Friday, September 30, 2016

Vulnerability Spotlight: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability


Archives



from Cisco Blog » Security http://ift.tt/2dGlX3y

Good Morning Karen. Cool or Scary?

Last month I spoke at a telecommunications industry event. The briefer before me showed a video by the Hypervoice Consortium, titled Introducing Human Technology: Communications 2025. It consists of a voiceover by a 2025-era Siri-like assistant, speaking to her owner, "Karen." The assistant describes what's happening with Karen's household. 15 seconds into the video, the assistant says:

The report is due today. I've cleared your schedule so you can focus. Any attempt to override me will be politely rebuffed.

I was already feeling uncomfortable with the scenario, but that is the point at which I really started to squirm. I'll leave it to you to watch the rest of the video and report how you feel about it.

My general conclusion was that I'm wary of putting so much trust in a platform that is likely to be targeted by intruders, such that they can manipulate so many aspects of a person's life. What do you think?

By the way, the briefer before me noted that every vision of the future appears to involve solving the "low on milk problem."

Copyright 2003-2015 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)


from TaoSecurity http://ift.tt/1F6TGyg

USN-3090-2: Pillow regresssion

Ubuntu Security Notice USN-3090-2

30th September, 2016

Pillow regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Software description

  • pillow - Python Imaging Library compatibility layer

Details

USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601
caused a regression which resulted in failures when processing certain
png images. This update temporarily reverts the security fix for CVE-2014-9601
pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)

Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)

Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
python-imaging 2.3.0-1ubuntu3.3
python3-pil 2.3.0-1ubuntu3.3
python-pil 2.3.0-1ubuntu3.3
python3-imaging 2.3.0-1ubuntu3.3

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

None

References

CVE-2014-9601, LP: 1628351



from Ubuntu Security Notices http://ift.tt/2cHE6fd

UK banking chief raises concerns over security of biometric authentication


Biometric data is increasingly playing a strategic role in end-user authentication, and banking regulators in the UK are concerned just how secure it might be in light of a recent report by Kaspersky Lab.

In an investigation into underground cybercrime, Kaspersky found at least 12 sellers offering ATM skimmers capable of stealing fingerprints. Furthermore, Kaspersky identified three underground sellers researching devices that could obtain data from palm vein and iris recognition systems.

The report drew the attention of the UK's Treasury Select Committee, which oversees treasury, revenue and customs, and the Bank of England.

The committee's chief, Andrew Tryie, is asking banking regulators to look into consequences surrounding stolen biometric data. In a letter to industry and government, he said, "Banks and regulators will need to plan for what they will do if biometric details are lost and/or illegally obtained by third parties." He asked regulators if they shared his concerns, and he went on to say plans would need to be developed to deal with customers who may be victims of biometric hacks.

The main concern with biometric identifiers is that they cannot be revoked and replaced by a new identifier like in the case of a stolen password.

The concern is real in the US where 5.6 million fingerprint records were stolen during the breach of the United States Office of Personnel Management in the summer of 2015. US agencies created a working group to see how cyber attackers could use fingerprint data. This group includes the FBI, Department of Homeland Security, Department of Defense, and other members of the intelligence community.

"The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image," Olga Kochetova, security expert at Kaspersky Lab, said in a release surrounding the Kaspersky investigation. "Thus, if your data is compromised once, it won't be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way."

Kaspersky Lab also reported discussions in underground communities regarding development of mobile applications that rely on placing masks over a human face. With such an app, attackers can take a person's photo posted on social media and use it to fool a facial recognition system, the report said.



from Latest Topic for ZDNet in... http://ift.tt/2d1V1u9

Google Releases Security Update for Chrome

Original release date: September 30, 2016

Google has released Chrome version 53.0.2785.143 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2dt5BtG

Microsoft seeks testers for 'Project Springfield' bug-detection service

Sensitive US health and drug data left exposed by dozens of FDA security flaws

You can now earn $1.5 million for hacking the iPhone

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits


Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple!

Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million.

Yes,

$1,500,000.00

Reward.

That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private,

invite-only bug bounty

program.

Zerodium, a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world, previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily

increased to $1 Million

for a competition help by the company last year.

The company

paid out $1 million

contest reward for the first three

iOS 9

zero-days in November to an unnamed hacker group, then lowered the price again to $500,000.

With the recent release of iOS 10, Zerodium has

agreed

to pay $1.5 Million to anyone who can pull off a remote jailbreak of the Apple's latest mobile operating system, allowing a full third-party control over the device.

The company has also doubled its bug bounty for Android 7.x (

Nougat

) remote jailbreaks to $200,000 as well as boosted rewards for exploits in other software, including Adobe Flash, Microsoft Internet Explorer and Edge, Windows Reader, Microsoft Word and Excel, Safari, and OpenSSL or PHP.

The hike in the price is in line with demand and the tougher security of the latest iOS and Android operating systems, and to attract more researchers, hackers and bug hunters to seek complex exploit chains in iOS 10.

To claim the prize money, Zerodium is asking for a previously unknown security vulnerabilities that must allow an attacker to compromise a non-jailbroken iOS device remotely.

Zerodium CEO Chaouki Bekrar notes on Twitter that the company is prepared to buy multiple iOS zero-day hacks at that price, saying

"We can afford to buy multiple iOS exploit chains for $1.5M each."

Hackers will get the payout within a week of submitting the zero-day vulnerabilities along with a valid working proof-of-concept.



from The Hacker News http://ift.tt/2drz0ED

Thursday, September 29, 2016

Brandis re-identification law proposal slammed

Microsoft sees rise in secret government data demands

37-Year-Old 'Syrian Electronic Army' Hacker Pleads Guilty in US court


One of the

FBI's Most Wanted Hackers

who was arrested in Germany earlier this year has pleaded guilty to federal charges for his role in a scheme that hacked computers and targeted the US government, foreign governments, and multiple US media outlets.

Peter Romar, 37, pleaded guilty Wednesday in a federal court in Alexandria to felony charges of conspiring to receive extortion proceeds and to illegally access computers in his role as a member of the infamous hacking group calling itself the

Syrian Electronic Army

(SEA), the Department of Justice (DoJ)

announced

.

Romar was previously extradited from Germany on request of the United States.

"Cybercriminals cannot hide from justice," said U.S. Attorney Dana J. Boente for the Eastern District of Virginia. "No matter where they are in the world, the United States will vigorously pursue those who commit crimes against U.S. citizens and hold them accountable for their actions."

In March, the US charged three men it believed were involved in cyber-attacks carried out the Syrian Electronic Army. Romar was already arrested while the other two - Ahmad Umar Agha (aka The Pro), 22 and Firas Dardar (aka The Shadow), 27 - were believed to be in Syria.

The FBI has also offered a reward of $100,000 for any information that leads to the arrest of Agha and Dardar, who were allegedly involved in

hacking Associated Press

Twitter account in April 2013 and spreading a false rumor claiming that the White House had been bombed, injuring President Obama, which caused a temporary stock market dip.

All three SEA hackers were allegedly engaged in a long-running cyber-propaganda campaign in support of the Syrian President Bashar al‑Assad.

The group used "spear-phishing" tactics to target computer systems of the

US government

, foreign organizations,

media outlets

and other private-sector entities that the SEA deemed as having been antagonistic toward the Syrian Government.

Between 2011 and 2013, SEA targeted multiple entities including the Associated Press,

Microsoft

, Reuters, CNN,

Time

, The Daily Dot, The Washington Post, Vice, Human Rights Watch, E! Online, Harvard University, NASA, US Marine, and The Onion, among others.

Dardar and Romar are accused of hacking into the computer systems of businesses for their personal profit. They hacked into victims' computers and then threaten them to damage computers, and delete/sell the data unless they were paid a ransom.

"If a victim could not make extortion payments to the conspiracy's Syrian bank accounts due to sanctions targeting Syria, Romar acted as an intermediary in Germany to evade those sanctions," the DoJ said.

Romar faces up to 5 years in prison and is scheduled to be sentenced on 21st October, while co-defendant Dardar still remains at large and is believed to be in Syria.



from The Hacker News http://ift.tt/2dpt7YA

Want Tofsee My Pictures? A Botnet Gets Aggressive

Using OpenDNS with Cisco WSA and Splunk for private reporting

Jive resets passwords after August data breach

Going back to school on IoT security – personal reflections from a cybersecurity product marketeer

Majority of enterprises admit they are vulnerable to insider threats

Shape Security raises $40 million, lands HPE as partner, investor

Multiple Backdoors found in D-Link DWR-932 B LTE Router


If you own a D-Link wireless router, especially

DWR-932 B LTE router

, you should get rid of it, rather than wait for a firmware upgrade that never lands soon.

D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration.

If successfully exploited, these vulnerabilities could allow attackers to remotely hijack and control your router, as well as network, leaving all connected devices vulnerable to man-in-the-middle and DNS poisoning attacks.

Moreover, your hacked router can be easily abused by cybercriminals to launch massive Distributed Denial of Service (DDoS) attacks, as the Internet has recently witnessed

record-breaking 1 Tbps DDoS attack

that was launched using more than 150,000 hacked Internet-connected smart devices.

Security researcher

Pierre Kim

has

discovered

 multiple vulnerabilities in the D-Link DWR-932B router that's available in several countries to provide the Internet with an LTE network.

Telnet and SSH Backdoor Accounts

While penetration testing, the researcher found that D-Link wireless router has Telnet and SSH services running by default, with two hard-coded secret accounts (admin:admin and root:1234).

Hackers can simply need these credentials to gain access to vulnerable routers from a command-line shell, allowing them to perform man-in-the-middle attacks, monitor Internet traffic, run malicious scripts and change router settings.

Another Backdoor

If this isn’t enough, D-Link DWR-932B LTE router has another secret backdoor that can be exploited by only sending "

HELODBG

" string as a secret hard-coded command to UDP port 39889, which in return launch Telnet as root privileges without any authentication.

Vulnerable WPS System


Default WPS PIN:

You might have seen a small push button on your router, labeled WPS, stands for Wi-Fi Protected Setup, a 'so-called' security feature that allows anyone to connect to your wireless network with a PIN, instead of your actual Wi-Fi password.

Bingo! The PIN for the WPS system on D-Link routers is '

28296607

,' which is hard-coded in the /bin/appmgr program.

Weak WPS PIN Generation:

Users can also temporary generate a new WPS PIN using router's administrative web-interface, but unfortunately, the PIN generation algorithm is flawed and so weak that an attacker can easily predict it.

Remote Firmware-Over-The-Air

Now, if you hope that a firmware upgrade will land soon and save you from these issues, then you are wrong.

It's because the D-Link's remote firmware over-the-air (FOTA) update mechanism is also vulnerable.

The credentials to contact the FOTA server are hard coded in the /sbin/fotad binary. The user/password combinations are qdpc:qdpc, qdpe:qdpe and qdp:qdp.

"It's notable the FOTA daemon tries to retrieve the firmware over HTTPS. But at the date of the writing, the SSL certificate for http://ift.tt/2cY3j60 is invalid for 1.5 years," Kim writes.

Security Removed in UPnP

Due to the security risks involved, there are usually restrictions in place in order to avoid modified new firewall rules from untrusted LAN clients.

However, there is no restriction about the UPnP permission rules in the configuration file for the vulnerable D-Link router, allowing anyone on the LAN to add their own Port forwarding rules from the Internet to other clients located in the LAN.

"An attacker can add a forwarding rule in order to allow traffic from the Internet to local Exchange servers, mail servers, ftp servers, http servers, database servers," Kim writes. "In fact, this lack of security allows a local user to forward whatever they want from the Internet into the LAN."

There are more security issues surrounding the vulnerable router, but Kim points out that the router with a big processor, sizable memory (168 MB) and good free space (235 MB) is so badly secured that it would be trivial for attackers to use this router as an attack vector.

Kim privately reported the security flaws to the Taiwan-based networking equipment manufacturer D-Link in June and received no update from the company. So, he went public with details of the vulnerabilities after obtaining CERT's advice.



from The Hacker News http://ift.tt/2dtzNKK

Improve Your Online Privacy And Security Using NordVPN


Today, most users surf the web unaware of the fact that websites collect their data and track their locations – and if this is not enough, then there are hackers and cyber criminals who can easily steal sensitive data from the ill-equipped.

In short, the simple truth is that you have no or very little privacy when you're online.

So, if you're worried about identity thieves, or ISPs spying on or throttling your traffic, the most efficient way to secure your privacy on the Internet is to avoid using public networks; use a

Virtual Private Network

(VPN) instead.

When it comes to digital security, the first thing most users probably think of is a good Antivirus for protecting their sensitive data on their systems. But, what they forget is that the data they send over the Internet needs protection, too.

That's where Virtual Private Network (VPN) services come in.

VPN allows you to access a private network securely and to share data remotely through public networks, protecting your data online – much like a firewall protects your data on your computer.

The most important thing about a VPN is that it secures your internet connection to guarantee that all of the data you are sending as well as receiving is encrypted and secured from ISPs, hackers, and prying eyes.

It's because VPN works by overlaying a private network on top of a public network, effectively encrypting all the data that passes through the networks.

Since VPNs use a combination of dedicated connections and encryption protocols to generate virtual Peer-to-Peer (P2P) connections, even if snoopers did manage to steal some of the transmitted data, they would be unable to access it.

What's more, VPN makes sure that your real identity remains anonymous on the Internet so that no one can track the origin of your Internet connection back to you.

So, if you are worried about online safety and have not thought about getting a VPN, it might be time to use one. But, the real question here is:

Which VPN Service is the best that would take care of my security and anonymity seriously?

Many companies are providing VPN services, but not all are same. Some VPN services log all your browsing activities that nullify the point of using a VPN for privacy.

The best VPNs are the ones that do not keep logs or records of your browsing history and protect your anonymity, while offering a solid balance of features, server location, connectivity protocols, and price.

I came across some reputed VPN services, but they resolved few issues, and some addressed several issues but cost too expensive.

But, then I found

NordVPN

, the Panama-based company that has been providing advanced VPN services since 2012.

While reviewing, I found that NordVPN offers some good features, when it comes to privacy and security, though it might not be the fastest VPN service.

First and foremost, NordVPN is for those privacy-conscious users who prefer strong online anonymity at a very affordable price.

Below I have listed some key features of NordVPN.

1. No Logging

NordVPN is a real

non-logging VPN

, but that is just the starting point.

The company has a "strict no-logs policy when it comes to seeing user activity online."

On logging, NordVPN clearly explained that it makes its user's traffic "invisible to governments, ISPs, third party snoopers and even NordVPN.com" itself.

2. Headquartered Outside the US and EU

NordVPN is headquartered in the Central American country of Panama, but why does this matter?

NordVPN servers are operated under the jurisdiction of Panama – a country that doesn't require Internet service providers to monitor user traffic, so the company is

"empowered to deny any third-party requests."

3. Double VPN System

A unique feature that NordVPN offers is its two-stage data encryption through its DoubleVPN service.

When using this service, user's data is passed through two separate VPN servers, which encrypt the data with AES-256-CBC cipher twice over using different keys as it leaves each server.

Re-encrypting the data twice will indeed make NordVPN more secure, which would make tracking an internet user more difficult.

4. Dedicated Tor-over-VPN Servers (for Maximum Anonymity)

Tor has become increasingly popular after Edward Snowden revelations about NSA's global surveillance programs.Tor is a great anonymity tool, but it also has certain downsides, like being a constant surveillance program target.

For those looking to get another layer of security protection, NordVPN is providing Tor-over- VPN server that encrypts your traffic before entering Tor network, making it even harder to trace back to the source.

Although Tor over VPN is only

User → VPN → Tor → Internet

, so your actual IP address is not masked from NordVPN. Much more useful would be a

User → Tor → VPN → Internet

kind of service that allows users to hide their true IP address from even the VPN provider.

Also, Tor is notoriously slow, which makes Tor-Over-VPN NordVPN servers slow in performance, but it would be unfair to judge something on factors beyond its control.

You can try the DoubleVPN with Tor-over-VPN for double-encrypted, multi-hop, maximum protection of your data. Isn't that cool?

5. Strong Encryption (2048-bit SSL for OpenVPN)

To protect your traffic from eavesdropping, NordVPN supports many different VPN security protocols, including OpenVPN, SSTP, PPTP, L2TP/IPsec and IKEv2/IPsec.

NordVPN for Windows, Linux or Mac OS allow users to manually choose between these encryption methods, while NordVPN custom apps for Windows, iOS, Mac OS and Android, have OpenVPN or IKEv2/IPsec protocols set by default, both open source, offering robust 2048 bit / 3072 bit encryption.

6. Automatic Kill-Switch

Besides its VPN services, NordVPN also offers a Kill Switch feature, which is a must-have for anyone who is genuinely concerned about security.

When configured, this feature constantly monitors the traffic between your selected applications or processes and the VPN servers.

If your VPN connection is interrupted or the data is broken at any point or for any reason, Kill Switch will automatically activate and immediately cut those apps or processes.

This is great, as it ensures that no unsecured data sneaks out.

7. Performance and Support (Hundreds Of Servers WorldWide)

Currently, the company has NordVPN apps for MAC OS, iOS, Windows, and Android.

NordVPN also supports Linux, but not Windows phone.

Users can even run NordVPN on game consoles and some network devices like routers.

In terms of speed, NordVPN provides consistent performance with several numbers of servers providing a satisfying rate.

NordVPN maintains servers and IP addresses in nearly 600 worldwide locations across 51 different countries, including:

The United States, United Kingdom, Canada, Australia, Brazil, Austria, France, Germany, Norway, Poland, Spain, Sweden, Switzerland, Romania, Russia, Iceland, Isle of Man, Israel, Italy, Hong Kong, Japan, Liechtenstein, Lithuania, Netherlands, New Zealand, Singapore, South Africa and more.

NordVPN offer servers that are customized for specific types of online access, such as high-speed servers for video streaming, Anti-DDoS servers for protection from denial of service attacks, and extra-secure servers for enhanced anonymity online.

Conclusion:

NordVPN offers a solid suite of security and privacy features, with a wide choice of locations, clear logging policy, and good performance, in an easy-to-use package at a very reasonable price.

It's a smart choice and certainly should be on your shortlist. NordVPN provides different packages, from which you can choose one according to your requirement.

VPNs have now become a great tool not just for large companies, but also for individuals to improve their privacy and security online, dodge content restrictions and counter growing threat of cyber attacks.

So, if you are worried about your online safety,

purchase a VPN now

.



from The Hacker News http://ift.tt/2dcV4o6

Yahoo attack not 'state-sponsored,' researchers claim

Microsoft expands Windows Insider Preview Edge browser bug bounty program

USN-3094-1: Systemd vulnerability

Ubuntu Security Notice USN-3094-1

29th September, 2016

systemd vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

The system could be made unavailable under certain conditions.

Software description

  • systemd - system and service manager

Details

Andrew Ayer discovered that Systemd improperly handled zero-length
notification messages. A local unprivileged attacker could use
this to cause a denial of service (init crash leading to system
unavailability).

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
systemd 229-4ubuntu10

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

In general, a standard system update will make all the necessary changes.

References

LP: 1628687



from Ubuntu Security Notices http://ift.tt/2dbJpaD

Brandis swings his golden hammer, misses mark

Wednesday, September 28, 2016

ランサムウェアの Android.Lockscreen、擬似乱数を導入

Medicare and PBS dataset pulled after re-identification concerns

勒索软件Android.Lockscreen开始使用伪随机数生成技术

Brandis to criminalise re-identifying anonymous data under Privacy Act

Cisco Releases Security Updates

Original release date: September 28, 2016

Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take over an affected system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2daYDN3

Pilgrim finally gets nod as Australian Information Commissioner

Will mobile security fall to the platform providers?

Apple Tracks Who You're Chatting Using iMessage — and Shares that Data with Police


Doing conversations with your friend on iMessage and thinking that they are safe and out of reach from anyone else other than you and your friend? No, it's not.

End-to-end encryption doesn't mean that your iMessages are secure enough to hide your trace because Apple not only stores a lot of information about your iMessages that could reveal your contacts and location, but even share that information with law enforcement via court orders.

According to a new document obtained by

The Intercept

, Apple records a log of which phone numbers you typed into their iPhone for a message conversation, along with the date and time when you entered those numbers as well as your IP address, which could be used to identify your location.

Actually, every time a user type a phone number into their iPhone for a message conversation, iMessage contacts Apple servers to find out whether to route a given message over the iMessage system.

"Apple records each query in which your phone calls home to see who's in the iMessage system and who's not," The Intercept reports.

Moreover, the company is compelled to turn over this information to law enforcement with a valid court order — generally

"pen registers"

or

"tap and trace devices"

warrants that are very easy to obtain.

Pen register warrants are routinely being used to compel telephone companies to provide metadata about customers' phone calls to law enforcement.

Apple Logs Your IP Address (Location)

But it’s surprising that Apple, which has positioned itself as a staunch defender of its user privacy by refusing the federal officials to

provide encryption backdoors

into its products, hands over its users' information on iMessage contacts under such warrants.

The report also points out that keeping logs of users IP address that could be used to reveal one’s actual location is contrary to Apple's 2013 claim that the company

"do not store data related to customers' location."

The Intercept obtained the document, titled '

iMessage FAQ for Law Enforcement

,' about Apple's iMessage logs as part of a much larger cache originating from within a state police agency,

"The Florida Department of Law Enforcement's Electronic Surveillance Support Team."

The team facilitates mass data collection for law enforcement using controversial tools such as

Stingrays

, along with the help of conventional techniques like pen registers and tap and trace devices warrants.

Although your iMessages are end-to-end encrypted, it doesn’t mean that all Apple users are enjoying the company's so-called privacy benefit.

If you have enabled iCloud Backup on your Apple devices to keep a backup of your data, the copies of all your messages, photographs and every important data stored on your device, are encrypted on iCloud using a key controlled by Apple, and not you.

So, Apple can still

read your end-to-end encrypted iMessages

, if it wants.

Even if you trust the company that it won't provide your decrypted data to law enforcement (just don't forget

San Bernardino case

in which

Apple helped the FBI

with the iCloud backup of the Shooter's iPhone), anyone who breaks into your iCloud account could see your personal and confidential data.

Apple deliberately Weakens Backup Encryption

Fortunately, it is possible to store your backups locally through

iTunes

, though it is not such an obvious choice for an average user.

What's even worse is that a recent issue in the local password-protected iTunes backups affects the encryption strength for backups of devices on iOS 10, allowing attackers to brute-force the password for a user's

local backup 2,500 faster

than was possible on iOS 9.

Apple has already confirmed that the issue exists and that a fix would be included in an upcoming update.

However, in response to the latest report about iMessage logs, Apple provided the following statement:

"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place."

The Florida Department of Law Enforcement still has to comment on the matter.



from The Hacker News http://ift.tt/2cWs7LK

USN-3093-1: ClamAV vulnerabilities

Ubuntu Security Notice USN-3093-1

28th September, 2016

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

ClamAV could be made to crash or run programs if it processed a specially crafted file.

Software description

  • clamav - Anti-virus utility for Unix

Details

It was discovered that ClamAV incorrectly handled certain malformed files.
A remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.

In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
clamav 0.99.2+dfsg-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
clamav 0.99.2+addedllvm-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
clamav 0.99.2+addedllvm-0ubuntu0.12.04.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2016-1371, CVE-2016-1372, CVE-2016-1405



from Ubuntu Security Notices http://ift.tt/2ds5Gi8

USN-3092-1: Samba vulnerability

Ubuntu Security Notice USN-3092-1

28th September, 2016

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Samba could be tricked into connecting to impersonated servers.

Software description

  • samba - SMB/CIFS file, print, and login server for Unix

Details

Stefan Metzmacher discovered that Samba incorrectly handled certain flags
in SMB2/3 client connections. A remote attacker could use this issue to
disable client signing and impersonate servers by performing a man in the
middle attack.

Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
In addition to the security fix, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2016-2119



from Ubuntu Security Notices http://ift.tt/2d50Vg3

Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability

A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload.

The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link:
http://ift.tt/2d9MRCM

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload.

The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link:
http://ift.tt/2d9MRCM

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2016-6393

from Cisco Security Advisory http://ift.tt/2d9MRCM

Cisco Videoscape Distribution Suite Service Manager Reflective Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Videoscape Distribution Suite Service Manager (VDS-SM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations is available:
http://ift.tt/1NgIYUj
http://ift.tt/MiRF7O

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BY48 A vulnerability in the web-based management interface of Cisco Videoscape Distribution Suite Service Manager (VDS-SM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or to access sensitive browser-based information.

Additional information about XSS attacks and potential mitigations is available:
http://ift.tt/1NgIYUj
http://ift.tt/MiRF7O

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BY48
Security Impact Rating: Medium
CVE: CVE-2016-6418

from Cisco Security Advisory http://ift.tt/2d4BY48

Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

This advisory is available at the following link:
http://ift.tt/2d9LwvL

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device.

The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

This advisory is available at the following link:
http://ift.tt/2d9LwvL

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High
CVE: CVE-2016-6385

from Cisco Security Advisory http://ift.tt/2d9LwvL

Cisco IOS XR Software Open Shortest Path First Link State Advertisement Denial of Service Vulnerability

A vulnerability in the implementation of Open Shortest Path First (OSPF) Link State Advertisement (LSA) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a memory error in OSPF. An attacker could exploit this vulnerability by sending a crafted OSPF LSA update to an affected device. A successful exploit could allow the attacker to cause the OSPF process to restart when the crafted OSPF LSA update is received, resulting in a DoS condition. 

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dtxQO3 A vulnerability in the implementation of Open Shortest Path First (OSPF) Link State Advertisement (LSA) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a memory error in OSPF. An attacker could exploit this vulnerability by sending a crafted OSPF LSA update to an affected device. A successful exploit could allow the attacker to cause the OSPF process to restart when the crafted OSPF LSA update is received, resulting in a DoS condition. 

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dtxQO3
Security Impact Rating: Medium
CVE: CVE-2016-6421

from Cisco Security Advisory http://ift.tt/2dtxQO3

Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities

Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).

The first vulnerability (Cisco bug ID CSCud36767 (registered customers only)) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart.

The second vulnerability (Cisco bug ID CSCuy16399 (registered customers only)) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
http://ift.tt/2d9M0C2

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM).

The first vulnerability (Cisco bug ID CSCud36767 (registered customers only)) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart.

The second vulnerability (Cisco bug ID CSCuy16399 (registered customers only)) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
http://ift.tt/2d9M0C2

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High
CVE: CVE-2016-6382,CVE-2016-6392

from Cisco Security Advisory http://ift.tt/2d9M0C2

Cisco IOS and IOS XE Software IP Detail Record Denial of Service Vulnerability

A vulnerability in the IP Detail Record (IPDR) code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload.

The vulnerability is due to improper handling of IPDR packets. An attacker could exploit this vulnerability by sending crafted IPDR packets to an affected system. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzNWC1

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. A vulnerability in the IP Detail Record (IPDR) code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload.

The vulnerability is due to improper handling of IPDR packets. An attacker could exploit this vulnerability by sending crafted IPDR packets to an affected system. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzNWC1

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2016-6379

from Cisco Security Advisory http://ift.tt/2dzNWC1

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system.

The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2cLaGjJ

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system.

The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system.

Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2cLaGjJ

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High
CVE: CVE-2016-6381

from Cisco Security Advisory http://ift.tt/2cLaGjJ

Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability

A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition on an affected device.

The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message. When processing the malicious message, the affected device may attempt to access an invalid memory region, resulting in a crash. An attacker who can submit an H.323 packet designed to trigger the vulnerability could cause the affected device to crash and restart.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2cLbt4a

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
A vulnerability in the H.323 subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition on an affected device.

The vulnerability is due to a failure to properly validate certain fields in an H.323 protocol suite message. When processing the malicious message, the affected device may attempt to access an invalid memory region, resulting in a crash. An attacker who can submit an H.323 packet designed to trigger the vulnerability could cause the affected device to crash and restart.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2cLbt4a

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High
CVE: CVE-2016-6384

from Cisco Security Advisory http://ift.tt/2cLbt4a

Cisco IOS XE Software IP Fragment Reassembly Denial of Service Vulnerability

A vulnerability in the IPv4 fragment reassembly function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to the corruption of an internal data structure that occurs when the affected software reassembles an IPv4 packet. An attacker could exploit this vulnerability by sending crafted IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzOo3g

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. A vulnerability in the IPv4 fragment reassembly function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to the corruption of an internal data structure that occurs when the affected software reassembles an IPv4 packet. An attacker could exploit this vulnerability by sending crafted IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzOo3g

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2016-6386

from Cisco Security Advisory http://ift.tt/2dzOo3g

Cisco Firepower Management Center SQL Injection Vulnerability

A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device.

The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQL request to the affected web page. An exploit could allow the attacker to modify the SQL database used by the Firepower Management Center.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BwmH A vulnerability in the web framework of the Cisco Firepower Management Center could allow an authenticated, remote attacker to perform SQL injection on the affected device.

The vulnerability is due to a lack of input validation. An attacker could exploit this vulnerability by sending a crafted SQL request to the affected web page. An exploit could allow the attacker to modify the SQL database used by the Firepower Management Center.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BwmH
Security Impact Rating: Medium
CVE: CVE-2016-6419

from Cisco Security Advisory http://ift.tt/2d4BwmH

Cisco Firepower Management Center Privilege Escalation Vulnerability

A vulnerability in the web framework of the Cisco Firepower Management Center could allow authenticated, remote attackers to elevate privileges to access data outside their roles.

The vulnerability is due to improper authorization checks for authenticated users of the system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected web page. Successful exploitation could allow attackers to access sensitive information for which they are not authorized by the Firepower Management Center.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4Eg3c A vulnerability in the web framework of the Cisco Firepower Management Center could allow authenticated, remote attackers to elevate privileges to access data outside their roles.

The vulnerability is due to improper authorization checks for authenticated users of the system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected web page. Successful exploitation could allow attackers to access sensitive information for which they are not authorized by the Firepower Management Center.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4Eg3c
Security Impact Rating: Medium
CVE: CVE-2016-6420

from Cisco Security Advisory http://ift.tt/2d4Eg3c

Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BRFR A cross-site request forgery (CSRF) vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://ift.tt/2d4BRFR
Security Impact Rating: Medium
CVE: CVE-2016-6417

from Cisco Security Advisory http://ift.tt/2d4BRFR

Cisco IOS XE Software NAT Denial of Service Vulnerability

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzOqIi

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.

The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzOqIi

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2016-6378

from Cisco Security Advisory http://ift.tt/2dzOqIi

Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability

A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory.

The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzNFii

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory.

The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by intercepting and crafting a DNS response message to a client DNS query that was forwarded from the affected device to a DNS server. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dzNFii

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2016-6380

from Cisco Security Advisory http://ift.tt/2dzNFii

Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability

A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.

The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dkW6wF

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.

The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2dkW6wF

This advisory is part of the September 28, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 10 Cisco Security Advisories that describe 11 vulnerabilities. All the vulnerabilities have a Security Impact Rating of “High.” For a complete list of the advisories and links to them, see Cisco Event Response: September 2016 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High
CVE: CVE-2016-6391

from Cisco Security Advisory http://ift.tt/2dkW6wF

Cisco AsyncOS File Transfer Protocol Denial of Service Vulnerability

A vulnerability in the local File Transfer Protocol (FTP) service on the Cisco AsyncOS for Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to lack of throttling of FTP connections. An attacker could exploit this vulnerability by sending a flood of FTP traffic to the local FTP service on the targeted device. An exploit could allow the attacker to cause a DoS condition.

CONDITION(s):

The local FTP service is enabled. This is not the default configuration.

To check if local FTP service is enabled, the administrator can use either the GUI or command-line interface (CLI).
1. On the GUI, navigate to Network -> IP Interfaces, click the name of the interface, and in the Services section, check if the FTP service is enabled.

2. For the CLI, the parameter “Do you want to enable FTP on this interface?” would be set to Yes.


Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2dtxOpp A vulnerability in the local File Transfer Protocol (FTP) service on the Cisco AsyncOS for Email Security Appliance (ESA), Web Security Appliance (WSA), and Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to lack of throttling of FTP connections. An attacker could exploit this vulnerability by sending a flood of FTP traffic to the local FTP service on the targeted device. An exploit could allow the attacker to cause a DoS condition.

CONDITION(s):

The local FTP service is enabled. This is not the default configuration.

To check if local FTP service is enabled, the administrator can use either the GUI or command-line interface (CLI).
1. On the GUI, navigate to Network -> IP Interfaces, click the name of the interface, and in the Services section, check if the FTP service is enabled.

2. For the CLI, the parameter “Do you want to enable FTP on this interface?” would be set to Yes.


Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2dtxOpp
Security Impact Rating: Medium
CVE: CVE-2016-6416

from Cisco Security Advisory http://ift.tt/2dtxOpp

Disclosure investigations newest narrative in enterprise breach forensics

Where ransomware goes next: Your phone, your TV, your servers

September 2016 Cisco IOS & IOS XE Software Bundled Publication

HP told: Disarm printer ink 'self-destruct sequence' blocking third-party cartridges

Creating a “Kill Switch” in the Cybersecurity “Kill Chain”

World's largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices


Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed.

If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a

botnet of millions of infected devices

that was used to launch the biggest DDoS attack known to date, with peaks of

over 1 Tbps

of traffic.

France-based hosting provider OVH was the victim to the record-breaking Distributed Denial of Service (DDoS) attacks that reached over one terabit per second (1 Tbps) over the past week.

As the Internet of Things (IoT) or connected devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way.1 Tbps DDoS Attack Hits OVH

IoTs are currently being deployed in a large variety of devices throughout your home, businesses, hospitals, and even entire cities (

Smart Cities

), but they are routinely being hacked and used as weapons in cyber attacks due to lack of stringent security measures and insecure encryption mechanisms.

Also Read: Here's How to Hack IoT Devices

.

Octave Klaba, the founder and CTO of OVH, revealed on Twitter last week when his company was hit with two simultaneous DDoS attacks whose combined bandwidth reached almost 1 Tbps.

"Last days, we got [a] lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the simultaneous DDoS are close to 1 Tbps!," Klaba tweeted.

A screenshot posted by Klaba shows multiple DDoS attacks that exceed 100 Gbps, including one that peaked at 799 Gbps alone, making it the largest DDoS attack ever reported.

According to the OVH founder, the massive DDoS attack was carried out via a network of over 152,000 IoT devices that includes compromised CCTV cameras and personal video recorders.

Must Read: How Drones Can Find and Hack Internet-of-Things Devices From the Sky

.

IoT-powered DDoS attacks have now reached an unprecedented size, as it is too easy for hackers to gain control of poorly configured, or vulnerable, IoT devices.

Late last year, we reported that lazy manufacturers of the IoTs and home routers are reusing the

same set of hard-coded SSH

(Secure Shell) cryptographic keys, leaving millions of embedded devices, including home routers, modems, and IP cameras open to Hijacking.

And the worst part:

These insecure IoT or internet-connected devices are no longer in line for security updates, which makes it possible for hackers to hijack these connected devices today or tomorrow.

Also Read: First-Ever Ransomware For Smart Thermostat is Here — It's Hot

!



from The Hacker News http://ift.tt/2cUVfmu

Google tackles XSS scripting flaws with new developer tools

What is ransomware? 1 in 3 small businesses 'clueless' to the danger

Tuesday, September 27, 2016

Android.Lockscreen ransomware now using pseudorandom numbers

The latest Android.Lockscreen variants are using new techniques to improve their chances of obtaining ransom money.

Read More

from Symantec Connect - Securi... http://ift.tt/2deb4q8

ASX completes blockchain trading platform prototype

Windows 10 installed base grows, as businesses become less cautious

Australia scrapes fourth on APAC cyber maturity scale

How the FBI defends against insider threats


The Federal Bureau of Investigation has been burned by insider security issues before, but is betting some crowdsourcing, a controlled environment and organizational trust can thwart threats.

Arlette Hart, chief information security officer at the FBI, outlined the agency's approach to insider security at the Structure Security conference in San Francisco. Hart's talk revolved more around process and culture rather than technology.

The FBI set up its internal security operation after Robert Hansen spied for the Soviet Union from 1979 to 2001. "Robert Hansen was why my organization was stood up," said Hart. "No organization is without an insider threat."

More: Automation, AI among key takeaways for security execs, ecosystem | TechRepublic: Help wanted: How automation can help with the security skills gap | How machine learning and AI will 'save the entire security industry' | What business leaders need to know about the state of cybersecurity

In addition, the approach to insider threats was further refined when Leandro Aragoncillo, a former FBI intelligence analyst, was charged with espionage in 2007 for passing information to the Philippines.

With that said here are a few lessons from Hart on defending the insider threat.

  • Use a crowdsourcing approach. The FBI has systems so employees can report potential insider threats, said Hart. Employees who report threats from the inside can't do it anonymously. "We don't have anonymous reporting. You have to sign your name to an account," said Hart. Why? An anonymous approach increases the rate of false positives. "If you do it anonymously you're not accountable for the information," said Hart.
  • Insider investigations need to be held tightly with a focus on protecting information. Hart said if a potential investigation was leaked it could ruin a person's life as well as threaten the organization. "(Deterring insider threats) is a critical capability and has to be handled carefully," said Hart.
  • Control the environment. The FBI doesn't have a bring your own device policy and employees agree to monitoring and strict controls.
  • Deterring insider threats is about acting quickly not preventing something before it happens. "Your goal is to catch them as soon as you can before anything adversely happens," she said. However, an organization can look more closely at how data is moving around at risk employees. For instance, an employee proposed for dismissal may be watched for what data that person has access to as well as data movement.


from Latest Topic for ZDNet in... http://ift.tt/2d7YVmp

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.”

Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.”

Of the 16 released vulnerabilities:
  • Fourteen track issues that could result in a denial of service (DoS) condition
  • One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality
  • One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system

Five of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product.

This advisory is available at the following link:
http://ift.tt/2dpHama On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.”

Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.”

Of the 16 released vulnerabilities:
  • Fourteen track issues that could result in a denial of service (DoS) condition
  • One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality
  • One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system

Five of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product.

This advisory is available at the following link:
http://ift.tt/2dpHama
Security Impact Rating: Medium
CVE: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6305,CVE-2016-6306,CVE-2016-6307,CVE-2016-6308,CVE-2016-6309,CVE-2016-7052

from Cisco Security Advisory http://ift.tt/2dpHama

USN-3090-1: Pillow vulnerabilities

Ubuntu Security Notice USN-3090-1

27th September, 2016

Pillow vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Pillow could be made to crash if it received specially crafted input or opened a specially crafted file.

Software description

  • pillow - Python Imaging Library compatibility layer

Details


It was discovered that a flaw in processing a compressed text chunk in
a PNG image could cause the image to have a large size when decompressed,
potentially leading to a denial of service. (CVE-2014-9601)

Andrew Drake discovered that Pillow incorrectly validated input. A remote
attacker could use this to cause Pillow to crash, resulting in a denial
of service. (CVE-2014-3589)

Eric Soroos discovered that Pillow incorrectly handled certain malformed
FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to
cause Pillow to crash, resulting in a denial of service.
(CVE-2016-0740, CVE-2016-0775, CVE-2016-2533)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
python-imaging 2.3.0-1ubuntu3.2
python3-pil 2.3.0-1ubuntu3.2
python-pil 2.3.0-1ubuntu3.2
python3-imaging 2.3.0-1ubuntu3.2

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3589, CVE-2014-9601, CVE-2016-0740, CVE-2016-0775, CVE-2016-2533



from Ubuntu Security Notices http://ift.tt/2dicEJm