Saturday, March 31, 2018

Can we teach Machine Learning privacy?

IBM Security Bulletin: Multiple vulnerabilities in unzip affect IBM Flex System Manager (FSM)

Mar 31, 2018 9:01 am EDT

Share this post:

Multiple vulnerabilities have been identified in unzip that is embedded in the FSM. This bulletin addresses these vulnerabilities.

CVE(s): CVE-2016-9844, CVE-2015-7697, CVE-2014-9913

Affected product(s) and affected version(s):

Flex System Manager 1.3.4.2
Flex System Manager 1.3.4.1
Flex System Manager 1.3.4.0
Flex System Manager 1.3.3.2
Flex System Manager 1.3.3.1
Flex System Manager 1.3.3.0
Flex System Manager 1.3.2.3
Flex System Manager 1.3.2.2
Flex System Manager 1.3.2.1
Flex System Manager 1.3.2.0

from IBM Product Security Incident Response Team https://ift.tt/2J9uDPd

IBM Security Bulletin: Multiple vulnerabilities in freetype2 affect IBM Flex System Manager (FSM)

Mar 31, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

Multiple vulnerabilities have been identified in freetype2 that is embedded in the FSM. This bulletin addresses these vulnerabilities.

CVE(s): CVE-2017-8287, CVE-2017-8105, CVE-2016-10244

Affected product(s) and affected version(s):

from IBM Product Security Incident Response Team https://ift.tt/2J6a9qE

IBM Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2017-16932)

Mar 31, 2018 9:00 am EDT

Categorized: High Severity

Share this post:

A vulnerability has been identified in libxml2 that is embedded in FSM. This bulletin addresses that issue.

CVE(s): CVE-2017-16932

Affected product(s) and affected version(s):

from IBM Product Security Incident Response Team https://ift.tt/2J9uBa3

IBM Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168)

IBM Sterling B2B Integrator is vulnerable to a robot security vulnerability. This could allow an attacker to obtain encrypted data in clear text.

CVE(s): CVE-2017-6168

Affected product(s) and affected version(s):

IBM Sterling B2B Integrator 5.2 – 5.2.5

The post IBM Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2J9uyen

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in October 2017. This bulletin addresses these vulnerabilities.

CVE(s): CVE-2017-10345, CVE-2017-10295, CVE-2017-10281, CVE-2017-10350, CVE-2017-10347, CVE-2017-10349, CVE-2017-10348, CVE-2017-10357, CVE-2017-10355, CVE-2017-10356, CVE-2017-10388

Affected product(s) and affected version(s):

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2JaUpTh

IBM Security Bulletin: Multiple vulnerabilities in apache2 affect IBM Flex System Manager (FSM)

Multiple vulnerabilities have been identified in apache2 that is embedded in the FSM. This bulletin addresses these vulnerabilities.

CVE(s): CVE-2017-3167, CVE-2017-7668, CVE-2017-3169, CVE-2017-9798, CVE-2017-7679

Affected product(s) and affected version(s):

The post IBM Security Bulletin: Multiple vulnerabilities in apache2 affect IBM Flex System Manager (FSM) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2J7RYkg

IBM Security Bulletin: Multiple vulnerabilities in glibc affect IBM Flex System Manager (FSM) (CVE-2017-15671, CVE-2017-15670)

Mar 31, 2018 9:00 am EDT

Categorized: High Severity

Share this post:

Multiple vulnerabilities have been identified in glibc that is embedded in the FSM. This bulletin addresses these vulnerabilities.

CVE(s): CVE-2017-15671, CVE-2017-15670

Affected product(s) and affected version(s):

from IBM Product Security Incident Response Team https://ift.tt/2J7kMtj

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM)

Mar 31, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

Multiple vulnerabilities have been identified in OpenSSL that is embedded in the FSM. This bulletin addresses these vulnerabilities.

CVE(s): CVE-2017-3735, CVE-2017-3736, CVE-2017-3738, CVE-2017-3737

Affected product(s) and affected version(s):

from IBM Product Security Incident Response Team https://ift.tt/2J6Glds

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in Apr and Jul 2017.

CVE(s): CVE-2017-10243, CVE-2017-10109, CVE-2017-10108, CVE-2017-3511, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Affected product(s) and affected version(s):

Rational Business Developer 9.0 – 9.5

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2J5rdNo

IBM Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware

There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware. IBM Spectrum Protect Snapshot for VMware has addressed the applicable CVEs.

CVE(s): CVE-2016-0702, CVE-2018-1447, CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426

Affected product(s) and affected version(s):

The following levels of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware are affected:

4.1.0.0 through 4.1.6.3
3.2 and below (all levels) – these releases are EOS

The post IBM Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2J8XX8O

Russian Hacker Who Allegedly Hacked LinkedIn and Dropbox Extradited to US

A Russian man accused of hacking

Dropbox

, and Formspring in 2012 and possibly compromising personal details of over 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic.

Yevgeniy Aleksandrovich Nikulin, 30, of Moscow was

arrested in Prague

on October 5, 2016, by Interpol agents working in collaboration with the FBI, but he was recently extradited to the United States from the Czech Republic on Thursday for his first appearance in federal court.

Nikulin's arrest started an

extradition battle

between the United States and Russia, where he faces significantly lesser criminal charges of stealing $3,450 via Webmoney in 2009. But the Czech Republic ruled in favor of the United States.

In the U.S., Nikulin is facing:

3 counts of computer intrusion
2 counts of intentional transmission of information, code, or command causing damage to a protected computer
2 counts of aggravated identity theft
1 count of trafficking in unauthorized access devices
1 count of conspiracy

According to the maximum penalties for each count, Nikulin faces a maximum of 32 years in prison and a massive fine of more than $1 Million.

The U.S. Justice Department

accused

Nikulin of allegedly hacking into computers belonging to three American social media firms, including LinkedIn, the online cloud storage platform Dropbox and now-defunct social-networking firm Formspring.

Nikulin reportedly gained access to LinkedIn's network between March 3 and March 4, 2012, Dropbox between May 14 and July 25, 2012, and Formspring between June 13 and June 29, 2012.

The hacker allegedly stole accounts of more than

117 Million LinkedIn users

and more than

68 Million Dropbox users

. Authorities also say that after stealing data from the three companies, Nikulin worked with unnamed co-conspirators to sell the stolen data.

Besides hacking into the three social media firms, the Justice Department also accused Nikulin of allegedly gaining access to credentials belonging to LinkedIn and Formspring employees, which helped him carry out the computer hacks.

Nikulin appeared in Federal District Court in San Francisco on Friday and pleaded not guilty to the charges against him, the New York times

reported

"This is deeply troubling behavior once again emanating from Russia," said Attorney General Jeff Sessions in a statement. "We will not tolerate criminal cyber-attacks and will make it a priority to investigate and prosecute these crimes, regardless of the country where they originate."

Judge Jacqueline Scott Corley scheduled Nikulin's next court appearance for status on April 2, 2018, and scheduled a detention hearing for April 4, 2018.

from The Hacker News https://ift.tt/2GF5Dkv

Friday, March 30, 2018

Tax Guidance as Deadline Approaches

ISE: Transforming your siloed security apparatuses into a cohesive security network

A long time ago, when I was a CISO at a large Service Provider, I was ingrained early and often about the concept of “security rings”. Unlike the common belief among younger information security professionals, the term “security ring” was coined not by information security people, but instead by physical security people. In fact, it is a term commonly used for over a hundred years, much before we used terms like “firewall” (which is actually a wall or a barrier intended to prevent, strangely, the spread of fire).

A security ring is when you need to protect a critical physical asset, let’s say an army base. You don’t need to be a special forces soldier to understand that you probably need a guard or two at the gate, a couple of guards patrolling the area, and you better also throw in another guard in a watchtower, or even better, maybe a specialized sniper. More importantly, if you look at any of these guards, what binds them is the form of communication that allows them to pass and receive information from other security rings when under attack. So for example, when the observer in the watchtower identifies a couple of adversaries running towards the gate, not only will he try to take them down, he will also radio in a message so the guard at the gate can get ready and the patrol can run over to the gate area and act as an important backup to the guard. The benefit? Twofold – one is the fact that if one ring fails (the sniper didn’t take out the adversary), another ring can step in and continue the defense and the second is the fact that you can use multiple rings to protect a larger area without compromise.

This concept of security rings can also be analogous to how information security administrators manage their corporate networks. Given the growing frequency and sophistication of cyberattacks, it is vital for businesses to protect their networks by ensuring that every entry point is as well secured as possible. Most organizations would employ a standard approach when protecting their networks that entails using a firewall as your gate guard, a network traffic behavioral analysis tool as your watchtower, and an endpoint protection system to patrol your files. While information security experts think they are employing the same mechanisms found in security rings such as placing different security technologies to guard different posts, the real truth is that there is one significant difference that can undermine their best efforts.

Complexity created by vendors in orchestration

So what seems to be the weak spot?

The answer is the lack of integrated communication amongst siloed security solutions.

When “we”, information security specialists, migrated the physical security rings to logical ones, we “forgot” to migrate to just one type of technology, but rather we migrated to using multiple siloed security tools.

According to Cisco’s 2018 Annual Cybersecurity Report, 21% of surveyed security professionals use anywhere between 21 to 50 security vendors[1]. Ironically, having more security vendors, not less, can often lead to what we refer to as “the swivel chair effect” – depicting a situation where whenever you have an attack, you need a swivel chair in order to be able to look at all of the screens of the different applications (I’m sure you’re imaging this as you read). As the number of vendors increases, so does the challenge of orchestrating alerts from these many vendor solutions. In fact, more than 54% of security professionals said that managing multiple vendor alerts is somewhat challenging, while 20% said it is very challenging[2]. With the amount of cyber-attacks increasing in frequency and sophistication, security administrators can feel overwhelmed from just having to manage alerts from multiple security sources. So much so that an average of 44% of security threats aren’t investigated which exposes your network to more security risks. This cannot scale. This cannot succeed. This must change.

As vendors increase, so does the challenge of orchestrating security alerts

Source: Cisco 2018 Security Capabilities Benchmark Study

ISE and the power of an integrated security network

Cisco’s Identity Services Engine (ISE) resolves this growing complexity by offering security network administrators something that others do not do well: A centerpiece that seamlessly integrates the disjointed security rings that are comprised of different security vendors together in a central location. ISE empowers customers to maximize their network security capabilities by serving as a kind of a “walkie-talkie” that communicates between the different security rings. This is accomplished through pxGrid, which enables ISE to send and receive vital contextual information of all devices and users on the network such as user and device identities, threats, and vulnerabilities to Cisco ecosystem security partners so that you can identify, contain, and remediate threats faster.

For example, when your firewall detects a user trying to attack an asset, the firewall will reach out to the Identity Services Engine (ISE) installed in your network, ask ISE to quarantine this user, thus removing the risk from the network and allowing your red team or helpdesk to take care of this user or endpoint. When your vulnerability assessment system (Rapid7, Tenable or Qualys) detects a vulnerability on any device connected to the network, it will seamlessly report this vulnerability (together with its CVSS score) to ISE, allowing it to re-evaluate its policy and see if the user or device should stay in the network or not (for example, you can define a policy that says that any user with a vulnerability that has a CVSS higher than 6 will be quarantined and higher than 9 will be disconnected). And when you are in a manufacturing setting that has an abundance of IoT devices, leveraging pxGrid’s integration with Cisco’s Industrial Network Director can provide ISE with vital contextual identity of the profiled IoT devices in a centralized location that will make it easier for any network administrator to manage security.

These are just a few of the many examples that illustrate the benefits that having an integrated security network can provide to customers. Just like in the army base example, when ISE takes the different security rings that are your firewall, vulnerability assessment, and network behavior analysis tools and organizes them into as a cohesive force of multiple rings that seamlessly work together, it transforms your network into that harmonious security ring that can rapidly prevent, detect and contain attackers from causing damage to your business.

To learn more about ISE, visit www.cisco.com/go/ise or visit here.

Tags:

from Cisco Blog » Security https://ift.tt/2pQPK0J

IBM Security Bulletin: IBM Web Experience Factory is Affected by an Apache Poi Vulnerability

Mar 30, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

IBM Web Experience Factory has addressed the following vulnerability. Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS.

CVE(s): CVE-2017-12626

Affected product(s) and affected version(s):

IBM Web Experience Factory 8.0
IBM Web Experience Factory 8.5

from IBM Product Security Incident Response Team https://ift.tt/2GmBHpZ

IBM Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown.

Mar 30, 2018 9:00 am EDT

Categorized: High Severity

Share this post:

IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible.

CVE(s): CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

Affected product(s) and affected version(s):

Affected Product Name	Affected Versions
IBM Aspera Platform On Demand	3.7.3 and prior
IBM Aspera Server On Demand	3.7.3 and prior
IBM Aspera Faspex On Demand	3.7.3 and prior
IBM Aspera Shares On Demand	3.7.3 and prior
IBM Aspera Transfer Cluster Manager	1.2.4 and prior

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012643

from IBM Product Security Incident Response Team https://ift.tt/2GGaiTj

IBM Security Bulletin: Potential spoofing attack in IBM WebSphere Application Server in IBM Cloud (CVE-2017-1788)

There is a potential spoofing attack in WebSphere Application Server using Form Login.

CVE(s): CVE-2017-1788

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

Liberty
Version 9.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22014798
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137031

The post IBM Security Bulletin: Potential spoofing attack in IBM WebSphere Application Server in IBM Cloud (CVE-2017-1788) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2GlLvQZ

IBM Security Bulletin: IBM MobileFirst Platform Foundation is vulnerable to cross-site scripting (CVE-2017-1772)

Mar 30, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

A security vulnerability is found in Application Center component of the product IBM MobileFirst Platform Foundation

CVE(s): CVE-2017-1772

Affected product(s) and affected version(s):

IBM MobileFirst Platform Foundation 8.0.0.0
IBM MobileFirst Platform Foundation 7.1.0.0
IBM MobileFirst Platform Foundation 7.0.0.0
IBM MobileFirst Platform Foundation 6.3.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg2C1000369
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136786

from IBM Product Security Incident Response Team https://ift.tt/2GGagLb

IBM Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2

OpenSource Apache ActiveMQ Vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2

CVE(s): CVE-2015-5254, CVE-2014-3600, CVE-2014-3612, CVE-2014-8110, CVE-2014-3579

Affected product(s) and affected version(s):

IBM Tivoli Integrated Portal v2.2

The post IBM Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2 appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2GlLuMV

Thursday, March 29, 2018

Apple Releases Multiple Security Updates

Original release date: March 29, 2018

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT National Cyber Alert System https://ift.tt/2GkLT6z

Under Armour reports 150 million MyFitnessPal accounts hacked

Apache Software Foundation Releases Security Update

IC3 Issues Alert on Tech Support Fraud

Original release date: March 29, 2018

The Internet Crime Complaint Center (IC3) has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending emails to entice users to accept fraudulent tech support services. Users should not give control of their computers or mobile devices to any stranger offering to fix problems.

NCCIC/US-CERT encourages users and administrators to refer to the IC3 Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you are a victim of a tech support scam, file a complaint with the IC3 at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT National Cyber Alert System https://ift.tt/2E2YXra

USN-3531-3: intel-microcode update

29 March 2018

intel-microcode update

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

The system could be made to expose sensitive information.

Software Description

intel-microcode - Processor microcode for Intel CPUs

Details

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715)

This update provides the corrected microcode updates required for the corresponding Linux kernel updates.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: intel-microcode - 3.20180312.0~ubuntu17.10.1
Ubuntu 16.04 LTS: intel-microcode - 3.20180312.0~ubuntu16.04.1
Ubuntu 14.04 LTS: intel-microcode - 3.20180312.0~ubuntu14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

from Ubuntu Security Notices https://ift.tt/2pP2nbQ

Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure

Meltdown CPU vulnerability was terrible, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system's kernel memory.

For those unaware, Spectre and Meltdown were security flaws disclosed by researchers earlier this year in processors from Intel, ARM, and AMD, leaving nearly every PC, server, and mobile phone on the planet vulnerable to data theft.

Shortly after the researchers disclosed the

Spectre and Meltdown exploits

, software vendors, including Microsoft, started releasing patches for their systems running a vulnerable version of processors.

However, an independent Swedish security researcher Ulf Frisk found that Microsoft's security fixes to Windows 7 PCs for the Meltdown flaw—which could allow attackers to read kernel memory at a speed of 120 KBps—is now allowing attackers to read the same kernel memory at a speed of Gbps, making the issue even worse on Windows 7 PCs and Server 2008 R2 boxes.

Frisk is the same researcher who previously discovered a way to

steal the password from virtually any Mac

laptop in just 30 sec by exploiting flaws in Apple's FileVault disk encryption system, allowing attackers to unlock any Mac system and even decrypt files on its hard drive.

The discovery is the latest issue surrounding

Meltdown and Spectre patches

that were sometimes found incomplete and

sometimes broken

, making problems such as spontaneous reboots and other 'unpredictable' system behavior on affected PCs.

According to Frisk, the problem with MS' early Meltdown fixes occurs due to a single bit (that controls the permission to access kernel memory) accidentally being flipped from supervisor-only to any-user in a virtual-to-physical-memory translator called PLM4, allowing any user-mode application to access the kernel page tables.

The PML4 is the base of the 4-level in-memory page table hierarchy that Intel's CPU Memory Management Unit (MMU) uses to translate the virtual memory addresses of a process into physical memory addresses in RAM.

The correctly set bit normally ensures the kernel has exclusive access to these tables.

"The User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself," Frisk explains in his blog post.

To prove his claim, Frisk also provided a detailed breakdown and a

proof-of-concept exploit

. The issue only affects 64-bit versions of Windows 7 and Windows Server 2008 R2, and not Windows 10 or Windows 8.1 PCs, as they still require attackers to have physical access to a targeted system.

Buggy Patch Allows to Read Gigabytes of Data In a Second

Also since the PML4 page table has been located at a fixed memory address in Windows 7, "no fancy exploits" are needed to exploit the Meltdown vulnerability.

"Windows 7 already did the hard work of mapping in the required memory into every running process," Frisk said. "Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required - just standard read and write!"

Once read/write access has been gained to the page tables, it would be "trivially easy" to gain access to the entire physical memory, "unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization," Frisk said.

All attackers have to do is to write their own Page Table Entries (PTEs) into the page tables in order to access arbitrary physical memory.

Frisk said he has not been able to link the new vulnerability to anything on the public list of Common Vulnerabilities and Exposures. He also invited researchers to test the flaw using an exploit kit he released on GitHub.

The issue with the Microsoft's Meltdown patch has been fixed by the company in its March Patch Tuesday, so all admins and users of Windows 7 and Windows 2008R2 are strongly recommended to update their systems as soon as possible.

from The Hacker News https://ift.tt/2Gyjzgn

Sign up the Security Operations Center Tour at RSA Conference 2018

Free Expo-only Passes for RSA Conference 2018

The Security Operations Center (SOC) returns for RSA Conference 2018.

You can register now for your free tour of the RSA Conference SOC, where engineers are monitoring all traffic on the Moscone Wireless Network for security threats. The SOC is sponsored by RSA and Cisco. Sign up for a guided tour, where we’ll show real time traffic plus advanced malware analysis, sandboxing and threat intelligence from Cisco Threat Grid, Cisco Umbrella and Cisco Visibility.

At the SOC, you will receive a security briefing and have time for Q&A with RSA and Cisco engineers.

Advanced registration is highly recommended. Below are the available tour times. Please fill out the RSA SOC Tour Request Form to request your spot.

SOC Tours offered Tuesday-Thursday (17-19 April 2018):

11:00am
12:00pm
1:00pm
2:00pm
3:00pm
4:00pm (except on Thursday)

Please meet at Cisco Threat Wall located in the Moscone North Expo Lobby near the escalators, and a Cisco team member will escort the group to the SOC.

Cisco marque events at RSA Conference can be found here, including registering for the Customer Appreciation Party.

In case you missed some of the excitement at the SOC last year, here is looking back:

Free Expo-only Passes for RSA Conference 2018
Get a free expo-only pass for RSA Conference when you use the following code: X8SCISCOP. Access includes the SOC tour, exhibit halls (Cisco booths N3515 and S2101), keynotes (Wednesday-Friday), briefing center, Monday Welcome Reception, evening Pub Crawl, select sessions, shuttle service and more. Hurry…this code is only good for a limited time. Use your code here to register for RSAC.

See you in San Francisco!

Tags:

from Cisco Blog » Security https://ift.tt/2uuEXhz

USN-3545-1: Thunderbird vulnerabilities

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software Description

thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: thunderbird - 1:52.7.0+build1-0ubuntu0.17.10.1
Ubuntu 16.04 LTS: thunderbird - 1:52.7.0+build1-0ubuntu0.16.04.1
Ubuntu 14.04 LTS: thunderbird - 1:52.7.0+build1-0ubuntu0.14.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make all the necessary changes.

References

from Ubuntu Security Notices https://ift.tt/2E58NbS

IBM Security Bulletin: IBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626)

IBM SPSS Statistics has addressed the following vulnerability.

CVE(s): CVE-2017-12626

Affected product(s) and affected version(s):

The post IBM Security Bulletin: IBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626) appeared first on IBM PSIRT Blog.

Affected IBM SPSS Statistics	Affected Versions
SPSS Statistics	21.0.0.2
SPSS Statistics	22.0.0.2
SPSS Statistics	23.0.0.3
SPSS Statistics	24.0.0.2
SPSS Statistics	25.0.0.1

from IBM Product Security Incident Response Team https://ift.tt/2pPSZVA

IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

Mar 29, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

OpenSSL vulnerabilities were disclosed on Nov 02, 2017 onward by the OpenSSL Project. OpenSSL is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have addressed the applicable CVEs.

CVE(s): CVE-2017-3736, CVE-2017-3738, CVE-2017-3737

Affected product(s) and affected version(s):

IBM MobileFirst Platform Foundation 8.0.0.0
IBM MobileFirst Platform Foundation 7.1.0.0
IBM MobileFirst Platform Foundation 7.0.0.0
IBM MobileFirst Platform Foundation 6.3.0.0
IBM Worklight Enterprise Edition 6.2.0.1
IBM Worklight Enterprise Edition 6.1.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg2C1000372
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077

from IBM Product Security Incident Response Team https://ift.tt/2J6imuX

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10295, CVE-2017-10345, CVE-2017-10355, CVE-2017-10356)

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK updates for October 2017.

CVE(s): CVE-2017-10345, CVE-2017-10295, CVE-2017-10355, CVE-2017-10356

Affected product(s) and affected version(s):

IBM Cognos Command Center 10.2.4 All Editions

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2017-10295, CVE-2017-10345, CVE-2017-10355, CVE-2017-10356) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2pPSWJo

IBM Security Bulletin: IBM MQ Clients can send a specially crafted message that could cause a channel to SIGSEGV. (CVE-2017-1747)

Mar 29, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

A specially crafted message could cause a denial of service in IBM MQ applications consuming messages that it needs to perform data conversion on.

CVE(s): CVE-2017-1747

Affected product(s) and affected version(s):

IBM MQ V9 LTS
Maintenance levels 9.0.0.0 – 9.0.0.2

IBM MQ V9 CD
Maintenance levels 9.0.0 – 9.0.4

from IBM Product Security Incident Response Team https://ift.tt/2J4vBMX

IBM Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)

MegaRAID Storage Manager has addressed the following vulnerabilities in OpenSSL.

CVE(s): CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738

Affected product(s) and affected version(s):

Product	Affected Version
MegaRAID Storage Manager	17.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099794
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/131047
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136078

The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2pSCHLk

Saturday Security Spotlight: Cryptomining, AWS, and O365

By Jacob Serpa, Product Marketing Manager, Bitglass Here are the top cybersecurity stories of recent weeks: —Malicious cryptomining the top cybercrime —New details emerge on unsecured AWS buckets —Data Keeper ransomware begins to spread —Office 365 used in recent mass phishing attacks —SgxSpectre attacking Intel SGX enclaves Malicious cryptomining the top cybercrime Since September of 2017, malicious […]

The post Saturday Security Spotlight: Cryptomining, AWS, and O365 appeared first on Cloud Security Alliance Blog.

from Cloud Security Alliance Blog https://ift.tt/2pNZOqA

20 suspect hackers arrested over online banking fraud

Update Drupal ASAP: Over a million sites can be easily hacked by any visitor

Cisco critical flaw: At least 8.5 million switches open to attack, so patch now

Android security: This malware will mine cryptocurrency until your smartphone fails

They've got your money and your data. Now hackers are coming to destroy your trust

Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext

A severe programming bug has been found in APFS file system for macOS High Sierra operating system that exposes passwords of encrypted external drives in plain text.

Introduced two years ago, APFS (

Apple File System

) is an optimized file system for flash and SSD-based storage solutions running MacOS, iOS, tvOS or WatchOS, and promises strong encryption and better performance.

Discovered by forensic analyst Sarah Edwards, the bug leaves encryption password for a newly created APFS volume (e.g., encrypting USB drive using Disk Utility) in the unified logs in plaintext, as well as while encrypting previously created but unencrypted volumes.

"Why is this a big deal? Well, passwords stored in plaintext can be discovered by anyone with unauthorized access to your machine, and malware can collect log files as well and send them off to someone with malicious intent," Edwards said.

The password for an encrypted APFS volume can easily be retrieved by running following simple 'newfs_apfs' command in the terminal:

log stream --info --predicate 'eventMessage contains "newfs_"'

However, this bug is not as stupid as the previously disclosed

root password bug

wherein the password hint section was exposing the actual password in the plain text.

Though the exact reason of the programming error is not clear, the researcher believes "it was likely a result of other APFS encryption related bugs (or at least somehow related to it), so perhaps Apple felt it didn't need to provide the additional details."

It should be noted that you would not find the password in the plaintext when converting a non-APFS drive to APFS and then encrypting the drive.

Edwards tested and found the bug affects only macOS 10.13 and 10.13.1, while later versions of macOS High Sierra (including the latest one) have somehow reportedly fixed this loophole.

For more technical details of this bug, you can head on to the original

blog post

by Edwards.

This issue is the third APFS bug in past six months affecting Apple's latest macOS High Sierra version.

The operating system has seen a number of security issues since its release—from

giving away root access

to anyone without a password to

revealing passwords in plaintext

from the password hint feature.

from The Hacker News https://ift.tt/2E2Rx7e

USN-3608-1: Zsh vulnerabilities

27 March 2018

zsh vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Zsh.

Software Description

zsh - shell with lots of features

Details

Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-1071)

It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1083)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: zsh - 5.2-5ubuntu1.2
Ubuntu 16.04 LTS: zsh - 5.1.1-1ubuntu2.2
Ubuntu 14.04 LTS: zsh - 5.0.2-3ubuntu6.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Zsh to make all the necessary changes

References

from Ubuntu Security Notices https://ift.tt/2J2HSRE

Wednesday, March 28, 2018

Drupal Releases Critical Security Updates

Vulnerability Spotlight: Multiple Vulnerabilities in Allen Bradley MicroLogix 1400 Series Devices

'Fauxpersky' malware steals and sends passwords to an attacker's inbox

USN-3612-1: librelp vulnerability

28 March 2018

librelp vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Summary

librelp could be made to crash or run programs if it received specially crafted network traffic.

Software Description

librelp - Reliable Event Logging Protocol (RELP) library

Details

Bas van Schaik and Kevin Backhouse discovered that librelp incorrectly handled checking certain x509 certificates. A remote attacker able to connect to rsyslog could possibly use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: librelp0 - 1.2.2-2ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart rsyslog to make all the necessary changes.

References

from Ubuntu Security Notices https://ift.tt/2J1MbNl

USN-3611-1: OpenSSL vulnerability

28 March 2018

openssl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

OpenSSL could be made to crash if it received specially crafted network traffic.

Software Description

openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: libssl1.0.0 - 1.0.2g-1ubuntu13.4
Ubuntu 16.04 LTS: libssl1.0.0 - 1.0.2g-1ubuntu4.11
Ubuntu 14.04 LTS: libssl1.0.0 - 1.0.1f-1ubuntu2.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References

from Ubuntu Security Notices https://ift.tt/2E2YXHz

USN-3610-1: ICU vulnerability

icu vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 17.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS

Summary

ICU could be made to crash if it received specially crafted input.

Software Description

icu - International Components for Unicode library

Details

It was discovered that ICU incorrectly handled certain calendars. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash, leading to a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10: libicu57 - 57.1-6ubuntu0.3
Ubuntu 16.04 LTS: libicu55 - 55.1-7ubuntu0.4
Ubuntu 14.04 LTS: libicu52 - 52.1-3ubuntu0.8

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-15422

from Ubuntu Security Notices https://ift.tt/2GgJlX7