Tuesday, February 28, 2017
Palo Alto Q3 outlook disappoints amid execution issues
Palo Alto Networks' third quarter outlook missed expectations and the company said it saw "some execution challenges" that hurt the second quarter results.
The security company reported a second quarter net loss of $60.6 million, or 67 cents a share, on revenue of $422.6 million, up 26 percent from a year ago. Non-GAAP earnings were 63 cents a share in the second quarter.
Wall Street was looking for non-GAAP second quarter earnings of 63 cents a share on revenue of $429.7 million.
CEO Mark McLaughlin said in a statement that "we were disappointed that we came in below top-line expectations due to some execution challenges, which we are moving quickly to address."
As for the outlook, Palo Alto Networks said it expected non-GAAP earnings for the third quarter to be 54 cents a share to 56 cents a share including a 4 cents a share for the acquisition of LightCyber. Revenue for the third quarter will be between $406 million to $416 million, up 17 percent to 20 percent from a year ago.
Wall Street analysts were expecting third quarter non-GAAP earnings of 70 cents a share on revenue of $454.6 million.
Palo Alto launched its next generation security platform during the second quarter. The company also said it will increase its share buyback program by $500 million to a total of $1 billion.
from Latest Topic for ZDNet in... http://ift.tt/2mqqkqX
MobileIron lands reseller deal with Lenovo
Enterprise mobility management firm MobileIron announced that it has inked a reseller partnership with PC giant Lenovo. Under the deal, Lenovo will resell MobileIron's security and management platform to enterprise customers purchasing Lenovo PCs, tablets, and smartphones.
According to MobileIron, the partnership underscores the massive shift from legacy security tools to EMM for PC management.
"Modern enterprise computing means moving to modern operating systems like Windows 10, Android, and iOS, and using EMM to secure all your devices from mobile to desktops," said MobileIron CEO Barry Mainz. "As the market leader in PC sales, Lenovo is leading that transition on the hardware front and this partnership with MobileIron adds the critical security layer that companies need for modern operating systems."
Mainz is just wrapping up his first year as MobileIron's chief executive, after replacing MobileIron founder Bob Tinker in January 2016. At the time, Mainz said he planned to work to help MobileIron, which went public in 2014, become the "applications and security backbone" for end-user computing. The Lenovo partnership is a certainly a step in that direction.
MobileIron recently expanded its portfolio with the launch of a new Internet of Things division -- a move that's not totally unexpected given Mainz's history in IoT. Before MobileIron, Mainz was the president of Wind River, an Intel subsidiary with various IoT-related products.
from Latest Topic for ZDNet in... http://ift.tt/2m40tDR
USN-3213-1: GD library vulnerabilities
Ubuntu Security Notice USN-3213-1
28th February, 2017
libgd2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
The GD library could be made to crash or run programs if it processed a specially crafted image file.
Software description
- libgd2 - GD Graphics Library
Details
Stefan Esser discovered that the GD library incorrectly handled memory when
processing certain images. If a user or automated system were tricked into
processing a specially crafted image, an attacker could cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-10166)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service.
(CVE-2016-10167)
It was discovered that the GD library incorrectly handled certain malformed
images. If a user or automated system were tricked into processing a
specially crafted image, an attacker could cause a denial of service, or
possibly execute arbitrary code. (CVE-2016-10168)
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed TGA images. If a user or automated system were tricked into
processing a specially crafted TGA image, an attacker could cause a denial
of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and
Ubuntu 16.10. (CVE-2016-6906)
Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed WebP images. If a user or automated system were tricked into
processing a specially crafted WebP image, an attacker could cause a denial
of service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6912)
It was discovered that the GD library incorrectly handled creating
oversized images. If a user or automated system were tricked into creating
a specially crafted image, an attacker could cause a denial of service.
(CVE-2016-9317)
It was discovered that the GD library incorrectly handled filling certain
images. If a user or automated system were tricked into filling an image,
an attacker could cause a denial of service. (CVE-2016-9933)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 16.10:
- libgd3 2.2.1-1ubuntu3.3
- Ubuntu 16.04 LTS:
- libgd3 2.1.1-4ubuntu0.16.04.6
- Ubuntu 14.04 LTS:
- libgd3 2.1.0-3ubuntu0.6
- Ubuntu 12.04 LTS:
- libgd2-xpm 2.0.36~rc1~dfsg-6ubuntu2.4
- libgd2-noxpm 2.0.36~rc1~dfsg-6ubuntu2.4
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
In general, a standard system update will make all the necessary changes.
References
CVE-2016-10166, CVE-2016-10167, CVE-2016-10168, CVE-2016-6906, CVE-2016-6912, CVE-2016-9317, CVE-2016-9933
from Ubuntu Security Notices http://ift.tt/2mC2Njl
IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE’s
Apache Tomcat prior to version 6.0.48 is susceptible to several vulnerabilities.
CVE(s): CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816
Affected product(s) and affected version(s):
· IBM QRadar SIEM 7.2.n
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2l7XBXj
X-Force Database: http://ift.tt/2jew1Gw
X-Force Database: http://ift.tt/2if9bdY
X-Force Database: http://ift.tt/2jeqBvn
X-Force Database: http://ift.tt/2if6ZDc
X-Force Database: http://ift.tt/2ifdg1N
X-Force Database: http://ift.tt/2iIaaqs
The post IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE’s appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2luRXuJ
IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM and Incident Forensics is vulnerable to various CVE’s
IBM QRadar SIEM and Incident Forensics are vulnerabile to various CVE’s found in IBM Java.
CVE(s): CVE-2016-5597, CVE-2016-5542
Affected product(s) and affected version(s):
· IBM QRadar SIEM 7.2.n
· IBM QRadar Incident Forensics 7.2.n
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2luUwg6
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2e5s2Ku
The post IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM and Incident Forensics is vulnerable to various CVE’s appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2l7Y7F6
IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to various CVE’s
OpenSSL Security Advisory [22 Sep 2016] and [26 Sep 2016] outline several vulnerabilities affecting OpenSSL.
CVE(s): CVE-2016-6302, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181
Affected product(s) and affected version(s):
· IBM QRadar SIEM 7.2.n
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2luQlkI
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
The post IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to various CVE’s appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2luIvHT
IBM Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE’s
OpenSource Pivotal Spring Framework as used in IBM QRadar is susceptible to several vulnerabilities.
CVE(s): CVE-2013-7315, CVE-2013-4152, CVE-2014-0054, CVE-2014-3578, CVE-2014-3625
Affected product(s) and affected version(s):
· IBM QRadar SIEM 7.2.n
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lPu4QW
X-Force Database: http://ift.tt/2e1fwwv
X-Force Database: http://ift.tt/2eeIMvh
X-Force Database: http://ift.tt/2eeHjVR
X-Force Database: http://ift.tt/2liEuZk
X-Force Database: http://ift.tt/2m8cGVE
The post IBM Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE’s appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lPBmV5
IBM Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050)
Apache Solr is vulnerable to a denial of service attack.
CVE(s): CVE-2014-0050
Affected product(s) and affected version(s):
· IBM QRadar SIEM 7.2.n
· IBM QRadar Incident Forensics 7.2.n
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lPAhww
X-Force Database: http://ift.tt/2kC357J
The post IBM Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lPBofF
IBM Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879)
The software uses an outdated insecure cipher or it is using a proprietary crypto standard which is likely to be vulnerable. Outdated/broken algorithms are MD4, MD5, SHA1, DES, ECB, RC4, Export ciphers, SSLv2, SSLv3, DH using keys less than 1024
CVE(s): CVE-2016-2879
Affected product(s) and affected version(s):
IBM QRadar 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lPE1Oo
X-Force Database: http://ift.tt/2lkhYvQ
The post IBM Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lPwiji
IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880)
An IBM QRadar SIEM user with shell access could obtain the encryption key used to encrypt certain passwords.
CVE(s): CVE-2016-2880
Affected product(s) and affected version(s):
IBM QRadar SIEM 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lPzhbO
X-Force Database: http://ift.tt/2lknJd1
The post IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lPxO57
70+ Cyber Security Micro-Courses and Certifications To Boost Your IT Career
With the evolving hacking events around us, cyber-security skills are in high demand across all organizations and industries, because a shortage of skilled cyber security practitioners could leave an organization vulnerable to cyber attacks.
But knowledge alone is not sufficient, 'certification as eligibility' also matters, which shows employers that you are serious about your career and eligible as you have demonstrated your technical ability in some form.
I frequently receive emails and messages from my readers asking: Should I get certified?, Are certifications important to build up a career in IT?, What certifications can one get to start a career in information security? and more.
These are some of the most frequent queries I came across, and in this article, I will attempt to answer these along with a solution on how to get started.
Whether you are looking to launch your career in the IT industry, or perhaps get promoted at your current job — getting certified is a great way to market yourself.
Certifications play a major role in any industry, as almost every organization hires IT professionals with practical knowledge as well as professional certifications which provide a measurement of your skills and knowledge.
This is why it's important to earn certificates in your field.
Cyber Security Micro Courses and Certifications
Cybrary, one of the most popular and highly rated free online IT and Cyber Security Training company, has recently launched around 80
Cyber Security Micro Courses and Certificationsin an effort to combat the global shortage of talent in the cyber security profession.
Created by the Cybrary Education Committee, all Micro Courses and Certifications are categorized into Beginner, Intermediate and Advanced levels, giving users thorough deep dive into the most critical skills in the field.
Usually one has to pay thousands of dollars for classes and then thousands for certification exams, but the good news is that all Cybrary's Micro Courses are free and Certification exams are conducted online at the cost of just $10 each — with one free retake per exam.
"The Cybrary community is working to make cybersecurity training available to anyone who wants it, anywhere. Training should not be exclusive to those who can afford to pay $5,000 per class. The same applies to certifications," said Ryan Corey, co-founder, Cybrary.
"Certifications are imperative to a cybersecurity career, and it’s important that we provide accessible and affordable education paths that will help reverse the growing need for skilled cybersecurity professionals."
Here's the list of some selected certification courses that grabbed my attention and are important in the IT field:
- Cryptography
- Network Devices
- Software Development Security
- Security Architecture Fundamentals
- Mobile Device Security Fundamentals
- Incident Response & Advanced Forensics
- Security Assessment & Testing Certification
- Malware Fundamentals Certification Course
Cybrary also provides free practice tests, so that users can test their capabilities and then finally apply for the actual certification exams.
So, go and grab the best
certification courses in cyber securityand network security that suit your requirements. The Hacker News readers can use code
FREESCT1for your first free certification exam.
from The Hacker News http://ift.tt/2lSeN05
Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking
What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much?
One such easy-to-exploit, but critical vulnerability has been discovered in ESET's antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system.
The critical security flaw, tracked as CVE-2016-9892, in ESET Endpoint Antivirus 6 for macOS was discovered by Google Security Team's researchers Jason Geffner and Jan Bee at the beginning of November 2016.
As detailed in the
full disclosure, all a hacker needs to get root-level remote code execution on a Mac computer is to intercept the ESET antivirus package's connection to its backend servers using a self-signed HTTPS certificate, put himself in as a man-in-the-middle (MITM) attacker, and exploit an XML library flaw.
The actual issue was related to a service named esets_daemon, which runs as root. The service is statically linked with an outdated version of the POCO XML parser library, version 1.4.6p1 released in March 2013.
This POCO version is based on a version of the Expat XML parser library version 2.0.1 from 2007, which is affected by a publicly known XML parsing vulnerability (
CVE-2016-0718) that could allow an attacker to execute arbitrary code via malicious XML content.
Now, when esets_daemon sent a request to http://ift.tt/2lPavqi during activation of the ESET Endpoint Antivirus product, an MITM attacker can intercept the request to deliver a malformed XML document using a self-signed HTTPS certificate.
This event triggers the CVE-2016-0718 flaw that executes the malicious code with root privileges when esets_daemon parsed the XML content.
This attack was possible because the ESET antivirus did not validate the web server's certificate.
Here's what the duo explain:
"Vulnerable versions of ESET Endpoint Antivirus 6 are statically linked with an outdated XML parsing library and do not perform proper server authentication, allowing for remote unauthenticated attackers to perform arbitrary code execution as root on vulnerable clients."
Now since the hacker controls the connection, they can send malicious content to the Mac computer in order to hijack the XML parser and execute code as root.
The Google researchers have also released the proof-of-concept (PoC) exploit code, which only shows how the ESET antivirus app can be used to cause a crash.
ESET addressed this vulnerability on February 21 by upgrading the POCO parsing library and by configuring its product to verify SSL certificates.
The patch is made available in the release of
version 6.4.168.0of ESET Endpoint Antivirus for macOS. So, make sure your antivirus package is patched up to date.
from The Hacker News http://ift.tt/2m2Xj3w
Internet-Connected Teddy Bear Exposed Over 2 Million Voice Messages; Data Held for Ransom
Every parent should think twice before handing out Internet-connected toys or smart toys to their children, as these creepy toys pose a different sort of danger: privacy and data security risks for kids who play with them.
This same incident was happened over a year ago when Hong Kong toymaker
VTech was hacked, which exposed personal details, including snaps of parents and children and chat logs, of about 6.4 million children around the world.
Now, in the latest security failing of the internet-connected smart toys, more than 2 Million voice recordings of children and their parents have been exposed, along with email addresses and passwords for over 820,000 user accounts.
And What's even Worse? The hackers locked this data and held it for Ransom.
California-based Spiral Toys' line of internet-connected stuffed animal toys,
CloudPets, which allow children and relatives to send recorded voicemails back and forth, reportedly left the voice messages recorded between parents and children and other personal data to online hackers.
Cloudpets' Data was Held for Ransom
The customer data was left unprotected from 25 December 2016 to 8 January in a publicly available database that wasn't protected by any password or a firewall, according to a
blog postpublished Monday by Troy Hunt, creator of the breach-notification website Have I Been Pwned?.
Hunt said that the exposed data was accessed multiple times by many third parties, including hackers who accessed and stole customer emails and hashed passwords from a CloudPets database.
In fact, in early January, when cyber criminals were actively scanning the Internet for exposed or
badly-configured MongoDB databasesto delete their data and ultimately
hold it for ransom, CloudPets' database was overwritten twice.
Toy Maker was Notified of the Breach Multiple Times
The worst part comes in when any company is notified of some issue, but it doesn't give a shit to protect its customers. Spiral Toys did the same.
The toy maker was allegedly notified four times that its customer data was online and available for anyone to have their hands on — yet the data remained up for almost a week with evidence suggesting that the data was stolen on multiple occasions.
Interestingly, the CloudPets blog hasn't been updated since 2015, and there is not any public notice about the security concerns.
"It is impossible to believe that CloudPets (or mReady, [a Romanian company which Spiral Toys appears to have contracted with to store its database]) did not know that firstly, the databases had been left publicly exposed and secondly, that malicious parties had accessed them," Hunt said.
"Obviously, they have changed the security profile of the system, and you simply could not have overlooked the fact that a ransom had been left. So both the exposed database and intrusion by those demanding the ransom must have been identified yet this story never made the headlines."
While voice recordings were not kept on the open MongoDB databases, Spiral Toys used an open Amazon-hosted service that required no authorization to store the recordings, user profile pictures, children's names, and their relations to parents, relatives, and friends.
This eventually means that anyone with malicious intent could listen to the recordings by only guessing the correct URL.
Affected? How to Check and What to Do?
This incident is perhaps something to be kept in mind the next time you are shopping for the latest internet-connected smart toy for your kid.
If you are a parent holding a CloudPets account, you are advised to check
Have I Been Pwned?website, which compiles all the data from breaches and now includes users accounts stolen from Spiral Toys.
If you found your account affected, you should change your password immediately and consider disconnecting the toy from the internet.
You are also advised to change the passwords on any other online accounts for which you are using the same password as for CloudPets account.
from The Hacker News http://ift.tt/2m1BjWE
Monday, February 27, 2017
USN-3212-1: LibTIFF vulnerabilities
Ubuntu Security Notice USN-3212-1
27th February, 2017
tiff vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Software description
- tiff - Tag Image File Format (TIFF) library
Details
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 16.10:
- libtiff5 4.0.6-2ubuntu0.1
- libtiff-tools 4.0.6-2ubuntu0.1
- Ubuntu 16.04 LTS:
- libtiff5 4.0.6-1ubuntu0.1
- libtiff-tools 4.0.6-1ubuntu0.1
- Ubuntu 14.04 LTS:
- libtiff5 4.0.3-7ubuntu0.6
- libtiff-tools 4.0.3-7ubuntu0.6
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
In general, a standard system update will make all the necessary changes.
References
CVE-2015-7554, CVE-2015-8668, CVE-2016-10092, CVE-2016-10093, CVE-2016-10094, CVE-2016-3622, CVE-2016-3623, CVE-2016-3624, CVE-2016-3632, CVE-2016-3658, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322, CVE-2016-5323, CVE-2016-5652, CVE-2016-5875, CVE-2016-6223, CVE-2016-8331, CVE-2016-9273, CVE-2016-9297, CVE-2016-9448, CVE-2016-9453, CVE-2016-9532, CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538, CVE-2016-9539, CVE-2016-9540, CVE-2017-5225
from Ubuntu Security Notices http://ift.tt/2mmT1oD
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect MarkLogic
Archives
from Cisco Blog » Security http://ift.tt/2lgVX16
IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2017 CPU
There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2017. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition.
CVE(s): CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183
Affected product(s) and affected version(s):
IBM SDK, Java Technology Editions shipped with WebSphere Application Server Liberty up to 16.0.0.4. IBM SDK, Java Technology Editions shipped with IBM WebSphere Application Server Traditional Version 9.0.0.0 through 9.0.0.2, 8.5.0.0 through 8.5.5.11, Version 8.0.0.0 through 8.0.0.13, Version 7.0.0.0 through 7.0.0.41.
- This does not occur on IBM SDK, Java Technology Editions that are shipped with WebSphere Application Servers Fix Packs 17.0.0.1, 9.0.0.3, 8.5.5.12, 8.0.0.14, and 7.0.0.43 or later.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mDaLrB
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2dR3VyC
The post IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2017 CPU appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2mDkRcd
IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995)
Tivoli Storage Manager (IBM Spectrum Protect) Server is affected by an IBM DB2 software vulnerability that can result in a local user gaining root level access to which the user is not entitled.
CVE(s): CVE-2016-5995
Affected product(s) and affected version(s):
This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels:
- 7.1.0.0 through 7.1.7.0 on AIX, HP-UX, and Linux platforms only
- 6.3.0.0 through 6.3.6.0 on Linux platforms only
Note that this vulnerability has been fixed in 8.1.0.0.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mD7ys7
X-Force Database: http://ift.tt/2ceMBmM
The post IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2mDkQVH
IBM Security Bulletin: A vulnerability in IBM Jazz for Service Management affects IBM Performance Management products (CVE-2016-9975)
IBM Jazz for Service Management is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE(s): CVE-2016-9975
Affected product(s) and affected version(s):
IBM Monitoring 8.1.2 and 8.1.3
IBM Application Diagnostics 8.1.2 and 8.1.3
IBM Application Performance Management 8.1.2 and 8.1.3
IBM Application Performance Management Advanced 8.1.2 and 8.1.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2m32Fff
X-Force Database: http://ift.tt/2kQux6T
The post IBM Security Bulletin: A vulnerability in IBM Jazz for Service Management affects IBM Performance Management products (CVE-2016-9975) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2mD7pVO
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller
OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cognos Controller. IBM Cognos Controller has addressed the applicable CVEs.
CVE(s): CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
Affected product(s) and affected version(s):
IBM Cognos Controller 10.2.1
IBM Cognos Controller 10.2
IBM Cognos Controller 10.1.1
IBM Cognos Controller 10.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mD09sT
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
The post IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2m35ey1
IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427)
There are vulnerabilities in IBM® Runtime Environments Java™ Technology Edition, Versions 6 and 7, that is used by IBM Cognos Controller. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVE(s): CVE-2016-3427
Affected product(s) and affected version(s):
IBM Cognos Controller 10.2.1
IBM Cognos Controller 10.2
IBM Cognos Controller 10.1.1
IBM Cognos Controller 10.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2m32EId
X-Force Database: http://ift.tt/1N2N48r
The post IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2m35rBu
IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products
The vulnerabilities could allow a remote attacker to conduct phishing attacks or obtain sensitive information, or allow cross-site scripting in OpenID Connect clients.
CVE(s): CVE-2016-3040, CVE-2016-3042, CVE-2016-0378
Affected product(s) and affected version(s):
IBM Monitoring 8.1.2 and 8.1.3
IBM Application Diagnostics 8.1.2 and 8.1.3
IBM Application Performance Management 8.1.2 and 8.1.3
IBM Application Performance Management Advanced 8.1.2 and 8.1.3
IBM Performance Management on Cloud
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2m3dVIH
X-Force Database: http://ift.tt/2ciMesr
X-Force Database: http://ift.tt/2coBlSO
X-Force Database: http://ift.tt/2cG9hh7
The post IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2m3nw27
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Controller.
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Cognos Controller. These issues were disclosed as part of the IBM Java SDK updates in January 2016.
CVE(s): CVE-2016-0466, CVE-2016-0448
Affected product(s) and affected version(s):
IBM Cognos Controller 10.2.1
IBM Cognos Controller 10.2
IBM Cognos Controller 10.1.1
IBM Cognos Controller 10.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mDeDc9
X-Force Database: http://ift.tt/1N2N3Bz
X-Force Database: http://ift.tt/1WhPjpX
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Controller. appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2m3hqi8
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Controller (CVE-2015-3195)
OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cognos Controller. IBM Cognos Controller has addressed the applicable CVEs.
CVE(s): CVE-2015-3195
Affected product(s) and affected version(s):
IBM Cognos Controller 10.2.1
IBM Cognos Controller 10.2
IBM Cognos Controller 10.1.1
IBM Cognos Controller 10.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2m3i3Zh
X-Force Database: http://ift.tt/1QmYT4z
The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Controller (CVE-2015-3195) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2m35f58
Shamoon: Multi-staged destructive attacks limited to specific targets
Read More
from Symantec Connect - Securi... http://ift.tt/2m2m14w
Sunday, February 26, 2017
Saturday, February 25, 2017
Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability
This month has yet been kind of interesting for cyber security researchers, with
Google successfully cracked SHA1and the discovery of
Cloudbleed bug in Cloudflarethat caused the leakage of sensitive information across sites hosted behind Cloudflare.
Besides this, Google last week disclosed an
unpatched vulnerability in WindowsGraphics Device Interface (GDI) library, which affects Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10.
While the Windows vulnerability has yet to be patched by the company, Google today released the details of another unpatched Windows security flaw in its browser, as Microsoft did not act within its 90-day disclosure deadline.
The vulnerability (CVE-2017-0037), discovered and disclosed by Google Project Zero team's researcher Ivan Fratric, is a so-called "
type confusion flaw" in a module in Microsoft Edge and Internet Explorer that potentially leads to arbitrary code execution.
Proof-of-Concept Code Released!
This time, with the details of this arbitrary code execution bug, the researcher has also published a
proof-of-concept exploitthat can crash Edge and IE, opening the door for potential hackers to execute code and gain administrator privileges on the affected systems.
Fratric says he successfully ran his PoC code on the 64-bit version of IE on Windows Server 2012 R2, but both 32-bit IE 11, as well as Microsoft Edge, is affected by the same vulnerability.
In short, the vulnerability affects all Windows 7, Windows 8.1, and Windows 10 users.
You can know more details about the recently disclosed flaw on
Google's bug reportblog, along with proof-of-concept code that causes a crash of the browsers, though sophisticated hackers can build more dangerous exploits as well.
This vulnerability was reported to Microsoft on November 25, and it went public on February 25, after Google Project Zero's 90-day disclosure policy.
Three Unpatched, but Already Disclosed Windows Flaws
While Microsoft has
delayed this month's PatchTuesday and already has to patch two already disclosed, but unpatched vulnerabilities, it is hard to say if the company actually included a patch for this vulnerability discovered by Google in its next roll out of patches.
Yes, Microsoft has to patch two other severe security flaws as well, which have already been publicly disclosed with working exploit code but remain still unpatched, giving hackers enough time to target Windows users.
First one is a
Windows SMB flawthat affects Windows 8, Windows 10 and Windows Server. The PoC exploit code of this flaw was released almost two weeks ago.
The other one is the
vulnerability disclosed by Googlelast week that affects Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10.
Meanwhile, just to remain on the safer side, Windows users are advised to replace their Internet Explorer and Edge browsers with a different one if possible and avoid clicking on suspicious links and websites they do not trust.
from The Hacker News http://ift.tt/2layFJS
Friday, February 24, 2017
USN-3210-1: LibreOffice vulnerability
Ubuntu Security Notice USN-3210-1
23rd February, 2017
LibreOffice vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
LibreOffice could be made to disclose files if it opened a specially crafted file.
Software description
- libreoffice - Office productivity suite
Details
Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer
disclose arbitrary files to an attacker if a user opened a specially crafted
file with embedded links.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 16.04 LTS:
- libreoffice-base 1:5.1.6~rc2-0ubuntu1~xenial1
- libreoffice-calc 1:5.1.6~rc2-0ubuntu1~xenial1
- libreoffice-common 1:5.1.6~rc2-0ubuntu1~xenial1
- libreoffice-math 1:5.1.6~rc2-0ubuntu1~xenial1
- libreoffice-writer 1:5.1.6~rc2-0ubuntu1~xenial1
- libreoffice 1:5.1.6~rc2-0ubuntu1~xenial1
- libreoffice-base-core 1:5.1.6~rc2-0ubuntu1~xenial1
- libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial1
- Ubuntu 14.04 LTS:
- libreoffice-base 1:4.2.8-0ubuntu5
- libreoffice-calc 1:4.2.8-0ubuntu5
- libreoffice-common 1:4.2.8-0ubuntu5
- libreoffice-math 1:4.2.8-0ubuntu5
- libreoffice-writer 1:4.2.8-0ubuntu5
- libreoffice 1:4.2.8-0ubuntu5
- libreoffice-base-core 1:4.2.8-0ubuntu5
- libreoffice-core 1:4.2.8-0ubuntu5
- Ubuntu 12.04 LTS:
- libreoffice-base 1:3.5.7-0ubuntu13
- libreoffice-calc 1:3.5.7-0ubuntu13
- libreoffice-common 1:3.5.7-0ubuntu13
- libreoffice-math 1:3.5.7-0ubuntu13
- libreoffice-writer 1:3.5.7-0ubuntu13
- libreoffice 1:3.5.7-0ubuntu13
- libreoffice-base-core 1:3.5.7-0ubuntu13
- libreoffice-core 1:3.5.7-0ubuntu13
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices http://ift.tt/2lvQPJG
IBM Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time
Java SE issues disclosed in the Oracle January 2017 Critical Patch Update
CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183
Affected product(s) and affected version(s):
These vulnerabilities affect IBM WebSphere Real Time Version 3 Service Refresh 9 Fix Pack 60 and earlier releases
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lNeWE8
X-Force Database: http://ift.tt/2lA6pnI
X-Force Database: http://ift.tt/2msIV19
X-Force Database: http://ift.tt/2lAcror
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msWpdg
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAk4Lp
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2msOwVj
X-Force Database: http://ift.tt/2lAc9xE
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC
The post IBM Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lhtXuW
IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
Java SE issues disclosed in the Oracle January 2017 Critical Patch Update
CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183
Affected product(s) and affected version(s):
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 35 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 35 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 60 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 60 and earlier releases
These vulnerabilities affect IBM SDK, Java Technology Edition, Version 8 Service Refresh 3 Fix Pack 22 and earlier releases
NOTE: CVE-2017-3260 affects IBM SDK, Java Technology Edition on Mac OS only.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msUd5J
X-Force Database: http://ift.tt/2lA6pnI
X-Force Database: http://ift.tt/2msIV19
X-Force Database: http://ift.tt/2lAcror
X-Force Database: http://ift.tt/2msG8VN
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msWpdg
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAk4Lp
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2msOwVj
X-Force Database: http://ift.tt/2lAc9xE
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC
The post IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lAe6dB
IBM Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462)
A clickjacking vulnerability has been reported for the administrative tool (ACCE) of the embedded component used by IBM BPM document store.
CVE(s): CVE-2013-5462
Affected product(s) and affected version(s):
– IBM Business Process Manager V8.5.5.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lAcqAT
X-Force Database: http://ift.tt/2k3kDxm
The post IBM Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lAchNH
IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM’s Jazz technology
The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contain security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect Design Manager (RSA DM).
CVE(s): CVE-2016-0762, CVE-2016-6797
Affected product(s) and affected version(s):
Rational Collaborative Lifecycle Management 3.0.1 – 6.0.3
Rational Quality Manager 4.0 – 4.0.7
Rational Quality Manager 5.0 – 5.0.2
Rational Quality Manager 6.0 – 6.0.3
Rational Team Concert 4.0 – 4.0.7
Rational Team Concert 5.0 – 5.0.2
Rational Team Concert 6.0 – 6.0.3
Rational DOORS Next Generation 4.0 – 4.0.7
Rational DOORS Next Generation 5.0 – 5.0.2
Rational DOORS Next Generation 6.0 – 6.0.3
Rational Engineering Lifecycle Manager 4.0.3 – 4.0.7
Rational Engineering Lifecycle Manager 5.0 – 5.0.2
Rational Engineering Lifecycle Manager 6.0 – 6.0.3
Rational Rhapsody Design Manager 4.0 – 4.0.7
Rational Rhapsody Design Manager 5.0 – 5.0.2
Rational Rhapsody Design Manager 6.0 – 6.0.3
Rational Software Architect Design Manager 4.0 – 4.0.7
Rational Software Architect Design Manager 5.0 – 5.0.2
Rational Software Architect Design Manager 6.0 – 6.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msIOmo
X-Force Database: http://ift.tt/2jew1Gw
X-Force Database: http://ift.tt/2ifdg1N
The post IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM’s Jazz technology appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2lAcj8h
IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645)
A vulnerability has been identified in Busybox. IBM Security Access Manager appliances use Busybox and are affected by this vulnerabilty.
CVE(s): CVE-2014-9645
Affected product(s) and affected version(s):
IBM Security Access Manager for Web 7.0 appliances, all firmware versions.
IBM Security Access Manager for Web 8.0 appliances, all firmware versions.
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions.
IBM Security Access Manager 9.0 appliances, all firmware versions.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msVs4U
X-Force Database: http://ift.tt/2ggg1jv
The post IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2msFbge
IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5983)
A vulnerability has been identified in IBM WebSphere Application Server, which could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. IBM Security Access Manager appliances are affected by this vulnerability.
CVE(s): CVE-2016-5983
Affected product(s) and affected version(s):
IBM Security Access Manager for Web 8.0 appliances, all firmware versions.
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions.
IBM Security Access Manager 9.0 appliances, all firmware versions.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msJV5J
X-Force Database: http://ift.tt/2cX6Wuu
The post IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5983) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2msBDuC
IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) related to IBM WebSphere Application Server Liberty
There is a potential information disclousre in the version of IBM WebSphere Liberty that was packaged with Algo One Algo Risk Application.
CVE(s): CVE-2016-5986
Affected product(s) and affected version(s):
IBM Algo One ARA Versions 5.0 and 5.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msxJ4L
X-Force Database: http://ift.tt/2ccJKps
The post IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) related to IBM WebSphere Application Server Liberty appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2msHrnT
IBM Security Bulletin: IBM Connections Security Refresh (CVE-2016-5932)
IBM Connections contains possible cross-site scripting vulnerability, see details below for remediation information.
CVE(s): CVE-2016-5932
Affected product(s) and affected version(s):
The following versions of IBM Connections are impacted:
IBM Connections 5.5
IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msBYgW
X-Force Database: http://ift.tt/2lAipp1
The post IBM Security Bulletin: IBM Connections Security Refresh (CVE-2016-5932) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2msFaJc
IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463)
Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service. IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases use the Apache Xerces-C XML parser and are affected by this vulnerability.
CVE(s): CVE-2016-4463
Affected product(s) and affected version(s):
IBM Tivoli Access Manager for e-business, version 6.0
IBM Tivoli Access Manager for e-business, version 6.1
IBM Tivoli Access Manager for e-business, version 6.1.1
IBM Security Access Manager for Web, version 7.0 software
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msTMs0
X-Force Database: http://ift.tt/2b5BVXc
The post IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2msIXq3
IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions when a default error page does not exist. Liberty is bundled/embedded with Algo One ARA in Algo One versions 5.0 and 5.1. IBM Algo One Algo Risk Application has addressed the applicable CVEs.
CVE(s): CVE-2016-0378
Affected product(s) and affected version(s):
IBM Algo One ARA Versions 5.0, 5.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2msNmcl
X-Force Database: http://ift.tt/2cG9hh7
The post IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2msCU4K
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization (CVE-2016-0701, CVE-2015-3197)
OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM Campaign, IBM Contact Optimization. IBM Campaign, IBM Contact Optimization have addressed the applicalbe CVEs.
CVE(s): CVE-2016-0701, CVE-2015-3197
Affected product(s) and affected version(s):
IBM Campaign 8.6 – 9.1.2.x
IBM Contact Optimization 8.6 – 9.1.2.x
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lAdzIE
X-Force Database: http://ift.tt/1W1VuQf
X-Force Database: http://ift.tt/1rd26hw
The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization (CVE-2016-0701, CVE-2015-3197) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2msGTyi
Hacker Shows How Easy It Is To Hack People While Walking Around in Public
Wi-Fi enabled devices — widely known as the Internet of Things (IoT) — are populating offices and homes in greater and greater numbers.
From smartphones to connected printers and even coffee makers, most of these IoT devices have good intentions and can connect to your company's network without a problem.
However, as the Internet of Things (IoT) devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way.
The attackers can use your smart devices to gain backdoor entry to your network, giving them the capability to steal sensitive data, such as your personal information, along with a multitude of other malicious acts.
An interesting attack scenario has recently been
demonstratedby one of the renowned hackers,
Jayson Street, who said all it is needed is to walk around with the right device to get into someone's device.
Before we jump into the technical details of the attack, let's watch out a video showing that how easy it is to hack smartphones and laptops in a crowded place by setting up an
EvilAP(malicious access point).
Here's How the Attack Works:
Street used a simple penetration testing device and an internet connection to pwn people around him.
Technically, Street hacking device automatically set up an 'Evil Twin Attack,' in which an attacker fools wireless users into connecting their smartphones and laptops to an evil (malicious) hotspot by posing as a legitimate WiFi provider.
Once connected, all of the victim's information flows directly into the attacker's device, allowing cybercriminals to secretly eavesdrop on the network traffic and steal passwords, financial and other sensitive data and even redirect you to malware and phishing sites.
How to Prevent Evil Twin WiFi Attacks
Pwnie Express released its yearly industry report:
Internet of Evil Things, providing insight on products that the IT professionals should be wary of.
Using the report and additional information from security researchers at Pwnie, we have listed five quick steps you can implement in order to prevent yourself or your workplace from being compromised.
1. Turn your WiFi Off: Turn off Wi-Fi devices when you are not using them, especially on the weekends — it saves energy and minimizes your exposure to hackers.
2. Use it or Lose it: Once the product is in your office, turn off the functions you aren't using. Enabled functionality usually comes with increased security risks.
Also, make sure you review the products before you bring them into the workplace. If it is already there, do not be shy about calling customer service and walking through the steps required to shut down any unused functions.
3. Change Your Passwords: It is important never to use the default credentials. Set up strong, secure passwords to secure your devices.
4. Research Your Purchase: Before you even buy a product, always research what you're buying and make sure you know how to update any software associated with that device.
Look for devices, systems, and services that make it easy to upgrade the device and inform the end user when updates are available.
5. Trust and Verify Every Device: Be aware of any device from brands known to have more security issues than others. The personalization of corporate hardware, including mobile hotspot vendors, is one of the top threats to network security.
from The Hacker News http://ift.tt/2lN3MPT
Is Your Industry at High Risk of Insider Threat?
By Jeremy Zoss, Managing Editor, Code42
In the movies, data theft is usually the work of outsiders. You’ve witnessed the scene a million times: A cyber thief breaks into a business, avoiding security measures, dodging guards and employees, and making off with a USB stick of valuable data seconds before he or she would have been spotted. But in the real world, data theft is much more mundane. Most cyberattacks are carried out by someone within the company or someone posing as such. Sometimes they take data that’s essentially harmless, like personal files they feel entitled to keep. Other times, what they take is potentially much more harmful. According to a 2016 report from Deloitte, 59 percent of employees who leave an organization say they take sensitive data with them! With IP making up 80 percent of a company’s value, insider threat is something that every company should take seriously.
Some industries are much more at risk of insider threat than others. Is your industry one of the most vulnerable? The infographic below details the industries hit with the most instances of insider threat in 2015. If you work in one of these industries, perhaps it is time to revisit your cyber security policies.
The post Is Your Industry at High Risk of Insider Threat? appeared first on Cloud Security Alliance Blog.
from Cloud Security Alliance Blog http://ift.tt/2lCVrMG
Cloudbleed: Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare
A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data.
CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of the critical bug that could have exposed a range of sensitive information, including passwords, and cookies and tokens used to authenticate users.
Dubbed
Cloudbleed, the nasty flaw is named after the
Heartbleed bugthat was discovered in 2014, but believed to be worse than Heartbleed.
The vulnerability is so severe that it not only affects websites on the CloudFlare network but affects mobile apps as well.
What exactly is "Cloudbleed," how it works, how are you affected by this bug, and how you can protect yourself? Let's figure it out.
What is Cloudbleed?
Discovered by Google Project Zero security researcher
Tavis Ormandyover a week ago, Cloudbleed is a major flaw in the Cloudflare Internet infrastructure service that causes the leakage of private session keys and other sensitive information across websites hosted behind Cloudflare.
CloudFlare acts as a proxy between the user and web server, which caches content for websites that sits behind its global network and lowers the number of requests to the original host server by parsing content through Cloudflare’s edge servers for optimization and security.
Almost a week ago, Ormandy discovered a buffer overflow issue with Cloudflare's edge servers that were running past the end of a buffer and were returning memory containing private data like HTTP cookies, authentication tokens, and HTTP POST bodies, with some of the leaked data already cached by search engines.
Here's How Serious is Cloudbleed:
"I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings," Ormandy wrote in a blog post that was also published Thursday. "We're talking full HTTPS requests, client IP addresses, full responses, cookies, passwords, keys, data, everything."
According to Ormandy, Cloudflare had code in its "ScrapeShield" feature that did something similar to this:
int Length = ObfuscateEmailAddressesInHtml(&OutputBuffer, CachedPage);
write(fd, OutputBuffer, Length);
But the company was not checking if the obfuscation parsers returned a negative value because of malicious HTML.
The Cloudflare's "ScrapeShield" feature parses and obfuscates HTML, but since reverse proxies are shared among customers, it would affect all CloudFlare customers.
Ormandy contacted Cloudflare and reported it about his findings. The company identified the cause of the issue, and immediately disabled 3 minor Cloudflare features — Email obfuscation, Server-side Excludes, as well as Automatic HTTPS Rewrites — that were using the same HTML parser chain, which was causing the leakage.
Ormandy observed encryption keys, passwords, cookies, chunks of POST data, and HTTPS requests for the other leading Cloudflare-hosted websites from other users and immediately contacted Cloudflare.
Since CloudFlare patched the issue but did not notify customers by Wednesday of the data leak issue, Ormandy made public his findings on Thursday, following Project Zero's seven-day policy for actively exploited attacks.
Following Ormandy's public disclosure of the vulnerability on Thursday, CloudFlare confirmed the flaw, ensuring its customers that their SSL private keys were not leaked.
"Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug," Cloudflare CTO John Graham-Cumming wrote in a blog post. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines."
"We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information," he added. "We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."
The Root Cause of Cloudbleed:
The root cause of the Cloudbleed vulnerability was that
"reaching the end of a buffer was checked using the equality operator and a pointer was able to step past the end of the buffer.""Had the check been done using >= instead of == jumping over the buffer end would have been caught,"
said Cumming.
Cloudflare has also confirmed that the greatest period of impact was between February 13 and February 18 with almost one in every 3,300,000 HTTP requests via Cloudflare potentially resulting in memory leakage, which is about 0.00003% of requests.
However, the researcher argued that the DNS provider was double-dealing, claiming that the Cloudbleed vulnerability had existed for months, based on Google's cached data.
How Does Cloudbleed Affect You?
There are a large number of Cloudflare's services and websites that use parsing HTML pages and modify them through the Cloudflare's edge servers.
Even if you do not use CloudFlare directly, that does not mean that you are spared. There is always a chance that websites you visit and web services you use may have been affected, leaking your data as well.
Of course, if you are using Cloudflare services in front of your site, the flaw could impact you, exposing sensitive information that flowed between your servers and end-users through CloudFlare's proxies.
While CloudFlare's service was rapidly patched the bug and has said the actual impact is relatively minor, data was leaking constantly before this — for months.
Some of this leaked data were publicly cached in search engines such as Google, Bing, Yahoo, who now removed it, but some engines like
DuckDuckGostill host those data.
Also, other leaked data might exist in other services and caches throughout the Web, which is impossible to delete across all of these locations.
Cloudbleed Also Affects Mobile Apps
Cloudbleed also affects mobile apps, because, in many cases, the apps are designed to make use of the same backends as browsers for content delivery and HTTPS (SSL/TLS) termination.
Users on YCombinator have
confirmedthe presence of HTTP header data for apps like Discord, FitBit, and Uber by searching through DuckDuckGo caches with targeted
search terms.
In an analysis conducted by NowSecure, the researchers have
discovered some 200 iOS appsthat identified as using Cloudflare services from a sampling of some 3,500 of the most popular apps on the app store.
There is always a possibility of someone discovering this vulnerability before Tavis, and may have been actively exploiting it, although there is no evidence to support this theory.
Some of the Cloudflare's major customers affected by the vulnerability included Uber, 1Password, FitBit, and OKCupid. However, in a blog post published by 1Password, the company assured its users that no sensitive data was exposed because the service was encrypted in transit.
However, a list of websites that have potentially been impacted by this bug has been published by a user, who go by the name of 'pirate,' on
GitHub, which also included CoinBase, 4Chan, BitPay, DigitalOcean, Medium, ProductHunt, Transferwise, The Pirate Bay, Extra Torrent, BitDefender, Pastebin, Zoho, Feedly, Ashley Madison, Bleeping Computer, The Register, and many more.
Since CloudFlare does not yet provide the list of affected services, bear in mind that this is not a comprehensive list.
What should You do about the Cloudbleed bug?
Online users are strongly recommended to reset their passwords for all accounts in case you have reused the same passwords on every site, as well as monitor account activity closely as cleanup is underway.
Moreover, customers who are using Cloudflare for their websites are advised to force a password change for all of their users.
from The Hacker News http://ift.tt/2lgkbJx
Lack of US Cybersecurity: One-Way Ticket to Cyber Pearl Harbor
Nation-state cyber attacks and data breaches are showing no signs of stopping; and if 2016 proved anything, it’s that the United States has some serious cybersecurity gaps. Whether it be the federal government, critical infrastructure or businesses, there are gaps in cybersecurity that need to be filled ASAP.
The U.S. has a pressing need to bolster its weak cybersecurity in the face of huge breaches like Russia’s suspected sabotage of the election system and Yahoo’s billion-user hack, Ret. Adm. James Stavridis told CNBC on Thursday.
“It is the greatest mismatch between the level of threat, very high, and the level of preparation, quite low,” the former NATO Supreme Allied Commander told “Squawk Box.”
“We’re headed toward a cyber Pearl Harbor, and it is going to come at either the grid or the financial sector,” he said, echoing a term used by then Defense Secretary Leon Panetta in 2012.
To read more, click here.
Tags: cyber crime, cybersecurity, Data Breach, ransomware
Copyright © Data Breach Watch [Lack of US Cybersecurity: One-Way Ticket to Cyber Pearl Harbor], All Right Reserved. 2017.
The post Lack of US Cybersecurity: One-Way Ticket to Cyber Pearl Harbor appeared first on Data Breach Watch.
from Data Breach Watch http://ift.tt/2mrIvs0
Thursday, February 23, 2017
Every Trump White House tech fail so far
One of the more interesting proposals Trump floated on the campaign trail was that Bill Gates would help him "close that internet up" as a method for combatting ISIS.
"Somebody will say, 'Oh, freedom of speech, freedom of speech,'" Trump elaborated. "These are foolish people."
Gates never commented on the proposal.
from Latest Topic for ZDNet in... http://ift.tt/2lKiZkv
Hacker Who Knocked Million Routers Offline Using MIRAI Arrested at London Airport
from The Hacker News http://ift.tt/2l49lp0
USN-3211-1: PHP vulnerabilities
Ubuntu Security Notice USN-3211-1
23rd February, 2017
php7.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in PHP.
Software description
- php7.0 - HTML-embedded scripting language interpreter
Details
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7479)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-9935)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9936)
It was discovered that PHP incorrectly handled certain EXIF data. A remote
attacker could use this issue to cause PHP to crash, resulting in a denial
of service. (CVE-2016-10158)
It was discovered that PHP incorrectly handled certain PHAR archives. A
remote attacker could use this issue to cause PHP to crash or consume
resources, resulting in a denial of service. (CVE-2016-10159)
It was discovered that PHP incorrectly handled certain PHAR archives. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-10160)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2016-10161)
It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service. (CVE-2016-10162)
It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-5340)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 16.10:
- php7.0-fpm 7.0.15-0ubuntu0.16.10.2
- libapache2-mod-php7.0 7.0.15-0ubuntu0.16.10.2
- php7.0-cli 7.0.15-0ubuntu0.16.10.2
- php7.0-cgi 7.0.15-0ubuntu0.16.10.2
- Ubuntu 16.04 LTS:
- php7.0-fpm 7.0.15-0ubuntu0.16.04.2
- libapache2-mod-php7.0 7.0.15-0ubuntu0.16.04.2
- php7.0-cli 7.0.15-0ubuntu0.16.04.2
- php7.0-cgi 7.0.15-0ubuntu0.16.04.2
To update your system, please follow these instructions: http://ift.tt/17VXqjU.
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References
CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161, CVE-2016-10162, CVE-2016-7479, CVE-2016-9137, CVE-2016-9935, CVE-2016-9936, CVE-2017-5340
from Ubuntu Security Notices http://ift.tt/2mgEJm9