Wednesday, November 30, 2016

Password Manager Pro — Easiest Way to Keep Enterprises Secure


Recent corporate breaches have taught us something important — the average enterprise user is spectacularly bad at choosing good passwords.

As modern enterprise is becoming a hybrid organization with infrastructure spread across on-premises data centers as well as in the cloud, security of information, applications, and assets has become a paramount concern.

Cyber security is no longer an optional strategy for businesses, where limited visibility into the password practices of employees and ineffective monitoring of privileged credentials could end up an organization with a serious security breach and identity theft.

The first line of defense for any organization or company is passwords, but most organizations grossly underestimate the need to comply with corporate password policies and meet IT regulatory requirements.

Large enterprises have a policy in place that requires end users to choose strong passwords that can withstand dictionary and brute-force attacks, but it comes out to be non-effective, as there are still possibilities that users will go against the policy and pick a simple password.

Even if an organization's IT department forces their employees to choose strong passwords, those strong passwords are stored in text-based files like spreadsheets, or even worse, Word documents.

Not to mention how secure these files are and how able they are to restrict who can access which passwords.

We know that Ignorance is Bliss, but in this case, ignorance can place your enterprise and its data at risk.

In addition to the issues related to creating strong, unique passwords and securely storing them, large enterprises face another important issue - sharing the impersonal administrative accounts among the team members, which can be very challenging. For example, a particular 'administrator' account on Windows will be used by multiple users and all of them will be using the same log in credentials.

The Solution? Password Manager for Enterprise:

Password Manager

not only forces one to have strong, unique passwords, but also remembers on your behalf, determines when those passwords have to change, and includes an admin console for controlling all passwords and access to critical services within the enterprise.

I'm impressed with ManageEngine's privileged password management solution — Password Manager Pro that already has VMWare, Walmart, EMC2, and NASA on its customer list.

Password Manager Pro (PMP) is specially designed for enterprise teams and provides a complete solution to control, manage, monitor, and audit the entire lifecycle of privileged access, helping them detect suspicious events in real-time.

Password Manager Pro encrypts and stores all your sensitive data in a centralized vault, including passwords, documents, and digital identities, which are then retrieved through a Web interface.

Administrators can consolidate all the passwords, create an inventory, define password policy, set password expiration, and share passwords among authorized users by granting them exclusive privileges or temporary access.

Deploying Password Manager Pro is easy, as it only takes a few minutes for the web-based management software to install its database and web-server, which is available for Windows and Linux.

However, users can access their portal through mobile apps or browser extensions from any device, including Android, iOS, and Windows.

In a single package, Password Manager Pro offers three solutions:

1. Privileged Account Management

Once deployed, Password Manager Pro automatically discovers all IT assets in your network and lists all the privileged accounts associated with them, which enables administrators to quickly secure all the privileged identities by enforcing password management best practices.

This includes the use of strong passwords, securing sensitive data and passwords with AES 256-bit strong encryption, and securely sharing administrative passwords across your organization based on need, with granular access restrictions.

Most importantly, the Password Manager Pro is also designed to automate the password reset and synchronization process across the entire enterprise for a broad range of target systems.

This centralized and enterprise-wide 'Automated Password Resets' feature helps IT administrators get rid of unchanged passwords and protect all sensitive resources from unauthorized access.

In other words, Password Manager Pro allows IT administrator to reset passwords when required or automatically randomizes through scheduled tasks in order to ensure usage of strong passwords and periodic resets by creating and enforcing strict password policies.

2. Remote Access Management

One of the outstanding features of Password Manager Pro is its ability to help administrators launch a direct connection with all remote devices, including those in remote data centers, with just one click from the product's GUI.

With its secure gateways, Password Manager Pro helps you provide remote access to your IT resources to employees and third-party contractors without even disclosing the passwords in plain-text. In other words, PMP enables remote login to devices without sharing passwords at all!

From its web-interface, authorized users can directly launch RDP, SSH, Telnet, and SQL console sessions, wherein all connections will be tunneled through Password Manager Pro's server and require no direct connectivity between the user device and remote host.

This feature has obvious advantages like saving time that usually used to copy/paste passwords from the document, and increasing accountability as PasswordManager Pro tracks access and usage of passwords.

3. Privileged Session Management

The remote connections to devices launched from Password Manager Pro's GUI can be closely monitored through PMP's Privileged Session Manager. All actions done by the users during the privileged session are video recorded and stored for forensic audits. The video records can be played back anytime, to trace actions to users.

Password Manager Pro also includes a session shadowing feature that offers session recording capabilities to real-time monitoring of sensitive privileged sessions launched by other users.

If any suspicious activity is discovered, administrators can immediately terminate sessions in real time, giving admins complete control over privileged sessions.

One can also enable two-factor authentication (2FA) and mobile access for authorized users or groups.

How to Get Password Manager Pro?

Password Manager Pro supports several different user access roles including super admin, admin, and regular password users. An

online demo of Password Manager Pro

is available here, in case you want to have a quick look to the application.

Besides this, ManageEngine Password Manager Pro is now available in MSP edition as well, which is specially designed for the Managed Service Providers who manages the IT and network infrastructure of their customers.

ManageEngine's

Password Manager Pro MSP Edition

allows businesses to manage administrative passwords of their clients separately from a single management console or offer Password Management Service to them.

So, if ManageEngine Password Manager Pro fits for your organization, you can give it a try. Pricing depends on the level, number of administrators and language.

The cost varies widely, from the annual subscription of $495 for Standard edition, Single-language, and 2-admin (the number of users is unlimited) to $19,995 for an Enterprise edition, Multi-language, 200-admin, perpetual license.

All editions of ManageEngine Password Manager Pro can be downloaded (Windows/Linux) directly from the

ManageEngine official website

.

To understand how Password Manager Pro helps mitigate security risks related to privileged access, you can simply

download the eBook for free

.



from The Hacker News http://ift.tt/2gIFK6C

以前より破壊的になって復活した Shamoon

Mirai: IoT ボットネットによる攻撃の新しい波、ドイツのユーザーを直撃

Shamoon:死灰复燃且破坏性不减当年

USN-3141-1: Thunderbird vulnerabilities

Ubuntu Security Notice USN-3141-1

30th November, 2016

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong,
Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues
in Thunderbird. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5290)

A same-origin policy bypass was discovered with local HTML files in some
circumstances. An attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5291)

A heap buffer-overflow was discovered in Cairo when processing SVG
content. If a user were tricked in to opening a specially crafted message,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code. (CVE-2016-5296)

An error was discovered in argument length checking in Javascript. If a
user were tricked in to opening a specially crafted website in a browsing
context, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5297)

A buffer overflow was discovered in nsScriptLoadHandler. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code. (CVE-2016-9066)

A use-after-free was discovered in SVG animations. If a user were tricked
in to opening a specially crafted website in a browsing context, an
attacker could exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9079)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.10:
thunderbird 1:45.5.1+build1-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
thunderbird 1:45.5.1+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
thunderbird 1:45.5.1+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
thunderbird 1:45.5.1+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2016-5290, CVE-2016-5291, CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-9079



from Ubuntu Security Notices http://ift.tt/2gX2X5e

FBI gains expanded hacking powers after lawmakers' attempts to block fail

Mozilla Releases Security Updates

USN-3140-1: Firefox vulnerabilities

Ubuntu Security Notice USN-3140-1

30th November, 2016

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software description

  • firefox - Mozilla Open Source web browser

Details

It was discovered that data: URLs can inherit the wrong origin after a
HTTP redirect in some circumstances. An attacker could potentially
exploit this to bypass same-origin restrictions. (CVE-2016-9078)

A use-after-free was discovered in SVG animations. If a user were tricked
in to opening a specially crafted website, an attacker could exploit this
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-9079)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.10:
firefox 50.0.2+build1-0ubuntu0.16.10.1
Ubuntu 16.04 LTS:
firefox 50.0.2+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
firefox 50.0.2+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox 50.0.2+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2016-9078, CVE-2016-9079



from Ubuntu Security Notices http://ift.tt/2gmkAdT

USN-3147-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3147-1

30th November, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10

Summary

Several security issues were fixed in the kernel.

Software description

  • linux - Linux kernel

Details

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.10:
linux-image-powerpc-smp 4.8.0.28.37
linux-image-powerpc-e500mc 4.8.0.28.37
linux-image-generic 4.8.0.28.37
linux-image-4.8.0-28-lowlatency 4.8.0-28.30
linux-image-lowlatency 4.8.0.28.37
linux-image-4.8.0-28-generic 4.8.0-28.30
linux-image-4.8.0-28-powerpc-e500mc 4.8.0-28.30
linux-image-4.8.0-28-powerpc64-emb 4.8.0-28.30
linux-image-generic-lpae 4.8.0.28.37
linux-image-4.8.0-28-powerpc-smp 4.8.0-28.30
linux-image-powerpc64-emb 4.8.0.28.37
linux-image-4.8.0-28-generic-lpae 4.8.0-28.30

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7097, CVE-2016-7425



from Ubuntu Security Notices http://ift.tt/2gJDWYE

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities

Ubuntu Security Notice USN-3146-2

30th November, 2016

linux-lts-xenial vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty

Details

USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that the __get_user_asm_ex implementation in the Linux
kernel for x86/x86_64 contained extended asm statements that were
incompatible with the exception table. A local attacker could use this to
gain administrative privileges. (CVE-2016-9644)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)

Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp-lts-xenial 4.4.0.51.38
linux-image-lowlatency-lts-xenial 4.4.0.51.38
linux-image-powerpc64-smp-lts-xenial 4.4.0.51.38
linux-image-4.4.0-51-powerpc64-smp 4.4.0-51.72~14.04.1
linux-image-virtual-lts-xenial 4.4.0.51.38
linux-image-4.4.0-51-lowlatency 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-generic 4.4.0-51.72~14.04.1
linux-image-generic-lpae-lts-xenial 4.4.0.51.38
linux-image-4.4.0-51-powerpc-e500mc 4.4.0-51.72~14.04.1
linux-image-4.4.0-51-powerpc64-emb 4.4.0-51.72~14.04.1
linux-image-powerpc64-emb-lts-xenial 4.4.0.51.38
linux-image-generic-lts-xenial 4.4.0.51.38
linux-image-4.4.0-51-powerpc-smp 4.4.0-51.72~14.04.1
linux-image-powerpc-e500mc-lts-xenial 4.4.0.51.38
linux-image-4.4.0-51-generic-lpae 4.4.0-51.72~14.04.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644



from Ubuntu Security Notices http://ift.tt/2gJMcYu

USN-3146-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3146-1

30th November, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux - Linux kernel

Details

It was discovered that the __get_user_asm_ex implementation in the Linux
kernel for x86/x86_64 contained extended asm statements that were
incompatible with the exception table. A local attacker could use this to
gain administrative privileges. (CVE-2016-9644)

Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)

Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-powerpc-smp 4.4.0.51.54
linux-image-powerpc-e500mc 4.4.0.51.54
linux-image-generic 4.4.0.51.54
linux-image-4.4.0-51-powerpc64-smp 4.4.0-51.72
linux-image-4.4.0-51-lowlatency 4.4.0-51.72
linux-image-lowlatency 4.4.0.51.54
linux-image-4.4.0-51-generic 4.4.0-51.72
linux-image-4.4.0-51-powerpc-e500mc 4.4.0-51.72
linux-image-4.4.0-51-powerpc-smp 4.4.0-51.72
linux-image-powerpc64-smp 4.4.0.51.54
linux-image-generic-lpae 4.4.0.51.54
linux-image-4.4.0-51-powerpc64-emb 4.4.0-51.72
linux-image-powerpc64-emb 4.4.0.51.54
linux-image-4.4.0-51-generic-lpae 4.4.0-51.72

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644



from Ubuntu Security Notices http://ift.tt/2gWbXHY

USN-3145-2: Linux kernel (Trusty HWE) vulnerabilities

Ubuntu Security Notice USN-3145-2

30th November, 2016

linux-lts-trusty vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise

Details

USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu
14.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for
Ubuntu 12.04 LTS.

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)

Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-generic-lpae-lts-trusty 3.13.0.103.94
linux-image-3.13.0-103-generic 3.13.0-103.150~precise1
linux-image-generic-lts-trusty 3.13.0.103.94
linux-image-3.13.0-103-generic-lpae 3.13.0-103.150~precise1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7425, CVE-2016-8658



from Ubuntu Security Notices http://ift.tt/2gJI4I9

USN-3145-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-3145-1

30th November, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

  • linux - Linux kernel

Details

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)

Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp 3.13.0.103.111
linux-image-powerpc-e500mc 3.13.0.103.111
linux-image-3.13.0-103-powerpc-e500 3.13.0-103.150
linux-image-3.13.0-103-generic 3.13.0-103.150
linux-image-generic 3.13.0.103.111
linux-image-3.13.0-103-generic-lpae 3.13.0-103.150
linux-image-3.13.0-103-powerpc64-emb 3.13.0-103.150
linux-image-3.13.0-103-powerpc-smp 3.13.0-103.150
linux-image-3.13.0-103-powerpc-e500mc 3.13.0-103.150
linux-image-3.13.0-103-lowlatency 3.13.0-103.150
linux-image-powerpc64-smp 3.13.0.103.111
linux-image-generic-lpae 3.13.0.103.111
linux-image-lowlatency 3.13.0.103.111
linux-image-omap 3.13.0.103.111
linux-image-powerpc64-emb 3.13.0.103.111
linux-image-3.13.0-103-powerpc64-smp 3.13.0-103.150

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7425, CVE-2016-8658



from Ubuntu Security Notices http://ift.tt/2gWcLfZ

USN-3144-2: Linux kernel (OMAP4) vulnerability

Ubuntu Security Notice USN-3144-2

30th November, 2016

linux-ti-omap4 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

  • linux-ti-omap4 - Linux kernel for OMAP4

Details

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-omap4 3.2.0.1494.89
linux-image-3.2.0-1494-omap4 3.2.0-1494.121

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7425



from Ubuntu Security Notices http://ift.tt/2gJFrFX

USN-3144-1: Linux kernel vulnerability

Ubuntu Security Notice USN-3144-1

30th November, 2016

linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

The system could be made to crash under certain conditions.

Software description

  • linux - Linux kernel

Details

Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
linux-image-powerpc-smp 3.2.0.116.132
linux-image-3.2.0-116-generic 3.2.0-116.158
linux-image-3.2.0-116-virtual 3.2.0-116.158
linux-image-3.2.0-116-generic-pae 3.2.0-116.158
linux-image-generic 3.2.0.116.132
linux-image-generic-pae 3.2.0.116.132
linux-image-highbank 3.2.0.116.132
linux-image-3.2.0-116-powerpc64-smp 3.2.0-116.158
linux-image-virtual 3.2.0.116.132
linux-image-powerpc64-smp 3.2.0.116.132
linux-image-3.2.0-116-highbank 3.2.0-116.158
linux-image-3.2.0-116-omap 3.2.0-116.158
linux-image-3.2.0-116-powerpc-smp 3.2.0-116.158
linux-image-omap 3.2.0.116.132

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2016-7425



from Ubuntu Security Notices http://ift.tt/2gWjSFe

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

Original release date: November 30, 2016

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • File a complaint with the FBI's Internet Crime Complaint Center (IC3).
  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

 


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2fM4F4m

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

Original release date: November 30, 2016

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Visit the Federal Trade Commission's Consumer Information page on Charity Scams.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2fLZSA2

First look: Blink security cameras for lazy people

Shamoon: Back from the dead and destructive as ever

Malware hit targets in Saudi Arabia and was configured to wipe disks on November 17.

Read More

from Symantec Connect - Securi... http://ift.tt/2gy0yuG

USN-3143-1: c-ares vulnerability

Ubuntu Security Notice USN-3143-1

30th November, 2016

c-ares vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

c-ares could be made to crash or run programs if it processed a specially crafted hostname.

Software description

  • c-ares - library for asynchronous name resolves

Details

Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A
remote attacker could use this issue to cause applications using c-ares to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.10:
libc-ares2 1.11.0-1ubuntu0.1
Ubuntu 16.04 LTS:
libc-ares2 1.10.0-3ubuntu0.1
Ubuntu 14.04 LTS:
libc-ares2 1.10.0-2ubuntu0.1
Ubuntu 12.04 LTS:
libc-ares2 1.7.5-1ubuntu0.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-5180



from Ubuntu Security Notices http://ift.tt/2fM2YEj

USN-3142-1: ImageMagick vulnerabilities

Ubuntu Security Notice USN-3142-1

30th November, 2016

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in ImageMagick.

Software description

  • imagemagick - Image manipulation programs and library

Details

It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.10:
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu8.2
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu8.2
imagemagick 8:6.8.9.9-7ubuntu8.2
imagemagick-6.q16 8:6.8.9.9-7ubuntu8.2
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu8.2
Ubuntu 16.04 LTS:
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.3
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.3
imagemagick 8:6.8.9.9-7ubuntu5.3
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.3
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.3
Ubuntu 14.04 LTS:
libmagick++5 8:6.7.7.10-6ubuntu3.3
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.3
libmagickcore5 8:6.7.7.10-6ubuntu3.3
imagemagick 8:6.7.7.10-6ubuntu3.3
Ubuntu 12.04 LTS:
libmagick++4 8:6.6.9.7-5ubuntu3.6
libmagickcore4 8:6.6.9.7-5ubuntu3.6
imagemagick 8:6.6.9.7-5ubuntu3.6
libmagickcore4-extra 8:6.6.9.7-5ubuntu3.6

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556



from Ubuntu Security Notices http://ift.tt/2fM1Kc1

IBM Security Bulletin: Vulnerability in OpenSSH affects IBM i (CVE-2016-8858)

OpenSSH vulnerability affects IBM i. IBM i has addressed the applicable CVE.

CVE(s): CVE-2016-8858

Affected product(s) and affected version(s):

Releases 7.1, 7.2 and 7.3 of IBM i are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gJ6wsY
X-Force Database: http://ift.tt/2fjl8hT



from IBM Product Security Incident Response Team http://ift.tt/2gJ3Hbk

IBM Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways

SSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs.

CVE(s): CVE-2016-6304, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-6306, CVE-2016-2183

Affected product(s) and affected version(s):

IBM DataPower Gateways appliances all versions through 7.0.0.15, 7.1.0.12, 7.2.0.9, 7.5.0.3, 7.5.1.2 and 7.5.2.0.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gVE8XF
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dR3VyC



from IBM Product Security Incident Response Team http://ift.tt/2gJ239A

IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

OpenSSL vulnerabilities were disclosed on September 22, 2016 and September 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs.

CVE(s): CVE-2000-1254, CVE-2016-2177, CVE-2016-2178, CVE-2016-6302, CVE-2016-6304, CVE-2016-6305, CVE-2016-6303, CVE-2016-2182, CVE-2016-2180, CVE-2016-2179, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-2183, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052

Affected product(s) and affected version(s):

IBM MobileFirst Platform Foundation 8.0.0.0
IBM MobileFirst Platform Foundation 7.1.0.0
IBM MobileFirst Platform Foundation 7.0.0.0
IBM MobileFirst Platform Foundation 6.3.0.0
IBM Worklight Consumer Edition 6.1.0.0, 6.1.0.1 and 6.1.0.2
IBM Worklight Enterprise Edition 6.1.0.0, 6.1.0.1 and 6.1.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gVHoSI
X-Force Database: http://ift.tt/2gJ8WYq
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dR3XX1
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2dmWOvf
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dR3Smm
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD



from IBM Product Security Incident Response Team http://ift.tt/2gVHI3L

IBM Security Bulletin: Multiple Vulnerabilities affect IBM Domino & IBM iNotes

There are multiple vulnerabilities in IBM Domino and IBM iNotes (shipped as part of Domino).

CVE(s): CVE-2016-3092, CVE-2016-0282, CVE-2016-5880, CVE-2016-2939, CVE-2016-5882, CVE-2016-6113, CVE-2016-5884, CVE-2016-2938, CVE-2016-2939

Affected product(s) and affected version(s):

IBM Domino 9.0.1 through 9.0.1 Fix Pack 7 IBM Domino 9.0.0x
IBM Domino 8.5.3 through 8.5.3 Fix Pack 6 Interim Fix 14
IBM Domino 8.5.2x
IBM Domino 8.5.1x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gJ2mkJ
X-Force Database: http://ift.tt/2bozrA8
X-Force Database: http://ift.tt/2gJ6vVW
X-Force Database: http://ift.tt/2gVAgWn
X-Force Database: http://ift.tt/2gJ7be5
X-Force Database: http://ift.tt/2gVR0g8
X-Force Database: http://ift.tt/2gJ90rk
X-Force Database: http://ift.tt/2gVDkSv
X-Force Database: http://ift.tt/2gJ5ZY4
X-Force Database: http://ift.tt/2gJ7be5



from IBM Product Security Incident Response Team http://ift.tt/2gVGg1A

IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-0785)

An Apache Struts vulnerability was addressed by IBM Social Media Analytics 1.3.0 IF18.

CVE(s): CVE-2016-0785

Affected product(s) and affected version(s):

IBM Social Media Analytics 1.3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gVHHgd
X-Force Database: http://ift.tt/1saMeNi



from IBM Product Security Incident Response Team http://ift.tt/2gVJ0fk

Over 1 Million Google Accounts Hacked by 'Gooligan' Android Malware


If you own an Android smartphone, Beware! A new Android malware that has already breached more than 1 Million Google accounts is infecting around 13,000 devices every day.

Dubbed

Gooligan

, the malware roots vulnerable Android devices to steal email addresses and authentication tokens stored on them.

With this information in hands, the attackers are able to hijack your Google account and access your sensitive information from Google apps including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

Researchers found traces of Gooligan code in dozens of legitimate-looking Android apps on 3rd-party app stores, which if downloaded and installed by an Android user, malware starts sending your device’s information and stolen data to its Command and Control (C&C) server.

"Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153)," researchers said in a blog post.
"If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely."

According to CheckPoint security researchers, who uncovered the malware, anyone running an older version of the Android operating system, including Android 4.x (Jelly Bean, KitKat) and 5.x, (Lollipop) is most at risk, which represents nearly 74% of Android devices in use today.

"These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user," researchers added.

Once hack into any Android device, Gooligan also generates revenues for the cyber criminals by fraudulently buying and installing apps from Google Play Store and rating them and writing reviews on behalf of the phone's owner. The malware also installs adware to generate revenue.

How to check if your Google account has been compromised with this malware?

Check Point has published an online tool to check if your Android device has been infected with the Gooligan malware. Just open ‘

Gooligan Checker

’ and enter your Google email address to find out if you've been hacked.

If you found yourself infected, Adrian Ludwig, Google's director of Android security, has recommended you to run a clean installation of the operating system on your Android device.

This process is called 'Flashing,' which is quite a complicated process. So, the company recommends you to power off your device and approach a certified technician or your mobile service provider in order to re-flash your device.



from The Hacker News http://ift.tt/2gxRLZw

One Day Is a Lifetime in Container Years

Firefox zero-day: Mozilla races to patch bug used to attack Tor browser users

How machine learning can stop terrorists from money laundering

Anonymous Hacktivist 'Barrett Brown' Released From Prison


Barrett Brown

, a journalist, formerly served as an unofficial spokesman for the hacktivist collective Anonymous, finally walked free from prison on Tuesday morning after serving more than four years behind bars.

The Dallas-born investigative journalist was

arrested in 2012

from his home while he was in the middle of an online chat after posting tweets and YouTube

video

threatening revenge against an FBI agent.

Brown, 35, initially attracted the law enforcement attention in 2011 when he shared a hyperlink to an IRC (Internet Relay Chat) channel where Anonymous members were distributing stolen information from the hack at security think tank Strategic Forecasting or Stratfor.

The hack allegedly exposed 200 gigabytes of data, which included email addresses and credit card information from Stratfor clients, including the US Army, US Air Force, and Miami Police Department.

Originally facing sentence to more than 100 years in prison,

Brown was convicted

in January 2015 under a plea agreement with prosecutors to almost five years in jail and nearly $900,000 in restitution and fines.

The two and a half years he has spent in pretrial confinement after his arrest were credited toward his total prison sentence.

Brown eventually pleaded guilty to three federal counts of obstructing a search warrant, making Internet threats and being an accessory to unauthorized access of a protected computer.

According to the Department of Justice, sharing the hyperlink was a crime because "by transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders."

On Tuesday, Brown was released from the Three Rivers Federal Correctional Institution in San Antonio, Texas, where he continued his work as a writer over the past year.

WikiLeaks Publishes 60,000 Emails From Contractor HBGary

On his release five months before the scheduled date, Former National Security Agency (NSA) subcontractor Edward Snowden

tweeted

his reaction, saying:

"Jailed since 2012 for his investigations, #BarrettBrown has finally been released from prison. Best of luck in this very different world."

Meanwhile, the whistleblower site WikiLeaks also

published

more than 60,000 emails from US private intelligence firm HBGary to celebrate Brown's release.

Hacktivist collective Anonymous initially obtained the emails in February 2011, but WikiLeaks published them in the form of a searchable database on Tuesday. Among other things, the leaked emails discussed targeting journalists and governments.



from The Hacker News http://ift.tt/2g63E8f

Press Shift + F10 during Windows 10 Upgrade to Launch Root CLI & bypass BitLocker


If your computer's security relies on Windows BitLocker Hard Drive Encryption software, then Beware! Because anyone with physical access to your PC can still access your files within few seconds.

All an attacker need to do is hold

SHIFT+F10

during Windows 10 update procedure.

Security researcher Sami Laiho

discovered

this simple method of bypassing BitLocker, wherein an attacker can open a command-line interface with System privileges just by holding SHIFT+F10 while a

Windows 10

PC is installing a new OS build.

The command-line interface (CLI) then grants the attacker full access to the computer's hard drive, even when the victim has enabled BitLocker disk encryption feature.

Laiho explains that during the installation of a new build (Windows 10 upgrade), the operating system disables BitLocker while the Windows PE installs a new image of the main Windows 10 OS.

"The installation [Windows 10 upgrade] of a new build is done by reimaging the machine and the image installed by a small version of Windows called Windows PE (Preinstallation Environment)," Laiho says in his blog. 
"This has a feature for troubleshooting that allows you to press SHIFT+F10 to get a Command Prompt. This sadly allows for access to the hard disk as during the upgrade Microsoft disables BitLocker."

Windows 10 in-place upgrades make this Issue Easy to Exploit

The SHIFT+F10 feature has existed with earlier versions of Windows as well, and could also be used to bypass BitLocker on Windows 7 and 8, but the feature has become a real flaw only with the advent of

Windows 10's in-place upgrades

.

The attacker needs physical access to the target computer during a relatively short time frame, bypass BitLocker encryption, and then gain administrator access to the device – the issue that may also affect

Internet of Things (IoT)

devices running Windows 10 as well.

Why is this worrying?

Most of you have a bad habit of leaving your PC unattended during the Windows OS update procedure. It's also because Windows updates take very long to get installed.

During this time, any insider or threat actor (known or unknown to you) can open the CLI debugger interface and perform malicious tasks with the user admin privileges, despite BitLocker's presence, and that too without the need of any additional software.

"The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine," Laiho adds. "And of course that this doesn't require any external hardware or additional software."

During his tests, Laiho successfully brought up the CLI troubleshooting interface while performing an update from Windows 10 RTM to version 1511 (November Update) or version 1607 (Anniversary Update), and during updates to any newer Windows 10 Insiders Build, up to the end of October 2016.

You can also watch the video demonstration of this attack on

Laiho's blog

.

Laiho informed Microsoft of the issue, and the company is working on a fix.

How to Mitigate this Issue?

As some countermeasures, Laiho recommended users not to leave their PCs unattended during the update procedure.

The Windows security expert also advised users to remain on Windows 10 LTSB (Long Time Servicing Branch) versions for the time being, as the LTSB versions of Windows 10 does not automatically do upgrades.

Windows 10 users with System Center Configuration Manager (SCCM) can block access to the command-line interface (CLI) during Windows update procedures by adding a file name

DisableCMDRequest.tag

to the

%windir%\Setup\Scripts\

folder.



from The Hacker News http://ift.tt/2fC81vT

The Many Faces of Ransomware

Ransomware has been around for awhile now, but only in 2016 did it start becoming a “household” name and featured in the news. With its big debut also comes evolution – ransomware comes in many different shapes, sizes and families.

As the season of evil witches, ghosts, goblins, and ghouls approaches, it’s time to be on guard. But security managers face scary prospects year-round, especially as new strains of ransomware escalate. And ransomware variants are getting more pervasive – and creepier – than ever.

The FBI says that from Jan. 1, 2016 to June 30, 1,308 ransomware complaints have been reported, totaling $2,685,274 in losses.

And it appears that the ransomware “business” will continue to grow for cybercriminals. Ed Cabrera, chief cybersecurity officer at Trend Micro, says his research team tracked 29 ransomware families last year, and this year is on pace to track well more than 100 variants.

To learn more about these different families of ransomware, click here.



Tags:  , , , , , , ,

Del.icio.us
Facebook
TweetThis
Digg
StumbleUpon


Copyright © Data Breach Watch [The Many Faces of Ransomware], All Right Reserved. 2016.

The post The Many Faces of Ransomware appeared first on Data Breach Watch.



from Data Breach Watch http://ift.tt/2g57IWA

Internet Archive looks to take digital collection to Canada

Tuesday, November 29, 2016

Firefox Zero-Day Exploit to Unmask Tor Users Released Online


Hackers are actively exploiting a zero-day vulnerability in Firefox to unmask Tor Browser users, similar to what the

FBI exploited

during an investigation of a child pornography site.

Tor (The Onion Router) is an anonymity software that not only provides a safe heaven to human rights activists, journalists, government officials, but also is a place where drugs, assassins for hire, child pornography, and other illegal activities has allegedly been traded.

A Javascript zero-day exploit currently being actively exploited in the wild is designed to remotely execute malicious code on the Windows operating system via memory corruption flaw in Firefox web browser.

The exploit code was publicly

published

by an admin of the SIGAINT privacy-oriented public email service on the Tor-Talk mailing list.

The mailing list message reveals that the zero-day exploit affecting Firefox is currently being exploited against Tor Browser users by unknown attackers to leak the potentially identifying information of Tor users, officials of the anonymity service confirmed Tuesday.

Tor Browser Bundle is a repackaged version of Mozilla Firefox web browser that runs connections through the Tor anonymizing network configured to hide its user's public IP address.

"[The exploit code] consists of one HTML and one CSS file, both pasted below and also de-obscured," the author says. "The exact functionality is unknown, but it is getting access to VirtualAlloc in kernel32.dll and goes from there."

That means, when exploit opened by a Firefox or Tor Browser with Javascript enabled on a Windows computer, it leverage a memory corruption vulnerability in the background to make direct calls to kernel32.dll, which allows malicious code to be executed on computers running Windows.

Researchers also found that the exploit submits users' machine details to 5.39.27.226 (a remote server hosted on the OVH-hosted virtual machine in France) on port 80, which is no longer responding at the time of writing.

Although security researchers are still analyzing the Tor exploit code, a disassembly of it shows the latest zero-day flaw is very similar to a separate Tor Browser exploit that emerged in 2013.

The

2013 exploit

was the work of the United States FBI, which was targeting Tor users who accessed child pornography.

Although Mozilla is scrambling to patch the critical vulnerability, it is still unknown who is behind the current Javascript exploit.

"So it sounds like the immediate next step is that Mozilla finishes their patch for it then…a quick Tor Browser update and somewhere in there people will look at the bug and see whether they think it really does apply to Tor Browser," Tor Project lead Roger Dingledine said.

The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50.



from The Hacker News http://ift.tt/2fKm2Tv

Data retention scheme to cost AU$200m in total capital costs by mid-2017: ACMA

Cloud, device proliferation, bad guys forcing evolutions in identity

​Trustwave: One in seven Australian businesses do not test for security vulnerabilities

Apple has a Calendar and Photos spam problem and it better fix it soon

IBM Security Bulletin: FileNet Workplace XT can be affected by the File Extension validation vulnerability (CVE-2016-8921)

FileNet Workplace XT is vulnerable to the File Extension validation bypass which allows malicious content to be uploaded to the FileNet P8 server

CVE(s): CVE-2016-8921

Affected product(s) and affected version(s):

FileNet Workplace XT 1.1.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2g1MsRq
X-Force Database: http://ift.tt/2gfsVju



from IBM Product Security Incident Response Team http://ift.tt/2g1ORf4

IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.

There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.4 of IBM Storwize V7000 Unified.

CVE(s): CVE-2016-2830, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265

Affected product(s) and affected version(s):

IBM Storwize V7000 Unified
The product is affected when running code releases 1.5.0.0 to 1.5.2.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gfxY39
X-Force Database: http://ift.tt/2exL8sU
X-Force Database: http://ift.tt/2f93xbR
X-Force Database: http://ift.tt/2exJXcW
X-Force Database: http://ift.tt/2f9515y
X-Force Database: http://ift.tt/2exLwra
X-Force Database: http://ift.tt/2f964T9
X-Force Database: http://ift.tt/2exOxb0
X-Force Database: http://ift.tt/2f92fO5
X-Force Database: http://ift.tt/2exKuLT
X-Force Database: http://ift.tt/2f90eRE
X-Force Database: http://ift.tt/2exIRxK
X-Force Database: http://ift.tt/2f965Xd



from IBM Product Security Incident Response Team http://ift.tt/2g1JRqN

IBM Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-2985 and CVE-2016-2984)

A fix is available for IBM Storwize V7000 Unified, for GPFS security vulnerabilities

CVE(s): CVE-2016-2985

Affected product(s) and affected version(s):

IBM Storwize V7000 Unified

The product is affected when running code releases 1.5.*.* to 1.6.*.*

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gfxKcE
X-Force Database: http://ift.tt/2arxFw4



from IBM Product Security Incident Response Team http://ift.tt/2gfvXE9

To be Effective, Security Needs to Play Well with Others

Mirai: New wave of IoT botnet attacks hits Germany

New variant of malware used in attacks that knocked 900,000 home internet users offline.

Read More

from Symantec Connect - Securi... http://ift.tt/2gEWby7

Mirai Botnet Knocks Nearly a Million Routers Offline


Mirai Botnet

is getting stronger and more notorious each day that passes by. The reason: Insecure Internet-of-things Devices.

Last month, the Mirai botnet

knocked the entire Internet offline

for a few hours, crippling some of the world's biggest and most popular websites.

Now, more than 900,000 broadband routers belonging to Deutsche Telekom users in Germany knocked offline over the weekend following a supposed cyber-attack, affecting the telephony, television, and internet service in the country.

The German Internet Service Provider, Deutsche Telekom, which offers various services to around 20 Million customers,

confirmed

on Facebook that as many as 900,000 customers suffered internet outages on Sunday and Monday.

Millions of routers are said to have vulnerable to a critical Remote code Execution flaw in routers made by Zyxel and Speedport, wherein Internet port 7547 open to receive commands based on the TR-069 and related TR-064 protocols, which are meant to use by ISPs to manage your devices remotely.

The same vulnerability affects Eir D1000 wireless routers (rebranded Zyxel Modem) deployed by Irish internet service provider Eircom, while there are no signs that these routers are actively exploited.

According to Shodan search, around 41 Million devices leave port 7547 open, while about 5 Million expose TR-064 services to the outside world.

According to an advisory

published

by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploit code every 5-10 minutes for each target IP.

An intercepted packet showed how a remote code execution flaw in the <NewNTPServer> part of a SOAP request was used to download and execute a file in order to infect the vulnerable device.

Security researchers at BadCyber also analyzed one of the malicious payloads that were delivered during the attacks and discovered that the attack originated from a known Mirai's command-and-control server.

"The unusual application of TR-064 commands to execute code on routers has been described for the very first time at the beginning of November, and a few days later a relevant Metasploit module had appeared," BadCyber wrote in a blog post. "It looks like someone decided to weaponize it and create an Internet worm based on Mirai code."

It all started early October when a cyber criminal publicly released the

source code of Mirai

, a piece of nasty IoT malware designed to scan for insecure IoT devices – mostly routers, cameras, and DVRs – and enslaves them into a botnet network, which is then used to launch DDoS attacks.

The hacker created three separate exploit files in order to infect three different architectures: two running different types of MIPS chips and one with ARM silicon.

The malicious payloads open the remote administration interface and then attempt to log in using three different default passwords. After this is done, the exploit then closes port 7547 in order to prevent other attackers from taking control of the infected devices.

"Logins and passwords are obfuscated (or "encrypted") in the worm code using the same algorithm as does Mirai," the researchers say. "The C&C server resides under timeserver.host domain name, which can be found on the Mirai tracker list."

More in-depth technical details about the vulnerability can be found on

ISC Sans

,

Kaspersky Lab

, and

Reverse Engineering Blog

.

Deutsche Telekom has issued an emergency patch for two models of its Speedport broadband routers – Speedport W 921V, Speedport W 723V Type B – and currently rolling out

firmware updates

.

The company

recommends

its customers to power down their routers, wait for 30 seconds and then restart their routers in an attempt to fetch the new firmware during the bootup process.

If the router fails to connect to the company's network, users are advised to disconnect their device from the network permanently.

To compensate the downtime, the ISP is also

offering free Internet access

through mobile devices to the affected customers until the technical problem is resolved.



from The Hacker News http://ift.tt/2gEnx7u

Mirai botnet attack hits thousands of home routers, throwing users offline

Monday, November 28, 2016

Tech support scams evolve, borrow tricks from ransomware creators

Singapore telcos to support GSMA authenticaion standard

Mozilla Releases Security Update

Original release date: November 28, 2016

Mozilla has released a security update to address a vulnerability in Firefox versions 49 and 50. A remote attacker could exploit this vulnerability to take control of an affected system.

Available updates include:

  • Firefox 50.0.1   

Users and administrators are encouraged to review the Mozilla Security Advisory for Firefox and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2gqCg5v

USN-3139-1: Vim vulnerability

Ubuntu Security Notice USN-3139-1

28th November, 2016

vim vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Vim could be made to run programs as your login if it opened a specially crafted file.

Software description

  • vim - Vi IMproved - enhanced vi editor

Details

Florian Larysch discovered that the Vim text editor did not properly
validate values for the 'filetype', 'syntax', and 'keymap' options. An
attacker could trick a user into opening a file with specially crafted
modelines and possibly execute arbitrary code with the user's privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.10:
vim-common 2:7.4.1829-1ubuntu2.1
vim-runtime 2:7.4.1829-1ubuntu2.1
vim-gui-common 2:7.4.1829-1ubuntu2.1
vim 2:7.4.1829-1ubuntu2.1
Ubuntu 16.04 LTS:
vim-common 2:7.4.1689-3ubuntu1.2
vim-runtime 2:7.4.1689-3ubuntu1.2
vim-gui-common 2:7.4.1689-3ubuntu1.2
vim 2:7.4.1689-3ubuntu1.2
Ubuntu 14.04 LTS:
vim-common 2:7.4.052-1ubuntu3.1
vim-runtime 2:7.4.052-1ubuntu3.1
vim-gui-common 2:7.4.052-1ubuntu3.1
vim 2:7.4.052-1ubuntu3.1
Ubuntu 12.04 LTS:
vim-common 2:7.3.429-2ubuntu2.2
vim-runtime 2:7.3.429-2ubuntu2.2
vim-gui-common 2:7.3.429-2ubuntu2.2
vim 2:7.3.429-2ubuntu2.2

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to restart Vim to make
all the necessary changes.

References

CVE-2016-1248



from Ubuntu Security Notices http://ift.tt/2gC2G3r

Cerber Spam: Tor All the Things!

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in October 2016. The IBM Development Package for Apache Spark has addressed the only CVE that might affect the task controller for application deployment.

CVE(s): CVE-2016-5597

Affected product(s) and affected version(s):

IBM Development Package for Apache Spark 2.0.1.0, or 1.6.2.1 and earlier releases, employing IBM SDK, Java Technology Edition, Version 8.0 Service Refresh 3 Fix Pack 11 or earlier releases.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fFFalc
X-Force Database: http://ift.tt/2e5pD2s



from IBM Product Security Incident Response Team http://ift.tt/2fFBHmP

IBM Security Bulletin: Vulnerabilities in IBM® Java™ Runtime affect WebSphere Dashboard Framework (CVE-2016-5573, CVE-2016-5597)

There are vulnerabilities in IBM® Runtime Environment Java™ Version 6 that is used by WebSphere Dashboard Framework. These issues were disclosed as part of the IBM Java SDK updates in October 2016. The vulnerabilities may affect some configurations of products bundled with WebSphere Dashboard Framework.

CVE(s): CVE-2016-5573, CVE-2016-5597

Affected product(s) and affected version(s):

WebSphere Dashboard Framework 7.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gzCBWx
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s



from IBM Product Security Incident Response Team http://ift.tt/2fFMv4h

IBM Security Bulletin: Vulnerabilities in IBM® Java™ SDK and IBM® Java™ Runtime affect Web Experience Factory (CVE-2016-5573, CVE-2016-5597)

There are vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Version 6 that is used by Web Experience Factory. These issues were disclosed as part of the IBM Java SDK updates in October 2016. The vulnerabilities may affect some configurations of products bundled with Web Experience Factory.

CVE(s): CVE-2016-5573, CVE-2016-5597

Affected product(s) and affected version(s):

Web Experience Factory 8.0 and 8.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fFGiFD
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s



from IBM Product Security Incident Response Team http://ift.tt/2gzATEC

IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Java SE issues disclosed in the Oracle October 2016 Critical Patch Update

CVE(s): CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 30 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 50 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 50 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 8 Service Refresh 3 Fix Pack 11 and earlier releases

NOTE: CVE-2016-5582 affects IBM SDK, Java Technology Edition on Solaris, HP-UX and Mac OS only.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fFGhSg
X-Force Database: http://ift.tt/2fVzmWT
X-Force Database: http://ift.tt/2eDq0ND
X-Force Database: http://ift.tt/2e5p1tK
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2eDqzaq
X-Force Database: http://ift.tt/2e5s2Ku



from IBM Product Security Incident Response Team http://ift.tt/2fFMugL

IBM Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows

There are multiple vulnerabilities in open source expat XML parser that is used in DB2 Net Search Extender.

CVE(s): CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2015-1283, CVE-2015-2716, CVE-2016-4472, CVE-2016-0718, CVE-2016-5300

Affected product(s) and affected version(s):

DB2 Net Search Extender V9.7, V10.1, V10.5 and V11.1 for all supported platforms

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gzFsPr
X-Force Database: http://ift.tt/2aA9yyg
X-Force Database: http://ift.tt/2az7wLo
X-Force Database: http://ift.tt/2aAaouW
X-Force Database: http://ift.tt/2az7gfC
X-Force Database: http://ift.tt/2fFH1Xu
X-Force Database: http://ift.tt/2bykBrC
X-Force Database: http://ift.tt/2aA9DSH
X-Force Database: http://ift.tt/2cwoPxW



from IBM Product Security Incident Response Team http://ift.tt/2fFMsW9