SymmetricalDataSecurity: January 2018

Wednesday, January 31, 2018

USN-3554-2: curl vulnerability

Ubuntu Security Notice USN-3554-2

31st January, 2018

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 12.04 LTS

Summary

curl could be made to expose sensitive information.

Software description

curl - HTTP, HTTPS, and FTP client and client libraries

Details

USN-3554-1 fixed vulnerabilities in curl. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that curl could accidentally leak authentication data.
An attacker could possibly use this to get access to sensitive information.
(CVE-2018-1000007)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:: libcurl3-nss 7.22.0-3ubuntu4.20; curl 7.22.0-3ubuntu4.20; libcurl3-gnutls 7.22.0-3ubuntu4.20; libcurl3 7.22.0-3ubuntu4.20

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2018-1000007

from Ubuntu Security Notices http://ift.tt/2DTGqON

USN-3554-1: curl vulnerabilities

Ubuntu Security Notice USN-3554-1

31st January, 2018

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in curl.

Software description

curl - HTTP, HTTPS, and FTP client and client libraries

Details

It was discovered that curl incorrectly handled certain data. An attacker
could possibly use this to cause a denial of service or even to get access
to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.

It was discovered that curl could accidentally leak authentication data.
An attacker could possibly use this to get access to sensitive information.
(CVE-2018-1000007)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:: libcurl3-nss 7.55.1-1ubuntu2.3; curl 7.55.1-1ubuntu2.3; libcurl3-gnutls 7.55.1-1ubuntu2.3; libcurl3 7.55.1-1ubuntu2.3
Ubuntu 16.04 LTS:: libcurl3-nss 7.47.0-1ubuntu2.6; curl 7.47.0-1ubuntu2.6; libcurl3-gnutls 7.47.0-1ubuntu2.6; libcurl3 7.47.0-1ubuntu2.6
Ubuntu 14.04 LTS:: libcurl3-nss 7.35.0-1ubuntu2.14; curl 7.35.0-1ubuntu2.14; libcurl3-gnutls 7.35.0-1ubuntu2.14; libcurl3 7.35.0-1ubuntu2.14

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2018-1000005, CVE-2018-1000007

from Ubuntu Security Notices http://ift.tt/2DQWDIp

Security consultant granted bail after 'hacking' GoGet systems

Australian government cannot handle its own data securely, why give it yours?

The new face of Threat Grid for 2018

Threat Grid’s engineering team is always working on improvements to our leading malware analysis and threat intelligence platform. In the latter part of 2017 and into early 2018, the team has been working on improvements to the UI and workflow, making sure that customers can get to the specific information they are looking for, as quickly as possible. This has led to a rapid release of multiple interface improvements recently. In this blog, I’ll summarize the highlights here, and link you to a more in depth video about them.

To start with, the entire product is moving towards a unified look and feel with the rest of Cisco’s Advanced Threat Solutions. If you’re a customer of multiple products, you will develop familiarity with a unified set of icons and design elements, ergonomics and workflow, that will help you to more quickly and intuitively navigate multiple platform interfaces with ease.

Secondly, the dashboard, the entry point of the UI, has gotten a major facelift. Below you can see the new design.

This revamp provides a set of easy to use controls to select the data that will be represented in the dashboard; users can choose between seeing only their submissions or all submissions from their organization, and of several convenient preset time periods.

Below that is a simple ribbon of high level statistics, to easily check in on the general “health” of the user’s or organization’s Threat Grid usage.

Below that is a ribbon showing thumbnails of all recent dynamic analysis consoles. This is an incredibly quick way to check in on the status and results of recent submissions. Hovering the mouse over any of them produces a popup with a larger, zoomed in view.

The rest of the dashboard is, as before, composed of graphs and charts showing various aspects of your usage of the platform. These can be configured, and like the data selection tools at the top your settings will be automatically saved for the next time you log in. New capabilities here include being able to see what the submission sources were for your samples (Meraki, portal user, Firepower devices, etc) and the breakdown of submitted file types.

An improvement that doesn’t get communicated well in the still image above is the performance boost the UI has gotten. The dashboard is now much more responsive, having benefited from several foundational improvements that increase the speed at which query results are returned.

Something that at first glance appears to be missing from the dashboard is the longer and more detailed listing of recent samples you might be used to. This brings us to the third of our improvements for this article: The all new sample manager.

The sample manager is now a more powerful tool with its own page in the UI. Click on ‘Samples’ in the upper left navigation bar to get to it.

The left pane is a powerful set of filtering features, including the ability to perform many of the searches previously (and still) available via the advanced search feature. Additionally, you can filter by time period (including the option to set a custom date/time window), sample ownership, sample threat score, and sample source. Again, all these options will be saved for you the next time you log in. A feature I’m particularly fond of in the filter pane is an option at the very top, to display the API call that would be required to set the same filters in an automated search.

The right pane is the content and results area, in which you see all the samples that meet the criteria you set out in the left. Each sample’s row has its name, hash, score, a small icon that is densely packed with information about the behavior indicators that were triggered in the course of the analysis, and other useful information. Additionally, directly from this page you can take several actions either on individual samples or on an entire set at once (via the checkboxes at the left of the rows). You can download any or all of the analysis data, view or save the runtime video, change the privacy options, and more.

Via these changes, you will find Threat Grid to be a more intuitive, faster and easier to use tool. You can quickly sift through large amounts of information for specific details, or easily view the set as a whole with insight into trends and breakouts. You and your staff can spend more time working, and less time getting to where the work is done.

In late 2017, as the first of these changes were rolled out, I made a short video going into more detail on the new features and layout. While parts of it are already out of date given the rapid release cycle I mentioned, it is still a good walk through of the changes – watch it here for more information:

VIDEO

Tags:

from Cisco Blog » Security http://ift.tt/2GxyaWe

Intel names new technology chief amid Meltdown-Spectre fallout

Cisco Releases Security Updates

Original release date: January 31, 2018

Cisco has released software updates to address a vulnerability in its Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. A remote attacker could exploit this vulnerability to cause a denial of service condition.

NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT National Cyber Alert System http://ift.tt/2FvsT0k

We rank the technologies most likely to change the world by 2028

The team at Lux Research started with the simple question: "What technologies have the greatest potential to transform the world over the next decade?" From there, they applied in-house data analysis to identify and rank the 18 most transformative technologies.

We count them down here, starting with #18: Syngas and Power-to-Gas. producing fuels from CO2 to drive the energy transition

from Latest Topic for ZDNet in... http://ift.tt/2rVwuCS

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and IBM® Runtime Environment Java™ Version 7 used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

CVE(s): CVE-2017-10357, CVE-2017-10348, CVE-2017-10349, CVE-2017-10347, CVE-2017-10350, CVE-2017-10281, CVE-2017-10388, CVE-2017-10356

Affected product(s) and affected version(s):

IBM Content Collector for SAP Applications v3.0

IBM Content Collector for SAP Applications v4.0

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2DQejjg

IBM Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2017-10356, CVE-2017-10388)

An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to take control of the system.

CVE(s): CVE-2017-10356, CVE-2017-10388

Affected product(s) and affected version(s):

IBM SPSS Analytic Server 2.0.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22011240
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133785
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133813

The post IBM Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2017-10356, CVE-2017-10388) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2EqPqvF

IBM Security Bulletin: IBM b-type SAN directors and switches is affected by privilege escalation vulnerability (CVE-2016-8202).

IBM b-type SAN directors and switches has addressed the privilege escalation vulnerability (CVE-2016-8202).

CVE(s): CVE-2016-8202

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1010494
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125666

The post IBM Security Bulletin: IBM b-type SAN directors and switches is affected by privilege escalation vulnerability (CVE-2016-8202). appeared first on IBM PSIRT Blog.

Affected IBM b-type Directors and switches	Affected Versions
FOS	FOS 7.X versions Prior to 7.4.1d
FOS	FOS 8.X versions Prior to 8.0.1b

from IBM Product Security Incident Response Team http://ift.tt/2DOT69I

IBM Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2180).

IBM b-type SAN switches and directors has addressed Open Source OpenSSL Vulnerabilities.

CVE(s): CVE-2016-2180

Affected product(s) and affected version(s):

FOS 7.X versions prior to 7.4.2

FOS 8.X versions prior to 8.1.0c

IBM Network Advisor versions prior to 14.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1010577
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115829

The post IBM Security Bulletin: IBM b-type SAN switches and directors affected by Open Source OpenSSL Vulnerabilities (CVE-2016-2180). appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2Es8FoV

Network Visibility for Mergers and Acquisitions

Mergers and acquisitions bring major challenges to nearly every aspect of a business, but integrating two different networks while maintaining enterprise security is perhaps one of the most demanding trials an organization can undergo.

Every organization has their own security policies, and applying new ones to hundreds or even thousands of new machines and users can be a logistical nightmare. On top of that, increasing the size of a network also increases its threat surface, potentially giving attackers new avenues to gain access and compromise sensitive data.

The pervasive network visibility that Cisco Stealthwatch Enterprise provides can give network and security administrators the information they need to facilitate a smooth and secure integration. Here are a few ways Stealthwatch Enterprise is useful in mergers and acquisitions.

Audits

Successfully integrating two networks requires extensive knowledge of what hosts, systems, and resources are present. To ensure you have the most accurate knowledge possible, use Stealthwatch Enterprise to discover the acquisition’s assets.

By using NetFlow and other sources of network traffic metadata, Stealthwatch Enterprise sees all activity on the network. This means that every host that produces traffic on the network is identified and logged automatically. In a few hours or days, engineers and architects will have records of every active host. These can then be inventoried by service to identify servers that need to be moved.

Here are example results of a query to identify active servers providing DNS:

Service and Application Identification

Different organizations use applications and services differently. Understanding what services and applications are used, how much they are used, and identifying the data flows in use by the services and applications is key to developing an integration strategy that minimizes impacts to normal business functions.

Stealthwatch Enterprise provides layer 7 visibility, which allows users to see application and service usage in a variety of formats. Here is an example summary of a network environment’s application traffic, visualized as a pie chart:

As a graph:

And as a table:

In addition, users can drill into the data to discover a variety of attributes with only a few clicks.

Policy Violations

Mergers and acquisitions often involve applying new policies to old networks. The comprehensive visibility provided by Stealthwatch Enterprise can be used to identify noncompliant traffic and policy violations in real time. Stealthwatch Enterprise users can define custom rules to trigger an alarm when traffic utilizes a prohibited service or violates a policy.

In the example below, traffic utilizing peer-to-peer (P2P) or Dropbox is identified:

Stealthwatch Enterprise can also be used to verify policy enforcement. For example, if P2P traffic is supposed to be blocked, any P2P activity could be indicative of a misconfigured policy.

Access Control and Segmentation

Stealthwatch Enterprise can also be used to develop network access control and firewall policies and verify their effectiveness. Utilizing the principle of least privilege, limiting hosts’ access to only network resources needed to perform their function can drastically reduce the reach of an attacker who manages to circumvent perimeter security. This is especially applicable to environments that must comply with industry regulations, such as PCI DSS, HIPAA, etc.

By understanding where sensitive assets reside and what network resources users interact with on a regular basis, architects can design access control policies that are effective and don’t impact normal business functions. Stealthwatch Enterprise uses network telemetry data to identify flows actually in use and takes out the guesswork, allowing for much smoother implementation and maintenance.

Additionally, administrators and architects often lack a way to verify if policies are working as intended. Using Stealthwatch Enterprise, custom rules can be defined to immediately highlight traffic that violates intended access controls, which can then be investigated and adjusted as necessary.

Link Monitoring

When integrating two networks, it is important to understand how different locations send data throughout the network to prevent erroneously disrupting network availability and to ensure data is transmitted efficiently. Stealthwatch Enterprise host group relationship maps can help with this.

Traffic profiles can also be built using Stealthwatch Enterprise to assist in capacity planning.

Maintaining Security

Last but most important, integrating separate networks bring a host of security implications, and attackers are aware of this and may keep track of major acquisitions to take advantage of the situation. No security measure is fool-proof, and you cannot simply assume your internal network is a safe area. This is even more important in an acquisition scenario where threats already present on the acquired network could be given free access to the larger network.

Stealthwatch Enterprise significantly reduces the time to identify a threat, giving security personnel a window of opportunity to mitigate the threat before sensitive data is stolen. By relying on NetFlow and other network traffic metadata, Stealthwatch Enterprise can identify a wide variety of security events including worm and botnet activity and advanced threats.

Identifying and mitigating these threats before they are integrated into the enterprise network with all of the legitimate systems can make the difference between a successful acquisition and a major data breach.

New opportunistic threats can also be detected during and after the integration process, ensuring that security is maintained throughout the organization from the beginning of the acquisition and after.

For more information on Cisco Stealthwatch Enterprise, visit cisco.com/go/stealthwatchenterprise

Tags:

from Cisco Blog » Security http://ift.tt/2GxPwCt

USN-3552-1: Firefox vulnerability

Ubuntu Security Notice USN-3552-1

31st January, 2018

firefox vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

Firefox could be made to run programs as your login if it opened a malicious website.

Software description

firefox - Mozilla Open Source web browser

Details

Johann Hofmann discovered that HTML fragments created for
chrome-privileged documents were not properly sanitized. An attacker
could exploit this to execute arbitrary code. (CVE-2018-5124)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:: firefox 58.0.1+build1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:: firefox 58.0.1+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:: firefox 58.0.1+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2018-5124

from Ubuntu Security Notices http://ift.tt/2E0nbq2

IT budgets in Brazil to increase in 2018

Cryptocurrency miners: A replacement for ransomware

Camera makers resist encryption, despite warnings from photographers

Cisco Aggregation Services Router 9000 Series IPv6 Fragment Header Denial of Service Vulnerability

This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met:

The router is running Cisco IOS XR Software Release 5.3.4.
The router has installed Trident-based line cards that have IPv6 configured.

Determining the Cisco IOS XR Software Release

To determine which Cisco IOS XR Software release is running on a device and the name of the device on which it is running, administrators can log in to the device and use the

show version

command in the CLI. If the device is running Cisco IOS XR Software,

Cisco IOS XR Software

or similar text appears in the system banner. The location and name of the system image file that is currently running on the device appears next to the

System image file is

text. The name of the hardware product appears on the line after the name of the system image file.

The following example shows the output of the

show version

command on a device that is running Cisco IOS XR Software release 5.3.4:

RP/0/RSP0/CPU0:ASR9001#show version
Wed Jan 24 01:32:32.751 EST

Cisco IOS XR Software, Version 5.3.4[Default]
Copyright (c) 2017 by Cisco Systems, Inc.

ROM: System Bootstrap, Version 2.04(20140227:092320) [ASR9K ROMMON],  

ASR9001 uptime is 6 hours, 17 minutes
System image file is "bootflash:disk0/asr9k-os-mbi-5.3.4.sp4-1.0.0/0x100000/mbiasr9k-rp.vm"

cisco ASR9K Series (P4040) processor with 8388608K bytes of memory.
P4040 processor at 1500MHz, Revision 2.0
ASR-9001 Chassis

2 Management Ethernet
8 TenGigE
20 GigabitEthernet
8 DWDM controller(s)
8 WANPHY controller(s)
44 GigabitEthernet/IEEE 802.3 interface(s)
219k bytes of non-volatile configuration memory.
2880M bytes of hard disk.
3932144k bytes of disk0: (Sector size 512 bytes).

Configuration register on node 0/RSP0/CPU0 is 0x2102

Determining if the Device Has a Trident-based Line Card

The first generation of the Cisco ASR 9000 Series Ethernet line cards are often referred to as Trident-based (or Ethernet) line cards. The term comes from the Network Processors (NPs) that are used on these line cards. The following is a complete list of affected Trident-based line cards. Line cards not listed are not affected by this vulnerability:

A9K-40GE-L
A9K-40GE-B
A9K-40GE-E
A9K-4T-L
A9K-4T-B
A9K-4T-E
A9K-8T/4-L
A9K-8T/4-B
A9K-8T/4-E
A9K-2T20GE-L
A9K-2T20GE-B
A9K-2T20GE-E
A9K-8T-L
A9K-8T-B
A9K-8T-E
A9K-16/8T-B

To determine whether the line card installed in the ASR 9000 Series Router is Trident-based, the administrator can use the

show diag | include PID:

command. Affected devices will include the product ID (PID) for at least one of the Trident-based line cards listed previously. The following example shows a device on which an A9K-8T-L card is active:

RP/0/RSP0/CPU0:ASR9006-B#show diag | include PID:
Tue Jan 26 00:07:09.406 EST
  PID:   A9K-RSP440-SE
  PID:   A9K-RSP440-SE
  PID:   A9K-8X100GE-SE
  PID:   A9K-8T-L
  PID:   A9K-36X10GE-SE
  PID:   A9K-MOD160-TR
  PID:   A9K-MPA-8X10GE 
  PID:   A9K-MPA-8X10GE 
RP/0/RSP0/CPU0:ASR9006-B#

For more information on Trident-based line cards, consult the ASR 9000 Series Line Card Types publication at the following URL:

https://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116726-qanda-product-00.html Determining if the Device Is Configured for IPv6

Administrators can use the

show ipv6 interface brief

command to determine if an interface is enabled for IPv6 traffic processing. The following example shows an interface configured for IPv6 processing:

RP/0/RP0/CPU0:router# show ipv6 interface brief
GigabitEthernet0/2/0/0 [Up/Up]
fe80::212:daff:fe62:c150
202::1
.
.
.

The

show ipv6 interface brief

command will produce an error message if the running version of Cisco IOS XR Software does not support IPv6. The output will not show any interfaces with IPv6 addresses if IPv6 is disabled.

An interface may be configured for IPv6 processing but may not appear on the output of the

show ipv6 interface brief

command if the interface is part of a bundle or a virtual routing and forwarding (VRF) instance. The

show ipv6 vrf all interface

command can be used to determine whether any interface has been configured in this way. The following is the output of the

show ipv6 vrf all interface

command showing an interface configured for IPv6 processing as part of a bundle and assigned to a VRF instance:

RP/0/RP0/CPU0:Router#show ipv6 vrf all interface 
.
.
.
Bundle-Ether4.765 is Up, ipv6 protocol is Up, Vrfid is FDA (0x60000001)
  IPv6 is enabled, link-local address is fe80::21d:a2ff:aabb:ccdd
  Global unicast address(es):
    2001:db8:1:1::1, subnet is 2001:db8:1:1::/64 
  Joined group address(es): ff02::1:ff00:0 ff02::1:aabb:ccdd ff02::2
      ff02::1
  MTU is 1518 (1500 is available to IPv6)
  ICMP redirects are disabled
  ICMP unreachables are enabled
  ND DAD is enabled, number of DAD attempts 1
  ND reachable time is 0 milliseconds
  ND advertised retransmit interval is 0 milliseconds
  Hosts use stateless autoconfig for addresses.
  Outgoing access list is not set
  Inbound  access list is not set
  Table Id is 0xe0800001

No other Cisco products are currently known to be affected by this vulnerability.

Cisco Aggregation Services Router (ASR) 9000 Series that do not contain any Trident-based line cards, are not running Cisco IOS XR Software Release 5.3.4, or are not enabled for IPv6 are not affected.

No other devices running Cisco IOS XR Software are affected.

from Cisco Security Advisory http://ift.tt/2nmugYv

Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions

Critical Oracle Micros POS Flaw Affects Over 300,000 Payment Systems

Oracle has released a security patch update to address a critical remotely exploitable vulnerability that affects its MICROS point-of-sale (POS) business solutions for the hospitality industry.

The fix has been released as part of Oracle's

January 2018 update

that patches a total of 238 security vulnerabilities in its various products.

According to public

disclosure

by ERPScan, the security firm which discovered and reported this issue to the company, Oracle's MICROS EGateway Application Service, deployed by over 300,000 small retailers and business worldwide, is vulnerable to directory traversal attack.

If exploited, the vulnerability (

CVE-2018-2636

) could allow attackers to read sensitive data and receive information about various services from vulnerable MICROS workstations without any authentication.

Using directory traversal flaw, an unauthorized insider with access to the vulnerable application could read sensitive files from the MICROS workstation, including service logs and configuration files.

As explained by the researchers, two such sensitive files stored within the application storage—SimphonyInstall.xml or Dbconfix.xml—contain usernames and encrypted passwords for connecting to the database.

"So, the attacker can snatch DB usernames and password hashes, brute them and gain full access to the DB with all business data. There are several ways of its exploitation, leading to the whole MICROS system compromise," the researchers warned.

"If you believe that gaining access to POS URL is a snap, bear in mind that hackers can find digital scales or other devices that use RJ45, connect it to Raspberry PI, and scan the internal network. That is where they easily discover a POS system. Remember this fact when you pop into a store."

ERPScan has also released a

proof-of-concept

Python-based exploit, which, if executed on a vulnerable MICROS server, would send a malicious request to get the content of sensitive files in response.

Besides this, Oracle's January 2018 patch update also provides fixes for

Spectre and Meltdown

Intel processor vulnerabilities affecting certain Oracle products.

from The Hacker News http://ift.tt/2GzSjeC

USN-3553-1: Ruby vulnerabilities

Ubuntu Security Notice USN-3553-1

31st January, 2018

ruby2.3 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Ruby.

Software description

ruby2.3 - Interpreter of object-oriented scripting language Ruby

Details

It was discovered that Ruby failed to validate specification names.
An attacker could possibly use a maliciously crafted gem to potentially
overwrite any file on the filesystem. (CVE-2017-0901)

It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability.
An attacker could use this to possibly force the RubyGems client to download
and install gems from a server that the attacker controls. (CVE-2017-0902)

It was discovered that Ruby incorrectly handled certain YAML files. An attacker could
use this to possibly execute arbitrary code. (CVE-2017-0903)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:: libruby2.3 2.3.3-1ubuntu1.3; ruby2.3 2.3.3-1ubuntu1.3
Ubuntu 16.04 LTS:: libruby2.3 2.3.1-2~16.04.6; ruby2.3 2.3.1-2~16.04.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-0901, CVE-2017-0902, CVE-2017-0903

from Ubuntu Security Notices http://ift.tt/2DPXl4y

Better design for simpler, more effective security

Few will contest the notion that security is complex.

Evolving threats. Clever, motivated attackers. And all too often, vendor-inflicted complexity of managing security from the mismatched consoles from dozens of vendors.

In this case, not only must users jump between consoles but the actions that become familiar in one console are not at all helpful or relevant in another. Each new console amounts to a new security management process – adding to greater complexity.

We must not lose sight of the fact that through better user interface design, security products do not have to be hard to use. We can make it simpler, more intuitive – and thereby make the security posture more effective.

To make our products easier to use, we have been hard at work implementing a unified design system that covers each interaction users have in our product interfaces, using consistent menu language and aligning on a common look and feel.

The end result of this is a consistent look and feel that provides a common, more intuitive, simpler product experience. Much of what you learn using one console is immediately transferable to other products.

This means users will enjoy similar table designs, they’ll know error messages will appear in the same place, menu layouts will be familiar and search will work in the same way across products.

Using common design plays an even larger role as it enables an integrated security product portfolio so that all products look and behave in a consistent way.

The Cisco Approach

We have kept this all in mind as we have designed a common interface that spans many of our products to deliver a clean, simple, consistent look and feel.

Many key products in our portfolio already reflect our common interface:

Cisco Email Security
Cisco Umbrella
Cisco Web Security
Cisco Firepower Device Manager (NGFW)
Cisco Stealthwatch
Cisco AMP for Endpoints

The net result of all this? IT teams can more quickly and effectively investigate and resolve security incidents across our products.

Firepower Device Manager

Cisco Email Security

Cisco Web Security

Security management on the move

On the topic of quicker security responses, we also need to bring mobile devices into play for simpler access to security information or incidents.

We are finishing development of a mobile app for managing our next-generation firewalls (NGFWs.) The design tenant of this applications is “view and do” to support key activities from mobile devices.

Users will be alerted to events that need immediate attention and can quickly address the problem on their phone. The interactions on mobile devices are designed to let people be in and out quickly, with minimal steps to get things done and having all the relevant information needed to act in clear view.

For example, should the NGFW detect a suspicious bandwidth issue, our mobile application will notify the admin on their phone that a user is exceeding specified bandwidth thresholds. From the same view, the admin can block the user as a quick solution, prior to examining in greater depth once back at the office.

If you happen to join us at Cisco Live Barcelona, come by the security booth to see our newest interface for Email Security in action along with the rest of the portfolio, yielding simpler, more effective security.

Tags:

from Cisco Blog » Security http://ift.tt/2EqQcsJ

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser.

The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities.

According to a security

advisory

published by Cisco, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in

chrome-privileged

documents (browser UI).

Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or '

opening a file that submits malicious input to the affected software

"A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely," the advisory states.

This could allow an attacker to install programs, create new accounts with full user rights, and view, change or delete data.

However, if the application has been configured to have fewer user rights on the system, the exploitation of this vulnerability could have less impact on the user.

Affected web browser versions include Firefox 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), and 58 (.0). The vulnerability has been addressed in Firefox 58.0.1, and you can download from the company's official

website

The issue, which was discovered by Mozilla developer Johann Hofmann, does not affect Firefox browser for Android and Firefox 52 ESR.

Users are recommended to apply the software updates before hackers exploit this issue, and avoid opening links provided in emails or messages if they appear from suspicious or unrecognized sources.

Administrators are also advised to use an unprivileged account when browsing the Internet and monitor critical systems.

from The Hacker News http://ift.tt/2DOQ70W

IBM Security Bulletin: Vulnerabilities in Open Source OpenSSL affect IBM Cisco SAN switches and directors (CVE-2016-2177 CVE-2000-1254 CVE-2016-2178).

Open Source OpenSSL is used by IBM Cisco SAN switches and directors. IBM Cisco SAN switches and directors has addressed the applicable CVEs.

CVE(s): CVE-2000-1254, CVE-2016-2178, CVE-2016-2177

Affected product(s) and affected version(s):

NX-OS 5.X versions prior to 5.2.8(i)

NX-OS 6.X versions prior to 6.2(19)

NX-OS 7.X versions

NX-OS 8.X versions prior to 8.1

DCNM versions prior to 10.3(1)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010570
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113136
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113889
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113890

The post IBM Security Bulletin: Vulnerabilities in Open Source OpenSSL affect IBM Cisco SAN switches and directors (CVE-2016-2177 CVE-2000-1254 CVE-2016-2178). appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2ntTNhG

In fingerprints and banks we trust: IBM reports on the future of authentication

CT, MRI machines face the greatest risk of cyberattack, researchers warn

AMD vs Spectre: Our new Zen 2 chips will be protected, says CEO

Ransomware crooks test a new way to spread their malware

Firefox security: Mozilla issues fix for critical HTML hijack flaw

Windows security: We'll delete tools that bully you to buy upgrades, says Microsoft

Tuesday, January 30, 2018

USN-3551-1: WebKitGTK+ vulnerabilities

Ubuntu Security Notice USN-3551-1

30th January, 2018

webkit2gtk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS

Summary

Several security issues were fixed in WebKitGTK+.

Software description

webkit2gtk - Web content engine library for GTK+

Details

Multiple security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit these to cause a
denial of service, spoof the user interface, or execute arbitrary code.
(CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160,
CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:: libwebkit2gtk-4.0-37 2.18.6-0ubuntu0.17.10.1; libjavascriptcoregtk-4.0-18 2.18.6-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:: libwebkit2gtk-4.0-37 2.18.6-0ubuntu0.16.04.1; libjavascriptcoregtk-4.0-18 2.18.6-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References

CVE-2017-13884, CVE-2017-13885, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2018-4088, CVE-2018-4096

from Ubuntu Security Notices http://ift.tt/2DXhOrJ

GoGet fleet booking system accessed, alleged attacker charged

Forecast spotlight: What the rise of IoT means for future data breaches

The Internet of Things (IoT) is no longer a futuristic concept. It’s our reality, and with devices dropping in price and growing in availability, the IoT has already made its way into many aspects of how we live and work. Recent data suggests this trend is only going to continue to grow: the number of devices per household is expected to jump from 10 to 50 by 2022. By 2025, the IoT market is predicted to see anywhere from 25 to 50 billion IoT devices.

This skyrocketing growth isn’t limited to consumer devices. Organizations across various sectors are increasingly relying on connected devices to streamline daily operational activities. The rise of connected devices in the manufacturing and industrial sectors has seen the advent of the Industrial Internet of Things (IIoT), bringing the operational and IT worlds closer together.

In our 2018 Data Breach Industry Forecast, we analyze why the rise of the IoT is one of the greatest challenges facing the cybersecurity industry today. Some of the main concerns: the lack of critical security features and the interconnectedness of IoT products make them extremely attractive to cybercriminals, and while developers and companies compete to go-to-market, they often neglect security measures, leaving the door wide open for attack.

Last year we saw an IoT hack take advantage of insecure smart home devices and shut down several major websites such as Amazon, PayPal and Twitter. This attack targeted a domain name system (DNS) provider, Dyn. The company identified the Mirai Botnet, a malware targeting consumer IoT-connected devices such as webcams and printers, as the attacker.

The Mirai attack is just one example of how connected devices, as inconsequential as they may seem (think IoT-enabled refrigerators), can lead to serious security concerns. While government agencies like the Federal Trade Commission are taking steps to protect consumers, it’s vital for organizations to consider IoT vulnerabilities and include these specific risks in their data breach response plans. The interconnectedness and convenience of the IoT are part of what makes it so appealing to consumers and organizations alike. However, it takes just one susceptible connected device to grant cybercriminals access to an entire network.

For more on how the IoT will disrupt the 2018 threat landscape and tips to mitigate threat, download our 2018 Data Breach Industry Forecast.

The post Forecast spotlight: What the rise of IoT means for future data breaches appeared first on Data Breach Resolution.

from Data Breach Resolution http://ift.tt/2DQCD92

Oracle Micros point-of-sale system vulnerability puts business data at risk

How Google fights Android malware

USN-3550-1: ClamAV vulnerabilities

Ubuntu Security Notice USN-3550-1

30th January, 2018

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in ClamAV.

Software description

clamav - Anti-virus utility for Unix

Details

It was discovered that ClamAV incorrectly handled parsing certain mail
messages. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)

It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-12376)

It was discovered that ClamAV incorrectly handled parsing certain mew
packet files. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12377)

It was discovered that ClamAV incorrectly handled parsing certain TAR
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2017-12378)

In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.10:: clamav 0.99.3+addedllvm-0ubuntu0.17.10.1
Ubuntu 16.04 LTS:: clamav 0.99.3+addedllvm-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:: clamav 0.99.3+addedllvm-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380

from Ubuntu Security Notices http://ift.tt/2DPmZL4

IBM Security Bulletin: IBM Security SiteProtector Appliance has released firmware 1. 26 (for SP3001) and firmware 2.13 (for SP4001) in response to the vulnerabilities known as Spectre and Meltdown.

IBM has released the following firmware 1.26 for SiteProtector SP3001 appliance and firmware 2.13 for SiteProtector SP4001 appliance in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754.

CVE(s): CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

Affected product(s) and affected version(s):

IBM Security SiteProtector Appliance – SP3001 and SP4001

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012532

The post IBM Security Bulletin: IBM Security SiteProtector Appliance has released firmware 1. 26 (for SP3001) and firmware 2.13 (for SP4001) in response to the vulnerabilities known as Spectre and Meltdown. appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2DPHuTy

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ (CVE-2017-3737 CVE-2017-3738)

OpenSSL vulnerabilities were disclosed on December 7, 2017 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs.

CVE(s): CVE-2017-3737

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK for Node.js v4.8.6.0 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v6.12.0.0 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.9.0.0 and earlier releases.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg22012003
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ (CVE-2017-3737 CVE-2017-3738) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2nsHfqF

IBM Security Bulletin: Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues.

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

CVE(s): CVE-2017-5461, CVE-2017-3137, CVE-2017-3136, CVE-2017-2636, CVE-2017-2628, CVE-2013-4075, CVE-2016-2107, CVE-2015-3813, CVE-2015-3812, CVE-2015-3811, CVE-2016-7910

Affected product(s) and affected version(s):

· QRadar Packet Capture 7.3.0 – 7.3.0 Patch 1

· QRadar Packet Capture Data Node 7.3.0 – 7.3.0 Patch 1

The post IBM Security Bulletin: Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues. appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2DNkc4V

IBM Security Bulletin: : IBM Tivoli Provisioning Manager for OS Deployment is affected by an OpenSSL vulnerability

IBM Tivoli Provisioning Manager for OS Deployment has addressed the following vulnerability: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

CVE(s): CVE-2017-3736

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012836
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397

The post IBM Security Bulletin: : IBM Tivoli Provisioning Manager for OS Deployment is affected by an OpenSSL vulnerability appeared first on IBM PSIRT Blog.

Product	Affected Version
IBM Tivoli Provisioning Manager for OS Deployment	7.1.1.0-7.1.1.20
IBM Tivoli Provisioning Manager for OS Deployment	5.1.1

from IBM Product Security Incident Response Team http://ift.tt/2nsHdz3

IBM Security Bulletin: Reuse of Source Port in DataPower DNS queries (CVE-2017-1773)

IBM DataPower Gateway may re-use the source port in DNS lookups. IBM has addressed the applicable CVE

CVE(s): CVE-2017-1773

Affected product(s) and affected version(s):

DataPower versions 7.1.0.0-7.1.0.20, 7.2.0.0-7.2.0.17, 7.5.0.0-7.5.0.11, 7.5.1.0-7.5.1.10, 7.5.2.0-7.5.2.10 and 7.6.0.0-7.6.0.3

The post IBM Security Bulletin: Reuse of Source Port in DataPower DNS queries (CVE-2017-1773) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2DOLpV5

IBM Security Bulletin: IBM Tivoli Provisioning Manager for OS Deployment is affected by an OpenSSL vulnerability

IBM Tivoli Provisioning Manager for OS Deployment has addressed the following vulnerability: malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

CVE(s): CVE-2017-3735

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012883
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/131047

The post IBM Security Bulletin: IBM Tivoli Provisioning Manager for OS Deployment is affected by an OpenSSL vulnerability appeared first on IBM PSIRT Blog.

Product	Affected Versions
IBM Tivoli Provisioning Manager for OS Deployment	7.1.1.0-7.1.1.20
IBM Tivoli Provisioning Manager for OS Deployment	5.1.1

from IBM Product Security Incident Response Team http://ift.tt/2nq4iCu

IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Process Designer used in IBM Business Process Manager (CVE-2017-1494)

IBM Process Designer used in IBM Business Process Manager is vulnerable to Cross-Site Scripting.

CVE(s): CVE-2017-1494

Affected product(s) and affected version(s):

This vulnerability affects IBM Business Process Manager V8.0 through V8.6.0 2017.09.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22011849
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/128692

The post IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Process Designer used in IBM Business Process Manager (CVE-2017-1494) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2DMWplL

Spectrum Scale and Elastic Storage Server System Interoperability Matrix

The following OS levels have been tested and are supported for use with the core Spectrum Scale file system:

Operating systems for Intel based servers	Kernel level	Spectrum Scale Releases Supported
RHEL 7.4	kernel level 3.10.0-693.11.6.el7.x86_64	4.1.1, 4.2.3, 5.0.0
RHEL 7.3	kernel level 3.10.0-514.36.5.el7.x86_64	4.1.1, 4.2.3, 5.0.0
RHEL 7.2	kernel level 3.10.0-327.62.4.el7.x86_64	4.1.1, 4.2.3, 5.0.0
RHEL 6.9	kernel level 2.6.32-696.18.7.el6.x86_64	4.1.1, 4.2.3
RHEL 6.7	kernel level 2.6.32-573.49.3.el6.x86_64	4.1.1, 4.2.3
SLES 12 SP2	kernel level 4.4.103-92.56.1	4.1.1, 4.2.3, 5.0.0
SLES 12 SP3	kernel level 4.4.103-6.38-default	4.1.1, 4.2.3, 5.0.0

Note:
i) Latest Patches released by Windows, SLES 12 SP1, SLES 12 SP0, SLES 11, Ubuntu 14.04 and Debian for Intel are under test and the results will be updated.
ii) Spectrum Scale testing with supported operating systems for Power and Elastic Storage Server is scheduled and results will be updated as tests complete.
iii) Spectrum Scale fixes as applicable will be available via IBM Fix Central when available.

The post Spectrum Scale and Elastic Storage Server System Interoperability Matrix appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2FwrJSf

2018 Forrester TEI Study Reveals Stealthwatch + ISE provide 120% ROI

With digital transformation unlocking unprecedented value for today’s businesses and consumers, the key to success is arguably predicated on speed: Whoever is the fastest to enter new markets; the fastest to innovate; the fastest to deliver value to consumers can be the difference that separates the leaders from the rest of the pack.

This same principle of speed applies when it comes to security. Managing security is more complex than ever. And given that cybersecurity attacks are growing rapidly in frequency and sophistication, it is critical for businesses to be equally fast and agile. This requires adopting smart, robust, and automated solutions that can not only leverage the network for effective security but do so in manner that is scalable and cost effective for businesses.

Forrester Consulting put Cisco to that test by evaluating its Stealthwatch Enterprise and Identity Services Engine (ISE) solutions in its latest Total Economic Impact (TEI) study. Cisco Stealthwatch delivers clear and actionable visibility into the network whereas Cisco ISE provides endpoint visibility, and automated access policy and management. While Stealthwatch and ISE are different solutions, when integrated, they deliver a powerful 360-degree view of your network that allows you to detect advanced threats, pinpoint the source of an issue, automatically lock down any affected devices or accounts, and then ensure network compliance before bringing them back online.

Forrester interviewed customers (two in financial and one in healthcare with an average employee size of 70K) who have global operations spanning across the U.S, Europe and Asia and have also had years of experience using Stealthwatch and ISE. Prior to using these two solutions, the three companies struggled to manage their security needs with issues such as:

Little to no network visibility
Delays in rapidly identifying and remediating major and minor network security issues
IT and employee inefficiencies due to network downtime

But once they deployed Stealthwatch and ISE, the companies realized significant benefits that includes the following:

Greater visibility into network configuration and bandwidth usage
Reduction of events and remediation time by 200 hours for each major event and 3 hours for each minor issue
$285K in avoided network security remediation costs
$1.6M in business impact savings of avoided security events
$892K in IT resource costs savings
$236K in avoided hardware costs
$1.4M in employee productivity improvements
$2.4 million in (NPV)
ROI: 120%
Payback period: 12 months

“Without Stealthwatch and ISE, it [a malware outbreak] could have been hundreds of hours.”-CIO/network architect, worldwide bank.

Rapid threats require rapid response. And with Cisco Stealthwatch Enterprise and Identity Services Engine, your network is augmented with the speed and power to handle the ever-evolving cybersecurity challenges.

Click here to access Forrester’s TEI study, The Total Economic Impact™ Of Cisco’s Solution for Network Visibility and Segmentation: Cost Savings and Business Benefits Enabled by Stealthwatch and ISE.

For more information on Cisco Stealthwatch and ISE go to: www.cisco.com/go/nve

Tags:

from Cisco Blog » Security http://ift.tt/2Ep61Ae

Cisco and IBM: Partnering for Better Security

Considering the spate of cyber threats faced by customers, the need to more easily prioritize these threats, understand the scope and veracity of the attacks, and subsequently automate the responses, has never been more critical. While many security vendors exist to address some challenges, no single technology or vendor provides the complete security customers require. Therefore, providing this extended protection often requires a collaborative ecosystem of security vendors.

Cybersecurity technology partnerships, at their core, are designed to deliver maximum value to customers by exploiting the innovative excellence of each partnering company. And this is where the Cisco-IBM collaboration becomes beneficial to customers in providing the most complete and effective security possible.

In May 2017, Cisco and IBM announced Security Partnership to address this growing global threat of cybercrime. One of our key announcements was focused on deep product integrations between our two companies. Cisco began building a new set of apps to integrate Cisco Firepower, ThreatGrid, Identity Services Engine (ISE), and Cloud Security (Umbrella and Cloud Lock) into IBM’s QRadar SIEM platform. Through these custom-built apps, QRadar would consume security information collected from the network, endpoints and cloud environments, then classify and prioritize the threats, helping security teams understand and more rapidly respond to advanced threats.

What We’ve Accomplished

In November 2017, we delivered the first app for QRadar, integrating the capabilities of Cisco Firepower into the QRadar SIEM console. Together, the QRadar + Firepower app integration delivers more streamlined and effective security to today’s digital businesses. Available via IBM’s Security App Exchange, the integration of the two provides valuable security threat information, providing a consolidated view of security events across the entire enterprise without requiring additional tools.

The Cisco Firepower App + IBM QRadar integration provides two key capabilities:

Presents metrics and trends about the data collected buy QRadar, then displays this on the QRadar security event dashboard. Security analysts can drill down into the detailed event data for faster, more accurate threat detection and response.
QRadar collects and parses security data into its database for analysis, allowing security teams to search, correlate, and analyze Firepower events. These events are prioritized and organized by impact flag, malware events, connection and firewall events, discovery events, and file and user events.

Delivering Outcomes

Security analysts are overwhelmed with an ever-expanding threat landscape, and limited capabilities to identify attacks in real-time. This can adversely impact their ability to escalate and prioritize the most critical threats for further action. This time-consuming task of understanding and classifying threats makes threat remediation an extremely daunting effort for even the most skilled Incident Responders.

This is where the Cisco-IBM technology collaboration delivers powerful capabilities to customers. The Firepower App for QRadar streamlines investigations into critical security event information. The new Firepower app dashboard contains 6 components, as depicted in figure 1, that are all drillable to enable analysts to access the underlying data sets within a single QRadar event summary dashboard. This provides a consolidated view of all available details Indicators of Compromise (IoCs) and hosts responsible for sending or receiving the malware.

The QRadar SIEM consumes and analyzes tremendous amounts of Cisco threat data (logs, network flows) and uses analytics and context to transform it into useful, actionable information, enabling the analyst to quickly see the who, what and where behind the offense and quickly determine if it’s a legitimate threat or a false positive.

QRadar is effective at event-correlation, and threat detection and analysis as it leverages a broad range of data and applies context for greater classification. This input is ultimately integrated into a single prioritized list of offenses for further action.

This integration between Cisco Security and IBM Security enables a more extensive security architecture for greater speed and efficiency in identifying, investigating, and remediating threats. Together, we deliver the intelligence, automation and analytics required to provide data and insights that today’s security practitioners require.

What’s Up Next?

Next up, we will deliver the ThreatGrid app for QRadar to enable analysts to quickly categorize the threat level of potential malicious files that have been submitted to ThreatGrid inside their environment. Analysts can rapidly drill down from QRadar into the ThreatGrid malware analysis and threat intelligence platform for deeper analysis. This integration expedites the threat investigation process, with a dashboard view into the highest priority threats, delivered directly through QRadar versus having to pivot through disparate tools and interfaces.

Additionally, we are working to extend the reach of QRadar into our Identity Services Engine (ISE), Cisco Umbrella and Cloud Lock. This integration will provide joint customers deeper analysis to more efficiently identify anomalous threats that could indicate a security risk.

This partnership of two strong security companies will enable customers to secure their business outcomes with the most comprehensive security possible. For more information, please download our FAQ and visit our Cisco-IBM site.

Tags:

from Cisco Blog » Security http://ift.tt/2DNoQQu

Ransomware: Now crooks are stealing bitcoin ransom payments intended for rivals

IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2017-3737)

There is a vulnerability in OpenSSL used by AIX.

CVE(s): CVE-2017-3737

Affected product(s) and affected version(s):
AIX 5.3, 6.1, 7.1, 7.2, IOS 2.2.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory25.asc
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

The post IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2017-3737) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2BE0rqB

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version JRE7SR10FP15, JRE71SR4FP15, JRE8SR5FP5 used by Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017.

CVE(s): CVE-2017-10356, CVE-2017-10281

Affected product(s) and affected version(s):

IBM SPSS Collaboration and Deployment Services 7.0.0.1, 8.0.0.0, 8.1.0.0 and 8.1.1.0.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012432
X-Force Database:
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133720

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2nlpvyi

IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Financial Transaction Manager for Corporate Payment Services

There is a vulnerability in IBM® Runtime Environment Java™ Version 1.7 used by Financial Transaction Manager for Corporate Payment Services. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

CVE(s): CVE-2017-10356

Affected product(s) and affected version(s):

– FTM for CPS v2.1.1.0, v2.1.1.1, v2.1.1.2, v2.1.1.3, v2.1.1.4

The post IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Financial Transaction Manager for Corporate Payment Services appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2BEVRIt

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational DOORS Web Access. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

CVE(s): CVE-2017-10356

Affected product(s) and affected version(s):

Rational DOORS Web Access: 9.5.0 – 9.5.0.1
Rational DOORS Web Access: 9.5.1 – 9.5.1.2
Rational DOORS Web Access: 9.5.2 – 9.5.2.1
Rational DOORS Web Access: 9.6.0 – 9.6.0.1
Rational DOORS Web Access: 9.6.1 – 9.6.1.10

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012715
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133785

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2nlOmlG

IBM Security Bulletin: Potential Privilege Escalation in WebSphere Application Server Admin Console (CVE-2017-1731)

There is a potential privilege escalation in WebSphere Application Server Admin Console.

CVE(s): CVE-2017-1731

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

Version 9.0
Version 8.5
Version 8.0
Version 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22012345
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134912

The post IBM Security Bulletin: Potential Privilege Escalation in WebSphere Application Server Admin Console (CVE-2017-1731) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2BFeQTn