Friday, May 31, 2019

Google threatens to delist Chrome extensions installed by deceptive tactics

This Week in Security News: Trickbots and Infected Containers

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how a Trickbot attacked a school district’s networks and how infected cryptocurrency-mining containers target docker hosts with exposed APIs.

Read on:

Trickbot Attack Forces Ohio School District to Cancel Classes

A school district in Ohio suspended classes on Monday, May 20, because of a Trickbot attack on its network and computers.

 

The IoT Attack Surface: Threats and Security Solutions

Part of adopting the IoT is anticipating what else the technology brings to the environments it is being applied to — not least of which are security concerns that can give rise to successful attacks on IoT systems and devices.

Hacker Has Designs on Canva Data, Steals Info Belonging to 139M Users

The graphic design website Canva was hacked in a data theft incident, which exposed usernames, email addresses, encrypted passwords, customer names and more.

CVE-2019-0725: An Analysis of Its Exploitability

A remote code execution vulnerability from May’s Patch Tuesday is particularly hard to ignore: CVE-2019-0725, an RCE vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server, which doesn’t require user interaction and affects all versions of Windows Server.

New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices

Trend Micro discovered a new variant of Mirai that uses a total of 13 different exploits in a single campaign – the first Mirai variant to do so – and has backdoor and distributed denial-of-service (DDoS) capabilities.

First American Hit with Class Action Lawsuit Over Massive Data Exposure

Insurance giant First American Financial is facing a class action lawsuit for negligence after it left more than 885 million sensitive documents dating as far back as 2003 exposed online. 

CVE-2019-11815: A Cautionary Tale About CVSS Scores

At first glance, the details for Linux kernel vulnerability CVE-2019-11815’s score from CVSS seem like a worst-case scenario but assessing a vulnerability’s potential impact goes beyond the attack vector, privileges, and CIA impact of the base score.

Flipboard Says Hackers Stole User Details

Flipboard, a news aggregator service and mobile news app, has started notifying users of a security incident during which hackers had access to internal systems for more than nine months.

Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims

By analyzing the logs and traffic data coming to and from a honeypot, Trend Micro found a container that came from a public and accessible Docker Hub repository named zoolu2 that contained images with the binary of a Monero cryptocurrency miner.

Nearly 1 Million Systems Affected By ‘Wormable’ BlueKeep Vulnerability (CVE-2019-0708)

Almost a million systems are reportedly vulnerable to BlueKeep, a critical vulnerability in remote desktop services, but Microsoft’s Patch Tuesday for May already rolled out patches for BlueKeep and security advisories were released to help users address the vulnerability.

Under GDPR, UK Data Breach Reports Quadruple

The United Kingdom has seen the number of data breach notifications more than quadruple since Europe’s GDPR privacy law went into full force a result of mandatory reporting driving better visibility

Where you surprised that a Trickbot attack could cause school districts to cancel classes? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Trickbots and Infected Containers appeared first on .



from Trend Micro Simply Security http://bit.ly/2KbfWOK
via IFTTT

Cybersecurity Jobs Added to Government's Shortage Occupation List

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (April 2019 updates)

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that are used by the OS Images for IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK quarterly updates in April 2019. OS Images have addressed the applicable CVEs.

CVE(s): CVE-2019-2602, CVE-2019-2684

Affected product(s) and affected version(s):

IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2
IBM PureApplication System V2.2.5.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884568
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (April 2019 updates) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2Z0oMCS

IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-12547)

There is a vulnerability in IBM Runtime Environment Java that is used by IBM Tivoli Storage Manager FastBack. This issue was disclosed as part of the IBM Java SDK updates in January 2019. IBM Tivoli Storage Manager FastBack has addressed this vulnerability.

CVE(s): CVE-2018-12547

Affected product(s) and affected version(s):
IBM Tivoli Storage Manager FastBack versions 6.1.0.0 through 6.1.12.7 are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885743
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512

The post IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Tivoli Storage Manager FastBack (CVE-2018-12547) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2YYZuoM

IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407)

OpenSSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here.

CVE(s): CVE-2018-5407

Affected product(s) and affected version(s):
IBM Tivoli Network Manager IP Edition v3.9 Fix Pack 4 & Fix Pack 5.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884276
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484

The post IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2Z6rwz1

IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance

IBM Security Access Manager Appliance has addressed the following vulnerabilities.

CVE(s): CVE-2018-10915, CVE-2018-0732, CVE-2018-0739, CVE-2019-3815, CVE-2017-3735, CVE-2018-13033, CVE-2018-8945, CVE-2018-10845, CVE-2018-10844, CVE-2018-5730, CVE-2018-5729, CVE-2018-1000301, CVE-2018-1000122, CVE-2018-1000007, CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855, CVE-2018-18311

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10886247
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148225
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144658
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140847
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156227
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/131047
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145673
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140738
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148730
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148731
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139970
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139969
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143390
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140316
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138218
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158347
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158341
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158340
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158339
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153586

The post IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance appeared first on IBM PSIRT Blog.

Affected IBM Security Access Manager Appliance

Affected Versions

IBM Security Access Manager 9.0.3.0 – 9.0.5.0


from IBM Product Security Incident Response Team https://ibm.co/2EKZmBI

Cybersecurity Jobs Added to Government's Shortage Occupation List

IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018

There is a vulnerability in Apache Commons Compress used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVE in a later version.

CVE(s): CVE-2018-11771

Affected product(s) and affected version(s):

IBM Cloud App Management V2018.2.0
IBM Cloud App Management V2018.4.0
IBM Cloud App Management V2018.4.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883280
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148429

The post IBM Security Bulletin: A vulnerability in Apache Commons Compress may affect IBM Cloud App Management V2018 appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2EKESZZ

IBM Security Bulletin: Multiple open source vulnerabilities affect IBM PureApplication System

Vulnerabilities in openSSL, glibc, curl, and VMWare that are used in IBM PureApplication System. IBM PureApplication System has addressed these vulnerabilities.

CVE(s): CVE-2018-1000301, CVE-2018-11237, CVE-2018-0737, CVE-2018-0732, CVE-2019-5518, CVE-2019-5519

Affected product(s) and affected version(s):

IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2
IBM PureApplication System V2.2.5.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885604
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143390
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143580
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141679
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144658
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158820
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158821

The post IBM Security Bulletin: Multiple open source vulnerabilities affect IBM PureApplication System appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2EIlRHC

Drone Use on the Rise, Public Safety at Risk

Developers demand Apple API solution for parental control apps

Microsoft issues second warning about patching BlueKeep as PoC code goes public

ISPs must now ask for permission before selling your data, Maine rules

One of New York’s largest nonprofits suffers data breach

UK Universities Facing Daily State-Sponsored Attacks

UK Universities Facing Daily State-Sponsored Attacks

Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants


If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction.

Checkers, one of the largest drive-through restaurant chains in the United States,

disclosed

a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally's locations—nearly 15% of its restaurants.

The impacted restaurants [

name, addresses and exposure dates

] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia.

After becoming aware of a "data security issue involving malware" at some Checkers and Rally's locations, the company launched an extensive investigation which revealed that unknown hackers managed to plant malware on its point-of-sale (PoS) systems across 103 stores.

The PoS malware was designed to collect information stored on the magnetic stripe of payment cards, including cardholder's name, payment card number, card verification code, and expiration date.

However, the company pointed out that the investigation found no evidence suggesting that hackers made off with additional information belonging to the affected cardholders, and that "not all guests who visited the listed restaurants" are affected by the breach.

According to the exposure dates mention on the list of impacted restaurants:

  • One restaurant in California had PoS malware installed on its system in December 2015, which continually captured customers payment card information until March 2018.
  • Two restaurants, one in California and other in Florida, were backdoored with the PoS malware in 2016, allowing hackers to remotely steal until 2018 and 2019, respectively.
  • Four restaurants in four different states were infected in 2017 and remained infected between early 2018 and 2019.
  • Remaining restaurants were infected in 2018 and remained active until early 2019.

The restaurant chain assured its customers that the company worked closely with the third-party data security experts to contain and remove the malware upon discovering the security incident.

Additionally, the company is also "working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders," and "continue to take steps to enhance the security of Checkers and Rally's systems and prevent this type of issue from happening again."

The company recommends customers to check their billing statements, order a credit report, and report any suspicious incident to the Federal Trade Commission.

So, if you have visited any of the affected locations during its exposure date, you are highly recommended to review your account statements for suspicious transactions, and if come across any, immediately contact the card issuer and consider placing a fraud alert or security freeze on your credit file at

Equifax

,

Experian

, and

TransUnion

.

Also, if possible, you are advised to block the affected payment card and request a new one from your respective financial institution.



from The Hacker News http://bit.ly/2WxeHQl

Thursday, May 30, 2019

Hong Kong and Singapore sign memo on personal data protection

Apple Releases Security Updates for AirPort Extreme, AirPort Time Capsule

Original release date: May 30, 2019

Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.9.1 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://bit.ly/2KfI5Ej

Alibaba Cloud touts Asian heritage, focus as competitive advantage

Russian military moves closer to replacing Windows with Astra Linux

USN-4001-1: libseccomp vulnerability

libseccomp vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

libseccomp could allow unintended access to system calls.

Software Description

  • libseccomp - library for working with the Linux seccomp filter

Details

Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libseccomp2 - 2.4.1-0ubuntu0.19.04.3
Ubuntu 18.10
libseccomp2 - 2.4.1-0ubuntu0.18.10.3
Ubuntu 18.04 LTS
libseccomp2 - 2.4.1-0ubuntu0.18.04.2
Ubuntu 16.04 LTS
libseccomp2 - 2.4.1-0ubuntu0.16.04.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2EJVb9j

Cloud Security Alliance Study Identifies New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments

Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios SEATTLE – May 21, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and AlgoSec, leading provider of business-driven network and cloud security management solutions, today announced the results of a ne...

from Cloud Security Alliance Blog http://bit.ly/2I7Q2c6

Google takes a stance against permission-grabbing Chrome extensions

I2P network proposed as the next hiding spot for criminal operations

USN-4000-1: Corosync vulnerability

corosync vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Corosync could be made to crash or execute arbitrary code if it received a specially crafted request.

Software Description

  • corosync - cluster engine daemon and utilities

Details

It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
corosync - 2.4.3-0ubuntu1.1
libtotem-pg5 - 2.4.3-0ubuntu1.1
Ubuntu 16.04 LTS
corosync - 2.3.5-3ubuntu2.3
libtotem-pg5 - 2.3.5-3ubuntu2.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Corosync to make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2XiFhdk

Unsecured database exposes 85GB in security logs of major hotel chains

10 years of virtual dynamite: A high-level retrospective of ATM malware

It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines (ATMs). At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer’s ATM API functions and parameters, which were not publicly documented.

Before the discovery of Skimer, anti-malware researchers’ considered ATMs secure machines containing proprietary hardware, running non-standard operating systems, and implementing a number of advanced protection techniques designed to prevent attacks using malicious code. Researchers eventually discovered that the most popular ATM manufacturers use a standard Windows operating system and add on some auxiliary devices, such as a safe and card reader.

Over time, actors behind some of the newer ATM malware families such as GreenDispenser and Tyupkin realized that there is a generic Windows extension for Financial Services API (CEN/XFS) that can be used to make malware that runs independent of the underlying hardware platform, as long as the ATM manufacturer supports the framework. This malware can trick the machines into dispensing cash, regardless of whether the attacker has a legitimate bank card.

Over time, ATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states. The significance of ATM malware stems from the fact that it can bring significant financial benefits to attackers and as a consequence cause a significant damage to targeted banks, financial institutions and end users.

Now that this type of malware has been around for more than 10 years, we wanted to round up the specific families we’ve seen during that time and attempt to find out if the different families share any code.

Read More >>

The post 10 years of virtual dynamite: A high-level retrospective of ATM malware appeared first on Cisco Blog.



from Cisco Blog » Security http://bit.ly/2HKYz5E

USN-3999-1: GnuTLS vulnerabilities

gnutls28 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in GnuTLS.

Software Description

  • gnutls28 - GNU TLS library

Details

Eyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could possibly use this issue to perform plaintext-recovery attacks via analysis of timing data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10844, CVE-2018-10845, CVE-2018-10846)

Tavis Ormandy discovered that GnuTLS incorrectly handled memory when verifying certain X.509 certificates. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-3829)

It was discovered that GnuTLS incorrectly handled certain post-handshake messages. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-3836)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
libgnutls30 - 3.6.5-2ubuntu1.1
Ubuntu 18.10
libgnutls30 - 3.6.4-2ubuntu1.2
Ubuntu 18.04 LTS
libgnutls30 - 3.5.18-1ubuntu1.1
Ubuntu 16.04 LTS
libgnutls30 - 3.4.10-4ubuntu1.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2HJiUbq

Mobile storage in the age of GDPR

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVEs.

CVE(s): CVE-2019-2602, CVE-2019-2684

Affected product(s) and affected version(s):
IBM Business Automation Workflow 18.0.0.1, 18.0.0.2, 19.0.0.1
IBM Business Process Manager 8.6.0.0 – 8.6.0.0 CF2018.03
IBM Business Process Manager 8.5.7 – 8.5.7 CF2017.06
IBM Business Process Manager 8.5.6.0 – 8.5.6.0 CF02
IBM Business Process Manager 8.5.5.0
IBM Business Process Manager 8.5.0.0 – 8.5.0.2
IBM Business Process Manager 8.0.0.0 – 8.0.1.3
IBM Business Process Manager 7.5.0.0 – 7.5.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10884048
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2MiiltE

IBM Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability

A Cryptographic vulnerability was addressed by IBM Watson Knowledge Catalog (with Information Server).

CVE(s): CVE-2019-4220

Affected product(s) and affected version(s):

The following products, running on all supported platforms, are affected:
IBM Watson Knowledge Catalog (with Information Server): version 11.7.1.0
IBM InfoSphere Information Server on Cloud: version 11.7.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10881197
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159229

The post IBM Security Bulletin: IBM Watson Knowledge Catalog (with Information Server) is affected by a Cryptographic vulnerability appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2WvZDTi

IBM Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation

A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server.

CVE(s): CVE-2019-4185

Affected product(s) and affected version(s):

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: version 11.7.1
IBM InfoSphere Information Server on Cloud: version 11.7.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10882626
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158975

The post IBM Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2MfOpyh

IBM Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4

Multiple vulnerabilities are identified in IBM® SDK Java™ Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4 respectively. These issues were disclosed as part of the IBM Java SDK updates in January 2019.

CVE(s): CVE-2018-1890, CVE-2018-12547, CVE-2019-2426, CVE-2018-11212

Affected product(s) and affected version(s):

IBM Application Delivery Intelligence for IBM Z V5.1.0

IBM Application Delivery Intelligence for IBM Z V5.0.5

IBM Application Delivery Intelligence for IBM Z V5.0.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885184
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429

The post IBM Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4 appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2WwU7zA

IBM Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender

There are vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 and 8, IBM SDK, Java Technology Edition Version 8 and Eclipse Open J9 that affect IBM Transformation Extender.

CVE(s): CVE-2018-1890, CVE-2019-2426, CVE-2018-12547, 2019-2602, 2019-2684

Affected product(s) and affected version(s):
IBM Transformation Extender V10.0.0 IBM Transformation Extender V9.0.0 through V9.0.0.3
IBM Transformation Extender V8.4.1.0 through V8.4.1.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10882278
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776

The post IBM Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2MsSxey

USN-3998-1: Evolution Data Server vulnerability

evolution-data-server vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Evolution Data Server would sometimes display email content as encrypted when it was not.

Software Description

  • evolution-data-server - Evolution suite data server

Details

Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS
evolution-data-server - 3.28.5-0ubuntu0.18.04.2
evolution-data-server-common - 3.28.5-0ubuntu0.18.04.2
libcamel-1.2-61 - 3.28.5-0ubuntu0.18.04.2
libebackend-1.2-10 - 3.28.5-0ubuntu0.18.04.2
libedataserver-1.2-23 - 3.28.5-0ubuntu0.18.04.2
Ubuntu 16.04 LTS
evolution-data-server - 3.18.5-1ubuntu1.2
evolution-data-server-common - 3.18.5-1ubuntu1.2
libcamel-1.2-54 - 3.18.5-1ubuntu1.2
libebackend-1.2-10 - 3.18.5-1ubuntu1.2
libedataserver-1.2-21 - 3.18.5-1ubuntu1.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Evolution to make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2Wc82fi

Apple and WhatsApp fight proposal to let spies tap encrypted comms

Cybersecurity: The number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion

Turla turns PowerShell into a weapon in attacks against EU diplomats

CrowdStrike reveals share price ahead of IPO

Google still plans to cripple ad-blocking in Chrome, but enterprises will be exempt

Checkers restaurant chain discloses card breach

Wednesday, May 29, 2019

Innovation and security score big in New Zealand Budget

USN-3845-2: FreeRDP vulnerabilities

freerdp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS

Summary

Several security issues were fixed in FreeRDP.

Software Description

  • freerdp - RDP client for Windows Terminal Services

Details

USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10.

Original advisory details:

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)

Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787)

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788)

Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10
libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1
Ubuntu 18.04 LTS
libfreerdp-client1.1 - 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2XdBePl

CEO who sold encrypted phones to criminal gangs gets nine years in prison

Palo Alto Networks to acquire Twistlock, PureSec

New HiddenWasp malware found targeting Linux systems

Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware


Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide.

Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised systems to prevent the malware from being terminated.

The campaign, which dates back to February 26 but was first detected in early-April, has been found delivering 20 different payload versions hosted on various hosting providers.

The attack relies on the brute-forcing technique after finding publicly accessible Windows MS-SQL and PHPMyAdmin servers using a simple port scanner.

Upon successful login authentication with administrative privileges, attackers execute a sequence of MS-SQL commands on the compromised system to download malicious payload from a remote file server and run it with SYSTEM privileges.

In the background, the payload leverages a known privilege escalation vulnerability (CVE-2014-4113) to gain SYSTEM privileges on the compromised systems.

"Using this Windows privilege, the attacking exploit injects code into the Winlogon process. The injected code creates a new process which inherits Winlogon SYSTEM privileges, providing equivalent permissions as the prior version."

The payload then installs a cryptocurrency mining malware on compromised servers to mine TurtleCoin cryptocurrency.

Besides this, the malware also protects its process from terminating using a digitally-signed kernel-mode rootkit for persistence.

"We found that the driver had a digital signature issued by the top Certificate Authority Verisign. The certificate – which is expired – bears the name of a fake Chinese company – Hangzhou Hootian Network Technology."

Researchers have also released a complete list of IoCs (indicators of compromise) and a free PowerShell-based script that Windows administrators can use to check whether their systems are infected or not.

Since the attack relies on a weak username and password combinations for MS-SQL and PHPMyAdmin servers, admins are advised to always keep a strong, complex password for their accounts.



from The Hacker News http://bit.ly/30Le594

Top 5 Last-Minute Memorial Day Deals at THN Store → Get 60% Extra OFF


Memorial Day has come and gone, but you still have time to land some of the best deals on some of the best apps and tech training bundles around.

Whether you're looking for a world-class VPN or want to begin a career as a high-paid ethical hacker or IT pro, this list of ultra-discounted apps and course bundles has you covered.

Ethical Hacking A to Z Training Bundle

MSRP: $1273 - Sale Price: $39 -

Memorial Day Sale Price: $15.60

with coupon code WEEKEND60

Although it may sound counterintuitive, the only person who can stop a hacker is another hacker. Known as ethical or "white hat" hackers, these intrepid cyber warriors are in high-demand throughout countless industries, and this training will teach you how to join their ranks through 8 courses and over 45 hours of instruction.

The Complete 2019 CompTIA Certification Training Bundle

MSRP: $3433 - Sale Price: $69 -

Memorial Day Sale Price: $27.60

with coupon code WEEKEND60

There's never been a better time to work in IT, and this 12-course training bundle will help you earn some of the most important certifications in the field—through instruction that teaches you how to install, maintain, and troubleshoot a wide variety of server infrastructures.

Become an Ethical Hacker Bonus Bundle

MSRP: $681 - Sale Price: $39.99 -

Memorial Day Sale Price: $15

with coupon code WEEKEND60

If you want to fast-track your career as a certified ethical hacker, look no further than this 9-course bundle, which will teach you how to do everything from penetration testing to threat retaliation and beyond—all through courses that utilize real-world examples.

Private Internet Access VPN: 3-Yr Subscription

MSRP: $358 - Sale Price: $79.99 -

Memorial Day Sale Price: $60

with coupon code WEEKEND25

The only thing stopping hackers from obtaining everything from your browsing history to your banking information is a VPN, and unlike most VPNs that can slow you down, Private Internet Access VPN lets you browse securely without inhibiting your bandwidth.

AWS Certified Architect Developer Bundle 2019

MSRP: $984 - Sale Price: $25 -

Memorial Day Sale Price: $10

with coupon code WEEKEND60

AWS architects are in increasingly high demand throughout countless industries, and this 7-course training bundle will teach you how to earn the top AWS certifications around—through courses that teach you everything from the fundamentals to the most advanced elements of this powerful platform.

Like these deals? Check out Vault — you’ll get four premium tools, including NordVPN and Dashlane, to supercharge your online security. Enter code VAULTONE to try it out for just $1!



from The Hacker News http://bit.ly/2HHrCXU

USN-3968-2: Sudo vulnerability

sudo vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM

Summary

Sudo could be made to overwrite files if it received a specially crafted input.

Software Description

  • sudo - Provide limited super user privileges to specific users

Details

USN-3968-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. (CVE-2017-1000368)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
sudo - 1.8.9p5-1ubuntu1.5+esm1
sudo-ldap - 1.8.9p5-1ubuntu1.5+esm1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2JKzYjs

The FBI's most wanted cyber-criminals


In September last 2018, US authorities charged Park Jin Hyok, a 34-year-old North Korean, on a litany of charges based on his membership in the Lazarus Group, a North Korean government-backed hacking unit.

He stands accused of participating in the WannaCry ransomware outbreak, 2016 Bangladesh Central Bank cyber-heist, attempts of hacking US defense contractor Lockheed Martin in 2016, the 2014 Sony Pictures hack, breaches at US movie theatre chains AMC Theatres and Mammoth Screen in 2014, and a long string of attacks and successful hacks against cryptocurrency exchanges.



from Latest Topic for ZDNet in... https://zd.net/2ECWTcj

MS-ISAC Highlights Verizon Data Breach Report Release

Original release date: May 29, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Cybersecurity Spotlight on the 2019 Verizon Data Breach Report to raise awareness of data breach incidents and provide recommended best practices for election officials. The report—produced annually by the Verizon Threat Research Advisory Center (VTRAC)—provides analysis on data breach trends affecting a variety of sectors, including public administration, healthcare, and education.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages election officials to review MS-ISAC’s Cybersecurity Spotlight and Verizon’s 2019 Data Brach Investigations Report for more information and recommendations.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://bit.ly/2JK1v4M

Amidst furor over face recognition, Veritone promotes software’s use in law enforcement

Office 365 phishing

Let’s be honest: administering email is a pain. Routing issues, disk quotas, bouncebacks, the times when users can send but not receive emails, receive but not send, or they flat out cannot send or receive—the list goes on.

It’s no wonder that email-hosting services like Office 365 have become so popular. Such cloud-based email services remove a lot of the headaches caused by email configuration. They even include basic security features, meant to keep users safe from the latest threats.

They also provide options to simplify the user experience. Users can go directly to an Office 365 web page, enter their company credentials and log right into their email accounts from anywhere they like.

Take all this into account, add the reduction in costs that cloud email solutions often bring, and it sounds like the perfect solution. As a result, the use of services like Office 365 has skyrocketed.

Attackers have taken notice

Of course, its popularity has led to malicious attacks. Attackers are crafting and launching phishing campaigns targeting Office 365 users. The attackers attempt to steal a user’s login credentials with the goal of taking over the accounts. If successful, attackers can often log into the compromised accounts, and perform a wide variety of malicious activity:

  • Spread malware, spam, and phishing emails from within the internal network.
  • Carry out tailored attacks such as spear phishing and Business Email Compromise.
  • Target partners and customers.

At first glance, this may not seem very different than external email-based attacks. However, there is one critical difference: The malicious emails sent are now coming from legitimate accounts. For the recipient, it’s often even someone that they know, eliciting trust in a way that would not necessarily be afforded to an unknown source. To make things more complicated, attackers often leverage “conversation hijacking,” where they deliver their payload by replying to an email that’s already located in the compromised inbox.

Figure 1 – An example Office 365 phishing email.

Reconnaissance attacks

However, there’s so much more that an attacker can do besides sending emails. Once an attacker has access to a legitimate mailbox, they can also do the following:

  • Obtain global company email address lists.
  • Scan mailbox for other credentials, personal information, or company information.
  • Attempt to gain further access to company resources.

These activities can go unnoticed, simply because the attacker is gathering information while logged in using authorized credentials. This gives the attacker time for reconnaissance: a chance to observe and plan additional attacks. Nor will this type of attack set off a security alert in the same way something like a brute-force attack against a webmail client will, where the attacker guesses password after password until they get in or are detected.

The attack chain

The methods used by attackers to gain access to an Office 365 account are fairly straightforward. The phishing campaigns usually take the form of an email from Microsoft. The email contains a request to log in, claiming the user needs to reset their password, hasn’t logged in recently, or that there’s a problem with the account that needs their attention. A URL is included, enticing the reader to click to remedy the issue.

The chain of events usually plays out like this:

  1. Attacker sends a phishing email that appears to come from Microsoft or another trusted source.
  2. User clicks on link in the email, which brings them to a page mimicking the Office 365 login page.
  3. User enters login credentials, which are scooped up by the attackers.
  4. The fake page does nothing, says that the login is incorrect, or redirects the user to the real Office 365 login page.

Given this series of events, the user would be none-the-wiser that their credentials had been stolen.

Figure 2 – Office 365 login vs. phishing login. Can you spot the difference?

The frequency of attacks

How successful are these attacks? While it’s unlikely anyone but the attackers would have data on the number of stolen credentials, or overall success rate, we can draw a few conclusions by looking at the phishing emails.

Agari Data Inc. is one company that monitors a variety of data points surrounding phishing campaigns. In fact, in their quarterly Email Fraud and Identity Deception Trends report, they often look at brand impersonation trends and provided some fresh numbers for us.

Over the last few quarters, there has been a steady increase in the number of phishing emails impersonating Microsoft. While Microsoft has long been the most commonly impersonated brand, it now accounts for more than half of all brand impersonations seen in the last quarter.

Figure 3 – Brand Impersonation Phishing Emails masquerading as “Microsoft”

Cloud email security efficacy

To its credit, Microsoft has baked a number of security technologies into its Office 365 offerings. However, given how these types of phishing attacks take place off their network, there is very little that can be done from within the cloud to protect against it. If an attacker gains valid credentials and uses them, how can you tell the difference based on a login attempt?

Fortunately, there are several steps you can take to further protect your email:

  • Use multi-factor authentication. If a login attempt requires a secondary authorization before someone is allowed access to an inbox, this will stop many attackers, even with phished credentials.
  • Deploy advanced anti-phishing technologies. Some machine-learning technologies can use local identity and relationship modeling alongside behavioral analytics to spot deception-based threats.
  • Run regular phishing exercises. Regular, mandated phishing exercises across the entire organization will help to train employees to recognize phishing emails, so that they don’t click on malicious URLs, or enter their credentials into malicious websites. For instance, Duo offers a free phishing simulation tool, called Duo Insight.


On the horizon

Cloud email services like Office 365 aren’t going anywhere. Given the many advantages that they present, there’s no reason they should. The fact is, given the current threat landscape, it’s often necessary to leverage additional security.

Based on a recent study conducted by ESG on behalf of Cisco, more than 80 percent of respondents reported that their organization is using SaaS email services. However, 43 percent of respondents still found that, after the move, they required secondary security technologies in order to shore up their email defenses.

At the end of the day, there are still valid needs for IT teams to set policies, gain visibility and control, utilize sandboxes, and leverage external blocking capabilities. Cloud email offers a lot of advantages, but to fully deliver on its promise, there is still a role for IT to ensure it is as secure as it can be.

Interested in reading more on email security? We’re about to launch the next installment in our Cybersecurity Report Series. “Email: Click with Caution, How to protect against phishing, fraud, and other scams” will be released early next month! Stay tuned…

Like this post? Subscribe to the Threat of the Month blog series and get alerted when the next blog post is released. 

The post Office 365 phishing appeared first on Cisco Blog.



from Cisco Blog » Security http://bit.ly/2EILmbD

USN-3996-1: GNU Screen vulnerability

GNU Screen vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary

GNU Screen could be made to crash or run programs as your login if it opened a specially crafted file or received specially crafted input.

Software Description

  • screen - terminal multiplexer with VT100/ANSI terminal emulation

Details

Kuang-che Wu discovered that GNU Screen improperly handled certain input. An attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service or the execution of arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
screen - 4.1.0~20120320gitdb59704-9ubuntu0.1~esm1
Ubuntu 12.04 ESM
screen - 4.0.3-14ubuntu8.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2wxNOgt

Know Your Limitations

At the end of the 1973 Clint Eastwood movie Magnum Force, after Dirty Harry watches his corrupt police captain explode in a car, he says "a man's got to know his limitations."

I thought of this quote today as the debate rages about compromising municipalities and other information technology-constrained yet personal information-rich organizations.

Several years ago I wrote If You Can't Protect It, Don't Collect It. I argued that if you are unable to defend personal information, then you should not gather and store it.

In a similar spirit, here I argue that if you are unable to securely operate information technology that matters, then you should not be supporting that IT.

You should outsource it to a trustworthy cloud provider, and concentrate on managing secure access to those services.

If you cannot outsource it, and you remain incapable of defending it natively, then you should integrate a capable managed security provider.

It's clear to me that a large portion of those running PI-processing IT are simply not capable of doing so in secure manner, and they do not bear the full cost of PI breaches.

They have too many assets, with too many vulnerabilities, and are targeted by too many threat actors.

These organizations lack sufficient people, processes, and technologies to mitigate the risk.

They have successes, but they are generally due to the heroics of individual IT and security professionals, who often feel out-gunned by their adversaries.

If you can't patch a two-year-old vulnerability prior to exploitation, or detect an intrusion and respond to the adversary before he completes his mission, then you are demonstrating that you need to change your entire approach to information technology.

The security industry seems to think that throwing more people at the problem is the answer, yet year after year we read about several million job openings that remain unfilled. This is a sign that we need to change the way we are doing business. The fact is that those organziations that cannot defend themselves need to recognize their limitations and change their game.

I recognize that outsourcing is not a panacea. Note that I emphasized "IT" in my recommendation. I do not see how one could outsource the critical technology running on-premise in the industrial control system (ICS) world, for example. Those operations may need to rely more on outsourced security providers, if they cannot sufficiently detect and respond to intrusions using in-house capabilities.

Remember that the vast majority of organizations do not exist to run IT. They run IT to support their lines of business. Many older organizations have indeed been migrating legacy applications to the cloud, and most new organizations are cloud-native. These are hopeful signs, as the older organizations could potentially  "age-out" over time.

This puts a burden on the cloud providers, who fall into the "managed service provider" category that I wrote about in my recent Corelight blog. However, the more trustworthy providers have the people, processes, and technology in place to handle their responsibilities in a more secure way than many organziations who are struggling with on-premise legacy IT.

Everyone's got to know their limitations.
Copyright 2003-2018 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and http://bit.ly/1fDn3pG)


from TaoSecurity http://bit.ly/2wtl6xv

Over 50,000 MS-SQL, PHPMyAdmin servers infected in Nansh0u campaign

IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911)

IBM API Connect has addressed the following vulnerability.

CVE(s): CVE-2019-10911, CVE-2019-10910, CVE-2019-10909

Affected product(s) and affected version(s):

IBM API Connect v2018.1-2018.4.1.4
IBM API Connect v5.0.0.0-5.0.8.6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10882578
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159639
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159638
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159637

The post IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by vulnerabilities in Drupal core (CVE-2019-10909 CVE-2019-10910 CVE-2019-10911) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2MfXaIG

IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM® Cloud App Management V2018.4.1. IBM® Cloud App Management has addressed the applicable CVEs in a later version.

CVE(s): CVE-2018-12549, CVE-2018-12547, CVE-2019-2422, CVE-2019-2449, CVE-2019-2426, CVE-2018-11212

Affected product(s) and affected version(s):

IBM Cloud App Management V2018.4.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885813
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157513
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155741
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155766
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429

The post IBM Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1 appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2Mgtqez

IBM Security Bulletin: A vulnerability in Google Guava could affect IBM Cloud App Management V2018

May 29, 2019 9:00 am EDT

Categorized: High Severity

Share this post:

There is a vulnerability in Google Guava used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVE in a later version.

CVE(s): CVE-2018-10237

Affected product(s) and affected version(s):

IBM Cloud App Management V2018.2.0
IBM Cloud App Management V2018.4.0
IBM Cloud App Management V2018.4.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10883458
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142508



from IBM Product Security Incident Response Team https://ibm.co/2Md4cxK

Palo Alto Networks announces Prisma for cloud security

Malware and botnets: Why Emotet is dominating the malicious threat landscape in 2019

Apple sued over alleged sale of iTunes data without customer consent

Flipboard Database Hacked — Users' Account Information Exposed


Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked.

According to a

public note

published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and then again on April 21-22, 2019.

The hackers then potentially downloaded database containing Flipboard users' real name, usernames, cryptographically (salted hash) protected passwords and email addresses, including digital tokens for users who linked their Flipboard account to a third-party social media service.

According to a breach notification email sent out to affected users and seen by The Hacker News, the company has now reset passwords for all users as a precautionary measure, forcing users to create a new strong password for their accounts.

"You can continue to use Flipboard on devices from which you are already logged in. When you access your Flipboard account from a new device or the next time you log into Flipboard after logging out of your account, you will be asked to create a new password," the company said.

Flipboard also said it had not seen unauthorized access to any third-party account and still in the process of determining the total number of affected users.

The company has also decided to replace or delete all digital tokens, making them no longer valid and therefore cannot be misused.

"We have not found any evidence the unauthorized person accessed third-party account(s) connected to users' Flipboard accounts. As a precaution, we have replaced or deleted all digital tokens," the post read.

"If you connected your Flipboard account to a third-party account to see its content, you may notice in some cases that you need to reconnect it."

"Notably, Flipboard does not collect from users, and this incident did not involve, government-issued IDs (such as Social Security numbers or driver's license numbers), or payment card, bank account, or other financial information."

The company did not disclose the total number of users affected by the breach but said next time when you log into your Flipboard account you are required to update the password for your account.

Also, if you are making use of the same username and password combination as of Flipboard for any other online service, you are recommended to change your password there as well.

The company has notified law enforcement about the incident and is still investigating to know how hackers managed to gain access to their systems in the first place or what vulnerabilities they exploited.



from The Hacker News http://bit.ly/2Wt1JmN

Iranian social network scammers impersonated US political candidates

Tuesday, May 28, 2019

Huawei files motion against US declaring law as 'unconstitutional'

Audit rules Victoria's public health system as 'highly vulnerable' to cyber attacks

NZ Treasury says systems 'hacked' ahead of Budget

Flipboard says hackers stole user details

USN-3997-1: Thunderbird vulnerabilities

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software Description

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin protections, or execute arbitrary code. (CVE-2019-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2019-5798, CVE-2019-7317)

A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website in a browsing context after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. (CVE-2019-9816)

It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to a bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04
thunderbird - 1:60.7.0+build1-0ubuntu0.19.04.1
Ubuntu 18.10
thunderbird - 1:60.7.0+build1-0ubuntu0.18.10.1
Ubuntu 18.04 LTS
thunderbird - 1:60.7.0+build1-0ubuntu0.18.04.1
Ubuntu 16.04 LTS
thunderbird - 1:60.7.0+build1-0ubuntu0.16.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References



from Ubuntu Security Notices http://bit.ly/2VSf0kw

FireEye acquires Verodin for identifying gaps in security


The security company FireEye announced Tuesday that it has acquired Verodin, a firm with a platform that helps validate the effectiveness of cybersecurity controls. The acquisition closed Tuesday and is valued at approximately $250 million in cash and stock. 

The Verodin Security Instrumentation Platform complements companies' existing cybersecurity products and services. It runs tests to identify vulnerabilities due to problems such as equipment misconfiguration, changes in the IT environment or evolving attacker tactics.

Combined with FireEye's frontline intelligence, the platform will be able to measure and test security environments against known and newly-discovered threats. It will integrate with FireEye's Helix security orchestration capabilities to help customers prioritize and automate updates to security controls.

Verodin's offerings will still be available on a standalone basis via Verodin resellers, as well as FireEye channel partners.

"Security effort does not equal security effectiveness. That is why security-conscious customers red-team their networks – they need the unvarnished truth of how effective their security programs are," FireEye CEO Kevin Mandia said in a statement. "Verodin gives us the ability to automate security effectiveness testing using the sophisticated attacks we spend hundreds of thousands of hours responding to, and provides a systematic, quantifiable, and continuous approach to security program validation."

The acquisition is expected to accelerate FireEye's billings and revenue growth, adding a projected $20 million to billings in 2019 and more than $70 million to billings in 2020.

With that in mind, FireEye updated its Q2 guidance, now forecasting revenue  in the range of $213 million to $217 million and billings in the range of $207 million to $222 million. For the full fiscal year 2019, the company expects revenue  in the range of $890 million to $900 million and billings in the range of $935 million to $955 million.



from Latest Topic for ZDNet in... https://zd.net/2YVUZLB