

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server Liberty for any user of the API Discovery feature with Swagger documents that have external references.

Version 8.5.5 Liberty Profile

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ

from IBM Product Security Incident Response Team http://ift.tt/293ZwET

IBM Check out the new support experience beta

Open SSL is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs

CVE(s): CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109

Affected product(s) and affected version(s):

Power HMC V7.3.0.0
Power HMC V7.9.0.0
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
Power HMC V8.4.0.0
Power HMC V8.5.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29oR95m
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z

from IBM Product Security Incident Response Team http://ift.tt/29oR7dK

IBM Check out the new support experience beta

Java is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.

CVE(s): CVE-2016-3426

Affected product(s) and affected version(s):

Power HMC V7.3.0.0
Power HMC V7.9.0.0
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
Power HMC V8.4.0.0
Power HMC V8.5.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29oQYqL
X-Force Database: http://ift.tt/1N2N2xe

from IBM Product Security Incident Response Team http://ift.tt/29oRdlw

IBM Check out the new support experience beta

Cross Site Scripting vulnerabilities were found in IBM WebSphere Commerce store pages.

CVE(s): CVE-2016-2862

Affected product(s) and affected version(s):

WebSphere Commerce version 8.0.0.0 – 8.0.0.4
WebSphere Commerce versions 7.0.0.1 – 7.0.0.9
WebSphere Commerce versions 6.0.0.0 – 6.0.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cnFm
X-Force Database: http://ift.tt/292tlY0

from IBM Product Security Incident Response Team http://ift.tt/29oQZux

IBM Check out the new support experience beta

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6.0.16.21 and earlier that is shipped with Tivoli Storage Productivity Center for download and use with its Java WebStart GUI. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

CVE(s): CVE-2016-0363

Affected product(s) and affected version(s):

IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.21 and earlier that is provided for download and use with the Java WebStart GUI from the following versions:

Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.10
Tivoli Storage Productivity Center 4.2.0 through 4.2.2.195

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the versions listed above installed.

Note:
The Tivoli Storage Productivity Center server component is not directly affected. However, the affected versions listed above provide an interface to download the affected IBM® Runtime Environment Java™ Technology Edition. It you did not download and install this IBM® Runtime Environment Java™ Technology Edition on any systems, such as is required for the Tivoli Storage Productivity Center GUI that launches using Java WebStart, you are not affected and do not need to apply a fix.

Starting with IBM Spectrum Control 5.2.8, the IBM Runtime Environment Java Technology Edition is not included and IBM Spectrum Control is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VL1b
X-Force Database: http://ift.tt/1Tg5v67

from IBM Product Security Incident Response Team http://ift.tt/293ZzQZ

IBM Check out the new support experience beta

A vulnerability in Open Source BeanShell has been addressed by LCMS Premier

CVE(s): CVE-2016-2510

Affected product(s) and affected version(s):

All versions prior to 10.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VlI6
X-Force Database: http://ift.tt/1W1VwYd

from IBM Product Security Incident Response Team http://ift.tt/29oRhSa

IBM Check out the new support experience beta

Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions.

CVE(s): CVE-2016-2542

Affected product(s) and affected version(s):

IBM Tealeaf Customer Experience: v8.0-v9.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2977kYp
X-Force Database: http://ift.tt/1rhWtyP

from IBM Product Security Incident Response Team http://ift.tt/293ZSLB

IBM Check out the new support experience beta

Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2.

CVE(s): CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

Affected product(s) and affected version(s):

IBM License Metric Tool v9

IBM BigFix Inventory v9
IBM Endpoint Manager for Software Use Analysis v9 & v2.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292tD0X
X-Force Database: http://ift.tt/293coJn
X-Force Database: http://ift.tt/292tryN
X-Force Database: http://ift.tt/293crVB
X-Force Database: http://ift.tt/292tzyb
X-Force Database: http://ift.tt/293cwIP
X-Force Database: http://ift.tt/292tpXD

from IBM Product Security Incident Response Team http://ift.tt/29oRdCa

IBM Check out the new support experience beta

There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.

CVE(s): CVE-2016-2945

Affected product(s) and affected version(s):

Version 8.5.5 Liberty Profile

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ

from IBM Product Security Incident Response Team http://ift.tt/29eO74E

IBM Check out the new support experience beta

Cross Site Scripting vulnerabilities were found in IBM WebSphere Commerce store pages.

CVE(s): CVE-2016-2862

Affected product(s) and affected version(s):

WebSphere Commerce version 8.0.0.0 – 8.0.0.4
WebSphere Commerce versions 7.0.0.1 – 7.0.0.9
WebSphere Commerce versions 6.0.0.0 – 6.0.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cnFm
X-Force Database: http://ift.tt/292tlY0

from IBM Product Security Incident Response Team http://ift.tt/294OfXx

IBM Check out the new support experience beta

CVE(s): CVE-2016-0363

Affected product(s) and affected version(s):

IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.21 and earlier that is provided for download and use with the Java WebStart GUI from the following versions:

Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.10
Tivoli Storage Productivity Center 4.2.0 through 4.2.2.195

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the versions listed above installed.

Starting with IBM Spectrum Control 5.2.8, the IBM Runtime Environment Java Technology Edition is not included and IBM Spectrum Control is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VL1b
X-Force Database: http://ift.tt/1Tg5v67

from IBM Product Security Incident Response Team http://ift.tt/29eO8FK

IBM Vulnerabilities in BIND affect AIX (CVE-2016-1285 and CVE-2016-1286)

There are vulnerabilities in BIND that impact AIX.

CVE(s): CVE-2016-1285, CVE-2016-1286

Affected product(s) and affected version(s):
AIX 5.3, 6.1, 7.1, 7.2 VIOS 2.2.x The following fileset levels are vulnerable: key_fileset aix Fileset Lower Level Upper Level KEY ——————————————————— bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs bos.net.tcp.server 5.3.12.0 5.3.12.6 key_w_fs bos.net.tcp.client 6.1.9.0 6.1.9.102 key_w_fs bos.net.tcp.server 6.1.9.0 6.1.9.101 key_w_fs bos.net.tcp.client 7.1.3.0 7.1.3.47 key_w_fs bos.net.tcp.server 7.1.3.0 7.1.3.47 key_w_fs bos.net.tcp.client 7.1.4.0 7.1.4.1 key_w_fs bos.net.tcp.server 7.1.4.0 7.1.4.1 key_w_fs bos.net.tcp.bind 7.2.0.0 7.2.0.0 key_w_fs bos.net.tcp.bind_utils 7.2.0.0 7.2.0.1 key_w_fs Note: to find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide. Example: lslpp -L | grep -i bos.net.tcp.client

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/28YBTvv
X-Force Database: http://ift.tt/1WhPh1c
X-Force Database: http://ift.tt/1TnICjP

from IBM Product Security Incident Response Team http://ift.tt/294Oimg

IBM Check out the new support experience beta

A vulnerability in Open Source BeanShell has been addressed by LCMS Premier

CVE(s): CVE-2016-2510

Affected product(s) and affected version(s):

All versions prior to 10.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VlI6
X-Force Database: http://ift.tt/1W1VwYd

from IBM Product Security Incident Response Team http://ift.tt/29eOc8C

IBM Check out the new support experience beta

Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions.

CVE(s): CVE-2016-2542

Affected product(s) and affected version(s):

IBM Tealeaf Customer Experience: v8.0-v9.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2977kYp
X-Force Database: http://ift.tt/1rhWtyP

from IBM Product Security Incident Response Team http://ift.tt/294Oemv

IBM Check out the new support experience beta

Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2.

CVE(s): CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

Affected product(s) and affected version(s):

IBM License Metric Tool v9

IBM BigFix Inventory v9
IBM Endpoint Manager for Software Use Analysis v9 & v2.2

from IBM Product Security Incident Response Team http://ift.tt/29eO2y6

IBM Vulnerabilities in NTP affect AIX CVE-2015-7973 CVE-2015-7977 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140

There are multiple vulnerabilities in NTP that impact AIX.

CVE(s): CVE-2015-7973, CVE-2015-7977, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158

Affected product(s) and affected version(s):
AIX 5.3, 6.1, 7.1, 7.2 VIOS 2.2.x The following fileset levels are vulnerable: key_fileset aix For NTPv3: Fileset Lower Level Upper Level KEY —————————————————– bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs bos.net.tcp.client 6.1.9.0 6.1.9.102 key_w_fs bos.net.tcp.client 7.1.3.0 7.1.3.47 key_w_fs bos.net.tcp.client 7.1.4.0 7.1.4.1 key_w_fs bos.net.tcp.ntp 7.2.0.0 7.2.0.2 key_w_fs bos.net.tcp.ntpd 7.2.0.0 7.2.0.2 key_w_fs For NTPv4: Fileset Lower Level Upper Level KEY —————————————————– ntp.rte 6.1.6.0 6.1.6.5 key_w_fs ntp.rte 7.1.0.0 7.1.0.5 key_w_fs Note: to find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide. Example: lslpp -L | grep -i ntp.rte

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1Q1mBt3
X-Force Database: http://ift.tt/1Q1mu0F
X-Force Database: http://ift.tt/1Q1mFcj
X-Force Database: http://ift.tt/1Q1ol5w
X-Force Database: http://ift.tt/1Q1nEcF
X-Force Database: http://ift.tt/1Q1n3rm
X-Force Database: http://ift.tt/1Q1n3HJ

from IBM Product Security Incident Response Team http://ift.tt/294OfH1

IBM Check out the new support experience beta

There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.

CVE(s): CVE-2016-2945

Affected product(s) and affected version(s):

Version 8.5.5 Liberty Profile

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ

from IBM Product Security Incident Response Team http://ift.tt/29eOa0w

IBM Check out the new support experience beta

Cross Site Scripting vulnerabilities were found in IBM WebSphere Commerce store pages.

CVE(s): CVE-2016-2862

Affected product(s) and affected version(s):

WebSphere Commerce version 8.0.0.0 – 8.0.0.4
WebSphere Commerce versions 7.0.0.1 – 7.0.0.9
WebSphere Commerce versions 6.0.0.0 – 6.0.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cnFm
X-Force Database: http://ift.tt/292tlY0

from IBM Product Security Incident Response Team http://ift.tt/294OfXJ

IBM Check out the new support experience beta

There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.

CVE(s): CVE-2016-2945

Affected product(s) and affected version(s):

Version 8.5.5 Liberty Profile

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ

from IBM Product Security Incident Response Team http://ift.tt/2903jQq

IBM Check out the new support experience beta

Cross Site Scripting vulnerabilities were found in IBM WebSphere Commerce store pages.

CVE(s): CVE-2016-2862

Affected product(s) and affected version(s):

WebSphere Commerce version 8.0.0.0 – 8.0.0.4
WebSphere Commerce versions 7.0.0.1 – 7.0.0.9
WebSphere Commerce versions 6.0.0.0 – 6.0.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cnFm
X-Force Database: http://ift.tt/292tlY0

from IBM Product Security Incident Response Team http://ift.tt/297yZqB

IBM Check out the new support experience beta

CVE(s): CVE-2016-0363

Affected product(s) and affected version(s):

IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.21 and earlier that is provided for download and use with the Java WebStart GUI from the following versions:

Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.10
Tivoli Storage Productivity Center 4.2.0 through 4.2.2.195

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the versions listed above installed.

Starting with IBM Spectrum Control 5.2.8, the IBM Runtime Environment Java Technology Edition is not included and IBM Spectrum Control is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VL1b
X-Force Database: http://ift.tt/1Tg5v67

from IBM Product Security Incident Response Team http://ift.tt/2903vir

IBM Vulnerabilities in BIND affect AIX (CVE-2016-1285 and CVE-2016-1286)

There are vulnerabilities in BIND that impact AIX.

CVE(s): CVE-2016-1285, CVE-2016-1286

from IBM Product Security Incident Response Team http://ift.tt/297yDAa

IBM Check out the new support experience beta

A vulnerability in Open Source BeanShell has been addressed by LCMS Premier

CVE(s): CVE-2016-2510

Affected product(s) and affected version(s):

All versions prior to 10.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VlI6
X-Force Database: http://ift.tt/1W1VwYd

from IBM Product Security Incident Response Team http://ift.tt/297yJrA

IBM Check out the new support experience beta

Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions.

CVE(s): CVE-2016-2542

Affected product(s) and affected version(s):

IBM Tealeaf Customer Experience: v8.0-v9.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2977kYp
X-Force Database: http://ift.tt/1rhWtyP

from IBM Product Security Incident Response Team http://ift.tt/2903mLY

IBM Check out the new support experience beta

Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2.

CVE(s): CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

Affected product(s) and affected version(s):

IBM License Metric Tool v9

IBM BigFix Inventory v9
IBM Endpoint Manager for Software Use Analysis v9 & v2.2

from IBM Product Security Incident Response Team http://ift.tt/297yME2

IBM Vulnerabilities in NTP affect AIX CVE-2015-7973 CVE-2015-7977 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140

There are multiple vulnerabilities in NTP that impact AIX.

CVE(s): CVE-2015-7973, CVE-2015-7977, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158

from IBM Product Security Incident Response Team http://ift.tt/297yZXC

IBM Check out the new support experience beta

There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.

CVE(s): CVE-2016-2945

Affected product(s) and affected version(s):

Version 8.5.5 Liberty Profile

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ

from IBM Product Security Incident Response Team http://ift.tt/297utbz

IBM Check out the new support experience beta

Cross Site Scripting vulnerabilities were found in IBM WebSphere Commerce store pages.

CVE(s): CVE-2016-2862

Affected product(s) and affected version(s):

WebSphere Commerce version 8.0.0.0 – 8.0.0.4
WebSphere Commerce versions 7.0.0.1 – 7.0.0.9
WebSphere Commerce versions 6.0.0.0 – 6.0.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cnFm
X-Force Database: http://ift.tt/292tlY0

from IBM Product Security Incident Response Team http://ift.tt/28ZZg6w

The single best way to protect yourself against credit card fraud

IBM Check out the new support experience beta

CVE(s): CVE-2016-0363

Affected product(s) and affected version(s):

IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.21 and earlier that is provided for download and use with the Java WebStart GUI from the following versions:

Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.10
Tivoli Storage Productivity Center 4.2.0 through 4.2.2.195

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the versions listed above installed.

Starting with IBM Spectrum Control 5.2.8, the IBM Runtime Environment Java Technology Edition is not included and IBM Spectrum Control is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VL1b
X-Force Database: http://ift.tt/1Tg5v67

from IBM Product Security Incident Response Team http://ift.tt/297umwT

IBM Vulnerabilities in BIND affect AIX (CVE-2016-1285 and CVE-2016-1286)

There are vulnerabilities in BIND that impact AIX.

CVE(s): CVE-2016-1285, CVE-2016-1286

from IBM Product Security Incident Response Team http://ift.tt/28ZZbQc

Symantec enterprise, consumer product security flaws 'as bad as they get'

IBM Check out the new support experience beta

A vulnerability in Open Source BeanShell has been addressed by LCMS Premier

CVE(s): CVE-2016-2510

Affected product(s) and affected version(s):

All versions prior to 10.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VlI6
X-Force Database: http://ift.tt/1W1VwYd

from IBM Product Security Incident Response Team http://ift.tt/297u6xP

IBM Check out the new support experience beta

Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions.

CVE(s): CVE-2016-2542

Affected product(s) and affected version(s):

IBM Tealeaf Customer Experience: v8.0-v9.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2977kYp
X-Force Database: http://ift.tt/1rhWtyP

from IBM Product Security Incident Response Team http://ift.tt/28ZZaM8

Mozilla's Codemoji: Now smiley's people can teach you encryption basics

IBM Check out the new support experience beta

Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2.

CVE(s): CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

Affected product(s) and affected version(s):

IBM License Metric Tool v9

IBM BigFix Inventory v9
IBM Endpoint Manager for Software Use Analysis v9 & v2.2

from IBM Product Security Incident Response Team http://ift.tt/297uign

IBM Vulnerabilities in NTP affect AIX CVE-2015-7973 CVE-2015-7977 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140

There are multiple vulnerabilities in NTP that impact AIX.

CVE(s): CVE-2015-7973, CVE-2015-7977, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158

from IBM Product Security Incident Response Team http://ift.tt/28ZZoTr

Over 40% of Firms Globally Now use Encryption ‘Extensively’

Foscam C1 Lite HD Wireless Camera: Good hardware, poor control

IBM Check out the new support experience beta

There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents.

CVE(s): CVE-2016-2945

Affected product(s) and affected version(s):

Version 8.5.5 Liberty Profile

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cznT
X-Force Database: http://ift.tt/292thaQ

from IBM Product Security Incident Response Team http://ift.tt/293clwX

IBM Check out the new support experience beta

Cross Site Scripting vulnerabilities were found in IBM WebSphere Commerce store pages.

CVE(s): CVE-2016-2862

Affected product(s) and affected version(s):

WebSphere Commerce version 8.0.0.0 – 8.0.0.4
WebSphere Commerce versions 7.0.0.1 – 7.0.0.9
WebSphere Commerce versions 6.0.0.0 – 6.0.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/293cnFm
X-Force Database: http://ift.tt/292tlY0

from IBM Product Security Incident Response Team http://ift.tt/293cwIF

IBM Check out the new support experience beta

CVE(s): CVE-2016-0363

Affected product(s) and affected version(s):

IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.21 and earlier that is provided for download and use with the Java WebStart GUI from the following versions:

Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.10
Tivoli Storage Productivity Center 4.2.0 through 4.2.2.195

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the versions listed above installed.

Starting with IBM Spectrum Control 5.2.8, the IBM Runtime Environment Java Technology Edition is not included and IBM Spectrum Control is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VL1b
X-Force Database: http://ift.tt/1Tg5v67

from IBM Product Security Incident Response Team http://ift.tt/293ctN5

IBM Vulnerabilities in BIND affect AIX (CVE-2016-1285 and CVE-2016-1286)

There are vulnerabilities in BIND that impact AIX.

CVE(s): CVE-2016-1285, CVE-2016-1286

from IBM Product Security Incident Response Team http://ift.tt/292tvid

IBM Check out the new support experience beta

A vulnerability in Open Source BeanShell has been addressed by LCMS Premier

CVE(s): CVE-2016-2510

Affected product(s) and affected version(s):

All versions prior to 10.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VlI6
X-Force Database: http://ift.tt/1W1VwYd

from IBM Product Security Incident Response Team http://ift.tt/293dc0C

IBM Check out the new support experience beta

Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions.

CVE(s): CVE-2016-2542

Affected product(s) and affected version(s):

IBM Tealeaf Customer Experience: v8.0-v9.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2977kYp
X-Force Database: http://ift.tt/1rhWtyP

from IBM Product Security Incident Response Team http://ift.tt/292tElE

IBM Check out the new support experience beta

Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2.

CVE(s): CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753

Affected product(s) and affected version(s):

IBM License Metric Tool v9

IBM BigFix Inventory v9
IBM Endpoint Manager for Software Use Analysis v9 & v2.2

from IBM Product Security Incident Response Team http://ift.tt/293ckZY

IBM Vulnerabilities in NTP affect AIX CVE-2015-7973 CVE-2015-7977 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140

There are multiple vulnerabilities in NTP that impact AIX.

CVE(s): CVE-2015-7973, CVE-2015-7977, CVE-2015-7979, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158

from IBM Product Security Incident Response Team http://ift.tt/293clNA

Ukraine Bank Hit by $10m Cyber Heist - Report

Android Ransomware: Four-fold Increase in Number of Users Attacked in One Year

29 Jun 2016
Virus News

The number of users attacked by ransomware targeting Android-based devices has increased four-fold in just one year, hitting at least 136,000 users globally. A report on the ransomware threat landscape, conducted by Kaspersky Lab, also found that the majority of attacks are based on only four groups of malware. The report covers a full two-year period which, for reasons of comparison, has been divided into two parts of 12 months each: from April 2014 to March 2015, and April 2015 to March 2016. These particular timescales were chosen because they witnessed several significant changes in the mobile ransomware threat landscape.

Ransomware - a type of malware that blocks access to information on a victim’s device by locking the screen with a special window or encrypting important files, and then extorts money - is a widely recognized security problem today. But it is not only PC users who are in danger. The cyber-threat landscape for owners of Android-based devices is also being filled with ransomware, as is clearly visible in the key findings of the report.

Key findings:

The number of users attacked with mobile ransomware increased almost four-fold: from 35,413 users in 2014-2015, to 136,532 users in 2015-2016.
The share of users attacked with ransomware as a proportion of users attacked with any kind of Android malware also increased: from 2.04% in 2014-2015, to 4.63% in 2015-2016.
Germany, Canada, the United Kingdom and the United States experienced a higher percentage of users attacked with Android ransomware than any other countries.
Only four groups of malware were responsible for more than 90% of all attacks registered in the period. They are the Small, Fusob, Pletor and Svpeng malicious families.
Unlike the threats facing PCs, where crypto-ransomware is skyrocketing while the number of users attacked with screen-blockers is decreasing, Android ransomware is mostly in the form of screen-blockers. This is due to the fact that Android-based devices can’t remove screen lockers with help of external hardware, making mobile screen blockers as effective as PC crypto-ransomware.

Although the actual number of users attacked with ransomware is lower and the rate of growth slower than that seen for PC ransomware, the situation with Android ransomware is still worrying. At the start of the comparison period, the monthly number of users who encountered this type of malware on Android devices was almost zero, but by the end it had reached nearly 30,000 attacked users per month. This clearly indicates that criminals are actively exploring alternative opportunities to the PC and show no signs of moving on.

“The extortion model is here to stay. Mobile ransomware emerged as a follow-up to PC ransomware and it is likely that it will be followed-up with malware targeting devices that are very different to a PC or a smartphone. These could be connected devices like smart watches, smart TVs, and other smart products including home and in-car entertainment systems. There are a few proof-of-concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time,” said Roman Unuchek, mobile security expert at Kaspersky Lab.

In order to protect yourself from mobile ransomware attacks, Kaspersky Lab advises the following measures:

Restrict the installation of apps from sources other than official app stores.
Use a reliable security solution capable of detecting malware and malicious web links.
If installing apps from non-official sources is unavoidable, keep an eye on what permissions the app is requesting. Don’t install such apps without a security solution in place.
Educate yourself and your relatives on the latest forms of malware propagation. This will help you to detect an attempted social-engineering attack.

Read the full report on Securelist.

from Corporate News http://ift.tt/293VpYs

China Orders Apple to Monitor App Store Users and Track their Identities

China has long been known for its strict censorship which makes it difficult for

foreign technology companies

to do business in the world’s most populous country of over 1.35 billion people.

Now, the

new law

issued by the Chinese government will expand its strict Internet monitoring efforts into mobile apps, targeting operators including Apple. However, Google currently doesn’t operate its app store in China.

The

Cyberspace Administration of China (CAC)

has imposed new regulation on distributors of mobile apps that requires both app stores and app developers keep a close eye on users and maintain a

record of their activities for at least 60 days

The Chinese internet regulator has introduced the new legislation with the intent to fight issues like terrorism, pornography, violence, money fraud and distribution of malicious contents.

However, this new move by the Chinese government will tighten its control over the Internet, especially the mobile apps used for private encrypted communications.

App stores and developers, both domestic as well as foreign, will now have to verify their users’ identities with real-name registration and must keep their activity logs for at least 60 days.

The proposed legislation, which will come into effect on August 1, also requires developers closely monitor their users to help identify individuals who distribute banned content.

However, the law would also prevent mobile apps from requesting unnecessary app permission to access user's camera, microphone, contacts and other fake installation requests.

Conditions for App Providers When Operating in China

Here's the list of criteria that the app stores and developers must meet when operating in China:

App providers must verify users' identities by requiring their mobile numbers or other information.
Providers should protect their users' information and cannot use the information without their consent.
Providers should improve censorship and punish anyone releasing illegal information through warnings, shutting down accounts or suspension of service.
Providers are forbidden from collecting user's location data and reading their contacts stealthily.
Providers are also banned from pirating their rivals' products.
Providers must record user logs and keep the information for at least 60 days.

"The regulation was enacted after substantial field research and soliciting public opinions... and is also aimed at regulating app services and promoting the industry's healthy development," the CAC said in a statement.

The draft regulation has already been submitted to China's top legislature.

More than 610 Million people in China are using the Internet on their mobile phone at the end of 2015, and China-based app stores host over 4 Million apps, which is growing at an exponential rate.

So, if passed, the law will threaten the privacy of hundreds of Millions of Internet users in China and will increase the Chinese government’s control over the Web.

from The Hacker News http://ift.tt/293aNmP

Tuesday, June 28, 2016

Bugtraq: Symantec SEPM v12.1 Multiple Vulnerabilities

[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://ift.tt/2983n5L.

txt

[+] ISR: ApparitionSec

Vendor:

================

www.symantec.com

Product:

===========

SEPM

Symantec Endpoint Protection Manager and client v12.1

SEPM provides a centrally managed solution. It handles security policy enforcement, host integrity checking (Symantec Network Access Control only),

and automated remediation over all clients. The policies functionality is the heart of the Symantec software. Clients connect to the server to get the

latest policies, security settings, and software updates.

Vulnerability Type(s):

======================

Multiple Cross Site Scripting (XSS)

Cross Site Request Forgeries (CSRF)

Open Redirect

CVE Reference(s):

=================

CVE-2016-3652 / XSS

CVE-2016-3653 / CSRF

CVE-2016-5304 / Open Redirect

Vulnerability Details:

=====================

The management console for SEPM contains a number of security vulnerabilities that could be used by a lower-privileged user or by

an unauthorized user to elevate privilege or gain access to unauthorized information on the management server. Exploitation attempts of

these vulnerabilities requires access to the SEP Management console.

References:

============

http://ift.tt/293qs6Y

d=security_advisory&pvid=security_advisory&year=&suid=20160628_01

Exploit code(s):

===============

In this case XSS can bypass the "http-only" cookie protection because the SEPM application writes and stores the session ID within various

javascript functions used by the application within the DOM thereby exposing them directly to the XSS attack.

1) createModalDialogFromURL

2) createWindowFromURL

3) createWindowFromForm

4) createIEWindowFromForm

So all we need to do is alert(createModalDialogFromURL) anyone one of them (functions) an it will leak the session ID essentially throwing the

HttpOnly secure cookie protection flag into the garbage.

e.g.

XSS POC Defeat http-only flag and access PHPSESSID:

https://localhost:8445/Reporting/Admin/notificationpopup.php?New=1&Type=

CR&height=alert%28createModalDialogFromURL%29#

Open Redirect in external URL .php script:

=========================================

A reporting URL used to route generated reports externally to any authorized URL is susceptible to an open redirect vulnerability

that could have allowed an authorized but less-privileged user to redirect an unsuspecting privileged user to an external URL to

attempt further exploitation, e.g. phishing.

If a victim clicks on a link supplied by an attacker

e.g.

https://localhost:8445/Reporting/common/externalurl.php?url=http://hyp3r

linx.altervista.org

Cross Site Request Forgery (CSRF):

==================================

Multiple Cross Site Request Forgery exists in couple of places within this version of SEPM below is an example of sending scheduled report to

an remote attackers email, if current logged in user visits malicious webpage or clicks infected link etc...

Symantec Reporting Admin CSRF POC:

</form>

Disclosure Timeline:

============================================

Vendor Notification: Febuary 11, 2016

Vendor Acknowledges Report: Febuary 12, 2016

Vendor Releases Fix: June 28, 2016

June 29, 2016 : Public Disclosure

Exploitation Technique:

=======================

Remote

Severity Level(s):

====================

Cross Site Scripting

Medium

v2 6.8

AV:A/AC:M/Au:S/C:C/I:C/A:N

v3 6.7

AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Cross Site Request Forgery

High

v2 7.0

AV:A/AC:M/Au:M/C:C/I:C/A:C

v3 7.1

AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Open Redirect

Medium

v2 4.1

AV:A/AC:L/Au:S/C:P/I:P/A:N

v3 4.1

AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

[+] Disclaimer

The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.

Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and

that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit

is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility

for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information

or exploits by the author or elsewhere.

hyp3rlinx

[ reply ]

from SecurityFocus Vulnerabilities http://ift.tt/293q1JN

Hard Rock Hotel & Casino Hit with Second Card Breach

Google Play Besieged with Wave of New Autorooting Malware

Google Chrome Flaw Opens Up Netflix Streams to Pirates

Are You Updating Your Breach Response Plan Often Enough?

While “set it and forget it” may be a great philosophy for a convection oven or programmable thermostat, it should never be your approach to a data breach response plan. Yet a stunning number of companies are acting as if their plans are on autopilot.

In our Second Annual Study on Data Breach Preparedness, the Ponemon Institute found that 37 percent of surveyed organizations said they had not reviewed or updated their data breach response plan since creating it. Another 41 percent said they have no set time for reviewing or updating their plan. Fourteen percent review it once a year and just 3 percent review quarterly.

On a positive note, the study showed that more companies than ever are creating plans, and awareness is high regarding the importance of being prepared to deal with a data breach. The number of companies with a data breach response plan increased 12 percent between 2013 and 2014, with 73 percent of this year’s respondents reporting they have a plan in place. More companies also now have a data breach response team – 72 percent in 2014.

That’s very good news considering that data breaches are occurring more frequently. The number of companies reporting a data breach increased 10 percent, with 43 percent reporting breaches, and 60 percent saying their company had experienced more than one breach in the past two years.

With more breaches occurring and cyber-attacks in constant flux, cyber criminals seem to develop new tactics on an almost-daily basis. To be effective, a data breach response plan must be as flexible and dynamic as the situations it’s supposed to address. Reviewing, updating and practicing your data breach response plan should happen regularly – far more often than quarterly – and certainly not never!

Improving data breach response requires continual review of your response plan, fire drills to test how well it works, adequate budget to administer and maintain the plan, and more oversight from senior executives. One more piece of good news – it seems companies are aware of what needs to be done to improve their data breach response. In our survey, 77 percent said conducting more fire drills and practicing breach response was the single-most important step they could take toward owning a more effective data breach response.

The full survey report is available for free download here.

Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.

The post Are You Updating Your Breach Response Plan Often Enough? appeared first on Data Breach Resolution.

from Data Breach Resolution http://ift.tt/291nUZt

US Businesses Quite Likely to Pay a Cyber-Ransom

IBM Check out the new support experience beta

CVE(s): CVE-2016-0363

Affected product(s) and affected version(s):

IBM® Runtime Environment Java™ Technology Edition, Version 6.0.16.21 and earlier that is provided for download and use with the Java WebStart GUI from the following versions:

Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.10
Tivoli Storage Productivity Center 4.2.0 through 4.2.2.195

The versions listed above apply to all licensed offerings of Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

System Storage Productivity Center is affected if it has one of the versions listed above installed.

Starting with IBM Spectrum Control 5.2.8, the IBM Runtime Environment Java Technology Edition is not included and IBM Spectrum Control is not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VL1b
X-Force Database: http://ift.tt/1Tg5v67

from IBM Product Security Incident Response Team http://ift.tt/292GWvU

IBM Vulnerabilities in BIND affect AIX (CVE-2016-1285 and CVE-2016-1286)

There are vulnerabilities in BIND that impact AIX.

CVE(s): CVE-2016-1285, CVE-2016-1286

from IBM Product Security Incident Response Team http://ift.tt/29778s3

IBM Check out the new support experience beta

A vulnerability in Open Source BeanShell has been addressed by LCMS Premier

CVE(s): CVE-2016-2510

Affected product(s) and affected version(s):

All versions prior to 10.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/292VlI6
X-Force Database: http://ift.tt/1W1VwYd

from IBM Product Security Incident Response Team http://ift.tt/292H3aW

IBM Check out the new support experience beta

Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions.

CVE(s): CVE-2016-2542

Affected product(s) and affected version(s):

IBM Tealeaf Customer Experience: v8.0-v9.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2977kYp
X-Force Database: http://ift.tt/1rhWtyP

from IBM Product Security Incident Response Team http://ift.tt/2977hM9