Friday, December 30, 2016

IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition Version 6 SR16FP30 that affect IBM Domino. These issues were disclosed as part of the IBM Java SDK updates in Oct. 2016, fixed with Version 6 SR16FP35.

CVE(s): CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 FP7 IF1
IBM Domino 8.5.3 through 8.5.3 FP6 IF15
All 9.0.x, 9.0, 8.5.x and 8.5 releases of IBM Domino prior to those listed above

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hTQiwZ
X-Force Database: http://ift.tt/2fVzmWT
X-Force Database: http://ift.tt/2eDq0ND
X-Force Database: http://ift.tt/2e5p1tK
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2eDqzaq
X-Force Database: http://ift.tt/2e5s2Ku



from IBM Product Security Incident Response Team http://ift.tt/2hTM9ci

IBM Security Bulletin: Vulnerabilities in cURL/libcURL affect IBM Flex System Chassis Management Module

IBM Chassis Management Module has addressed the following vulnerabilities in cURL/libcURL. Vulnerability Details

CVE(s): CVE-2016-5419, CVE-2016-5420

Affected product(s) and affected version(s):

Product Affected Version
IBM Flex System Chassis Management Module (CMM) 2PET

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hC967E
X-Force Database: http://ift.tt/2hTOl3I
X-Force Database: http://ift.tt/2hC94N4



from IBM Product Security Incident Response Team http://ift.tt/2hTWdlu

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Chassis Management Module

IBM Chassis Management Module has addressed the following vulnerabilities in OpenSSL. Vulnerability Details:

CVE(s): CVE-2016-2177, CVE-2016-2178, CVE-2016-6306

Affected product(s) and affected version(s):

Product Affected Version
IBM Flex System Chassis Management Module (CMM) 2PET

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hC747N
X-Force Database: http://ift.tt/2e0d1c6
X-Force Database: http://ift.tt/2dyLfjk
X-Force Database: http://ift.tt/2fnbCMj



from IBM Product Security Incident Response Team http://ift.tt/2hC72Nd

IBM Security Bulletin: Vulnerabilities in PHP affect IBM Flex System Chassis Management Module

IBM Chassis Management Module has addressed the following vulnerabilities in PHP. Vulnerability Details

CVE(s): CVE-2015-8935, CVE-2016-5769

Affected product(s) and affected version(s):

Product Affected Version
IBM Flex System Chassis Management Module (CMM) 2PET

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hTQbkZ
X-Force Database: http://ift.tt/2hCbrji
X-Force Database: http://ift.tt/2hTNXCa



from IBM Product Security Incident Response Team http://ift.tt/2hCcdNa

IBM Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by a Vulnerability in GPFS (CVE-2016-2119 )

DB2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version 4.1.1 that is used by DB2® pureScale™ Feature on AIX and Linux.

CVE(s): CVE-2016-2119

Affected product(s) and affected version(s):

All fix pack levels of IBM DB2 V10.5 and V11.1.1 editions listed below, running on AIX and Linux are affected, and only for those customers who have DB2® pureScale™ Feature installed.

IBM DB2 Enterprise Server Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Advanced Enterprise Server Edition
IBM DB2 Advanced Workgroup Server Edition
IBM DB2 Direct Advanced Edition
IBM DB2 Direct Standard Edition

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hTRdO5
X-Force Database: http://ift.tt/2cRlID1



from IBM Product Security Incident Response Team http://ift.tt/2hTN78m

IBM Security Bulletin:AppScan Source could reveal some sensitive information through browsing of testlinks on server (CVE-2016-3035)

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server

CVE(s): CVE-2016-3035

Affected product(s) and affected version(s):

IBM Security AppScan Source 9.0.1, 9.0.2, 9.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hTSYul
X-Force Database: http://ift.tt/2hCe9VG



from IBM Product Security Incident Response Team http://ift.tt/2hTXJUY

IBM Security Bulletin : AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily (CVE-2016-3034)

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. This only affects information stored in the AppScan Source database for local AppScan Source users. This does not affect users configured in AppScan Enterprise.

CVE(s): CVE-2016-3034

Affected product(s) and affected version(s):

IBM Security AppScan Source 9.0.1, 9.0.2, 9.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hTOkNc
X-Force Database: http://ift.tt/2hCkKPZ



from IBM Product Security Incident Response Team http://ift.tt/2hTNYWK

The impact on network security through encrypted protocols – HTTP/2

Thursday, December 29, 2016

Obama Expels 35 Russian Spies Over Election Hacking; Russia Responds With Duck Meme


The United States has expelled 35 Russian spies in response to Russia's alleged interference in last month's presidential election, further escalating tensions between the countries.

The US state department has

declared

35 diplomatic intelligence officials from the Russian embassy in Washington DC and the consulate in San Francisco "persona non grata," giving them and their families 72 hours to leave the country.

President Barack Obama has also announced the closing of two Russian compounds, in New York and Maryland, used by the Russian officials for intelligence-gathering, from noon on Friday.

"I have sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU’s cyber operations," President Obama said in a statement.
"In addition, the Secretary of the Treasury is designating two Russian individuals for using cyber-enabled means to cause misappropriation of funds and personal identifying information."

Obama accused Russia of "aggressive harassment," saying "all Americans should be alarmed by Russia's actions." He believes that hacking "could only have been directed by the highest levels of the Russian government."

The move follows calls from senior US senators to sanction Russian diplomats who are believed to have played a role in the last month’s election-hacking against the Democratic Party and Hillary Clinton's campaign.

Russia Tweeted A Duck Meme In Response

Of course, Russia—who has denied any involvement and called the decision "ungrounded"—is not happy with the decision in the dying days of the Obama administration.

After Obama had announced sanctions against the Russian diplomats on Thursday, the Russian Embassy in London tweeted a photo of a duckling with the word "Lame" over it.

The

photo was posted

in an obvious reference to Obama as he nears the end of his "lame duck" period in White house after almost eight years as US president.

Donald Trump — It’s time for our country to move on

Ultimately, it depends on President-elect Donald Trump, who will take over from President Obama next month, if he carries the new sanctions against the Russian diplomats.

However, Trump has dismissed the hacking claims as "ridiculous" and the US threat to increase sanctions against Russia and said Americans should "get on with our lives," adding that "it’s time for our country to move on to bigger and better things," instead of speculating over the impact Russia had on last month's election.

"Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week to be updated on the facts of this situation," Trump told

reporters

Thursday.

The US intelligence agencies have described the Russian hacking as a "decade-long campaign," which includes spear phishing; campaigns targeting government organizations, and critical infrastructures like think-tanks, universities, political organizations, and corporations; theft of information from these agencies; and public release of stolen information.

Several US agencies, including the CIA and FBI, have concluded that the emails stolen from Hillary Clinton's campaign manager and Democratic National Committee servers were released during the 2016 presidential election by Wikileaks to cause damage to Clinton.



from The Hacker News http://ift.tt/2hyhPq7

Obama, Feds outline technical, spear phishing details, sanctions vs. Russia over cyber attacks

Stop calling everything a "hack"

IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-8934)

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October 2016. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server.

CVE(s): CVE-2016-5573, CVE-2016-5597, CVE-2016-8934

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Liberty
  • Version 9.0
  • Version 8.5.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ihIoP2
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2ilu2PU



from IBM Product Security Incident Response Team http://ift.tt/2ihCkWw

IBM Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM Security Network Active Bypass (CVE-2016-3706, CVE-2016-4429)

GNU C library (glibc) vulnerabilities were found that affect IBM Security Network Active Bypass.

CVE(s): CVE-2016-3706, CVE-2016-4429

Affected product(s) and affected version(s):

IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.5-21
IBM Security 10G Network Active Bypass firmware versions 1.x firmware levels 1.0.1876 through 3.30.5-21

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ilu0Yi
X-Force Database: http://ift.tt/2heDe5H
X-Force Database: http://ift.tt/2gkDPFG



from IBM Product Security Incident Response Team http://ift.tt/2ihzqkP

IBM Security Bulletin: Vulnerabilies (17 total), in Oracle Outside In Technology (OIT) affect FileNet Content Manager, and IBM Content Foundation

Security vulnerabilitiy exists in IBM FileNet Content Manager and IBM Content Foundation in Oracle Outside In Technology (OIT).

CVE(s): CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596

Affected product(s) and affected version(s):

FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ilAiHl
X-Force Database: http://ift.tt/2bylWyg
X-Force Database: http://ift.tt/2bH5oaQ
X-Force Database: http://ift.tt/2bylccF
X-Force Database: http://ift.tt/2bH5csb
X-Force Database: http://ift.tt/2byleBc
X-Force Database: http://ift.tt/2bH57EM
X-Force Database: http://ift.tt/2byl2Sz
X-Force Database: http://ift.tt/2bH5YFE
X-Force Database: http://ift.tt/2bylccG
X-Force Database: http://ift.tt/2bH6aoe
X-Force Database: http://ift.tt/2bylmR8
X-Force Database: http://ift.tt/2bH5cZl
X-Force Database: http://ift.tt/2bykTOU
X-Force Database: http://ift.tt/2bH6js1
X-Force Database: http://ift.tt/2byknk7
X-Force Database: http://ift.tt/2bH5P52
X-Force Database: http://ift.tt/2byl1xY



from IBM Product Security Incident Response Team http://ift.tt/2ilr0LG

IBM Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175)

Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content Foundation.

CVE(s): CVE-2016-2175

Affected product(s) and affected version(s):

FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ilfPTk
X-Force Database: http://ift.tt/2ihD2Dt



from IBM Product Security Incident Response Team http://ift.tt/2ili4FW

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!


Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language.

The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies.

Security researchers at Check Point's exploit research team spent several months examining the unserialized mechanism in PHP 7 and

discovered

"three fresh and previously unknown vulnerabilities" in the mechanism.

While researchers discovered flaws in the same mechanism, the vulnerabilities in PHP 7 are different from what was found in PHP 5.

Tracked as CVE-2016-7479, CVE-2016-7480, and CVE-2016-7478, the zero-day flaws can be exploited in a similar manner as a separate vulnerability (

CVE-2015-6832

) detailed in Check Point's August report.

The first two vulnerabilities, if exploited, would allow a hacker to take full control over the target server, enabling the attacker to do anything from spreading malware to steal customer data or to defacing it.

The third vulnerability could be exploited to generate a Denial of Service (DoS) attack, allowing a hacker to hang the website, exhaust its memory consumption and eventually shut down the target system, researchers explain in their report [

PDF

].

According to Yannay Livneh of Check Point's exploit research team, none of the above vulnerabilities were found exploited in the wild by hackers.

The check Point researchers reported all the three zero-day vulnerabilities to the PHP security team on September 15 and August 6.

Patches for two of the three flaws were issued by the PHP security team on 13th October and 1st December, but one of them remains unpatched.

Besides patches, Check Point also released IPS signatures for the three vulnerabilities on the 18th and 31st of October to protect users against any attack that exploits these vulnerabilities.

In order to ensure the webserver’s security, users are strongly recommended to upgrade their servers to the latest version of PHP.



from The Hacker News http://ift.tt/2hvCN90

Wednesday, December 28, 2016

6 Resolutions Every Business Should Make (and Keep) in 2017

Ready or not, here comes 2017. Just as people make resolutions intended to improve their personal and professional lives, businesses should also take the opportunity to make plans for the coming year. What will you do in the new year to make your business more profitable and secure?

May we suggest drawing some insight from Ponemon Institute’s Fourth Annual Data Breach Preparedness Study, sponsored by Experian Data Breach Resolution, when crafting resolutions for your business this year? Here are six things every business should do in 2017 to mitigate cybersecurity threats and minimize the risk of damage from a data breach:

  1. Update your data breach response plan — assuming, of course, you already have one in place. While 86 percent of the companies polled by Ponemon say they have a plan in place, less than a quarter (24 percent) have processes in place to update their plan annually. Twenty-nine percent have never updated their data breach response plan since first implementing it. Because risks and threats emerge constantly, it’s critical to update your plan to address the shifting cybersecurity landscape.
  2. Hold a “fire drill.” While companies who conduct fire drills of their data breach response plans find value in it (80 percent said fire drills improved their plans’ effectiveness), 40 percent of companies still aren’t doing them. Practicing your data breach response can help ensure that when a real one occurs, everyone acts according to plan.
  3. Prepare for ransomware. Ransomware is a growing problem, yet 56 percent of the companies Ponemon surveyed said they weren’t confident their organization would be able to handle a ransomware attack. Worse, nearly half (45 percent) said they’re not doing anything to prepare for ransomware. Few are taking steps to limit ransomware risks, such as auditing and increasing backup of vulnerable data and systems (43 percent) and including planned system outage provisions in their business continuity plans (40 percent).
  4. Engage your C-suite. Involvement of leadership is key to an effective data breach response, yet 57 percent of companies have boards of directors, chairmen and CEOs who are not informed and involved in data breach preparedness. Sixty-six percent of IT professionals say their boards don’t understand the specific security threats facing their organization, and 74 percent of boards aren’t willing to assume responsibility for successful implementation of their plan.
  5. Audit third-party security measures. Your own security measures aren’t the only ones that might need shoring up in the new year. The security of your vendors and others you do business with can directly impact the integrity of your own data and systems. Half of companies now require audits of a third party’s security procedures, 93 percent require third parties and business partners to notify them when a breach occurs, and 80 percent require an incident response plan to review.
  6. Emphasize employee education. Your employees can be your greatest asset — or the weakest link — in your cybersecurity measures. Implementing employee privacy and data protection awareness programs can help reduce the risk of employee negligence or error leading to a cybersecurity event. Don’t just stop with a program that happens shortly after an employee is hired. Education should be ongoing in order to keep employees up-to-date on how to defend the company’s data, systems and customers against emerging cyberthreats.

The need for effective data breach preparedness will only grow in 2017. By making and keeping a few key resolutions, you can help mitigate data breach risks and ensure everyone in your organization is prepared to react well when one does occur.

The post 6 Resolutions Every Business Should Make (and Keep) in 2017 appeared first on Data Breach Resolution.



from Data Breach Resolution http://ift.tt/2ieOBv1

New Android Malware Hijacks Router DNS from Smartphone


Another day, another creepy malware for Android users!

Security Researchers have uncovered a new Android malware targeting your devices, but this time instead of attacking the device directly, the malware takes control over the WiFi router to which your device is connected to and then hijacks the web traffic passing through it.

Dubbed "

Switcher

," the new Android malware, discovered by researchers at Kaspersky Lab, hacks the wireless routers and changes their DNS settings to redirect traffic to malicious websites.

Over a week ago, Proofpoint researchers discovered similar attack targeting PCs, but instead of infecting the target's machines, the

Stegano exploit kit

takes control over the local WiFi routers the infected device is connected to.

Switcher Malware carries out Brute-Force attack against Routers

Hackers are currently distributing the Switcher trojan by disguising itself as an Android app for the Chinese search engine Baidu (com.baidu.com), and as a Chinese app for sharing public and private Wi-Fi network details (com.snda.wifilocating).

Once victim installs one of these malicious apps, the Switcher malware attempts to log in to the WiFi router the victim's Android device is connected to by carrying out a brute-force attack on the router's admin web interface with a set of a predefined dictionary (list) of usernames and passwords.

"With the help of JavaScript [Switcher] tries to login using different combinations of logins and passwords," mobile security expert Nikita Buchka of Kaspersky Lab says in a blog post published today. 
"Judging by the hard coded names of input fields and the structures of the HTML documents that the trojan tries to access, the JavaScript code used will work only on web interfaces of TP-LINK Wi-Fi routers."


Switcher Malware Infects Routers via DNS Hijacking

Once accessed web administration interface, the Switcher trojan replaces the router's primary and secondary DNS servers with IP addresses pointing to malicious DNS servers controlled by the attackers.

Researchers said Switcher had used three different IP addresses – 101.200.147.153, 112.33.13.11 and 120.76.249.59 – as the primary DNS record, one is the default one while the other two are set for specific internet service providers.

Due to change in router's DNS settings, all the traffic gets redirected to malicious websites hosted on attackers own servers, instead of the legitimate site the victim is trying to access.

"The Trojan targets the entire network, exposing all its users, whether individuals or businesses, to a wide range of attacks – from phishing to secondary infection," the post reads.
"A successful attack can be hard to detect and even harder to shift: the new settings can survive a router reboot, and even if the rogue DNS is disabled, the secondary DNS server is on hand to carry on."

Researchers were able to access the attacker’s command and control servers and found that the Switcher malware Trojan has compromised almost 1,300 routers, mainly in China and hijacked traffic within those networks.

The Bottom Line

Android users are required to download applications only from official Google's Play Store.

While downloading apps from third parties do not always end up with malware or viruses, it certainly ups the risk. So, it is the best way to avoid any malware compromising your device and the networks it accesses.

You can also go to Settings → Security and make sure "Unknown sources" option is turned off.

Moreover, Android users should also change their router's default login and passwords so that nasty malware like Switcher or Mirai, can not compromise their routers using a brute-force attack.



from The Hacker News http://ift.tt/2i8lMT8

Nevada accidentally leaks thousands of medical marijuana dispensary applications

IBM Security Bulletin: Vulnerability in Cache-Control header usage affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8981).

IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x allows web pages containing sensitive information to be cached by a browser. As a result this information will be stored unsafely for an indefinite amount of time on the user’s hard drive.

CVE(s): CVE-2016-8981

Affected product(s) and affected version(s):

IBM License Metric Tool v9.x
IBM BigFix Inventory v9.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ihtjzd
X-Force Database: http://ift.tt/2hoBzZG



from IBM Product Security Incident Response Team http://ift.tt/2ihnTnZ

IBM Security Bulletin: Vulnerability in XML Entity Processsing affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8980)

The product does not disable external XML Entity Processsing which can lead to information disclosure and denial of service attacks.

CVE(s): CVE-2016-8980

Affected product(s) and affected version(s):

IBM License Metric Tool v9.x
IBM BigFix Inventory v9.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ihnUs3
X-Force Database: http://ift.tt/2hopO5I



from IBM Product Security Incident Response Team http://ift.tt/2ihlPwa

IBM Security Bulletin: Vulnerability due to a missing HTTP Strict Transport Security header affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8966)

Due to a missing HTTP Strict Transport Security header an unaware user can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire.

CVE(s): CVE-2016-8966

Affected product(s) and affected version(s):

IBM License Metric Tool v9.x
IBM BigFix Inventory v9.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ihlE49
X-Force Database: http://ift.tt/2hoDsG0



from IBM Product Security Incident Response Team http://ift.tt/2ihfvEO

IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection (CVE-2016-6065)

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. IBM Security Guardium Database Activity Monitor fixed this vulnerability

CVE(s): CVE-2016-6065

Affected product(s) and affected version(s):

IBM Security Guardium Database Activity Monitor V8.2

IBM Security Guardium Database Activity Monitor V 9, 9.1, 9.5

IBM Security Guardium Database Activity Monitor V10, 10.0.1, 10.1, 10.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ihjDF0
X-Force Database: http://ift.tt/2hoxt3V



from IBM Product Security Incident Response Team http://ift.tt/2ihfYHl

Singapore to record iris scans of citizens

Yahoo Discovers ANOTHER Breach

Earlier this year, Yahoo discovered they had a security breach that compromised 500 million user accounts. Within the last few weeks, Yahoo uncovered yet another breach believed to be entirely separate that compromised more than 1 billion user accounts.

Yahoo has suffered another hack.

The company disclosed today that it has discovered a breach of more than one billion user accounts that occurred in August 2013. The breach is believed to be separate and distinct from the theft of data from 500 million accounts that Yahoo reported this September.

Troublingly, Yahoo’s chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. “We have not been able to identify the intrusion associated with this theft,” Lord wrote in a post announcing the hack.

To read the full story on TechCrunch, click here.



Tags:  , , , , , ,

Del.icio.us
Facebook
TweetThis
Digg
StumbleUpon


Copyright © Data Breach Watch [Yahoo Discovers ANOTHER Breach], All Right Reserved. 2016.

The post Yahoo Discovers ANOTHER Breach appeared first on Data Breach Watch.



from Data Breach Watch http://ift.tt/2hvYaZq

Police Ask for Amazon Echo Data to Help Solve a Murder Case


Hey, Alexa! Who did this murder?

Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things.

Amazon Echo

is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with a variety of home automation hubs. It can do tasks like play music, make to-do lists, set alarms, and also provide real-time information such as weather and traffic.

As first

reported

by The Information, authorities in Bentonville have issued a warrant for Amazon to hand over audio or records from an Echo device belonging to James Andrew Bates in the hope that they'll aid in uncovering additional details about the murder of Victor Collins.

Just like

Apple refused the FBI

to help them

unlock iPhone

belonging to one of the San Bernardino terrorists, Amazon also declined to give police any of the information that the Echo logged on its servers.

Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder.

As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system.

Always-ON Listening Feature

Echo typically sits in an idle state with its microphones constantly listening for the "wake" command like "Alexa" or "Amazon" before it begins recording and sending data to Amazon's servers.

However, due to its always-on feature, it's usual for the Echo to activate by mistake and grab snippets of audio that users may not have known was being recorded.

Some of those voice commands are not stored locally on Echo but are instead logged onto Amazon's servers.

Presumably, the authorities believe that those audio records that the Echo device might have picked up the night of the incident and uploaded to Amazon servers could contain evidence related to the case under investigation.

Amazon Refused (Twice) to Hand over its User's Data

Amazon, however, denied providing any data that the authorities need. Here's what a spokesperson for the company told

CNBC

:

"Amazon will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course."

While the online retail giant has twice refused to serve police the Echo data logged on its servers, Amazon did provide Bates' account information and purchase history.

The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.

According to court records, Bates' smart water meter shows that his home ran 140 gallons of water between 1 AM and 3 AM the night Collins was found dead in Bates' hot tub. The prosecution claims that the water was used to wash away evidence after he killed Collins.

Should Amazon Share the Data or Not?

The authorities in the Collins murder case are asking for data on Amazon's servers that could help bring a criminal to justice. If so, authorities should get access to it.

In the case of

Apple vs. FBI

, Apple was forced to

write a backdoor software

that could bypass the security mechanism built into its iPhone, while the company already handed over the data stored on its server.

The broader takeaway:

IoT devices automating your habits at home could be used for or against you, legally.

The Collins murder case appears to be a first-of-its-kind, and we are very much sure to see more such cases in the future.

It will be interesting to see how the companies that make smart home devices would serve its customers while maintaining a balance between keeping their customers' privacy safe and aiding the process of justice.



from The Hacker News http://ift.tt/2iD4luH

Tuesday, December 27, 2016

Chrome will soon mark some HTTP pages as 'non-secure'

Did You Install Super Mario Run APK for Android? That's Malware


After the success of

Pokémon Go

, Nintendo's "Super Mario Run" has become the hottest game to hit the market with enormous popularity and massive social impact. The game has taken the world by storm since its launch for iOS devices over a week ago.

But if you have downloaded a Super Mario Run APK for your Android device, Beware! That's malware.

Since Super Mario Run has currently been released only for iOS devices and is not on Google Play, it caused a lot of disappointment among Android users.

So, eventually, many Android device owners who love Mario games and can not wait to play Super Mario Run ended up downloading APKs outside of the Google Play Store.

But those tons of phony copycat Super Mario apps on many third-party Android app stores turn out to be malware or viruses that attempt to look like the legitimate Super Mario Run app.

Super Mario can Take Full Control of your Android Device

To download the third party APK, users are required to "side-load" the malicious app by modifying their Android core security settings, allowing their device's operating system to install apps from "untrusted sources."

Some of these malicious apps can even take full control of your Android device, as the apps request privileges to edit, read, receive and send text messages, take photos and record videos and track your location using GPS.

However, one of the apps titled "Super Mario" creates additional icons, displays pop-up and banner ads, installs other malicious apps onto victim's smartphone, and performs other intrusive activities without any users interaction, according to Tokyo-based Trend Micro antivirus firm, which

detected

malicious Super Mario apps 90,000 times this year.

"Clicking on these ads or icons will direct users to either adult sites or malicious sites. In either case, the goal is to get users to install various apps," researchers at Trend Micro writes. 
"While some of these apps are perfectly legitimate, some are suspicious apps distributed by third-party app stores, including more malicious apps that even request for administrator rights."

Another app, also titled "Super Mario" and discovered by the security firm, prompts users first to install an app called 9Apps, which then asks for more permissions, including recording audio, reading modifying the calendar and even access to complete SD-card.

Here's How to Prevent Yourself

So, instead of downloading applications from unknown third party stores, Android users are required to wait for the official Google Play release.

Downloading apps from third parties do not always end up with malware or viruses, but it certainly ups the risk. So, it's the best way to wait to avoid compromising your device and the networks it accesses.

You can also go to Settings → Security and make sure "Unknown sources" option is turned off.



from The Hacker News http://ift.tt/2htJvxG

Five banking security trends in Latin America


ATMs running outdated software and equipment is another main threat that leaves Latin American banking customers exposed. "Many machines run software that is no longer supported and lack any security patches, so they become an obvious target to criminals," says Kaspersky's Assolini, adding that his firm has identified many banks running systems such the XP and 2000 versions of Windows, as well as exposed routers, which can open up access to the bank's network.



from Latest Topic for ZDNet in... http://ift.tt/2iaIFDj

IBM Security Bulletin: Vulnerability in URL Redirection affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8961)

IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. This simplifies phishing attacks.

CVE(s): CVE-2016-8961

Affected product(s) and affected version(s):

IBM License Metric Tool v9.x
IBM BigFix Inventory v9.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3lBbl
X-Force Database: http://ift.tt/2iAn5XQ



from IBM Product Security Incident Response Team http://ift.tt/2i3s4mV

IBM Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9

There are multiple vulnerabilities in WebSphere Liberty Profile that is used in IBM License Metric Tool v9 and IBM BigFix Inventory v9

CVE(s): CVE-2016-0359, CVE-2016-0385, CVE-2016-2960, CVE-2016-5986, CVE-2015-7417

Affected product(s) and affected version(s):

IBM License Metric Tool v9
IBM BigFix Inventory v9

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3xmii
X-Force Database: http://ift.tt/28YBUiZ
X-Force Database: http://ift.tt/2bH5iQp
X-Force Database: http://ift.tt/2bH5BuJ
X-Force Database: http://ift.tt/2ccJKps
X-Force Database: http://ift.tt/20fC4FZ



from IBM Product Security Incident Response Team http://ift.tt/2i3mhxL

IBM Security Bulletin: Vulnerabilities in Glibc affect IBM Security Network Controller (CVE-2016-3706, CVE-2016-4429)

Glibc vulnerabilities were found in IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVEs.

CVE(s): CVE-2016-3706, CVE-2016-4429

Affected product(s) and affected version(s):

IBM Security Network Controller 1.0.X

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iAoldj
X-Force Database: http://ift.tt/2heDe5H
X-Force Database: http://ift.tt/2gkDPFG



from IBM Product Security Incident Response Team http://ift.tt/2i3q8ee

IBM Security Bulletin: Vulnerabilities in Bind affect IBM SmartCloud Entry (CVE-2016-2776 CVE-2016-2848 )

IBM SmartCloud Entry is vulnerable to bind vulnerabilities. Remote attackers could exploit the vulnerabilities to trigger an assertion failues and make named exit unexpectedly with an assertion failure by sending a specially crafted DNS packet.

CVE(s): CVE-2016-2848, CVE-2016-2776

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3wBpd
X-Force Database: http://ift.tt/2gwtW3a
X-Force Database: http://ift.tt/2ggfRbX



from IBM Product Security Incident Response Team http://ift.tt/2iAjSYl

IBM Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking, or redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the “HTTPOXY” vulnerability.

CVE(s): CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3wCJN
X-Force Database: http://ift.tt/2dv9ofZ
X-Force Database: http://ift.tt/2dNq4KV
X-Force Database: http://ift.tt/2dv8GPN



from IBM Product Security Incident Response Team http://ift.tt/2i3m9hK

IBM Security Bulletin: Vulnerabilities in Busybox affect IBM SmartCloud Entry (CVE-2014-4607 CVE-2014-9645)

IBM SmartCloud Entry is vulnerable to Busybox vulnerabilities. Attackers could exploit these vulnerabilities to execute arbitrary code on the system or cause a denial of service or load arbitrary modules by using a specially-crafted basename.

CVE(s): CVE-2014-4607, CVE-2014-9645

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3oGIs
X-Force Database: http://ift.tt/2fmXz9G
X-Force Database: http://ift.tt/2ggg1jv



from IBM Product Security Incident Response Team http://ift.tt/2iAouxG

IBM Security Bulletin: Vulnerabilities in Php affect IBM SmartCloud Entry (CVE-2015-4644 CVE-2016-5385)

IBM SmartCloud Entry is vulnerable to Php vulnerabilities. Attackers could exploit these vulnerabilities to cause a segfault, or redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the “HTTPOXY” vulnerability by using a specially-crafted Proxy header in a HTTP request.

CVE(s): CVE-2015-4644, CVE-2016-5385

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iAcf3Z
X-Force Database: http://ift.tt/2i3s5at
X-Force Database: http://ift.tt/2dv9pkb



from IBM Product Security Incident Response Team http://ift.tt/2i3s9GW

Monday, December 26, 2016

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2016-6304, CVE-2016-6303, CVE-2016-6308, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVEs.

CVE(s): CVE-2016-6304, CVE-2016-6303, CVE-2016-6308, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052

Affected product(s) and affected version(s):

IBM Security Network Controller 1.0.X

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iwv4F4
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD



from IBM Product Security Incident Response Team http://ift.tt/2iwkhe7

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Active Bypass (CVE-2016-6304, CVE-2016-6303, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Active Bypass. IBM Security Network Active Bypass has addressed the applicable CVEs.

CVE(s): CVE-2016-6303, CVE-2016-6309, CVE-2016-7052, CVE-2016-6304, CVE-2016-2181

Affected product(s) and affected version(s):

IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.5-21
IBM Security 10G Network Active Bypass firmware versions 1.x firmware levels 1.0.1876 through 3.30.5-21

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hZh367
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXLUk



from IBM Product Security Incident Response Team http://ift.tt/2hZfIMA

PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit


A critical vulnerability has been discovered in

PHPMailer

, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide.

Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users.

Discovered by Polish security researcher Dawid Golunski of

Legal Hackers

, the critical vulnerability (

CVE-2016-10033

) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application.

"To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today.

Golunski responsibly reported the vulnerability to the developers, who have patched the vulnerability in their new release,

PHPMailer 5.2.18

.

All versions of PHPMailer before the critical release of PHPMailer 5.2.18 are affected, so web administrators and developers are strongly recommended to update to the patched release.

Since The Hacker News is making the first public disclosure of the vulnerability in the news following Golunski advisory and millions of websites remain unpatched, the researcher has put on hold more technical details about the flaw.

However, Golunski has promised to release more technical details about the vulnerability in coming days, including a proof-of-concept exploit code and video demonstration that will show the attack in action.

We will update this article with additional information on the PHPMailer vulnerability, exploit code and video demonstration, once the researcher makes it public.



from The Hacker News http://ift.tt/2i9FLks

Cyanogen Shutting Down All Services; No More Android ROM Updates


A bittersweet Christmas and New Year for users and fans of the most popular custom Android ROM, Cyanogen OS.

Cyanogen that tried and failed to kill Google's Android operating system is now shutting down the custom services that it provides to phones that run its Cyanogen OS as we know it and the "nightly builds" of said OS on December 31st.

Cyanogen came with an ambition to build better versions of the Android operating system than those created by Google itself, but following some technical and potential legal issues, the startup has decided to quit.

The planned shutdown of Cyanogen was officially announced late Friday through a very brief

blog post

made by the company, saying

"as part of the ongoing consolidation of Cyanogen,"

it's shutting down all services and nightly builds on December 31.

"The open source project and source code will remain available for anyone who wants to build CyanogenMod personally," the blog reads.

What About Cyanogen OS-Powered Smartphones?

From January 2017, there will be no further updates to the Cyanogen OS, no more nightly builds, and no more security updates.

Eventually, smartphones running on the Cyanogen OS, like the original OnePlus One and Lenovo ZUK Z1, will have to switch to the open-source version of the CyanogenMod operating system.

CyanogenMod OS is not a commercial operating system and is managed by a community of developers led by Steve Kondik, the co-founder of Cyanogen.

'Death Blow' to CyanogenMod

However, the CyanogenMod team believes that the shutdown of Cyanogen is a "death blow" to CyanogenMod, the team

announced

just after the closure announcement by Cyanogen.

CyanogenMod team pays respects to the community as it served for more than eight long years and announced the next open-source Android project.

Embracing the spirit of Cyanogen, the CyanogenMod team of developers, designers, device maintainers, and translators are now working to produce a fork of the CyanogenMod source code and pending patches.

Next? CyanogenMod Team Launches Lineage OS

While both Cyanogen and CyanogenMod are saying goodbye this year, the spirit of CyanogenMod will continue to live on in the new open source project.

Dubbed

LineageOS

, the new OS is still in its inception phase and would take some time for people to see any progress from the newly formed unit.

According to the CyanogenMod (CM) team, Lineage

"is more than just a ‘rebrand’" and "will return to the grassroots community effort that used to define CM while maintaining the professional quality and reliability you have come to expect more recently."

A website is being developed for

LineageOS

, and the

GitHub

repository can be found populated with CM files, called Lineage Android Distribution. The beginning of this new open source project

"will be a continuation of what CyanogenMod was."


from The Hacker News http://ift.tt/2hmyUD8

Saturday, December 24, 2016

Is this the age of the smart wallet, or are they more trouble than they're worth?

Hackers threaten to take down Xbox Live and PSN on Christmas Day


Bad news for gamers!

It's once again the time when most of you will get new PlayStations and XBoxes that continue to be among the most popular gifts for Christmas, but possibilities are you'll not be able to log into the online gaming console, just like what

happens on every Christmas

holidays.

On 2014 Christmas holidays, the notorious hacker group Lizard Squad knocked the

PlayStation Network and Xbox Live offline

for many gamers by launching massive DDoS attacks against the gaming networks.

This time a new hacking group, who managed to take down Tumblr this week for almost two hours, has warned gamers of launching another large-scale distributed denial-of-service (DDoS) attack against XBox Live and PlayStation networks.

Calling itself

R.I.U. Star Patrol

, the hacking group, posted a video on

YouTube

, announcing that they’re planning to take down Sony’s PSN and Microsoft’s Xbox Live on Christmas Day by launching coordinated DDoS attacks.

"We do it because we can," the group said. "We have not been paid a single dollar for what we do."

On Wednesday, when

R.I.U. Star Patrol

took down Tumblr, the group contacted

Mashable

and explained its reason for attacking: "

There is no sinister motive. It’s all for light hearted fun.

"

Neither Sony nor Microsoft has yet responded to the hackers' warning.

However, both Sony and Microsoft previously promised to enhance the protection of their systems to block any attack disrupting their networks, but downtime and short outages happened almost every Christmas time.

Knowing the current abilities of hackers to launch

DDoS attack that can reach 1 Tbps

, it goes without saying that both the companies should be prepared to see DDoS attacks targeting its servers on this Christmas that can go beyond their expectations.

We saw coordinated

DDoS attacks against DNS hosting provider Dyn

last fall that broke large portions of the Internet, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

The massive DDoS attack was launched just by a

botnet of an estimated 100,000

so-called

Internet of Things (IoT)

– everyday devices and appliances that are connected to the web – that closed down the Internet for millions of users.

So, it remains to be seen if gamers would be able to enjoy this Christmas or not.



from The Hacker News http://ift.tt/2hB71Fg

Friday, December 23, 2016

YubiKey for Windows Hello brings hardware-based 2FA to Windows 10

IBM Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry

IBM SmartCloud Entry is vulnerable to Qemu-kvm vulnerabilities. Attackers could overflow a buffer and execute arbitrary code on the system or cause the application to crash, or could exploit these vulnerabilities to gain elevated privileges on the host system or cause a denial of service, modify access modes and execute arbitrary code on the system with the privileges of the Qemu process, or cause a denial of service. CVE-2015-7512 CVE-2015-7504 CVE-2016-1714 CVE-2016-3710 CVE-2016-5403

CVE(s): CVE-2015-7504, CVE-2015-7512, CVE-2016-1714, CVE-2016-3710, CVE-2016-5403

Affected product(s) and affected version(s):

IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hjOu42
X-Force Database: http://ift.tt/2hyE9gL
X-Force Database: http://ift.tt/2dv9cNx
X-Force Database: http://ift.tt/2dNprAS
X-Force Database: http://ift.tt/2dv96pa
X-Force Database: http://ift.tt/2hyESP8



from IBM Product Security Incident Response Team http://ift.tt/2hjQkCc

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 CVE-2016-2183.

CVE(s): CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6304, CVE-2016-6306, CVE-2016-2183

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hyDQlY
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmWOvf
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dR3VyC



from IBM Product Security Incident Response Team http://ift.tt/2hjTS7m

IBM Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6305, CVE-2016-6303, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052

Affected product(s) and affected version(s):

Principal Product and Version(s) Affected Supporting Product(s) and Version(s)
Rational Insight 1.1, 1.1.1, 1.1.1.1 and 1.1.1.2 Cognos BI 10.1.1
Rational Insight 1.1.1.3 Cognos BI 10.2.1
Rational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6 Cognos BI 10.2.1 Fix pack 2
Jazz Reporting Service 5.0, 5.0.1 and 5.0.2
Rational Insight 1.1.1.7 Cognos BI 10.2.1 Fix pack 2
Jazz Reporting Service 6.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hjNgpu
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dR3XX1
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2dmWOvf
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dR3Smm
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD



from IBM Product Security Incident Response Team http://ift.tt/2hyJogz

IBM Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence (RRDI). RRDI has addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6305, CVE-2016-6303, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052

Affected product(s) and affected version(s):

Principal Product and Version(s) Affected Supporting Product(s) and Version(s)
RRDI 2.0, 2.0.1, 2.0.3 and 2.0.4 Cognos BI 10.1.1
RRDI 2.0.5 and 2.0.6 Cognos BI 10.2.1
RRDI 5.0, 5.0.1 and 5.0.2 Cognos BI 10.2.1 Fix pack 2
Jazz Reporting Service 5.0, 5.0.1 and 5.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hyBaoA
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dR3XX1
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2dmWOvf
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dR3Smm
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD



from IBM Product Security Incident Response Team http://ift.tt/2hjZuOO

IBM Security Bulletin: OpenLDAP vulnerability affects IBM SmartCloud Entry (CVE-2015-6908 )

IBM SmartCloud Entry is vulnerable to OpenLDAP vulnerabilities. Remote attackers could exploit this vulnerability to cause the slapd service to crash by sending a specially-crafted packet.

CVE(s): CVE-2015-6908

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hyFap1
X-Force Database: http://ift.tt/1Tg5vmN



from IBM Product Security Incident Response Team http://ift.tt/2hyEQXw

IBM Security Bulletin: Multiple security vulnerabilities in Tivoli Storage Manager (IBM Spectrum Protect) Operations Center (CVE-2016-6043, CVE-2016-6044, CVE-2016-6045, CVE-2106-6046)

Multiple security vulnerabilities exist in Tivoli Storage Manager (IBM Spectrum Protect) Operations Center as described under

CVE(s): CVE-2016-6043, CVE-2016-6044, CVE-2016-6045, CVE-2016-6046

Affected product(s) and affected version(s):

The following versions of Tivoli Storage Manager (IBM Spectrum Protect) Operations Center are affected:

  • 7.1.0.000 through 7.1.7.000
  • 6.4.1.000 through 6.4.2.400

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hjUzxB
X-Force Database: http://ift.tt/2hyF8NV
X-Force Database: http://ift.tt/2hjTRAk
X-Force Database: http://ift.tt/2hyDP1o
X-Force Database: http://ift.tt/2hjRX2C



from IBM Product Security Incident Response Team http://ift.tt/2hyL1L9

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.26 and Version 7.0.9.40 these are used by IBM SmartCloud Entry of IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in July 2016 and October 2016 and includes the vulnerability commonly referred to as “SLOTH”.

CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3511, CVE-2016-3508, CVE-2016-3550, CVE-2016-3500, CVE-2016-3458, CVE-2016-3485, Not Applicable, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503, CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542, Not Applicable

Affected product(s) and affected version(s):

IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5 interim fix 4
IBM Cloud Manager with OpenStack 4.2.0 through 4.2.0.3 interim fix 8
IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.6 interim fix 3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hyCzLF
X-Force Database: http://ift.tt/2b7GBwx
X-Force Database: http://ift.tt/2aGcUP3
X-Force Database: http://ift.tt/2b7H1Te
X-Force Database: http://ift.tt/2aGbWSW
X-Force Database: http://ift.tt/2b7Gtgl
X-Force Database: http://ift.tt/2ctomSx
X-Force Database: http://ift.tt/2aGc4lp
X-Force Database: http://ift.tt/2ctom4Z
X-Force Database: http://ift.tt/2bTrNgj
X-Force Database: http://ift.tt/2b7G65u
X-Force Database:
X-Force Database: http://ift.tt/2bTqVZ8
X-Force Database: http://ift.tt/2ctoPUY
X-Force Database: http://ift.tt/2bTrbY9
X-Force Database: http://ift.tt/2fVzmWT
X-Force Database: http://ift.tt/2eDq0ND
X-Force Database: http://ift.tt/2e5p1tK
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2eDqzaq
X-Force Database: http://ift.tt/2e5s2Ku
X-Force Database:



from IBM Product Security Incident Response Team http://ift.tt/2hjJfRT

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.25 and Version 7.0.9.35 that is used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in July 2016 and October 2016 and includes the vulnerability commonly referred to as “SLOTH”.

CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3511, CVE-2016-3508, CVE-2016-3550, CVE-2016-3500, CVE-2016-3458, CVE-2016-3485, Not Applicable, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503, CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542, Not Applicable

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.3.0 through 2.3.0.3 JRE Update 6
IBM SmartCloud Entry 2.4.0 through 2.4.0.5 JRE Update 6
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 JRE Update 14
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 JRE Update 9

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hjQQ33
X-Force Database: http://ift.tt/2b7GBwx
X-Force Database: http://ift.tt/2aGcUP3
X-Force Database: http://ift.tt/2b7H1Te
X-Force Database: http://ift.tt/2aGbWSW
X-Force Database: http://ift.tt/2b7Gtgl
X-Force Database: http://ift.tt/2ctomSx
X-Force Database: http://ift.tt/2aGc4lp
X-Force Database: http://ift.tt/2ctom4Z
X-Force Database: http://ift.tt/2bTrNgj
X-Force Database: http://ift.tt/2b7G65u
X-Force Database:
X-Force Database: http://ift.tt/2bTqVZ8
X-Force Database: http://ift.tt/2ctoPUY
X-Force Database: http://ift.tt/2bTrbY9
X-Force Database: http://ift.tt/2fVzmWT
X-Force Database: http://ift.tt/2eDq0ND
X-Force Database: http://ift.tt/2e5p1tK
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2eDqzaq
X-Force Database: http://ift.tt/2e5s2Ku
X-Force Database:



from IBM Product Security Incident Response Team http://ift.tt/2hyCAzd

IBM Security Bulletin: A security vulnerability has been identified in Apache Commons shipped with IBM Support Assistant Team Server (CVE-2016-3092)

Apache Commons is shipped with IBM Support Assistant Team Server. Information about a security vulnerability affecting Apache Commons has been published in a security bulletin.

CVE(s): CVE-2016-3092

Affected product(s) and affected version(s):

IBM Support Assistant Team Server: 5.0.0 – 5.0.2.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hyH1Kt
X-Force Database: http://ift.tt/2bozrA8



from IBM Product Security Incident Response Team http://ift.tt/2hyL0XB

IBM Security Bulletin: Multiple security vulnerabilities in IBM WebSphere Application Server Liberty affect Tivoli Storage Manager (IBM Spectrum Protect) Operations Center (CVE-2016-0378, CVE-2016-3040, CVE-2016-3042, CVE-2016-5986)

Multiple security vulnerabilities exist in IBM WebSphere Application Server Liberty that affect Tivoli Storage Manager (IBM Spectrum Protect) Operations Center.

CVE(s): CVE-2016-0378, CVE-2016-3040, CVE-2016-3042, CVE-2016-5986

Affected product(s) and affected version(s):

The following versions of Tivoli Storage Manager (IBM Spectrum Protect) Operations Center are affected:

  • 7.1.0.000 through 7.1.7.000
  • 6.4.1.000 through 6.4.2.400

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hjKSiD
X-Force Database: http://ift.tt/2cG9hh7
X-Force Database: http://ift.tt/2ciMesr
X-Force Database: http://ift.tt/2coBlSO
X-Force Database: http://ift.tt/2ccJKps



from IBM Product Security Incident Response Team http://ift.tt/2hyGZCl

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542)

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed As part of the IBM Java SDK updates in October 2016.

CVE(s):CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542

Affected product(s) and affected version(s):

 AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x
The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
For Java6: Less than 6.0.0.635 For Java7: Less than 7.0.0.560
For Java7.1: Less than 7.1.0.360
For Java8: Less than 8.0.0.321
Note: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.
Example: lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hZJrmE
X-Force Database: http://ift.tt/2hfYcTD
X-Force Database: http://ift.tt/2gMB0ME
X-Force Database: http://ift.tt/2hcxxUQ
X-Force Database: http://ift.tt/2gMKvvB
X-Force Database: http://ift.tt/2hclFSv
X-Force Database: http://ift.tt/2gMEDCj
X-Force Database: http://ift.tt/2hcofbo



from IBM Product Security Incident Response Team http://ift.tt/2hZKzGC

Thursday, December 22, 2016

Leaked files reveal scope of Israeli firm's phone cracking tech

Hacks battered IT optimism in 2016; can 2017 enrich defenses

Apple extends developer deadline for mandatory App Transport Security support

Russia Wants Apple to Unlock iPhone belonging to Killer of Russian Ambassador


You might have also seen a viral video of the

assassination

of the Russian ambassador to Turkey that quickly spread through the Internet worldwide.

Russian Ambassador Andrei Karlov was shot dead by an off-duty police officer in Ankara on December 19 when the ambassador was giving a speech at an art gallery. The shooter managed to pretend himself as his official bodyguard and later shot to death by Turkish special forces.

After this shocking incident, Apple has been asked to help

unlock an iPhone

4S recovered from the shooter, which could again spark up battle similar to the one between

Apple and the FBI

earlier this year.

Turkish and Russian authorities have asked Apple to help them bypass the PIN code on an iPhone 4S, which, the authorities believe, could assist them to investigate killer's links to various terrorist organizations.

Apple is expected to refuse the request, but according to

MacReports

and other local media, the Russian government is reportedly sending a team of experts to Turkey to help authorities unlock the iPhone.

In

Apple vs. FBI case

, Apple declined to help the FBI unlock an iPhone belonging to the San Bernardino shooter Syed Rizwan Farook, saying that any

backdoor it developed

would eventually end up falling into the wrong hands.

The FBI reportedly got outside help to unlock the iPhone, for which the agency

paid almost $1.3 Million

to a group of hackers to unlock that device but found nothing that could help them in the investigation.

The man who killed the Russian ambassador on Monday was later identified as 22-year-old Mevlut Mert Altıntas, an off-duty police officer who used his police ID to gain access to the Ankara art gallery where Karlov was giving a speech.

During the assassination, the shooter shouted "Don't forget Aleppo," and according to both Russian and Turkish authorities, the assassination was designed to destabilize the relationship between the two countries.



from The Hacker News http://ift.tt/2hvszmz