Friday, June 30, 2017

Wikileaks Reveals CIA Malware that Hacks Linux Computers


WikiLeaks has just published a new batch of the ongoing

Vault 7 leak

, this time detailing an alleged CIA project that allowed the agency to computers running the Linux operating systems.

Dubbed

OutlawCountry

, the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data.

The OutlawCountry Linux hacking tool consists of a kernel module, which the CIA hackers load via shell access to the targeted system and create a hidden Netfilter table with an obscure name on a target Linux user.

"The new table allows certain rules to be created using the "iptables" command. These rules take precedence over existing rules, and are only visible to an administrator if the table name is known. When the Operator removes the kernel module, the new table is also removed," CIA's leaked user manual reads.

Although the installation and persistence method of the OutlawCountry tool is not described in detail in the document, it seems like the CIA hackers rely on the available CIA exploits and backdoors to inject the kernel module into a targeted Linux operating system.

However, there are some limitations to using the tool, such as the kernel modules only work with compatible Linux kernels.

"OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain," WikiLeaks says.

Previous Vault 7 CIA Leaks

Last week, WikiLeaks dumped a classified CIA malware that tracks geo-location of targeted PCs and laptops running the Microsoft Windows operating system.

Dubbed

ELSA

, the malware captures the IDs of nearby public hotspots and then matches them with the global database of public Wi-Fi hotspots' locations.

Since March, the whistleblowing group has published 14 batches of "

Vault 7

" series, which includes the latest and last week leaks, along with the following batches:

  • Brutal Kangaroo – a CIA tool suite for Microsoft Windows that targets closed networks or air-gapped computers within an enterprise or organization without requiring any direct access.
  • Cherry Blossom – a CIA's framework, generally a remotely controllable firmware-based implant, used for monitoring the Internet activity of the target systems by exploiting flaws in WiFi devices.
  • Pandemic – a CIA's project that allowed the spying agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.
  • Athena – an agency's spyware framework that has been designed to take full control over the infected Windows machines remotely, and works with every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.
  • AfterMidnight and Assassin – Two apparent CIA's malware frameworks for the Microsoft Windows platform that is meant to monitor and report back actions on the infected remote host computer and execute malicious code.
  • Archimedes – A man-in-the-middle attack tool allegedly built by the spying agency to target computers inside a Local Area Network (LAN).
  • Scribbles – A piece of software reportedly designed to embed 'web beacons' into confidential documents, allowing the CIA hackers to track insiders and whistleblowers.
  • Grasshopper – A framework that allowed the CIA to easily create custom malware for breaking into Microsoft's Windows and bypassing antivirus protection.
  • Marble – The source code of a secret anti-forensic framework, primarily an obfuscator or a packer used by the spying agency to hide the actual source of its malware.
  • Dark Matter – Hacking exploits the agency designed and used to target iPhones and Mac machines.
  • Weeping Angel – Spying tool used by the CIA to infiltrate smart TV's, transforming them into covert microphones in target's pocket.
  • Year Zero – CIA hacking exploits for popular hardware and software.


from The Hacker News http://ift.tt/2usy2AD

With a single wiretap order, US authorities listened in on 3.3 million phone calls

(Image: file photo)

NEW YORK, NY -- US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation.

The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015.

The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania.

The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests.

But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted.

The revelation was buried in the US Courts' annual wiretap report, published earlier this week but largely overlooked.

"The federal wiretap with the most intercepts occurred during a narcotics investigation in the Middle District of Pennsylvania and resulted in the interception of 3,292,385 cell phone conversations or messages over 60 days," said the report.

Details of the case remain largely unknown, likely in part because the wiretap order and several motions that have been filed in relation to the case are thought to be under seal.

It's understood to be the largest number of calls intercepted by a single wiretap in years, though it's not known the exact number of Americans whose communications were caught up by the order.

We contacted the US Attorney's Office for the Middle District of Pennsylvania, where the wiretap application was filed, but did not hear back.

One former law enforcement official, who applied and carried out wiretaps as part of narcotics investigations, was surprised by the numbers. "It's way too much," said the former official, who did not want to be named.

Albert Gidari, a former privacy lawyer who now serves as director of privacy at Stanford Law School's Center for Internet and Society, criticized the investigation.

"They spent a fortune tracking 26 people and recording three million conversations and apparently got nothing," said Gidari. "I'd love to see the probable cause affidavit for that one and wonder what the court thought on its 10 day reviews when zip came in."

"I'm not surprised by the results because on average, a very very low percentage of conversations are incriminating, and a very very low percent results in conviction," he added.

When reached, a spokesperson for the Justice Department did not comment.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.



from Latest Topic for ZDNet in... http://ift.tt/2svmZFu

Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities


Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities

Talos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems. Vulnerabilities present in these applications could allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user.



from Cisco Blog » Security http://ift.tt/2suTR19

French authorities close Windows 10 privacy investigation

Data-protection authorities in France have officially closed an investigation into Microsoft's data collection practices for Windows 10.

The French National Data Protection Commission (CNIL) had issued a formal notice against Microsoft in July 2016, ordering that the company "stop collecting excessive data and tracking browsing by users without their consent."

Yesterday's formal notice of closure notes that "violations had ceased [and] the company had complied with the French Data Protection Act." In addition, it notes that "the company has implemented several measures in order to comply with the requirements stated in the formal notice."

Via email, a Microsoft spokesperson provided the following comment:

We are committed to protecting our customers' privacy and putting them in control of their information. We appreciate the French data protection authority's decision and will continue to provide clear privacy choices and easy-to-use tools in Windows 10.

Specifically, the notice calls out the following changes in Windows 10:

On the irrelevant or excessive character of collected data:

The company has nearly reduced by half the volume of collected data within the "basic" level of its telemetry service which is capable of identifying the system's functional issues and solving them. It has restricted its collection to the sole data strictly necessary for maintaining the proper functioning of its operating system and applications, and for ensuring their security.

On the lack of data subjects' consent:

Users are now informed, through a clear and precise information, that an advertising ID is intended to track their web-browsing in order to offer them personalized advertising. Furthermore, the installation procedure of Windows 10 has been modified: users cannot complete this installation unless they have expressed their choice regarding activation or deactivation of the advertising ID. Moreover, they can reverse this choice at any time.

On the lack of security:

The company has strengthened the robustness of the PIN code allowing users to authenticate to all company's online services, and more specifically to their Microsoft account: too common PIN code combinations are now forbidden. Moreover, in case of incorrect input, the company has set up a delay for authentication (a temporary suspension of access whose duration increases as the number of attempts rises).

The original complaint criticized Microsoft for its cookie-handling policy. The notice of closure acknowledges that "most" Windows 10-related websites now obtain proper consent, with all Microsoft websites scheduled to be in compliance by September 30, 2017.

CNIL notes that Microsoft has also joined Privacy Shield and is no longer transferring French Windows users' data to the U.S. That practice was banned by a decision issued by the Court of Justice of the European Union on October 6, 2015.

In May 2017, French authorities fined Facebook 150,000 Euros for "massive compilation of personal data [and] browsing " without the knowledge or consent of users, following a similar complaint in February 2016.

Google received its own complaint in 2013, with another "compliance package" proposed in 2014.



from Latest Topic for ZDNet in... http://ift.tt/2sZ3CYY

IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal (CVE-2015-8743)

IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVE.

CVE(s): CVE-2016-8743

Affected product(s) and affected version(s):

IBM Netezza Performance Portal 1.0 – 2.1.1.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2u7eAtJ
X-Force Database: http://ift.tt/2kVn2H9

The post IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal (CVE-2015-8743) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2u7eAKf

IBM Security Bulletin: SQL Injection vulnerability affects IBM Security Guardium (CVE-2017-1269)

A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Security Guardium has fixed this vulnerability

CVE(s): CVE-2017-1269

Affected product(s) and affected version(s):

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2sZoa3t
X-Force Database: http://ift.tt/2sukq6q

The post IBM Security Bulletin: SQL Injection vulnerability affects IBM Security Guardium (CVE-2017-1269) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2sZobo3

IBM Security Bulletin: Missing Authentication for Critical Function affects IBM Security Guardium (CVE-2017-1258)

IBM Security Guardium does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Security Guardium has fixed this vulnerability

CVE(s): CVE-2017-1258

Affected product(s) and affected version(s):

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2sZo8Zp
X-Force Database: http://ift.tt/2supkQX

The post IBM Security Bulletin: Missing Authentication for Critical Function affects IBM Security Guardium (CVE-2017-1258) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2sZ5Bwk

IBM Security Bulletin: IBM InfoSphere Guardium is affected by Cleartext Transmission of Sensitive Information vulnerability (CVE-2016-0238 )

IBM Security Guardium transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques.

CVE(s): CVE-2016-0238

Affected product(s) and affected version(s):

IBM Security Guardium V 9, 9.1, 9.1
V10, 10.1, 10.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2sudwy4
X-Force Database: http://ift.tt/2sYTwHr

The post IBM Security Bulletin: IBM InfoSphere Guardium is affected by Cleartext Transmission of Sensitive Information vulnerability (CVE-2016-0238 ) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2sufBKz

IBM Security Bulletin: zlib vulnerability may affect IBM® SDK, Java™ Technology Edition

zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Affected product(s) and affected version(s):

IBM SPSS Analytic Server 2.0.1.0
IBM SPSS Analytic Server 2.0.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ttD4PW
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv

The post IBM Security Bulletin: zlib vulnerability may affect IBM® SDK, Java™ Technology Edition appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ur6POz

IBM Security Bulletin: Vulnerability in Intel Ethernet Controller XL710 affects IBM MQ Appliance

A vulnerability in the Intel Ethernet Controller XL710 affects IBM MQ Appliance M2001.

CVE(s): CVE-2016-8106

Affected product(s) and affected version(s):

IBM MQ Appliance

  • M2001 appliance with serial numbers in the range 7802314 to 7803646, independent of IBM MQ Appliance firmware version.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ttJQoV
X-Force Database: http://ift.tt/2urDbJo

The post IBM Security Bulletin: Vulnerability in Intel Ethernet Controller XL710 affects IBM MQ Appliance appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ttwb15

IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Security Guardium (CVE-2017-1256)

Cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Security Guardium has fixed this vulnerability

CVE(s): CVE-2017-1256

Affected product(s) and affected version(s):

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ttpNXU
X-Force Database: http://ift.tt/2urz8fU

The post IBM Security Bulletin: Cross-Site Scripting vulnerability affects IBM Security Guardium (CVE-2017-1256) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ttCnXc

IBM Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance

Multiple vulnerabilities  have been idintified in openssl, gnutl, mysql, kernel, glibc and ntp shipped with SmartCloud Entry Appliance.  SmartCloud Entry Appliance has addressed the vulnerabilities.

CVE(s): CVE-2016-8610, CVE-2017-3731, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2016-5616, CVE-2016-6662, CVE-2016-6663, CVE-2016-5195, CVE-2016-7426, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311, CVE-2016-7429, CVE-2015-8778, CVE-2015-8779, CVE-2014-9761, CVE-2015-8776

Affected product(s) and affected version(s):

IBM SmartCloud Entry Appliance 2.2
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 9,
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 9,
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 24,
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 24

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2urkOEp
X-Force Database: http://ift.tt/2hNr07D
X-Force Database: http://ift.tt/2knsB3D
X-Force Database: http://ift.tt/2ttLBCq
X-Force Database: http://ift.tt/2uric9y
X-Force Database: http://ift.tt/2ttD6r2
X-Force Database: http://ift.tt/2urlnhe
X-Force Database: http://ift.tt/2hLt6Uf
X-Force Database: http://ift.tt/2hLreek
X-Force Database: http://ift.tt/2gQ8nw9
X-Force Database: http://ift.tt/2j51KGC
X-Force Database: http://ift.tt/2iJKgBL
X-Force Database: http://ift.tt/2iJHT1R
X-Force Database: http://ift.tt/2j54SCg
X-Force Database: http://ift.tt/2iJIoJb
X-Force Database: http://ift.tt/24Kfyvx
X-Force Database: http://ift.tt/24IqCWz
X-Force Database: http://ift.tt/24IqFBP
X-Force Database: http://ift.tt/24KfxrG

The post IBM Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ttqIaJ

IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect Content Collector for IBM Connections

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for IBM Connections.

CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183

Affected product(s) and affected version(s):

Content Collector for IBM Connections v3.0
Content Collector for IBM Connections v4.0
Content Collector for IBM Connections v4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ttxKMN
X-Force Database: http://ift.tt/2lA6pnI
X-Force Database: http://ift.tt/2msIV19
X-Force Database: http://ift.tt/2lAcror
X-Force Database: http://ift.tt/2msG8VN
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msWpdg
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAk4Lp
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2msOwVj
X-Force Database: http://ift.tt/2lAc9xE
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect Content Collector for IBM Connections appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2uraHz6

IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM eDiscovery Analyzer

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer.

CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183

Affected product(s) and affected version(s):

IBM eDiscovery Analyzer v2.2.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ttCiCF
X-Force Database: http://ift.tt/2lA6pnI
X-Force Database: http://ift.tt/2msIV19
X-Force Database: http://ift.tt/2lAcror
X-Force Database: http://ift.tt/2msG8VN
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msWpdg
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAk4Lp
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2msOwVj
X-Force Database: http://ift.tt/2lAc9xE
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM eDiscovery Analyzer appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2urzBi9

IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Collector for Microsoft SharePoint

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM Content Collector for Microsoft SharePoint.

CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Content Collector for Microsoft SharePoint v3.0
IBM Content Collector for Microsoft SharePoint v4.0
IBM Content Collector for Microsoft SharePoint v4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ttpWdS
X-Force Database: http://ift.tt/2lA6pnI
X-Force Database: http://ift.tt/2msIV19
X-Force Database: http://ift.tt/2lAcror
X-Force Database: http://ift.tt/2msG8VN
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msWpdg
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAk4Lp
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2msOwVj
X-Force Database: http://ift.tt/2lAc9xE
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Collector for Microsoft SharePoint appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ur4Rho

IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Collector for File Systems

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM Content Collector for File Systems.

CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Content Collector for File Systems v3.0
IBM Content Collector for File Systems v4.0
IBM Content Collector for File Systems v4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ttwrxa
X-Force Database: http://ift.tt/2lA6pnI
X-Force Database: http://ift.tt/2msIV19
X-Force Database: http://ift.tt/2lAcror
X-Force Database: http://ift.tt/2msG8VN
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msWpdg
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAk4Lp
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2msOwVj
X-Force Database: http://ift.tt/2lAc9xE
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Collector for File Systems appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2urvuCN

IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Collector for Email

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for SAP Applications.

CVE(s): CVE-2017-3289, CVE-2017-3272, CVE-2017-3241, CVE-2017-3260, CVE-2016-5546, CVE-2017-3253, CVE-2016-5548, CVE-2016-5549, CVE-2017-3252, CVE-2016-5547, CVE-2016-5552, CVE-2017-3261, CVE-2017-3231, CVE-2017-3259, CVE-2016-2183

Affected product(s) and affected version(s):

IBM Content Collector for Email v3.0
IBM Content Collector for Email v4.0
IBM Content Collector for Email v4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2urem01
X-Force Database: http://ift.tt/2lA6pnI
X-Force Database: http://ift.tt/2msIV19
X-Force Database: http://ift.tt/2lAcror
X-Force Database: http://ift.tt/2msG8VN
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msWpdg
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAk4Lp
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2msOwVj
X-Force Database: http://ift.tt/2lAc9xE
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC

The post IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2017 – Includes Oracle Jan 2017 CPU affect IBM Content Collector for Email appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2urzyCZ

IBM Security Bulletin: WebSphere Application Server vulnerability in IBM Content Collector for Email

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources in IBM Content Collector for Email.

CVE(s): CVE-2016-8919

Affected product(s) and affected version(s):

IBM Content Collector for Email v3.0
IBM Content Collector for Email v4.0
IBM Content Collector for Email v4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ur7tMg
X-Force Database: http://ift.tt/2iIIHRy

The post IBM Security Bulletin: WebSphere Application Server vulnerability in IBM Content Collector for Email appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2ur6Odt

GDPR, Cisco and You


GDPR, Cisco and You

- June 30, 2017 - 0 Comments

In less than a year from now, on May 25, 2018, the EU General Data Protection Regulation (GDPR) will be enforced, significantly increasing potential fines and costs for data processing in EU member countries and anywhere EU personal data is processed.

GDPR replaces the existing patchwork of EU National Data Protection legislation and brings a degree of long-anticipated consistency to the data protection landscape in Europe. Essentially, GDPR legislatively embodies the well-recognized privacy principles of transparency, fairness, and accountability.  GDPR also attempts to introduce a risk-based approach that enables innovation and participation in the global digital economy while respecting individual rights – which can be a very good thing.

In our view, the digital economy can only flourish when you connect people, process, data and things in an ethical, meaningful and secure way. That includes creating an environment in which everyone can easily do business and know their data is safeguarded. We are committed to helping our customers and partners by protecting and respecting personal data, no matter where it is from or where it flows.

What is Cisco doing to be GDPR-ready?

We are getting ready for GDPR in the following ways.

Our industry-leading data protection program includes:

Policies and Standards – Developing standards and processes to define the Personal Data lifecycle and help ensure data transparency, accuracy, accessibility, completeness, security, and consistency.

Identification ,Classification and Mapping – Inventorying and mapping our data and identifying what we have, what we are doing with it, where it is, where it flows, and who has access to it. We classify data based on risk and sensitivity in context. That risk is data-led/ person-led, while we do care about avoiding fines, we believe focusing on the outcome and purpose of processing leads to a better and more holistic risk profile.

Data Risk and Organizational Maturity – Focusing on understanding risks and conducting threat modeling for unique data sets we process. Assessing the risks, strengths, and opportunities to understand maturity against industry benchmarks and, where those do not yet exist, we design the bench.

Incident Response – Implementing an enterprise-wide, data incident response process that is integrated with our business continuity processes.

Oversight and Enforcement – Deploying a centralized data protection governance model that oversees, monitors, and enforces adherence to policies and standards, including third-party controls, vendor oversight, monitoring, audit, and remediation.

Privacy and Security by Design or Default – Integrating data protection, privacy, and security requirements into product design and development methodologies via Cisco Secure Development Lifecycle. Embedding privacy requirements in the development cycle from ideation to launch, to validation. In short, we use privacy engineering techniques to evaluate and build better offerings to turn privacy by design policies into actions and tangible improvements.

  • International Transfer
    We are certified under the EU-US and Swiss-US Privacy Shield frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, processing, and cross-border transfer of personal data from the EU and Switzerland to the United States. Cisco is also in the process of achieving approvals for our Binding Corporate Rules across the EU.

In addition, we have a publicly available Cloud Services EU Data Processing Addendum for cloud offerings that includes Standard Contractual Clauses to allow the transfer of personal data from the EU to the rest of the world.

  • Third-party Audit and Certifications
    Reinforcing our commitment to protect Cisco and our customers, we have obtained several third-party certifications for our products and services. For example, Cisco WebEx is ISO 27001 and SSAE-16, SOC2 certified, and we have successfully completed the ISO 27001 certification across our entire services business worldwide. With these certifications, our customers can be confident that we are protecting their data. 

What you can do to get ready for GDPR

To fully protect personal data, you need to know what data you are collecting, how you are collecting it, what you are doing with it, who is processing it and where, and how you are protecting it – whether at rest, in use, or in motion.

Here are some recommendations to help you get ready.

Map – Conduct a company-wide inventory and mapping of personal data. Pay special attention to the “who”: Who manages?  Who builds?  Who accesses? Who corrects?  Who deletes or returns?  The “what” will determine your strategy. The “who” will make it a part of your culture and make data protection a part of your accountability profile.

Assess and Manage – Evaluate risks, strengths, and opportunities and establish governance for data usage and access.

Secure – Protect personal data with security measures capable of preventing, detecting, and responding to vulnerabilities and data breaches. Secure the negligent and mistaken as well as the “bad guys”.

Raise awareness – Create a security and privacy-aware culture by involving everyone in your organization in protecting their own and your customers’ personal data, including reporting data breaches. Data protection obligations are as pervasive and constant as currencies that flow through and across the networks. Awareness and fresh updates are essential.

Join the Journey to GDPR

As part of our ongoing efforts to support the security, trust, privacy, and resilience of our customers, we are committed to securing their data. In the coming year we will continue to share our journey to assist you in your own efforts to be ready for GDPR. We’ve got this. Let’s GO!

For more information on how Cisco is preparing for GDPR, visit our Trust Center.

Tags:


from Cisco Blog » Security http://ift.tt/2stPinS

UK's 'extreme mass surveillance' web snooping powers face legal challenge

webcam.jpg Getty Images/iStockphoto

The High Court has granted Liberty permission to challenge part of the UK's "extreme mass surveillance regime", with a judicial review of the Investigatory Powers Act.

The law forces internet companies to keep logs of emails, phone calls, texts and web browsing histories and to hand them over to the state to be stored or examined. The civil liberties campaign group wants to challenge this mass collection, arguing that the measure breaches British people's rights.

In a separate case in December, the European Court of Justice ruled the same powers in the previous law governing UK state surveillance were unlawful.

The government argues that it needs access to the data to help with criminal investigations and that the legislation is required because so much communication is done online. But Liberty said the legislation had passed through Parliament in part thanks to "shambolic political opposition" and that the government failed to provide evidence that surveillance of everybody in the UK was lawful or necessary.

Martha Spurrier, director of Liberty, said: "It's become clearer than ever in recent months that this law is not fit for purpose. The government doesn't need to spy on the entire population to fight terrorism. All that does is undermine the very rights, freedoms and democracy terrorists seek to destroy."

She added: "Our government's obsession with storing vast amounts of sensitive information about every single one of us looks dangerously irresponsible. If they truly want to keep us safe and protect our cybersecurity, they urgently need to face up to reality and focus on closely monitoring those who pose a serious threat."

The High Court has also allowed Liberty to seek permission to challenge three other parts of the Act, either once the government publishes further codes of practice, or by March 2018.

These include bulk and 'thematic' hacking,which allows police and intelligence agencies to hack into devices on an industrial scale.

It also allows Liberty to challenge the bulk interception and acquisition of communications content and the use of bulk personal datasets, which allows government agencies to access vast databases held by the public or private sector, which Liberty said contain details on "religion, ethnic origin, sexuality, political leanings and health problems, potentially on the entire population - and are ripe for abuse and discrimination".

Liberty said that now permission has been granted, its application for a costs capping order will be considered. If this application is granted, the case will be listed for a full hearing.

Read more on web surveillance



from Latest Topic for ZDNet in... http://ift.tt/2twPQxX

Windows 10 to Get Built-in Protection Against Most Ransomware Attacks


Ransomware Ransomware Everywhere Not a Single Place to Hide!

But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks.

Two massive ransomware attacks —

WannaCry

and

Petya

(also known as

NotPetya

) — in a month have caused chaos and disruption worldwide, forcing hospitals, ATMs, shipping companies, governments, airports and car companies to shut down their operations.

Most ransomware in the market, including

WannaCry

and NotPetya, are specifically designed to target computers running Windows operating system, which is why Microsoft has been blamed for not putting proper defensive measures in place to prevent such threats.

But not now!

In the wake of recent devastating global ransomware outbreaks, Microsoft has finally realized that its Windows operating system is deadly vulnerable to ransomware and other emerging threats that specifically targets its platform.

To tackle this serious issue, the tech giant has

introduced

a new anti-ransomware feature in its latest Windows 10 Insider Preview Build (16232) yesterday evening, along with several other security features.

Microsoft is planning to introduce these security features in

Windows 10 Creator Update

(also known as RedStone 3), which is expected to release sometime between September and October 2017.

The anti-ransomware feature, dubbed

Controlled Folder Access

, is part of Windows Defender that blocks unauthorized applications from making any modifications to your important files located in certain "protected" folders.

Applications on a whitelist can only access Protected folders. So you can add or remove the apps from the list. Certain applications will be whitelisted automatically, though the company doesn't specify which applications.

Once turned on, "Controlled folder access" will watch over files stored inside Protected folders and any attempt to access or modify a protected file by non-whitelisted apps will be blocked by Windows Defender.

So, whenever an application tries to make changes to Protected files but is blacklisted by the feature, you will get a notification about the attempt.

How to Enable Controlled Folder Access, Whitelist Apps and Add or Remove Protected Folders

Here's how to enable the Controlled folder access feature:

  • Go to Start menu and Open the Windows Defender Security Center
  • Go to the Virus & Threat Protection settings section
  • Set the switch to On

Here's how to allow apps that you trust is being blocked by the Controlled folder access feature to access Protected folders:

  • Go to Start menu and Open the Windows Defender Security Center
  • Go to the Virus & Threat Protection settings section
  • Click 'Allow an app through Controlled folder access' in the Controlled folder access area
  • Click 'Add an allowed app' and select the app you want to allow

Windows library folders like Documents, Pictures, Movies, and Desktop are designated as being compulsorily "protected" by default, which can not be removed.

However, users can add or remove their personal folders to the list of protected folders. Here's how to add folders to Protected folders list:

  • Go to Start menu and Open the Windows Defender Security Center
  • Go to the Virus & Threat Protection settings section
  • Click 'Protected folders' in the Controlled folder access area
  • Enter the full path of the folder you want to monitor

Users can also enter network shares and mapped drives, but environment variables and wildcards are not supported at this moment.

Other Security Feature Introduced in Windows 10 Insider Program

With the release of Windows 10 Insider Preview Build 16232, Windows Defender Application Guard (WDAG) for

Edge

— a new system for running Microsoft Edge in a special virtual machine in order to protect the OS from browser-based flaws — also received improvements in usability.

Windows 10 Insider Preview Build also comes with support for Microsoft Edge data persistence when using WDAG.

"Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions," Microsoft explains.
"The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions."

Another new security feature called

Exploit Protection

has been introduced in Windows 10 16232, which blocks cyber attacks even when security patches are not available for them, which means the feature will be useful particularly in the case of zero-day vulnerabilities.

Exploit Protection works without Microsoft's Windows Defender Antivirus tool, but you can find the feature in Windows Defender Security Center → App & Browser Control → Exploit Protection.

In the Fall Creators Update for Windows 10, Microsoft has also planned to use a broad range of data from Redmond's cloud services, including Azure, Endpoint, and Office, to create an

AI-driven Antivirus

 (Advanced Threat Protection) that can pick up on malware behavior and protect other PCs running the operating system.

Also, we reported about Microsoft's plan to build its

EMET or Enhanced Mitigation Experience

Toolkit into the kernel of the upcoming Windows 10 to boost the security of your PC against complex threats such as zero-day vulnerabilities.

Also, the company is planning to

remove the SMBv1

(Server Message Block version 1) — a 30-year-old file sharing protocol which came to light last month after the devastating

WannaCry outbreak

— from the upcoming Windows 10 (1709) Redstone 3 Update.

Besides this, some other changes and improvements have also been introduced with the release, along with patches for several known issues.



from The Hacker News http://ift.tt/2sojVzP

USN-3342-2: Linux kernel (HWE) vulnerabilities

Ubuntu Security Notice USN-3342-2

29th June, 2017

linux-hwe vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

  • linux-hwe - Linux hardware enablement (HWE) kernel

Details

USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.

USN-3333-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free flaw existed in the filesystem
encryption subsystem in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash). (CVE-2017-7374)

Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel
did not return an error after detecting certain overflows. A local attacker
could exploit this issue to cause a denial of service (OOPS).
(CVE-2017-5577)

Li Qiang discovered that an integer overflow vulnerability existed in the
Direct Rendering Manager (DRM) driver for VMWare devices in the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux
kernel's IPv6 stack. A local attacker could cause a denial of service or
potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the
Linux kernel's IPv6 stack. A local user could exploit this issue to cause a
denial of service or possibly other unspecified problems. (CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance.
A local attacker could exploit this issue to cause a denial of service or
potentially other unspecified problems. (CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the
Linux kernel mishandled inheritance. A local attacker could exploit this
issue to cause a denial of service or potentially other unspecified
problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing
its over write consistency check after the data was actually overwritten. A
local attacker could exploit this flaw to cause a denial of service (system
crash). (CVE-2017-9242)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
linux-image-4.8.0-58-lowlatency 4.8.0-58.63~16.04.1
linux-image-4.8.0-58-generic-lpae 4.8.0-58.63~16.04.1
linux-image-generic-hwe-16.04 4.8.0.58.29
linux-image-lowlatency-hwe-16.04 4.8.0.58.29
linux-image-4.8.0-58-generic 4.8.0-58.63~16.04.1
linux-image-generic-lpae-hwe-16.04 4.8.0.58.29

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-1000363, CVE-2017-5577, CVE-2017-7294, CVE-2017-7374, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242, LP: 1699772, http://ift.tt/2sR3jjF



from Ubuntu Security Notices http://ift.tt/2tqLZSd

Thursday, June 29, 2017

Telco national security Bill should pass after clarifications: Intelligence Committee


The Telecommunications and Other Legislation Amendment Bill is set to be waved through Australian Parliament with a bipartisan report stating that after a number of clarifications, it should become law.

The Bill forces telco carriers and carriage service providers (CSPs) to "do their best" to protect their networks from unauthorised access or interference for the purpose of security, with carriers and CSPs to notify the Attorney-General's Department (AGD) of any changes to their services, systems, or equipment that could have a "material adverse effect" on their ability to comply with this duty.

The communications access coordinator (CAC) has the power to assess whether those changes bring a risk of exposing the network to unauthorised access or interference, and may suggest changes to a CSP's security capability plan.

In its report [PDF], the Parliamentary Joint Committee on Intelligence and Security (PJCIS) asks for clarification within the administrative guidelines for when a company is providing an over-the-top service; when telco infrastructure is used but not owned or operated by a company; when a company provides cloud-based services; and when infrastructure is overseas and provides services to, or stores information on, Australians.

The guidelines should also include details and examples of changes the CAC is not interested in, the report said.

As for the wording of the Bill itself, the committee recommended it clarify that broadcasters are not subject to the legislation; allow for carriers to request partial or complete exception for certain changes; make it clear the Bill does not change the operation of existing privacy laws; outline ways for industry to recover costs; and for the Attorney-General to take into account how quickly the CAC responded to a notification before issuing a direction.

It was also recommended the Bill spell out that an annual report on the scheme to Parliament include the number of occasions the information-gathering powers have been exercised, the number of notifications and security plans received, average response timeframes of the CAC, number of occasions the directions-powers have been used, and details of how the government is sharing information with industry.

The Bill provided a "proportionate and escalating framework for addressing national security risks" and gave certainty to industry, the committee said.

"The committee supports a legislative framework approach which establishes the security of Australia's telecommunications infrastructure as a joint responsibility between government and industry," it said.

"It continues to allow industry to make its own commercial decisions within the risk assessment framework and with access to security advice. Where necessary, there exists the option for enforcement in order to ensure the protection of telecommunications infrastructure."

PJCIS also said as part of its review into Australia's metadata laws, it should be allowed to examine the security of metadata retained and stored overseas.

"The Committee is greatly concerned that existing laws do not provide government with visibility about where and how data is being stored," the report stated.

During hearings of the committee, AGD said it did not believe the storage of metadata overseas was a security concern.

"That is not true, because we've been briefed to the fact that that isn't, that's not a true statement," Labor member of Holt Anthony Byrne said in February. "It was one of the concerns of the committee that if you did offshore it, it did impact the capacity of the agencies and the Attorney-General's Department to actually protect the data."

"And we've seen, publicly, fairly significant issues of data being stored offshore and it being susceptible to infiltration."

Byrne said it was an "incredibly significant concern" that the department is not currently able to answer his questions on whereabouts the nation's telecommunications metadata is stored.

Earlier in February, a number of submissions said the Bill would impede innovation and consequently make networks more vulnerable to attacks.

"The draft legislation still provides for unjustifiably intrusive powers for government to intervene in telecommunications infrastructure without adequate consultation or protections for industry," Macquarie Telecom said in its submission.

The new obligations would add considerable cost and interruption to its business operations and hinder its capability to innovate -- which would have the effect of increasing security threats due to it being unable to embrace new technologies promptly, Macquarie Telecom argued.

With a number of clarifications needed, PCJIS said in its report that AGD must work closely with industry in the next year to provide certainty.

"The 12 month implementation period for the Bill will be crucial," it said.

Communications Alliance CEO John Stanton said the committee had done an excellent job of highlighting the Bill's weaknesses, and said the clarifications should have been in the legislation, rather than the guidelines, with a six-month rather than twelve-month deadline.

"This work should be done within the first six months -- and with full industry involvement -- so that industry has some breathing space in which to complete its compliance work, before the legislation takes full effect."

The committee said it should review the laws three years after gaining Royal Assent.

"The key areas of focus of the review should be the security of critical and sensitive data, the adequacy of information-sharing arrangements between government and industry, and the adequacy of the administrative guidelines," it said.



from Latest Topic for ZDNet in... http://ift.tt/2tstWes

Australian military cyber warriors authorised to target offshore criminals


The federal government has announced its intention to launch an offensive cyber capability to fight cyber criminals and thwart attacks against Australia.

Anticipating cybercrime to cost the Australian economy at least AU$1 billion per year, Prime Minister Malcolm Turnbull has directed the Australian Signals Directorate (ASD) to use its offensive cyber capabilities to "disrupt, degrade, deny, and deter" organised offshore cyber criminals.

By using the intelligence agency's cyber capability, which Turnbull said is currently used to help target, disrupt, and defeat terrorist organisations such as Daesh, Australia is expected to have a stronger arsenal to prevent and shut-down safe-havens for offshore cyber criminals.

"The recent WannaCry and Petya ransomware attacks have affected governments, businesses, and individuals around the world," Turnbull said on Friday.

"Cyber criminals continue to adapt and evolve their methods and tactics, increasingly employing new methods to gain access to a victim and extort funds. As their level of sophistication has improved, cyber criminals are increasingly targeting businesses directly.

"Our response to criminal cyber threats should not just be defensive. We must take the fight to the criminals."

It is expected the ASD will be tasked with defending Australian military targets from cyber attacks and preparing to launch its own assaults on foreign forces, and that it will comprise of specialists staff with a mixture of defence personnel and public service employees, the ABC reported.

Turnbull launched the country's AU$240 million cybersecurity strategy in April last year, which is aimed at defending the nation's cyber networks from organised criminals and state-sponsored attackers, and sits alongside the AU$400 million provided in the Defence White Paper for cyber activities.

Since its inception at the end of 2014, there have been over 114,000 reports of cybercrime registered with the Australian Cybercrime Online Reporting Network (ACORN), and, according to Turnbull, 23,700 incidents have been reported over the last six months.

"The government will target criminals wherever they seek to hurt Australian citizens but every Australian has a role to play in ensuring our cybersecurity," the prime minister added. "We must work together to share threat information and learn from each other about the online threats that seek to do us harm."



from Latest Topic for ZDNet in... http://ift.tt/2u57hCP

USN-3346-1: bind9 vulnerabilities

Ubuntu Security Notice USN-3346-1

29th June, 2017

bind9 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Bind could be made to serve incorrect information or expose sensitive information over the network.

Software description

  • bind9 - Internet Domain Name Server

Details

Clément Berthaux discovered that Bind did not correctly check TSIG
authentication for zone update requests. An attacker could use this
to improperly perform zone updates. (CVE-2017-3143)

Clément Berthaux discovered that Bind did not correctly check TSIG
authentication for zone transfer requests. An attacker could use this
to improperly transfer entire zones. (CVE-2017-3142)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 17.04:
bind9 1:9.10.3.dfsg.P4-10.1ubuntu5.1
Ubuntu 16.10:
bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.7
Ubuntu 16.04 LTS:
bind9 1:9.10.3.dfsg.P4-8ubuntu1.7
Ubuntu 14.04 LTS:
bind9 1:9.9.5.dfsg-3ubuntu0.15

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to restart Bind to make
all the necessary changes.

References

CVE-2017-3142, CVE-2017-3143



from Ubuntu Security Notices http://ift.tt/2tviqzM

Microsoft partners with Token on biometric ring for logging into Windows 10

Microsoft may have stepped back from building its own wearable devices (at least for now), but it is still working with some vendors in the space.

tokenwindowshello.jpg

Microsoft's latest partner here is Token, the maker of the Token biometric ring. Token will use Microsoft's Windows Hello authentication technology to allow those wearing the rings to log in automatically to Windows 10 devices.

"We're thrilled to work with Token to make the Windows Hello experience even better," said Microsoft execs in a June 29 blog post. "With its simple design, Token - a biometric identity ring changing the way you prove and protect your identity by streamlining the process of authentication throughout your day - logs you into Windows 10 seamlessly in a way that feels natural and familiar."

Token uses a fingerprint sensor on the inside of the ring. As long as users keep the ring on, they can authenticate with a hand tap. Once the ring is off, Token locks users' credentials. Windows Hello can use face or fingerprint recognition to authenticate users in lieu of passwords.

Token rings can be used in place of Visa or Mastercards, house keys, smart car keys, passwords and desktop login passwords, among other applications.

The Token rings are set to start shipping in December 2017, beginning in the U.S. They will be available outside the U.S. starting in 2018. Preorders are already available.

The rings start at $249 (with various finishes adding $50 to the base price). Accessories like a $100 door lock and $100 car lock are available.



from Latest Topic for ZDNet in... http://ift.tt/2s6S03c

Facebook gives moderators "full access" to user accounts suspected of terror links

A Facebook data center. (Image: CNET/CBS Interactive)

Facebook has a fleet of low-paid contractors who are tasked with investigating possible connections with terrorism on it site.

The key takeaway: Moderators are granted "full access" to any account once it's been flagged by the social network's algorithms, which are looking for details or connections that might suggest a terror link. Moderators can track track a person's location and read their private messages.

The news comes from The Guardian, just days after Facebook chief executive Mark Zuckerberg announced the social network now has two billion users.

"The counter-terrorism unit has special clearance to carry out investigations into user accounts if they are suspected of having links to terrorist groups identified by the US State Department," says the report. "Moderators will then access the individual's private messages, see who they are talking to and what they are saying, and view where they have been."

The move appears to go far above and beyond the company's recently outlined efforts to use its artificial intelligence and human resources to counter terrorism on the platform. It's in response to growing pressure from several countries to act and to battle terrorism on their platforms, in the wake of several terror attacks in the UK and Europe.

Facebook declined to comment or answer several questions we had.

Among the chief problems with this largely secret internal surveillance is that Facebook doesn't define "terrorism" or "terrorist content." There is no one single definition, or hard-and-fast rule to follow, making the process of removing content arbitrary. Facebook only says that each company facing this kind of challenge "will continue to apply its own policies and definitions of terrorist content when deciding whether to remove content."

The only thing that is known about the rules that govern what content Facebook allows on its site is that it's a secret.

ProPublica this week published a trove of leaked documents that detail the largely arbitrary approach the company takes to deciding what is and what isn't allowed on the site. But even then, much of the enforcement of those rules lands at the mercy of the moderator, who makes the final call.

The Facebook Community Operations team of about 3,000 staff and 150 counter-terrorism experts, according to the company, includes academics and former law enforcement staff, who are working to crack down on extremist content. Exactly how Facebook will moderate the moderators isn't known, largely because the company refuses to say so. At least with government surveillance, there are rules and some oversight (even if it's deeply flawed at the best of times). Unlike the US intelligence community, which is governed by Fourth Amendment protections against unwarranted searches on Americans, private companies like Facebook are not. There is almost nothing legally stopping Facebook from reading your messages or terminating your account for any reason at any time.

Facebook is now employing a largely secret group of unaccountable staff working against a set of arbitrary and unknown rules against two billion people. What could possibly go wrong?

Without any shred of transparency, there's no telling who is or isn't under the watchful eye of Facebook's own internal surveillance.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.



from Latest Topic for ZDNet in... http://ift.tt/2sVQ0O7

USN-3323-2: GNU C Library vulnerability

Ubuntu Security Notice USN-3323-2

29th June, 2017

eglibc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS

Summary

Gnu C library could be made to run programs as an administrator.

Software description

  • eglibc - GNU C Library

Details

USN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the
corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that the GNU C library did not properly handle memory
when processing environment variables for setuid programs. A local attacker
could use this in combination with another vulnerability to gain
administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
libc6 2.15-0ubuntu10.20

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2017-1000366



from Ubuntu Security Notices http://ift.tt/2sW4ZHI

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.

The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP—Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.

Cisco will release software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.

This advisory is available at the following link:
http://ift.tt/2sqTzIB The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.

The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP—Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.

Cisco will release software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.

This advisory is available at the following link:
http://ift.tt/2sqTzIB
Security Impact Rating: High
CVE: CVE-2017-6736,CVE-2017-6737,CVE-2017-6738,CVE-2017-6739,CVE-2017-6740,CVE-2017-6741,CVE-2017-6742,CVE-2017-6743,CVE-2017-6744

from Cisco Security Advisory http://ift.tt/2sqTzIB

IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2017.

CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Affected product(s) and affected version(s):

        AIX 5.3, 6.1, 7.1, 7.2
        VIOS 2.2.x

        The following fileset levels (VRMF) are vulnerable, if the 
        respective Java version is installed:
        For Java6:    Less than 6.0.0.645 
        For Java7:    Less than 7.0.0.605
        For Java7.1:  Less than 7.1.0.405
        For Java8:    Less than 8.0.0.406

        Note: To find out whether the affected Java filesets are installed 
        on your systems, refer to the lslpp command found in AIX user's guide.

        Example:  lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2unvdRk
X-Force Database: http://ift.tt/2pv78pP
X-Force Database: http://ift.tt/2pYs23d
X-Force Database: http://ift.tt/2pv7JaY
X-Force Database: http://ift.tt/2pvrrn2
X-Force Database: http://ift.tt/2pYfysm
X-Force Database: http://ift.tt/2pv79tT
X-Force Database: http://ift.tt/2pYkfm0
X-Force Database: http://ift.tt/2pvwR1f
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv

The post IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2unOeTK

FedEx's TNT Express deliveries disrupted by virus attack

tnt-van-in-new-livery.jpg Image: TNT Express

FedEx's delivery subsidiary TNT Express has warned that its systems have been significantly affected by a computer virus.

The company said in a note on its website: "Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network," which has lead to speculation that the problems were linked to the Petya ransomware which has been infecting PCs globally.

FedEx briefly halted trading in its shares for almost an hour yesterday as it announced its operations at its European subsidiary TNT Express operations had been "significantly affected" by a computer virus. FedEx warned investors that the disruption could have a material impact on its finances.

The notification came amid the Petya file-encrypting malware outbreak, which hammered Windows systems in the Ukraine, but also caused infections in 63 other countries.

"While TNT Express operations and communications systems have been disrupted, no data breach is known to have occurred," the firm said.

No other FedEx business was affected by the attack. TNT Express's domestic and regional network services were "largely operational, but slowed", it said, with delays in TNT Express's inter-continental services. FedEx Express services were deployed as alternatives.

A message still on TNT's website today notes that it had to suspend myTNT online services due to the attack.

"We are implementing remediation steps as quickly as possible to support customers who experience limited interruption in pick-up and delivery operations and tracking systems access."

The company hasn't provided further updates.

As more details emerge about the Petya/NotPetya malware, several security researchers have concluded the attack was not intended to make money but rather to destroy infected computers, making this an example of so-called wiper malware, such as Shamoon.

"If this well engineered and highly crafted worm was meant to generate revenue, this payment pipeline was possibly the worst of all options," wrote operational security expert, the Gruqq.

"This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of 'ransomware'."

Researchers at Kaspersky found that the malware's unique installation ID, which would normally be used by the attacker to generate a recovery key for each infection, was just random data.

"That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID," Kaspersky researchers wrote.

READ MORE ON CYBERCRIME



from Latest Topic for ZDNet in... http://ift.tt/2tsVtxg

Original Author of Petya Ransomware is Back & He Wants to Help NotPetya Victims


The author of original

Petya ransomware

is back.

After a long 6 months of silence, the author of now infamous Petya ransomware appeared on Twitter today to help victims unlock their files encrypted by a new version of Petya, also known as

NotPetya

.

"We're back having a look in NotPetya," tweeted Janus, a name Petya creator previously chose for himself from a James Bond villain. "Maybe it's crackable with our privkey. Please upload the first 1MB of an infected device, that would help."

This statement made by Petya author suggests he may have held on a

master decryption key

, which if worked for the new variant of Petya infected files, victims would be able to decrypt their files locked in the recent cyber outcry.

Janus sold

Petya

as a Ransomware-as-a-Service (RaaS) to other hackers in March 2016, and like any regular ransomware, original Petya was designed to lock victim's computer, then return them when a ransom is paid.

This means anyone could launch the Petya ransomware attack with just the click of a button, encrypt anyone's system and demand a ransom to unlock it. If the victim pays, Janus gets a cut of the payment. But in December, he went silent.

However, On Tuesday, computer systems of the nation's critical infrastructure and corporates in Ukraine and 64 other countries were struck by a

global cyber attack

, which was similar to the

WannaCry outbreak

that crippled tens of thousands of systems worldwide.

Initially, a new variant of Petya ransomware, NotPetya, was blamed for infecting systems worldwide, but later, the NotPetya story took an interesting turn.

Yesterday, it researchers found that

NotPetya is not a ransomware

, rather it's a wiper malware that wipes systems outright, destroying all records from the targeted systems.

NotPetya also uses NSA's leaked Windows hacking exploit

EternalBlue

and

EternalRomanc

e to rapidly spread within the network, and WMIC and PSEXEC tools to remotely execute malware on the machines.

Experts even believe the real attack has been disguised to divert world's attention from a state-sponsored attack to a malware outbreak.

The source code to Petya has never been leaked, but some researchers are still trying hard to reverse engineer to find possible solutions.

Would this Really Help Victims?

Since Janus is examining the new code and even if his master key succeeds in decrypting victims’ hard drive's master file table (MFT), it won't be of much help until researchers find a way to repair MBR, which is wiped off by NotPetya without keeping any copy.

Tuesday's cyber outbreak is believed to be bigger than

WannaCry

, causing disaster to many critical infrastructures, including bricking computers at a Ukrainian power company, several banks in Ukraine, and the country's Kyiv Boryspil International Airport.

The NotPetya also canceled surgeries at two Pittsburgh-area hospitals, hit computers at the pharmaceutical company Merck and the law firm DLA Piper, as well as infected computers at the Dutch shipping company A.P. Moller-Maersk forced to shut down some container terminals in seaports from Los Angeles to Mumbai.



from The Hacker News http://ift.tt/2sVkUGl