Thursday, January 31, 2019
Symantec tops Q3 targets, CFO to step down
Symantec published better-than-expected third quarter results on Thursday and raised its revenue guidance for the fiscal year. The cybersecurity company posted Q3 non-GAAP earnings per share of 44 cents on revenue of $1.21 billion.
Wall Street was looking for earnings of 39 cents per share on revenue of $1.18 billion. Shares of Symantec were up more than 5 percent after hours.
For Q4, Symantec now expects non-GAAP earnings between 37 cents and 41 cents on revenue between $1.185 billion and $1.215 billion. Analysts are expecting non-GAAP earnings per share of 38 cents on revenue of $1.21 billion.
"We achieved operating results in line or above guidance, while delivering strong cash flow from operations," said Symantec CEO Greg Clark, in prepared remarks. The company ended the quarter with $2.31 billion in cash and equivalents.
Symantec also announced that its chief financial officer Nicholas Noviello is stepping down. He'll remain with the company until a successor is appointed.
from Latest Topic for ZDNet in... https://zd.net/2RZkCfv
USN-3871-2: Linux kernel regression
linux regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary
Multiple regressions were fixed in the Linux kernel.
Software Description
- linux - Linux kernel
Details
USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems.
We apologize for the inconvenience.
Original advisory details:
Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)
Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)
Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880)
Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883)
It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)
Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882)
Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407)
It was discovered that the debug interface for the Linux kernel’s HID subsystem did not properly perform bounds checking in some situations. An attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.04 LTS
- linux-image-4.15.0-45-generic - 4.15.0-45.48
- linux-image-4.15.0-45-generic-lpae - 4.15.0-45.48
- linux-image-4.15.0-45-lowlatency - 4.15.0-45.48
- linux-image-4.15.0-45-snapdragon - 4.15.0-45.48
- linux-image-generic - 4.15.0.45.47
- linux-image-generic-lpae - 4.15.0.45.47
- linux-image-lowlatency - 4.15.0.45.47
- linux-image-snapdragon - 4.15.0.45.47
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References
from Ubuntu Security Notices http://bit.ly/2CUdmr3
USN-3877-1: LibVNCServer vulnerabilities
libvncserver vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in LibVNCServer.
Software Description
- libvncserver - vnc server library
Details
It was discovered that LibVNCServer incorrectly handled certain operations. A remote attacker able to connect to applications using LibVNCServer could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.10
- libvncclient1 - 0.9.11+dfsg-1.1ubuntu0.1
- libvncserver1 - 0.9.11+dfsg-1.1ubuntu0.1
- Ubuntu 18.04 LTS
- libvncclient1 - 0.9.11+dfsg-1ubuntu1.1
- libvncserver1 - 0.9.11+dfsg-1ubuntu1.1
- Ubuntu 16.04 LTS
- libvncclient1 - 0.9.10+dfsg-3ubuntu0.16.04.3
- libvncserver1 - 0.9.10+dfsg-3ubuntu0.16.04.3
- Ubuntu 14.04 LTS
- libvncserver0 - 0.9.9+dfsg-1ubuntu1.4
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart LibVNCServer applications to make all the necessary changes.
References
- CVE-2018-15126
- CVE-2018-15127
- CVE-2018-20019
- CVE-2018-20020
- CVE-2018-20021
- CVE-2018-20022
- CVE-2018-20023
- CVE-2018-20024
- CVE-2018-20748
- CVE-2018-20749
- CVE-2018-20750
- CVE-2018-6307
from Ubuntu Security Notices http://bit.ly/2UCdQJR
Why Business Leaders Should Care About Quantum Computing
In the tech sector, pundits are always hyping the next, disruptive technology on the verge of changing, well, everything. “Embrace this transformative new force or ignore it at your peril,” they warn. Sometimes, they even get it right. Quantum computing may very likely be one of those times.
If you haven’t heard, the race is on to build the world’s first commercially viable quantum computer. If you believe the buzz, anyone with a quantum computer—be it a hostile government, business competitor, or lone hacker—would be able to crack any cybersecurity encryption on the planet instantly.
Before you run screaming for your information security officer, let me put your mind to rest. Despite the hype, quantum computing is not right around the corner—nor can it instantly crack any encryption. That said, quantum computing will no doubt arrive, and it will be an immensely powerful tool for good as well as for evil. Here’s what you need to know.
Encryption is everywhere
To understand why cybersecurity experts are concerned, you need to know a little bit about how encryption works, where it is used, and how quantum computers are fundamentally different from today’s digital computers.
Encryption is a cryptography method for protecting digital data by making it unreadable in the event it is stolen or intercepted by an unauthorized party. Encryption transforms readable text into unintelligible code or cyphertext that requires a “key” in order to decrypt the data and make it readable. The longer the key, the harder it is to crack the code.
You don’t need to work in the military or intelligence community to use encryption. It is literally everywhere.
- If you buy or sell anything over the web, that credit card transaction is protected by encryption.
- If you or your employees use a Virtual Private Network (VPN) to protect corporate information while working remotely, you’re using encryption.
- If you use direct deposit or any other type of electronic funds transfers, you rely on encryption.
Today’s web browsers automatically encrypt text when they connect to a secure server, and its use is growing thanks to stricter industry and government mandates, such as the GDPR, for the protection of personal data.
Quantum computing is a different breed of cat
The digital computers we all use today operate using a sequence of binary bits: ones and zeroes. Each bit is always in one of two definitive states, acting as an on or off switch to drive computer functions. Quantum computers are different beasts altogether—to explain that difference, we need to get into a little bit of quantum physics. I promise it won’t be painful.
According to quantum mechanics, subatomic particles exist in all possible states at once until someone observes them. (You may have heard of Schrödinger’s cat, the thought experiment that places a hypothetical cat in a box and asks “is the cat alive or dead”? The answer is both, until you open the box to find out.)
Because of this “superposition,” as it’s called in physics, the quantum bits, or qubits, in a quantum computer can represent both a one and a zero at the same time. This enables a quantum computer to process highly complex problems with a vast multitude of different outcomes (such as long-key encryption) far faster than the fastest digital computer.
The quantum advantage
Superposition gives quantum computers both speed and parallelism, enabling them to work on millions of computations at the same time. In order to crack an encryption key, a traditional digital computer would have to try every possible key one at a time. The longer the encryption key (64 bits, 128 bits, 256 bits), the more combinations the computer must try to find the correct key. If the key is 64-bits long, then there are 264 possible keys, for example.
A digital computer can crack a 64-bit key in under a minute. That’s why most organizations have moved to 128-bit or even the 256-bit Advanced Encryption Standard (AES). There aren’t enough digital computers on the planet or time in the world to crack a 256-bit key.
The hype surrounding quantum computers would have you believe that they will be able to break any encryption key instantly, but that’s not exactly true. The quantum advantage basically enables you to figure out the correct key as if that key were half as long as it really is. The take away here is that a quantum computer would treat a 128-bit key, which is the current standard for symmetric e-commerce encryption, as if it were a 64-bit key…and break that key in under a minute.
A quantum computer would still have a hard time with 256-bit encryption, which is why businesses with security concerns are already moving to 256-bit encryption for some applications.
The sky is falling…but not quite yet
While quantum computers exist on a small scale today, they are highly unstable, need to be manually coded and staffed with quantum PhDs. The cost to operate them far exceeds what they’re presently worth. But this will change. A few big tech companies and vendors with a vested interested in quantum computing will tell you that commercially viable generic quantum computers are just around the corner. In reality, we’re probably 5-10 years out and there are many technical issues that need to be solved:
- A quantum computer computes only once. You must reset it after each function.
- Qubits are prone to error, with two-thirds being down at any given time.
- You need enough qubits to crack a key, and they all need to be in the same state (superposition) at the same time.
Until a viable quantum computer emerges, the industry has time to continue its research into cryptography methods that would be resistant to quantum computing. To learn more, you can read what Cisco’s Advanced Security Research Group is doing in this area. Ideally, research will be completed and quantum-resistant security products will be deployed before that day comes. Realistically, there’s a lot of work that still needs to be done.
What can you do in the meantime?
Plenty. Tell your OS vendors and your network equipment suppliers that you want to know what their quantum resistance roadmap is. Until further guidance is released from agencies like NIST, quantum resistance is primarily concerned with supporting longer keys than the current market typically requires—support for 256-bit symmetric keys, for example. Vendors should at least have a plan. Pressure from you will help get a fire going if they don’t.
Here’s the bottom line: Quantum computing is a threat to cybersecurity, but it’s not an imminent threat. If you use shorter keys, like 128 bits, quantum computing is going to be a problem for you. If you’re in an industry that requires long-term storage in an encrypted state, you should consider re-encrypting that data with substantially longer keys. If your RFPs call for support of quantum resistance through use of longer key lengths now, you will help mitigate a major risk that is going to appear sooner or later.
Share:
from Cisco Blog » Security http://bit.ly/2Wq6Y3I
IBM Security Bulletin: IBM Security Identity Manager is affected by a limited code injection vulnerability (CVE-2019-4038)
Jan 31, 2019 9:01 am EST
Categorized: High Severity
Share this post:
IBM Security Identity Manager (ISIM) has addressed the following vulnerability that can allow attackers to compromise user accounts via limited code injection.
CVE(s): CVE-2019-4038
Affected product(s) and affected version(s):
| Product | Version |
| IBM Security Identity Manager | 6.0.0 – 6.0.0.20 |
| IBM Security Identity Manager VA | 7.0.0 – 7.0.1.10 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869604
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156162
from IBM Product Security Incident Response Team https://ibm.co/2sWzo7Q
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-3139, CVE-2018-3180)
Jan 31, 2019 9:01 am EST
Categorized: Medium Severity
Share this post:
There are multiple vulnerabilities in IBM® Runtime Environment Java™ that is used by Tivoli Storage Manager FastBack. These issues were disclosed as part of the IBM Java SDK updates in October 2018.
CVE(s): CVE-2018-3139, CVE-2018-3180
Affected product(s) and affected version(s):
Tivoli Storage Manager FastBack versions 6.1.0.0 through 6.1.12.6 are affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10793819
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
from IBM Product Security Incident Response Team https://ibm.co/2MFjWpM
IBM Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM
Jan 31, 2019 9:00 am EST
Categorized: Medium Severity
Share this post:
IBM Tivoli Application Dependency Discovery Manager (TADDM) requires a local service account to communicate with Windows servers (targets) via WMI. WMI caches the password hash in memory on each target Windows system when using certain authentication methods. By TADDM design, and according to standard implementation, the service account password is the same for all Windows targets. The cached password can be viewed in memory on any target Windows server using open source windows credential tools such as “mimikatz”. A local user can execute this tool and view the password hash from memory on the target systems. This essentially exposes the password for all other Windows targets that are configured to use TADDM. No access to the TADDM server is necessary to view the password. The local TADDM service account on each target system is a privileged account, so a local attacker could potentially gain access and administrative authority to all target Windows systems.
CVE(s): CVE-2018-1675
Affected product(s) and affected version(s):
TADDM 7.2.2.0 – 7.2.2.5
TADDM 7.3.0.0 – 7.3.0.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10742403
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145110
from IBM Product Security Incident Response Team https://ibm.co/2sVVyXY
USN-3876-2: Avahi vulnerabilities
avahi vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary
Several security issues were fixed in Avahi.
Software Description
- avahi - Avahi IPv4LL network address configuration daemon
Details
USN-3876-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 12.04 ESM
- avahi-daemon - 0.6.30-5ubuntu2.3
- libavahi-core7 - 0.6.30-5ubuntu2.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices http://bit.ly/2UvMuom
USN-3876-1: Avahi vulnerabilities
avahi vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in Avahi.
Software Description
- avahi - Avahi IPv4LL network address configuration daemon
Details
Chad Seaman discovered that Avahi incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-6519, CVE-2018-1000845)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.10
- avahi-daemon - 0.7-4ubuntu2.1
- libavahi-core7 - 0.7-4ubuntu2.1
- Ubuntu 18.04 LTS
- avahi-daemon - 0.7-3.1ubuntu1.2
- libavahi-core7 - 0.7-3.1ubuntu1.2
- Ubuntu 16.04 LTS
- avahi-daemon - 0.6.32~rc+dfsg-1ubuntu2.3
- libavahi-core7 - 0.6.32~rc+dfsg-1ubuntu2.3
- Ubuntu 14.04 LTS
- avahi-daemon - 0.6.31-4ubuntu1.3
- libavahi-core7 - 0.6.31-4ubuntu1.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices http://bit.ly/2ShNW0d
Airbus Suffers Data Breach, Some Employees' Data Exposed
European airplane maker Airbus admitted yesterday a data breach of its "Commercial Aircraft business" information systems that allowed intruders to gain access to some of its employees' personal information.
Though the company did not elaborate on the nature of the hack, it claimed that the security breach did not affect its commercial operations. So, there's no impact on aircraft production.
Airbus confirmed that the attackers unauthorized accessed some data earlier this month, which the plane manufacturer claimed was "mostly professional contact and IT identification details of some Airbus employees in Europe."
"Investigations are ongoing to understand if any specific data was targeted; however we do know some personal data was accessed," Airbus said in its press release published on Wednesday.
After detecting the security breach, the plan manufacturer started an investigation to determine the origin of the hack and to understand the full scope of the data breach and if any specific data was targeted.
The company has begun taking "immediate and appropriate actions to reinforce existing security measures," which were not enough to keep the hackers out of their systems, "and to mitigate its potential impact" so that it can prevent similar incidents from happening in the future.
The company has also instructed its employees to "take all necessary precautions going forward," to strengthen their security defenses.
Airbus also said it was in contact with the relevant regulatory authorities and the data protection authorities pursuant to the European Union's new GDPR (General Data Protection Regulation) rules.
Airbus is the world's second-largest manufacturers of commercial airplanes, after Boeing which was also hit by a cyber attack (a variant of the infamous
WannaCry ransomware) in March last year that "affected a small number of systems" with no impact on production.
from The Hacker News http://bit.ly/2HIaoM2
FBI Mapping 'Joanap Malware' Victims to Disrupt the North Korean Botnet
The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.
Dubbed
Joanap, the botnet is believed to be part of "
Hidden Cobra"—an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of Peace and backed by the North Korean government.
Hidden Cobra is the same hacking group that has been allegedly associated with the
WannaCry ransomwaremenace in 2016, the
SWIFT Banking attackin 2016, as well as
Sony Motion Pictures hackin 2014.
Dates back to 2009, Joanap is a remote access tool (RAT) that lands on a victim's system with the help an
SMB wormcalled
Brambul, which crawls from one computer to another by brute-forcing Windows Server Message Block (SMB) file-sharing services using a list of common passwords.
Once there, Brambul downloads Joanap on the infected Windows computers, effectively opening a backdoor for its masterminds and giving them remote control of the network of infected Windows computers.
If You Want to Beat Them, Then First Join Them
Interestingly, the computers infected by Joanap botnet don’t take commands from a centralized command-and-control server; instead it relies on peer-to-peer (P2P) communications infrastructure, making every infected computer a part of its command and control system.
Even though Joanap is currently being detected by many malware protection systems, including Windows Defender, the malware's peer-to-peer (P2P) communications infrastructure still leaves large numbers of infected computers connected to the Internet.
So to identify infected hosts and take down the botnet, the FBI and the Air Force Office of Special Investigations (AFOSI) obtained legal search warrants that allowed the agencies to join the botnet by creating and running "intentionally infected" computers mimicking its peers to collect both technical and "limited" identifying information in an attempt to map them, the DoJ said in its
press release.
"While the Joanap botnet was identified years ago and can be defeated with antivirus software, we identified numerous unprotected computers that hosted the malware underlying the botnet," said U.S. Attorney Nicola T. Hanna.
"The search warrants and court orders announced today as part of our efforts to eradicate this botnet are just one of the many tools we will use to prevent cybercriminals from using botnets to stage damaging computer intrusions."
The collected information about computers infected with the Joanap malware included IP addresses, port numbers, and connection timestamps which allowed the FBI and AFOSI to build a map of the current Joanap botnet.
The agencies are now notifying victims of the presence of Joanap on their infected computers through their Internet Service Providers (ISPs) and even sending personal notifications to people who don't have a router or firewall protecting their systems.
The US Justice Department and FBI will also coordinate the notification of overseas victims of the Joanap malware by sharing the data with the government of other countries.
The efforts to disrupt the Joanap botnet began after the United States
unsealed charges againsta North Korean computer programmer named
Park Jin Hyokin September last year for his role in masterminding the
Sony Picturesand
WannaCryransomware attacks.
Joanap and Brambul were also recovered from computers of the victims of the campaigns listed in the Hyok's September indictment, suggesting that he aided the development of the Joanap botnet.
from The Hacker News http://bit.ly/2G0c5ms
Wednesday, January 30, 2019
Corporate Membership for Startup Solution Providers
This website uses third-party profiling cookies to provide services in line with the preferences you reveal while browsing the Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our
Privacy Policy.
from Cloud Security Alliance Blog http://bit.ly/2SkcSEg
USN-3875-1: OpenJDK vulnerability
openjdk-8, openjdk-lts vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary
Java applets or applications could be made to expose sensitive information.
Software Description
- openjdk-lts - Open Source Java implementation
- openjdk-8 - Open Source Java implementation
Details
It was discovered that a memory disclosure issue existed in the OpenJDK Library subsystem. An attacker could use this to expose sensitive information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.10
- openjdk-11-jdk - 11.0.1+13-3ubuntu3.18.10.1
- openjdk-11-jre - 11.0.1+13-3ubuntu3.18.10.1
- openjdk-11-jre-headless - 11.0.1+13-3ubuntu3.18.10.1
- Ubuntu 16.04 LTS
- openjdk-8-jdk - 8u191-b12-2ubuntu0.16.04.1
- openjdk-8-jre - 8u191-b12-2ubuntu0.16.04.1
- openjdk-8-jre-headless - 8u191-b12-2ubuntu0.16.04.1
- openjdk-8-jre-jamvm - 8u191-b12-2ubuntu0.16.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References
from Ubuntu Security Notices http://bit.ly/2RZewfl
USN-3874-1: Firefox vulnerabilities
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it opened a malicious website.
Software Description
- firefox - Mozilla Open Source web browser
Details
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. (CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505)
It was discovered that Firefox allowed PAC files to specify that requests to localhost are sent through the proxy to another server. If proxy auto-detection is enabled, an attacker could potentially exploit this to conduct attacks on local services and tools. (CVE-2018-18506)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.10
- firefox - 65.0+build2-0ubuntu0.18.10.1
- Ubuntu 18.04 LTS
- firefox - 65.0+build2-0ubuntu0.18.04.1
- Ubuntu 16.04 LTS
- firefox - 65.0+build2-0ubuntu0.16.04.1
- Ubuntu 14.04 LTS
- firefox - 65.0+build2-0ubuntu0.14.04.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make all the necessary changes.
References
- CVE-2018-18500
- CVE-2018-18501
- CVE-2018-18502
- CVE-2018-18503
- CVE-2018-18504
- CVE-2018-18505
- CVE-2018-18506
from Ubuntu Security Notices http://bit.ly/2HHsi1s
Cisco Job Posting Targets Korean Candidates
Cisco Job Posting Targets Korean Candidates
Edmund Brumaghin and Paul Rascagneres authored this post, with contributions from Jungsoo An.
Executive summary
Cisco Talos recently observed a targeted malware campaign being leveraged in an attempt to compromise specific organizations. The infection vector associated with this campaign was a Microsoft Word document that was disguised as a job posting for Cisco Korea, and leveraged legitimate content available as part of job postings on various websites. EST Security also described this campaign in a blog post this week. This malicious Office document appears to have been the initial portion of what was designed to be a multi-stage infection process.
During our analysis of this campaign, we located additional samples that we believe are linked to multiple previous campaigns associated with the same threat actor. Each of the campaigns leveraged malicious documents and initial stage payloads that all featured similar tactics, techniques, and procedures (TTP). Due to the targeted nature of this campaign, the lack of widespread indicator of compromise data, and the apparent nature of the targeting, this appears to be associated with a sophisticated attacker. This sort of attack has become more common as threat actors continue to target users to gain an initial foothold in environments. Organizations are encouraged to employ a defense-in-depth approach to security and disallow the execution of macros where possible.
Share:
from Cisco Blog » Security http://bit.ly/2UqZCez
Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
Cisco Talos is disclosing several vulnerabilities in ACD Systems’ Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format that’s used in Canvas Draw. PCX was a popular image format with early computers, and although it’s been replaced by more sophisticated formats, it is still in use and fully supported by Canvas Draw.
In accordance with our coordinated disclosure policy, Cisco Talos worked with ACD Systems to ensure that these issues are resolved and that an update is available for affected customers.
Read more about these vulnerabilities here.
Share:
Tags:
from Cisco Blog » Security http://bit.ly/2HGetAo
NCCIC Awareness Briefing on Chinese Malicious Cyber Activity
The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below:
CISA encourages MSPs and their customers to register for the briefing by clicking on one of the dates listed above. The briefing will provide a background on the identified cyber activity and mitigation techniques.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://bit.ly/2FZxQCO
MS-ISAC Releases Advisory on DNS Flag Day
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension Mechanisms Protocol for DNS (EDNS). While the updates will improve DNS operations, some domains served by DNS servers operating out-of-date software may become unavailable.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review MS-ISAC's Cyber Alert: DNS Flag Day for more information and the DNS Flag Day website to determine whether a domain name will be affected.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://bit.ly/2GbbFss
Mozilla Releases Security Update for Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://bit.ly/2Wxsgwj
IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311)
Several vulnerabilities were identified with versions of perl which are included in IBM MQ Cloud Paks.
CVE(s): CVE-2018-18312, CVE-2018-18313, CVE-2018-18314, CVE-2018-18311
Affected product(s) and affected version(s):
IBM MQ CloudPak for IBM Cloud Private
v1.0.0 – v2.2.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10791475
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153587
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153588
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153589
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153586
The post IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ibm.co/2t4lT6t
IBM Security Bulletin: IBM Navigator for i is affected by CVE-2019-4040
Jan 30, 2019 9:01 am EST
Categorized: Medium Severity
Share this post:
IBM Navigator for i is supported by IBM i. IBM i has addressed the applicable CVE.
CVE(s): CVE-2019-4040
Affected product(s) and affected version(s):
Releases 7.3 and 7.2 of IBM i are affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10869384
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156164
from IBM Product Security Incident Response Team https://ibm.co/2MGEpe7
IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851)
Jan 30, 2019 9:01 am EST
Categorized: High Severity
Share this post:
There is a potential code execution vulnerability in WebSphere Application Server Liberty OpenID connect which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center).
CVE(s): CVE-2018-1851
Affected product(s) and affected version(s):
| Affected Product | Affected Versions |
| IBM Spectrum Control | 5.2.14 – 5.2.17.1 |
| IBM Spectrum Control | 5.3.0 |
The versions listed above apply to all licensed offerings of IBM Spectrum Control.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10738391
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150999
from IBM Product Security Incident Response Team https://ibm.co/2Gcv64o
IBM Security Bulletin: Bypass security vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2014-7810)
Jan 30, 2019 9:00 am EST
Categorized: Medium Severity
Share this post:
There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center).
CVE(s): CVE-2014-7810
Affected product(s) and affected version(s):
| Affected Product | Affected Versions |
| IBM Tivoli Storage Productivity Center | 5.2.0 – 5.2.7.1 |
| IBM Spectrum Control | 5.2.8 – 5.2.17.1 |
| IBM Spectrum Control | 5.3.0 |
The versions listed above apply to all licensed offerings of IBM Spectrum Control.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10738367
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103155
from IBM Product Security Incident Response Team https://ibm.co/2sXJmWS
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager
Jan 30, 2019 9:00 am EST
Categorized: High Severity
Share this post:
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7 & 8 and IBM® Runtime Environment Java™ Versions 6,7 & 8 used by IBM Security Access Manager software and appliances. These issues were disclosed as part of the IBM Java SDK updates in January 2018.
CVE(s): CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2799, CVE-2018-2783
Affected product(s) and affected version(s):
IBM Tivoli Access Manager for e-business version 6.1
IBM Tivoli Access Manager for e-business version 6.1.1
IBM Security Access Manager for Web version 7.0 software release
IBM Security Access Manager for Web version 8 appliance
IBM Security Access Manager for Mobile version 8 appliance
IBM Security Access Manager version 9 appliance
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10731815
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141952
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141953
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141955
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141939
from IBM Product Security Incident Response Team https://ibm.co/2MHMhM4
USN-3873-1: Open vSwitch vulnerabilities
openvswitch vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary
Several security issues were fixed in Open vSwitch.
Software Description
- openvswitch - Ethernet virtual switch
Details
It was discovered that Open vSwitch incorrectly decoded certain packets. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2018-17204)
It was discovered that Open vSwitch incorrectly handled processing certain flows. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17205)
It was discovered that Open vSwitch incorrectly handled BUNDLE action decoding. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. (CVE-2018-17206)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 18.04 LTS
- openvswitch-common - 2.9.2-0ubuntu0.18.04.3
- Ubuntu 16.04 LTS
- openvswitch-common - 2.5.5-0ubuntu0.16.04.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
from Ubuntu Security Notices http://bit.ly/2sYbfhr
Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data
If you are thinking that Facebook is sitting quietly after being forced to remove its Onavo VPN app from Apple's App Store, then you are mistaken.
It turns out that Facebook is paying teenagers around $20 a month to use its VPN app that aggressively monitors their smartphone and web activity and then sends it back to Facebook.
The social media giant was previously caught collecting some of this data through
Onavo Protect, a Virtual Private Network (VPN) service that it acquired in 2013.
However, the company was forced to
pull the app from the App Storein August 2018 after Apple found that Facebook was using the VPN service to track its user activity and data across multiple apps, which clearly violates its App Store guidelines on data collection.
Onavo Protect became a data collection tool for Facebook helping the company track smartphone users' activities across multiple different apps to learn insights about how Facebook users use third-party apps.
Facebook's Paid Market Research
Now according to a report
publishedby TechCrunch, Facebook has been doing much more than just collecting some data on its users—this time in the name of an app called "
Facebook Research" for iOS and Android since at least 2016.
In some documentation, this program has been referred to as "Project Atlas." Facebook has also confirmed the existence of the app to the publication.
The report said the company has been paying people aged between 13 and 35 as much as $20 per month along with referral fees in exchange for installing Facebook Research on their iPhone or Android devices, saying it's a "paid social media research study."
Instead of downloading the app via any app store, Facebook has been using third-party beta testing services—Applause, BetaBound and uTest—that specifically runs ads on Instagram and Snapchat recruiting participants to install Facebook Research.
Facebook Research App Collects Troves of User Data
The app requires users to install a custom root enterprise certificate, which gives the social media giant the level of access that can allow it to see users’ private messages in social media apps, non-e2e chats from instant messaging apps, emails, web searches, web browsing activity, and ongoing location information.
Although it is not clear if Facebook is accessing this data, but if the company wants it could, according to security researcher Will Strafach, who was commissioned by the publication.
In some instances, the Facebook Research app also asked users to take screenshots of their Amazon order histories and send it back to Facebook.
According to the Facebook Research’s terms of service, installing the app gives the company permission to collect information about other mobile apps on a participant's smartphone as well as how and when those apps are used.
"This means you are letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps," the terms read.
"You're also letting our client collect information about your internet browsing activity (including the websites you visit and data is exchanged between your device and those websites) and your use of other online services. There're some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions."
Facebook Acknowledges the Existence of the Program
While acknowledging the existence of this program, Facebook said, "like many companies, we invite people to participate in research that helps us identify things we can be doing better."
Since Facebook Research is aimed at "helping Facebook understand how people use their mobile devices, we have provided extensive information about the type of data we collect and how they can participate. We do not share this information with others, and people can stop participating at any time."
Though Facebook's spokesperson claimed that the app was in line with Apple's Enterprise Certificate program, but since Apple requires developers to only use this certificate system for distributing internal corporate apps to their own employees, "recruiting testers and paying them a monthly fee appears to violate the spirit of that rule," the report reads.
Apple is "aware" of the issue, but it is unclear if the iPhone maker might ban Facebook from using its Enterprise Developer Certificates or not.
In response to the report, Facebook said the company is planning to shut down the iOS version of its Research app. BetaBound, uTest, and Applause have not yet responded to the report.
from The Hacker News http://bit.ly/2RoH9xq
iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret
Late last year when an unknown group of
hackers stole secret access tokensfor millions of Facebook accounts by taking advantage of a flaw in its website, the company disclosed the incident and informed its affected users.
Similarly, when Twitter was hit by multiple vulnerabilities (
#1,
#2,
#3) in the last few months, the social media company disclosed those incidents and informed its affected users.
And Guess What? Google is going to shut down its social media network Google+ in April this year after admitting
two security flawsin its platform that exposed private data of hundreds of thousands of users to third-party developers.
It turns out that Apple also possibly suffered a privacy breach late last year due to a bug in its platform that might have exposed some of your iCloud data to other users, but the company chose to keep the incident secret... maybe because it was not worth to disclose, or perhaps much more complicated.
Last week, Turkish security researcher
Melih Sevimcontacted The Hacker News and claimed to have discovered a flaw in Apple services that allowed him to view partial data, especially notes, from random iCloud accounts as well as on targeted iCloud users just by knowing their associated phone numbers.
Melih confirmed The Hacker News that he discovered the alleged flaw in October 2018, and then responsibly reported it to the Apple's security team with steps to reproduce the bug and a video demonstration, showing how he was able to read personal iCloud data from other Apple users without their knowledge.
"I discovered that when there is an active data transfer between the user and Apple servers if I open my (attacker's) iCloud account, there is a possibility to view some random data on every refresh due to the bug," Melih told The Hacker News.
After patching it in November 2018, Apple acknowledged the issue to Melih but responded that the company had already addressed it before receiving details from him.
Apple then immediately closed the ticket and buried the lead.
A Mysterious iCloud Bug
Based upon Melih explanation, the alleged flaw resided in the way Apple "internally" linked, either accidentally or intentionally, a phone number saved in the billing information of an Apple ID to the iCloud account on a device using the same phone number.
According to Melih, after following some specific steps on his iPhone and then saving a new phone number linked to another Apple ID in the billing information related settings on his device, he was able to view partial iCloud data from the account associated with that number.
"Let suppose, if abc@icloud.com's mobile number is 12345 and when I enter 12345 mobile number to my xyz@icloud.com Apple ID account, I could see abc's data on xyz's account," Melih told THN.
"During my researcher, I saw many notes from other Apple users who kept their bank account related information and passwords in the iCloud."
Since the flaw was in the section of iCloud settings for iOS devices that load from Apple servers in real-time using the Internet, it was silently patched by Apple team from the background without releasing a new iOS update.
If Melih's report is accurate, the next detail makes the issue more serious…
Melih also confirmed The Hacker News that the text-box asking users to enter a phone number was not validating the user input, thus allowing an attacker even to save a single digit input.
As shown in the video demonstration shared by Melih with THN, the trick eventually exploited the same flaw into fetching personal data from random iCloud accounts matching the input digit to their associated phone numbers.
Apple Acknowledged the Problem, But...
To confirm Melih's bug and know the full extent of the incident, we reached out to the Apple security team before publishing this article.
In response to The Hacker News email and knowing that we are working on a story, Apple acknowledged the bug report, saying "the issue was corrected back in November," without responding to some other important questions, including for how many weeks the flaw remained open, the estimated number of affected users (if any) and if there is any evidence of malicious exploitation?
Well, that was weird, but not new...
Just yesterday, Apple temporarily took down its Group FaceTime service after the public disclosure of a
bug in its video-calling appthat allows FaceTime users to hear or see other users before they even pick up the call.
Later it turned out that Apple was apparently
notifiedof the
FaceTime eavesdropping bugover a
week ago by a 14-year-oldboy before it made headlines, but again, the Apple security team failed to communicate promptly, leaving its millions of users unaware of the issue and at risk.
If the suspected iCloud leak was minor, then Apple could have confirmed us, but it's silence over the report makes the incident more suspicious.
from The Hacker News http://bit.ly/2HE834B
Tuesday, January 29, 2019
Google Releases Security Updates for Chrome
Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Chrome Releases page and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://bit.ly/2WpOrop
Fixing Virtualbox RDP Server with DetectionLab
root@LAPTOP-HT4TGVCP C:\Users\root>"c:\Program Files\Oracle\VirtualBox\VBoxManage" list runningvms
"logger" {3da9fffb-4b02-4e57-a592-dd2322f14245}
"dc.windomain.local" {ef32d493-845c-45dc-aff7-3a86d9c590cd}
"wef.windomain.local" {7cd008b7-c6e0-421d-9655-8f92ec98d9d7}
"win10.windomain.local" {acf413fb-6358-44df-ab9f-cc7767ed32bd}
I was having a problem with two of the VMs sharing the same port for the RDP server offered by Virtualbox. This meant I could not access one of them. (Below, port 5932 has the conflict.)
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo logger | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 5955, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo dc.windomain.local | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 5932, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo wef.windomain.local | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 5932, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo win10.windomain.local | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 5981, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
To fix this, I explicitly added port values to the configuration in the Vagrantfile. Here is one example:
vb.customize ["modifyvm", :id, "--vrde", "on"]
vb.customize ["modifyvm", :id, "--vrdeaddress", "0.0.0.0"]
vb.customize ["modifyvm", :id, "--vrdeport", "60101"]
After a 'vagrant reload', the RDP servers were now listening on new ports, as I hoped.
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo logger | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 60101, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo dc.windomain.local | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 60102, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo wef.windomain.local | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 60103, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>"c:\Program Files\Oracle\VirtualBox\VBoxManage" showvminfo win10.windomain.local | findstr /I vrde | findstr /I address
VRDE: enabled (Address 0.0.0.0, Ports 60104, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Address = "0.0.0.0"
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>vagrant status
Current machine states:
logger running (virtualbox)
dc running (virtualbox)
wef running (virtualbox)
win10 running (virtualbox)
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>vagrant port logger
The forwarded ports for the machine are listed below. Please note that
these values may differ from values configured in the Vagrantfile if the
provider supports automatic port collision detection and resolution.
22 (guest) => 2222 (host)
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>vagrant port dc
The forwarded ports for the machine are listed below. Please note that
these values may differ from values configured in the Vagrantfile if the
provider supports automatic port collision detection and resolution.
3389 (guest) => 3389 (host)
22 (guest) => 2200 (host)
5985 (guest) => 55985 (host)
5986 (guest) => 55986 (host)
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>vagrant port wef
The forwarded ports for the machine are listed below. Please note that
these values may differ from values configured in the Vagrantfile if the
provider supports automatic port collision detection and resolution.
3389 (guest) => 2201 (host)
22 (guest) => 2202 (host)
5985 (guest) => 2203 (host)
5986 (guest) => 2204 (host)
root@LAPTOP-HT4TGVCP C:\Users\root\git\detectionlab\DetectionLab\Vagrant>vagrant port win10
The forwarded ports for the machine are listed below. Please note that
these values may differ from values configured in the Vagrantfile if the
provider supports automatic port collision detection and resolution.
3389 (guest) => 2205 (host)
22 (guest) => 2206 (host)
5985 (guest) => 2207 (host)
5986 (guest) => 2208 (host)
The entry in bold is the problem. Vagrant should not be mapping port 3389, which is already in use by the RDP server on the Windows 10 host, such that it tries to be available to the guest.
I tried telling Vagrant by hand in the Vagrantfile to map port 3389 elsewhere, but nothing worked. (I tried entries like the following.)
config.vm.network :forwarded_port, guest: 3389, host: 5789
I also searched to see if there might be a configuration outside the Vagrantfile that I was missing. Here is what I found:
ds61@ds61:~/DetectionLab-master$ find . | xargs grep "3389" *
./Terraform/Method1/main.tf: from_port = 3389
./Terraform/Method1/main.tf: to_port = 3389
./Packer/vagrantfile-windows_2016.template: config.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true
./Packer/scripts/enable-rdp.bat:netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
./Packer/vagrantfile-windows_10.template: config.vm.network :forwarded_port, guest: 3389, host: 3389, id: "rdp", auto_correct: true
I wonder if those Packer templates have anything to do with it, or if I am encountering a problem with Vagrant? I have seen many people experience similar issues, so I don't know.
It's not a big deal, though. Now that I can directly access the virtual screens for each VM on Virtualbox via the RDP server, I don't need to RDP to port 3389 on each Windows VM in order to interact with it.
If anyone has any ideas, though, I'm interested!
from TaoSecurity http://bit.ly/2DJwQ3h
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://bit.ly/2SbyPp8