Wednesday, July 31, 2019
Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
-
A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges.
The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges.
Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo
Affected Products
-
Vulnerable Products
This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release.Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products if they are not running in ACI mode:
- Firepower 2100 Series
- Firepower 4100 Series
- Firepower 9300 Security Appliances
- MDS 9000 Series Multilayer Switches
- Nexus 1000V Switch for Microsoft Hyper-V
- Nexus 1000V Switch for VMware vSphere
- Nexus 3000 Series Switches
- Nexus 3500 Platform Switches
- Nexus 3600 Platform Switches
- Nexus 5500 Platform Switches
- Nexus 5600 Platform Switches
- Nexus 6000 Series Switches
- Nexus 7000 Series Switches
- Nexus 7700 Series Switches
- Nexus 9000 Series Switches in standalone NX-OS mode
- Nexus 9500 R-Series Switching Platform
- UCS 6200 Series Fabric Interconnects
- UCS 6300 Series Fabric Interconnects
- UCS 6400 Series Fabric Interconnects
Workarounds
-
There are no workarounds that address this vulnerability.
Fixed Software
-
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.htmlCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
This vulnerability is fixed in Cisco Nexus 9000 Series ACI Mode Switch Software Release 13.2(7f). Cisco will also fix this vulnerability in a 14.1(2) maintenance release, which is scheduled for August 2019.
Exploitation and Public Announcements
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
-
Cisco would like to thank Frank Block of ERNW Research GmbH for reporting this vulnerability to Cisco and working toward a coordinated disclosure.
Cisco Security Vulnerability Policy
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Subscribe to Cisco Security Notifications
URL
Revision History
-
Version Description Section Status Date 1.0 Initial public release. — Final 2019-July-31
Legal Disclaimer
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
Cisco Security Vulnerability Policy
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Subscribe to Cisco Security Notifications
from Cisco Security Advisory https://ift.tt/2OyLnGo
Malvertising: Online Advertisings Darker Side
By Nick Biasini, Chris Neal and Matt Valites.
Executive summary
One of the trickiest challenges enterprises face is managing the balance between aggressively blocking malicious advertisements (aka malvertising) and allowing content to remain online, accessible for the average user. The days of installing a basic ad blocker on your web browser and expecting full protection are gone. Between the sites that require them to be disabled and the ability for advertisers to pay to evade them, ad blockers alone are not sufficient.
As this blog will cover in detail, malvertising is a problem not strictly associated with basic web browsing. It can also come with other software programs including adware or potentially unwanted applications (PUA). These latter examples require the most attention. In today’s enterprise, an aggressive approach to advertising is required to be protected against malicious threats. That may include securing your DNS or adding additional layers of inspection through a firewall, intrusion prevention system, or a web security platform. Regardless of the approach, it needs to be thorough and take into account not just the security impacts, but the potential of cascading impact on your users.
Advertising is a key part of the internet as a whole and, whether you realize it or not, is one of the most foundational aspects of it. It is one of the reasons that a large chunk of the content available on the internet is free. It allows people to support their passion projects, their small businesses, and the food blogs of people around the world. However, it is a highly complex and convoluted system that is ripe for abuse. This is an issue that should not be ignored by the public, as these malicious ads can deliver malware out of nowhere and trick traditional internet users who may not be aware of the threats that exist on some pages.
This blog is going to walk through how online advertising works, what malvertising is and why it’s dangerous including real life examples, and finally the options that exist for organizations and private citizens to try and protect themselves from these threats.
from Cisco Blog » Security https://ift.tt/2YgDU39
IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by a Jetty vulnerability (CVE-2018-12545)
IBM Netcool Agile Service Manager has addressed the following vulnerability.
CVE(s): CVE-2018-12545
Affected product(s) and affected version(s):
Affected IBM Netcool Agile Service Manager | Affected Versions |
---|---|
IBM Netcool Agile Service Manager | 1.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10958555
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161491
The post IBM Security Bulletin: IBM Netcool Agile Service Manager is affected by a Jetty vulnerability (CVE-2018-12545) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2OxUwPA
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager
There are multiple vulnerabilities in IBM® Runtime Environment Java Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in April 2019.
CVE(s): CVE-2019-10245, CVE-2019-2684, CVE-2019-2602, CVE-2019-2697, CVE-2019-2698, CVE-2019-2699
Affected product(s) and affected version(s):
IBM Netcool Agile Service Manager 1.1.3 – 1.1.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10887461
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160010
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159789
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159790
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159791
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2YiGkyk
IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2019-2684)
Vulnerabilities in IBM® SDK Java Technology Edition, Versions 7 and 8 used by WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in April 2019. These issues are also addressed by WebSphere Application Server Network Deployment shipped with WebSphere Service Registry and Repository.
CVE(s): CVE-2019-2684
Affected product(s) and affected version(s):
WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio V8.0 and V8.5 are affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883090
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776
The post IBM Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2019-2684) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2OxUuHs
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications
Jul 31, 2019 9:01 am EDT
Categorized: High Severity
Share this post:
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 7 and Java™ Version 8 that is used by IBM Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in Apr 2019.
CVE(s): CVE-2019-10245, CVE-2019-2602, CVE-2019-2697, CVE-2019-2698, CVE-2019-2699
Affected product(s) and affected version(s):
IBM Content Collector for SAP Applications 4.0.0.2
IBM Content Collector for SAP Applications 4.0.0.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10960816
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160010
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159789
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159790
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159791
from IBM Product Security Incident Response Team https://ift.tt/2YhZKTU
IBM Security Bulletin: Secure Gateway is affected by a Denial of Service vulnerability (CVE-2019-5428)
Secure Gateway has addressed the following vulnerability: CVE-2019-5428
CVE(s): CVE-2019-5428
Affected product(s) and affected version(s):
Affected Secure Gateway | Affected Versions |
---|---|
Secure Gateway Client | 1.8.2.0-1.8.2.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10959839
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160026
The post IBM Security Bulletin: Secure Gateway is affected by a Denial of Service vulnerability (CVE-2019-5428) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2OxUtDo
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Netcool Agile Service Manager
There are multiple vulnerabilities in IBM® Runtime Environment Java Version 8 used by Netcool Agile Service Manager. Netcool Agile Service Manager has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in January 2019.
CVE(s): CVE-2018-1890, CVE-2018-12549, CVE-2018-12547, CVE-2019-2422, CVE-2019-2449, CVE-2019-2426, CVE-2018-11212
Affected product(s) and affected version(s):
Netcool Agile Service Manager 1.1.3 – 1.1.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10887917
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157513
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155741
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155766
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Netcool Agile Service Manager appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2Yh57mr
DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks
What could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control?
Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a vulnerability with some level of "unsupervised" physical access to a small aircraft before the plane takes off.
The United States Department of Homeland Security's (DHS) has issued
an alertfor the same, warning owners of small aircraft to be on guard against a vulnerability that could enable attackers to easily hack the plane's CAN bus and take control of key navigation systems.
The vulnerability,
discoveredby a cybersecurity researcher at Rapid 7, resides in the modern aircraft's implementation of CAN (Controller Area Network) bus—a popular vehicular networking standard used in automobiles and small aircraft that allows microcontrollers and devices to communicate with each other in applications without a host computer.
Rapid7 researcher Patrick Kiley demonstrated that a hacker with physical access to a small aircraft's wiring could attach a device—or co-opt an existing attached device—to the plane's avionics CAN bus to insert false data and communicate them to the pilot.
"Modern aircraft use a network of electronics to translate signals from the various sensors and place this data onto a network to be interpreted by the appropriate instruments and displayed to the pilot," Kiley said in a report published Tuesday.
The attacker can manipulate the following data:
- Engine telemetry readings
- Compass and attitude data
- Altitude, airspeed, and angle of attack (AoA) data
"The researchers have further outlined that a pilot relying on instrument readings would be unable to distinguish between false and legitimate readings, which could result in loss of control of the affected aircraft," the DHS' cyber division warned Tuesday.
Kiley demonstrated the attack after investigating avionics systems—an electronic control and navigation system fitted in an aircraft—from two unnamed commercial aircraft manufacturers specialized in light aircraft.
Kiley found that the key problem with the avionics CAN bus is that it is integrated into the aircraft's other components without any firewalls or authentication, which means untrusted connections over a USB adapter attached to the plane can send unauthorized commands to its electronic systems.
"In avionics, these systems provide the foundation of control systems and sensor systems and collect data such as altitude, airspeed, and engine parameters such as fuel level and oil pressure, then display them to the pilot," the researcher said.
"CAN packets also do not have recipient addresses or any kind of built-in authentication mechanism. This is what makes the bus easy to implement, but it also removes any assurance that the sending device was the actual originator of the message."
Though the attack sounds scary, it is not easy to gain "unsupervised" physical access to a plane, given "current industry practices and regulations," nevertheless, the Rapid7 report is worth paying attention to.
The researcher also pointed out that the avionics sector is lagging behind the automotive industry when it comes to the CAN bus system.
The automotive industry has made advancements in implementing safeguards, such as CAN bus-specific filtering, whitelisting, and segregation, that prevent similar physical attacks to CAN bus systems. Aircraft makers should also implement these safeguards.
The DHS' CISA is urging aircraft manufacturers to consider network protections around the CAN bus system and make sure they restrict access to their planes to the best of their abilities.
from The Hacker News https://ift.tt/318iUsi
Tuesday, July 30, 2019
USN-4080-1: OpenJDK 8 vulnerabilities
openjdk-8 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in OpenJDK.
Software Description
- openjdk-8 - Open Source Java implementation
Details
Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. (CVE-2019-2745)
It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762)
It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769)
It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786)
Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816)
Nati Nimni discovered that the Java Cryptography Extension component in OpenJDK did not properly perform array bounds checking in some situations. An attacker could use this to cause a denial of service. (CVE-2019-2842)
It was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 16.04 LTS
- openjdk-8-jdk - 8u222-b10-1ubuntu1~16.04.1
- openjdk-8-jdk-headless - 8u222-b10-1ubuntu1~16.04.1
- openjdk-8-jre - 8u222-b10-1ubuntu1~16.04.1
- openjdk-8-jre-headless - 8u222-b10-1ubuntu1~16.04.1
- openjdk-8-jre-jamvm - 8u222-b10-1ubuntu1~16.04.1
- openjdk-8-jre-zero - 8u222-b10-1ubuntu1~16.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References
from Ubuntu Security Notices https://ift.tt/2MqKUmX
IBM Security Bulletin: IBM StoredIQ is affected by a missing function level access control vulnerability (CVE-2019-4163)
IBM StoredIQ has addressed the following vulnerability: Missing function level access control.
CVE(s): CVE-2019-4163
Affected product(s) and affected version(s):
Affected Product | Affected Versions |
---|---|
IBM StoredIQ | 7.6.0.0. – 7.6.0.18 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10960009
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158696
The post IBM Security Bulletin: IBM StoredIQ is affected by a missing function level access control vulnerability (CVE-2019-4163) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2ZjTpnC
IBM Security Bulletin: IBM StoredIQ is affected by a denial of service attack vulnerability (CVE-2019-4165)
IBM StoredIQ has addressed the following vulnerability: Denial of service attack.
CVE(s): CVE-2019-4165
Affected product(s) and affected version(s):
Affected Product | Affected Versions |
---|---|
IBM StoredIQ | 7.6.0.0. – 7.6.0.18 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10960131
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158698
The post IBM Security Bulletin: IBM StoredIQ is affected by a denial of service attack vulnerability (CVE-2019-4165) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2GAdeQg
IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885)
A vulnerability in IBM Business Space can allow an attacker to cause an external service invocation.
CVE(s): CVE-2018-1885
Affected product(s) and affected version(s):
– IBM Business Monitor V8.5.5
– IBM Business Monitor V8.5.6
– IBM Business Monitor V8.5.7
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10960282
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152020
The post IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2ZkZO1L
Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage.
All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel GroĂź and Natalie Silvanovich of Google Project Zero, which the company patched just last week with the release of the latest
iOS 12.4 update.
Four of these vulnerabilities are "interactionless" use-after-free and memory corruption issues that could let remote attackers achieve arbitrary code execution on affected iOS devices.
However, researchers have yet released details and exploits for three of these four critical RCE vulnerabilities and kept one (CVE-2019-8641) private because the latest patch update did not completely address this issue.
The fifth vulnerability (CVE-2019-8646), an out-of-bounds read, can also be executed remotely by just sending a malformed message via iMessage. But instead of code execution, this bug allows an attacker to read the content of files stored on the victim's iOS device through leaked memory.
Here below, you can find brief details, links to the security advisory, and PoC exploits for all four vulnerabilities:
- CVE-2019-8647 (RCE via iMessage) — This is a use-after-free vulnerability that resides in the Core Data framework of iOS that can cause arbitrary code execution due to insecure deserialization when NSArray initWithCoder method is used.
- CVE-2019-8662 (RCE via iMessage) — This flaw is also similar to the above use-after-free vulnerability and resides in the QuickLook component of iOS, which can also be triggered remotely via iMessage.
- CVE-2019-8660 (RCE via iMessage) — This is a memory corruption issue resides in Core Data framework and Siri component, which if exploited successfully, could allow remote attackers to cause unexpected application termination or arbitrary code execution.
- CVE-2019-8646 (File Read via iMessage) — This flaw, which also resides in the Siri and Core Data iOS components, could allow an attacker to read the content of files stored on iOS devices remotely without user interactions, as user mobile with no-sandbox.
Besides these 5 vulnerabilities, Silvanovich also last week released details and a PoC exploit for another out-of-bounds read vulnerability that also allows remote attackers to leak memory and read files from a remote device.
The vulnerability, assigned as
CVE-2019-8624, resides in Digital Touch component of watchOS and affects Apple Watch Series 1 and later. The issue has been patched by Apple this month with the release of watchOS 5.3.
Since proof-of-concept exploits for all these six security vulnerabilities are now available to the public, users are highly recommended to upgrade their Apple devices to the latest version of the software as soon as possible.
Besides security vulnerabilities, the long-awaited iOS 12.4 updates for iPhone, iPad, and iPod touch also came up with some new features, including the ability to wirelessly transfer data and migrate directly from an old iPhone to a new iPhone during setup.
from The Hacker News https://ift.tt/33adJu2
Monday, July 29, 2019
Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Another week, another massive data breach.
Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada.
The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of customers who had applied for a credit card between 2005 and 2019, Capital One said in a statement.
However, the security incident only came to light after July 19 when a hacker posted information about the theft on her GitHub account.
The FBI Arrested the Alleged Hacker
The FBI arrested Paige Thompson a.k.a erratic, 33, a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016, in relation to the breach, yesterday morning and seized electronic storage devices containing a copy of the stolen data.
Thomson appeared in U.S. District Court on Monday and was charged with computer fraud and abuse, which carries up to five years in prison and a $250,000 fine. A hearing has been scheduled for August 1, 2019.
According to court documents [
PDF], Thomson allegedly exploited a misconfigured firewall on Capital One's Amazon Web Services cloud server and unauthorizedly stole more than 700 folders of data stored on that server sometime in March.
"Capital One quickly alerted law enforcement to the data theft — allowing the FBI to trace the intrusion," U.S. Attorney Moran
said. "I commend our law enforcement partners who are doing all they can to determine the status of the data and secure it."
Number of People and Types of Information Affected
The compromised data includes approximately 140,000 Social Security numbers and 80,000 bank account numbers linked to American customers, and 1 million Canadian Social Insurance numbers.
Besides this, some customers' names, addresses, dates of birth, credit scores, credit limits, balances, payment history, and contact information were also compromised in the security breach.
However, in a
statementreleased on Monday, Capital One assured its customers that "no credit card account numbers or log-in credentials were compromised" and that more than 99% of the Social Security numbers that the company has on file weren't affected.
"Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement," Capital One said.
"The FBI has arrested the person responsible. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual."
The company also said it will notify the affected customers and will provide free credit monitoring services to those affected.
from The Hacker News https://ift.tt/2yoTfPQ
IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the ‘docker cp’
IBM Cloud Automation Manager is affected by an issue with docker cp command that is vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges.
CVE(s): CVE-2018-15664
Affected product(s) and affected version(s):
IBM Cloud Automation Manager 3.1.x, 3.2.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10960227
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161681
The post IBM Security Bulletin: IBM Cloud Automation Manager is affected by an issue with API endpoints behind the ‘docker cp’ appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2Yz3Eak
IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285)
There is a clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center.
CVE(s): CVE-2019-4285
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Liberty
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884064
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160513
The post IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2SO27YY
IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Financial Transaction Manager for Digital Payments
Jul 29, 2019 9:03 am EDT
Categorized: Medium Severity
Share this post:
There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Digital Payments. Financial Transaction Manager for Digital Payments (FTM DP) has addressed the applicable CVE.
CVE(s): CVE-2019-2684
Affected product(s) and affected version(s):
FTM DP: 3.2.0.0 – 3.2.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10884034
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776
from IBM Product Security Incident Response Team https://ift.tt/2Yz3qQw
IBM Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Asset Analyzer.
Jul 29, 2019 9:03 am EDT
Categorized: High Severity
Share this post:
A vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.30 and IBM® Runtime Environment Java™ Version 8.0.5.30 used by Rational Asset Analyzer. Rational Asset Analyzer has addressed the applicable CVEs.
CVE(s): CVE-2019-2602
Affected product(s) and affected version(s):
Affected Versions | Affected Versions |
---|---|
Rational Asset Analyzer | 6.1.0.1 – 6.1.0.20 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10959041
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
from IBM Product Security Incident Response Team https://ift.tt/2SKZUNQ
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments
There are multiple vulnerabilities in IBM® Runtime Environment Java Version 8 used by Financial Transaction Manager for Digital Payments. Financial Transaction Manager for Digital Payments (FTM DP) has addressed the applicable CVEs.
CVE(s): CVE-2018-1890, CVE-2018-12547
Affected product(s) and affected version(s):
FTM DP: 3.2.0.0 – 3.2.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10875308
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2YoXDx5
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring
Jul 29, 2019 9:02 am EDT
Categorized: High Severity
Share this post:
There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.
CVE(s): CVE-2019-10245, CVE-2019-2684, CVE-2019-2602, CVE-2019-2697, CVE-2019-2698, CVE-2018-1890, CVE-2019-2422, CVE-2019-2426, CVE-2018-11212
Affected product(s) and affected version(s):
The following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin:
-Java (CANDLEHOME) ITM 6.3.0 through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-1890, CVE-2019-2426, CVE-2019-2697 and CVE-2019-2684)
-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.3.0 through 6.3.0 Fix Pack 7 (All CVE’s listed)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10959883
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160010
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159789
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159790
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155741
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429
from IBM Product Security Incident Response Team https://ift.tt/2SS0cCv
IBM Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by a XML External Entity (XXE) vulnerability
Jul 29, 2019 9:02 am EDT
Categorized: High Severity
Share this post:
IBM i2 Intelligent Analyis Platform has addressed the following vulnerability. XML External Entity vulnerability. This vulnerability allows attackers to exploit the External Entity feature of XML, resulting in the potential for an external party to gain access to sensitive information, or cause the users system to make calls to remote servers.
CVE(s): CVE-2019-4062
Affected product(s) and affected version(s):
IBM i2 Analyst’s Notebook 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.1.0, 9.1.1
IBM i2 Analyst’s Notebook Premium 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1
IBM i2 Enterprise Insight Analysis
IBM i2 Analyst’s Notebook and Notebook Premium are available in this offering. If either have been installed from this offering, please refer to your product downloads page to determine the version of IBM i2 Analyst’s Notebook or Notebook Premium you have included and refer to the remediation section of this bulletin to find an associated fix
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881746
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157007
from IBM Product Security Incident Response Team https://ift.tt/2YDc68R
IBM Security Bulletin: Financial Transaction Manager for Digital Payments for Multi-Platform is affected by vulnerabilities in IBM Java Runtime
Financial Transaction Manager for Digital Payments for Multi-Platform has addressed the following vulnerability. There are multiple vulnerabilities in IBM® Runtime Environment Java Version 8 that has addressed the applicable CVEs.
CVE(s): CVE-2018-3180
Affected product(s) and affected version(s):
FTM DP: 3.2.0.0 – 3.2.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10743143
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
The post IBM Security Bulletin: Financial Transaction Manager for Digital Payments for Multi-Platform is affected by vulnerabilities in IBM Java Runtime appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2SLSrhv
IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
Jul 29, 2019 9:02 am EDT
Categorized: High Severity
Share this post:
This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.8. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics 2.0.7 and lower. IBM Planning Analytics 2.0.8 has addressed the applicable CVEs by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 35. As of version 2.0.6, IBM Planning Analytics is no longer compatible with IBM® Runtime Environment Java™ Version 7. IBM Planning Analytics 2.0.8 (Windows) will install IBM® Runtime Environment Java™ Version 8. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Bulletin”, located in the
CVE(s): CVE-2018-12547, CVE-2019-4245, CVE-2017-15422, CVE-2014-9654, CVE-2014-7926, CVE-2014-7923, CVE-2011-4599, CVE-2017-14952, CVE-2016-7415, CVE-2018-1902, CVE-2019-4046, CVE-2018-1000873
Affected product(s) and affected version(s):
Planning Analytics 2.0
Planning Analytics 2.0.1
Planning Analytics 2.0.2
Planning Analytics 2.0.3
Planning Analytics 2.0.4
Planning Analytics 2.0.5
Planning Analytics 2.0.6
Planning Analytics 2.0.7
IBM Planning Analytics Local 2.0 (Planning Analytics Workspace)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884724
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/23094
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136054
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/110456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/100297
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/100294
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/71726
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133526
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117035
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152531
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154804
from IBM Product Security Incident Response Team https://ift.tt/2YDbY9n
IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871)
Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE(s): CVE-2018-1871
Affected product(s) and affected version(s):
FTM DP v3.2.0.0, v3.2.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10743117
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151329
The post IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2SLcuws
Cisco Scores BIG With A New IETF-Approved Internet Standard
All great teams have a shared language. Whether you’re the reigning World Cup Champions or an IT team on the frontlines of network defense, collaboration is the key to success. And effective collaboration hinges on communication.
For years, Cisco has operated on the cutting-edge of communication standards, working tirelessly to make multi-platform communication seamless and efficient.
This June, Cisco achieved a historic milestone when the Internet Engineering Task Force (IETF) declared our XMPP-Grid architecture an official Internet standard for security information exchange.
Cisco’s Extensible Messaging and Presence Protocol (XMPP) – the underpinnings of Cisco Platform Exchange Grid (pxGrid for short) 1.0 – ushered in a new era of seamless collaboration, allowing information to be shared between security platforms from multiple vendors. Prior to this innovation, IT teams faced a discouraging reality: Despite having a wealth of security information from dozens of multivendor platforms at their fingertips, it was nearly impossible for IT teams to configure these technologies to share identity and context information in real-time.
pxGrid enables IT teams to harness the full potential of their security technologies. An open, scalable, and highly-secure form of security information exchange, Cisco’s pxGrid technology facilitates integrations between its 60 Technical Alliance Partners today. These integrations eliminate the complexity of single-purpose APIs by allowing all integrated platforms to publish and subscribe to relevant security information. With this additional security context, actionable intelligence is available to perform automated incident response, for mitigating risks and containing threats more effectively. In short, pxGrid enhances the power of your security apparatus through effective communication.
And this is only the start: As Cisco’s nearly 40,000 Identity Services Engine customers migrate to pxGrid 2.0’s WebSocket based architecture, Cisco continues to lead the way in a growing ecosystem of open security information exchange.
Cisco’s implementation of the standard, pxGrid, is available on Cisco Identity Services Engine (ISE). If you are one of our Cisco ISE customers already collaborating effectively via Cisco pxGrid, thank you for supporting our community! And if you have technology partners who have not yet integrated their platforms with Cisco pxGrid, please request that they adopt this new standard.
If you are a Cisco ISE customer but have yet to benefit from security ecosystem integrations to address use cases such as intent based network segmentation and rapid threat containment, please learn about how Cisco pxGrid can be licensed and deployed.
Megan Rapinoe and Alex Morgan would probably be the first to say that the success of the US Women’s National Team depends on superior communication. As an IETF-approved internet standard, pxGrid helps elevate your information security practices. Through this open communication standard, your security technologies work together to form a solid defense, so your company is free to concentrate on business and score big where it matters.
from Cisco Blog » Security https://ift.tt/2ymKFRE
Viral FaceApp Unnecessarily Requests Access to Users' Facebook Friends List
FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason.
The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the app to see how they would look when they are older or younger, or swap genders.
The app also contains a feature that allows users to download and edit photos from their Facebook accounts, which only works when a user enables FaceApp to access the social media account via the 'Login with Facebook' option.
As you can see in the screenshot above, besides requesting for access to your basic profile information and photos, FaceApp also fetches the list of your Facebook friends "who also use and have shared their friends' lists with FaceApp."
Have you yet asked yourself why this app asks for permission it unlikely need to perform its intended function?
FaceApp Unnecessarily Access Your Facebook Friends Lists
Indian security researcher
Athul Jayaramrecently contacted The Hacker News raising a huge red flag about the collection of users' Facebook friend list data that FaceApp currently doesn't use in any way to function itself or power any of its features.
"When an app asks for permissions that are unnecessary to its functioning, you should think twice before downloading it."
We also tried to find if FaceApp in someway is using this data to "enhance the user experience," but we failed to find one that justifies the collection of this particular data.
Upon being contacted,
FaceApp CEO Yaroslav Goncharov told The Hacker Newsthat FaceApp had a feature called "Social Stylist," that was designed to let users invite their Facebook friends to vote for their best style.
Apparently, the feature has now been discontinued, but the app still collects your friend list when you choose to Login with Facebook.
"We don't have this data anymore and planning not to request this permission soon. We used to have some social features (Social Stylist: you could invite your friends to vote for the best style, have a feed, etc.), those features needed this permission," Goncharov told The Hacker News.
"Please note that don't require a Facebook login for FaceApp to work, so only a few users are logged in."
It's a concerning issue considering the fact that the app has recently gone viral worldwide, crushing the App Store in 81 countries in just 6 days and climbing to number 1 spot from 1,370 on the top free apps chart in the US in only 5 days.
The Hacker News has also contacted Facebook, informing them about this FaceApp practice and asking them to comment on the matter.
How to Stop FaceApp From Accessing Irrelevant Personal Data
No doubt, "
Login with Facebook" service makes logging in and creating accounts for various third-party online services, apps and games easier, but most of the times developers request access to a lot of your data unnecessarily.
FaceApp works completely fine without even connecting your Facebook account with the photo-editing app when you choose to select photos from your device storage, but if you still want to use the app to download Facebook photos, you can do it without revealing your Friends List.
For those unaware, Facebook already has an option that allows users to edit and explicitly choose what permissions they want to grant an app from a list of requested permissions pre-defined by its developer.
While connecting your Facebook account with FaceApp or any other third-party service, Facebook displays a page with an edit button, allowing users to toggle OFF permissions they don't want third-party apps to access.
However, if you have already given FaceApp permission to access your Friend list or any other unnecessary permission, you can also edit it in your Facebook account settings under "
Apps and Website" section.
It should be noted that just removing the app or restricting permissions would not erase your data from the FaceApp servers.
FaceApp CEO Goncharov suggests that users can request the company to delete all data from FaceApp's servers by using 'Settings→Support→Report a bug' with the word 'Privacy' in the subject line.
Other Recent FaceApp Privacy Concerns
It is not the first time when FaceApp has been under scrutiny related to privacy issues.
Just after a week of going viral, privacy advocates and media raised concerns surrounding FaceApp's loosely-phrased privacy policy, which says that the use of the app grants the Russian-made app a "perpetual" license to your photos, allowing it to use your likeness, name, and username, for any purpose, without your consent, forever, even if you delete it.
"You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public," FaceApp's 'Terms of Use' agreement says.
Besides this, during the same time, another concern was raised that FaceApp wasn't just accessing users' submitted photos but also grabbing the entire camera roll from users' phones.
However, it was not the case, as French security researcher Baptiste Robert, who goes by
Elliot Aldersonon Twitter, refuted the speculation through his technical investigation, confirming that the app only uploads a photo selected by a user to its server for editing.
from The Hacker News https://ift.tt/2MoPGl8
Sunday, July 28, 2019
Saturday, July 27, 2019
Friday, July 26, 2019
IBM Security Bulletin: ViewONE is vulnerable to XXE attack via HTTP payload (CVE-2019-4456)
A specially crafted XML payload to the ViewONE service can result in a denial of service attack.
CVE(s): CVE-2019-4456
Affected product(s) and affected version(s):
Daeja ViewONE Virtual 5.0 – 5.0.6
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10959177
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163620
The post IBM Security Bulletin: ViewONE is vulnerable to XXE attack via HTTP payload (CVE-2019-4456) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/30Z2q62
IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential SQL Injection vulnerability (CVE-2019-4032)
Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential blind SQL injection on a web service.
CVE(s): CVE-2019-4032
Affected product(s) and affected version(s):
FTM DP v3.2.0.0-3.2.0.1, v3.2.1.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10869504
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155998
The post IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential SQL Injection vulnerability (CVE-2019-4032) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2LKReGu
This Week in Security News: Unpatched Systems and Lateral Phishing
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about an attack against Elasticsearch that delivers backdoors as its payload. Additionally, read how cybercriminals are turning to hijacked accounts to perform lateral phishing attacks on organizations.
Read on:
Trend Micro spotted another attack against Elasticsearch that deviates from the usual profit-driven motive by delivering backdoors as its payload. These threats can turn affected targets into botnet zombies used in distributed-denial-of-service (DDoS) attacks.
Trend Micro Approved as an SLP Plus Endpoint Security Vendor
Trend Micro announced its endpoint security products are available for purchase via the California Software Licensing Program (SLP) Plus vehicle. This means government agencies don’t have to carry out a formal proof-of-concept or RFP to purchase, which will shorten sales cycles and ensure they benefit from security sooner.
Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-Year-Old XHide
Trend Micro detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor that is capable of scanning for open ports, downloading files, executing UDP floods, and remotely executing shell commands. The miner process is hidden using XHide Process Faker, a 17-year old open source tool used to fake the name of a process.
Zuckerberg Promises ‘Completely New Standard’ for Privacy Following FTC Fine
The Federal Trade Commission formally approved a record $5 billion settlement with Facebook over the company’s privacy policies, requiring the company to establish a new board committee on privacy and making CEO Mark Zuckerberg report each quarter to the FTC on how the company is taking steps to protect consumer privacy.
Hackers Exploit ERP App Flaw for Fraudulent Accounts in 62 Colleges, Universities
The U.S. Department of Education released a security alert after 62 higher education institutions were reportedly infiltrated via Ellucian, an enterprise resource planning web app, and the attackers hijacked students’ IDs to create fraudulent accounts.
Equifax Exposed 150 Million Americans’ Personal Data. Now it Will Pay Up to $700 million
Equifax Inc. has reached a deal to pay up to $700 million to a slew of state and federal regulators to settle probes stemming from a 2017 data breach that exposed nearly 150 million Americans’ Social Security numbers and other sensitive personal information.
Cybercriminals have recently been sending phishing emails specifically targeting Microsoft Office 365 administrators to gain administrative control over an organization’s Office 365 domain and accounts. Additionally, they’ve been turning to hijacked accounts to perform phishing attacks — a technique called lateral phishing.
Cybercrime and Exploits: Attacks on Unpatched Systems
Cybercriminals exploiting unpatched system vulnerabilities continue to be one of the top reasons enterprises suffer unauthorized intrusions. Trend Micro compiled some of the most destructive cyberattacks and data breaches over the past few years, showing the that failing to patch systems with the latest security updates can inflict a costly amount of damage, making the time it takes to patch systems worth it.
A hacker broke into Bulgaria’s largest tax database and stole the financial details of every working adult in the country before releasing them online. In their search for the perpetrator, police arrested 20-year-old Kristian Boykov charging him with committing a computer crime against critical infrastructure.
FIN8 Reemerges with New PoS Malware Badhatch
Security researchers found threat group FIN8 reappearing after two years with a new point-of-sale (PoS) malware named Badhatch, which is designed to steal credit card information. Badhatch features capabilities that allow it to scan for victim networks, provide attackers with remote access, install a backdoor, and deliver other modified malware payloads such as PoSlurp and ShellTea.
Do you trust organizations to patch system vulnerabilities in a timely manner? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Unpatched Systems and Lateral Phishing appeared first on .
from Trend Micro Simply Security https://ift.tt/2YpYVYI
via IFTTT