Showing posts sorted by relevance for query security vulnerability. Sort by date Show all posts
Showing posts sorted by relevance for query security vulnerability. Sort by date Show all posts

Microsoft Patches Serious 34 Vulnerabilities

Posted by Avik Sarkar On 6/15/2011 10:00:00 pm



In today's Patch Tuesday, Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA. Nine of the bulletins are rated Critical, with seven rated as Important. Wolfgang Kandek, Qualys CTO, comments: "The only bulletin with a known expoit in the wild is MS11-046, a local privilege escalation flaw in the "afd.sys" driver. IT admins can check with their end-point security providers for coverage, but should include this bulletin high on their to-do lists in any case, as it is only a matter of time until we see more attackers use malware taking advantage of this exploit to gain control of your workstations."

Here are the bulletins:-

Vulnerability in OLE Automation 
This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request.

Vulnerability in .NET Framework and Microsoft Silverlight
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Vulnerability in Threat Management Gateway Firewall Client 
This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used.

Vulnerability in Windows Kernel-Mode Drivers
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Distributed File System
This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Vulnerability in SMB Client
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.

Vulnerability in .NET Framework
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Cumulative Security Update for Internet Explorer
This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in Vector Markup Language
This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in MHTML
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's Web site. An attacker would have to convince the user to visit the Web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Microsoft Excel
This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.

Vulnerability in Ancillary Function Driver
This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Vulnerability in Hyper-V Could
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Vulnerability in SMB Server
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability.

Vulnerability in the Microsoft XML Editor
This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Vulnerability in Active Directory Certificate Services Web Enrollment
This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)

Posted by Avik Sarkar On 4/11/2013 01:44:00 am

PostgreSQL Fixed 'High-Exposure Security Vulnerability' Causing Denial-of-Service Attack (CVE-2013-1899)

Security researcher's have yet again figured out a serious security hole in one of most widely used object-relational database management system, PostgreSQL also known as Postgres. While manipulating the loophole an attacker can easily corrupt files and in some cases, can execute malicious code on underlying servers causing "persistent denial-of-service" attack. By corrupting the files an attacker can cause database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable. As soon as this vulnerability get spotted, the developers at PostgreSQL immediately  released updates while addressing a "high-exposure security vulnerability in versions 9.0 and later." The updates are available for 9.0, 9.1, and 9.2 branches, as well as 8.4. This updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012. According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center." In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. 

Some of these fixes include:
  • A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;
  • A vulnerability that would allow unprivileged users to interfere with backups;
  • Security issues involving the OS X and Linux installers;
  • Vaious issues with GiST indices;
  • An issue related to crash recovery; and
  • Memory and buffer leaks, among others.

The complete list of fixes and enhancements in each version can be found on the PostgreSQL release notes archive page. Also the patched PostgreSQL 9.2.4, 9.1.9, 9.0.13, and 8.4.17 are available now at download  page. While talking about this fix, we would like to remind you that, late in last year another security vulnerability hit PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. The security holes associated with libxml2 and libxslt. Along with that a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. 



-Source (Campus Technology & The-H)








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

eEye to Showcase IT Security Solutions that Simplify Vulnerability and Compliance Management at SecureWorld Expo in Atlanta

Posted by Avik Sarkar On 4/27/2011 02:31:00 pm

eEye Digital Security, a provider of IT security and unified vulnerability management solutions, will exhibit at the SecureWorld Expo in Atlanta, Georgia, May 3-4, 2011. The company’s CTO, Marc Maiffret, will participate as an industry expert on a network security panel discussion. The conference brings together the security leaders, experts, senior executives, and policy makers who shape the direction of security across Information Security, Physical Security, Compliance, IT Audit, Computer Forensics, Enterprise Risk Management, Business Continuity, and Security Management.
eEye invites the media and SecureWorld Expo attendees to explore the company's latest innovations, demonstrated in Booth 313, primarily the company’s Retina CS Management solution, Retina Insight reporting engine, as well as add-on modules for Configuration Compliance, Government Regulatory Reporting, and Patch Management.
eEye CTO, Marc Maiffret, will offer insights on the Industry Expert Panel, "Network Security: Finding the Right Management Program," to be held on Tuesday, May 3, 1:15-2:00 PM during the Open Vendor Sessions portion of the conference.
“It’s part of the eEye philosophy to regularly engage in dialogue with other security leaders and the IT security community at large,” said Marc Maiffret, CTO, eEye. “As a speaker on the Network Security panel, I’d like to open communication around some simple, practical tactics that IT professionals can use to significantly improve the security of their organization.”
At the event, eEye will encourage SecureWorld Expo attendees to take advantage of several free, online resources that the company provides to the IT security community. Retina Community is a free vulnerability scanner for up to 32 IPs, now being used by nearly four thousand organizations. Zero Day Tracker provides a catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities.eEye’s Vulnerability Expert Forum (VEF), hosted by Maiffret and the eEye Research Team, is a popular monthly webinar attended by hundreds of IT security professionals seeking insight and information on recently announced critical vulnerabilities from Microsoft and other software vendors.
eEye is participating in SecureWorld Expo’s “Dash for Prizes.” Attendees can register at the eEye Booth (313) throughout the two-day conference to win an Amazon Kindle and a $25 gift card. Winners will be announced during the last break of the conference on Wednesday, May 4. Attendees must be present to win.
About eEye Digital Security 
Since 1998, eEye Digital Security has made vulnerability and compliance management simpler and more efficient by providing the only unified solution that integrates assessment, mitigation, protection, and reporting into a complete offering with optional add-on modules for configuration compliance, regulatory reporting, and integrated patch management. eEye’s world-renowned research and development team is consistently the first to uncover critical vulnerabilities and build new protections into our solutions to prevent their exploit. Thousands of mid-to-large-size private-sector and government organizations, including the largest vulnerability management installations in the world, rely on eEye to protect against the latest known and zero-day vulnerabilities. More at eeye.com.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle to Mitigate 73 Security Vulnerabilities in Upcoming Critical Patch Update

Posted by Avik Sarkar On 4/28/2011 10:18:00 pm


Oracle is all set for the upcoming critical patch update. The pre-release announcement by the company indicates that in all 73 vulnerabilities associated with numerous products will be mitigated during the next critical patch update. The update will mitigate security vulnerabilities associated with Oracle database server, fusion middleware, enterprise manager, e-business suite, supply chain products, PeopleSoft, JD Edwards suite, Siebel CRM, industry applications, Sun products and Open office suite.

The company releases quarterly critical patch updates on Tuesday closest to 17th day of January, April, July and October. The company uses Common Vulnerability Scoring System (CVSS) version 2.0 to rate vulnerabilities. The vulnerabilities are assigned scores based on the prerequisites for exploiting the vulnerability, ease of exploit, and impact of the attack on availability, confidentiality and integrity. Base scores range from 0.0 to 10.0 with ten being the most severe vulnerability.

Vulnerabilities may be caused by technological flaws, programming errors, and other human errors. Developers are required constantly upgrade their technical skills through online IT degree courses, training programs and refresher courses to deal with ever evolving threats.

The critical patch update will address six vulnerabilities in database server. The vulnerabilities affect components such as application service level management, database vault, Oracle help, security service, warehouse builder, UIX and network foundation. Two of the six vulnerabilities do not require authentication for exploitation of vulnerabilities. Highest base score for security flaws affecting database server is 6.5. The update will mitigate 9 flaws associated with fusion middleware, 6 of which are exploitable without authentication.

The vulnerabilities affect Oracle help, HTTP server, JRockit, outside In technology, security service, WebLogic server, portal and single sign on. Oracle has assigned highest severity score of 10 for vulnerabilities affecting fusion middleware. 4 vulnerabilities will be fixed in Oracle applications, 2 of which are exploitable without authentication. The vulnerabilities have been assigned a base score of 4.3 and affect application object library, applications install, and web ADI. The update will resolve a flaw in Supply chain products suite, which is exploitable without authentication. Highest base score for vulnerability in supply chain products suite is 4.3 and affects Agile technology program.

14 security flaws have related to PeopleSoft Suite will be fixed in the upcoming critical patch, 1 of which is exploitable without authentication. Highest base score for security flaws associated with PeopleSoft suite is 4.3 and affects PeopleSoft Enterprise, Enterprise CRM, ELS, HRMS and People tools. The critical patch update will resolve 8 issues associated with JD Edwards suite, 7 of which are exploitable without authentication. Highest base score for vulnerabilities in JD Edwards suite is 6.4 and affects EnterpriseOne tools.

The update will address a vulnerability associated with industry applications, which affects InForm. Highest base score for vulnerability in industry applications is 5.5. 8 security flaws will be mitigated in Sun products suite, seven of which are exploitable without authentication. Oracle has assigned highest severity score of 10 for security flaws affecting Sun products suite. The components affected include Java Dynamic Management Kit, Java system web server, Solaris, OpenSSO Enterprise, GlassFish Enterprise server, java system application server, java system access manager policy agent, and java system messaging server.

The upcoming critical patch update will fix 8 security issues related to Open Office suite, of which 7 are exploitable without authentication. Highest base score for security flaws in Open Office suite is 9.3. Open Office, StarOffice and StarSuite are affected by the vulnerabilities.

Vulnerabilities are identified by professionals qualified in IT degree programs and security certifications such as penetration testing. Developers encourage both in-house and independent security researchers to detect and report security flaws so that they can be mitigated before exploitation by attackers.

Online IT courses, e-tutorials, security blogs and alerts from computer emergency response teams could help users in gaining insights on security threats, their implications and importance of security updates. Users must keep track of the security releases and install necessary updates to safeguard their systems and data from unauthorized access. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Released Security Bulletin to Patch Multiple Vulnerable Products

Posted by Avik Sarkar On 8/12/2011 03:26:00 am

Adobe released a security bulletin to patch their multiple vulnerable products. Here are the list with detail information of those products.
  • APSB11-19 – Security update available for Adobe Shockwave Player (Critical)
  • APSB11-20 – Security update available for Adobe Flash Media Server (Critical)
  • APSB11-21 – Security update available for Adobe Flash Player (Critical)
  • APSB11-22 – Security update available for Adobe Photoshop CS5 (Critical)
  • APSB11-23 – Security updates available for RoboHelp (Important)
Security update available for Adobe Shockwave Player:-
 
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
Adobe recommends users of Adobe Shockwave Player 11.6.0.626 and earlier versions update to Adobe Shockwave Player 11.6.1.629.

Security update available for Adobe Flash Media Server :-

A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux.
This vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability and recommends that users update their installations to Flash Media Server 4.0.3 or 3.5.7 respectively.

Security update available for Adobe Flash Player :-

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7 for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961.

Security update available for Adobe Photoshop CS5 :-

A critical vulnerability has been identified in Photoshop CS5 and CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. To successfully exploit this vulnerability, an attacker would have to convince a user to open a malicious .GIF file in Photoshop CS5.

Security updates available for RoboHelp :-

An important vulnerability has been identified in RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8. A specially crafted URL could be used to create a cross-site scripting attack on RoboHelp installations. 

-News Source (Adobe & Help Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ruby on Rails Public Key Security Vulnerability In GitHub

Posted by Avik Sarkar On 3/07/2012 03:11:00 pm

 Ruby on Rails Public Key Security Vulnerability In GitHub
A Russian security researcher named Homakov has found that Github has succumbed to a public key vulnerability in Ruby on Rails which is allowing a normal user to gain administrator access into the popular Rails Git. Homakov exploited a flaw in how the Ruby on Rails web framework handles mass assignments that allowed him to write a posting, delete a posting or push changes into source code on any GitHub project. Homakov had previously created an issue regarding mass assignment security on the rails issue tracker on GitHub; this was closed by the developers saying that it was the application developers' responsibility to secure their applications. Homakov then decided to demonstrate the issue using the nearest Ruby on Rails application, GitHub. The problem or in other word this security flaws is known as the mass assignment vulnerability, has been around since the ability to set a number of attributes in one call was introduced in Rails. Later GitHub confirms to close that security hole. 
According to the GitHub official Blog post:- 
"The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability. In parallel to the attack investigation we initiated a full audit of the GitHub codebase to ensure that no other instances of this vulnerability were present. This audit is still ongoing, and I am going to personally ensure that we have a strategy going forward to prevent this type of vulnerability from happening again.
I sincerely apologize for allowing this to happen. Security is our priority and I will be arranging additional external security audits above and beyond our normal schedule to further test our security measures and give you peace of mind."
Brief About GitHub:-
Github is the web based front-end set up around Linus Torvald's Git revision control system. Due to the web site's extensive social networking features combined with the Git revisioning system Github has become extremely popular. Github is also used by a number of high-profile projects including the Linux kernel. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

ICASI Publishes Standardized Framework for Reporting IT System Vulnerabilities : CVRF Version 1.0

Posted by Avik Sarkar On 5/18/2011 01:05:00 pm




The Industry Consortium for Advancement of Security on the Internet (ICASI), a nonprofit association dedicated to enhancing global IT security by proactively driving excellence and innovation in security response, today announced the publication of its Common Vulnerability Reporting Framework (CVRF) Version 1.0.     

CVRF is an XML-based framework that enables stakeholders across different organizations to share critical vulnerability-related information in an open and common machine-readable format. This format replaces the myriad of current nonstandard reporting formats, thus speeding up information exchange and processing. CVRF is available to the public free of charge, along with additional information, at ICASI.org/cvrf.
"CVRF represents a true milestone in industry efforts to raise and broaden awareness of security vulnerabilities," said Linda Betz, president of ICASI and director of IT Policy and Information Security at IBM. "With the use of CVRF, the producers of vulnerability reports will benefit from faster and more standardized reporting. End users will be able to find, process and act upon relevant information more quickly and easily, with a higher level of confidence that the information is accurate and comprehensive. Consumers will ultimately benefit with safer systems and applications."
Although the computer security community has made significant progress in several other areas in recent years, including categorizing and ranking the severity of vulnerabilities in information systems, there has been no standard framework for creating vulnerability report documentation. Methods such as embedding security metric and vulnerability data inside response reports are all vendor-specific, non-standard and time consuming to decipher manually.
Through its CVRF Project, ICASI undertook to remedy this lack of standardization, using the Internet Engineering Task Force (IETF) draft Incident Object Description Exchange Format (IODEF) as a starting point. The project team – including contributors from ICASI Founding Members Cisco Systems, Intel Corporation, International Business Machines, Juniper Networks, Microsoft Corporation and Nokia, along with representatives from Oracle and Red Hat – also surveyed enterprise users about similarities and differences in current vulnerability reporting, asking them what future reporting methods should address. The team then expanded existing security documentation formats and integrated a best-of-breed solution into a common, open XML-based framework ‒ CVRF ‒ that brings consolidation and consistency to the security vulnerability documentation space, and is expected to grow organically among stakeholders.
The XML-based framework of CVRF predefines a large number of fields, with extensibility and robustness in mind. These fields are consistent in naming and data type, so that any organization that adopts and understands CVRF can easily produce documents or read the ones that another CVRF-equipped organization has produced. Independent discoverers of bugs, large vendors, security coordinators and end users of security response efforts worldwide can all write CVRF documents to share critical vulnerability-related information. Widespread use of CVRF will accelerate information dissemination and exchange and incident resolution as a result.
ICASI's intention is that CVRF be a living framework that will be enhanced and revised as necessary. ICASI plans to continue supporting CVRF to ensure that it will remain both stable and free for use by all. Implementers are encouraged to submit their suggestions for improvements to contactcvrf@memberws.org.     

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor

Posted by Avik Sarkar On 12/19/2012 12:51:00 pm

Internet Explorer Vulnerability Allowing Hackers to Track Your Mouse Cursor, Still Microsoft is Apathetic 

Yet again Microsoft Internet Explorer have fallen victim in front of hackers. Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized  The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads. Spider.io said -The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.
As a user of Internet Explorer, your mouse movements can be recorded by an attacker even if you are security conscious and you never install any untoward software. An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit. This is not restricted to lowbrow porn and file-sharing sites. Through today’s ad exchanges, any site from YouTube to the New York Times is a possible attack vector. Indeed, the vulnerability is already being exploited by at least two display ad analytics companies across billions of webpage impressions each month. As long as the page with the exploitative advertiser’s ad stays open—even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer—your mouse cursor can be tracked across your entire display.


Vulnerability Disclosure
Package: Microsoft Internet Explorer
Affected: Tested on versions 6–10
BugTraq Link: seclists.org/bugtraq/2012/Dec/81


Spider.io has set a demo page to demonstrate how the vulnerability is working. According to sources, Microsoft Security Research Center has acknowledged the vulnerability, but unfortunate that Microsoft are not in a hurry to patch this vulnerability in existing versions of its popular browser. "There are no immediate plans to patch this vulnerability in existing versions of the browser."  said MSRC



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS & US-CERT Recommended to Disable Java in Web Browsers

Posted by Avik Sarkar On 1/18/2013 06:49:00 pm

DHS & US-CERT Recommended to Disable Java in Web Browsers Unless It's Absolutely Necessary

The running time is proving to be the worst period for Java, as it has been walking under serious security issues. Yet again security researchers have pointed out a zero-day security vulnerability in the Java program that hackers are exploiting. The exploit takes advantage of a vulnerability left open in Java 7 Update 10, released in October last year. It works by getting Java users to visit a website with malicious code that takes advantage of a security gap to take control of users' computers. Thus how Java is being used by cyber criminals to infect computers with malware. Oracle, hasn't specified the number of users who have downloaded Java 7 Update 10. However, Java runs on more than 850 million computers and other devices. When Oracle released Update 10, so it is predictable that more than 850 million devices run by Java is under threat. The exploit was first discovered by French researcher Kafeine, who claimed to have found it running on a site registering hundreds of thousands of page views daily. From that site, immediately that vulnerability and a large number of effected devices has been spotted in the wild. In Java 7 Update 10 the creator of Java, Oracle added several security control and fixed older bugs and promised more security enhancement, but its very unfortunate that Oracle failed to keep their promise. What ever after this newly discovered 0-day hole spotted wildly, Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe, but distinct vulnerability (CVE-2012-3174). Immunity has indicated that only the reflection vulnerability has been fixed and that the JMX MBean vulnerability remains. Java 7u11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets. It "strongly recommends" that Java SE 7 users upgrade immediately to avoid all kind of security hazards. 

After seeing all the drama, many of you have failed to keep trust in Java, and you all will be relieved when you will gone through the security advisory of CERT (Computer Emergency Response Team) where they have clearly instructed to disable Java in your popular web-browser. In their official release CERT said "Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."

You will see similar advice in the advisory posted on the official DHS US-CERT website where DHS also suggested to disable Java until and unless it is that much necessary. "To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment." - said U.S. CERT in their advisory. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Cloud Computing: Managing Risk and Compliance in the Cloud

Posted by Avik Sarkar On 4/26/2011 01:04:00 am


Cloud computing represents today's big innovation trend in the information technology (IT) space. Because it allows enterprises to deploy quickly, move swiftly, and share resources, cloud computing is rapidly replacing conventional in-house facilities at enterprises of all sizes.
Unfortunately, in their eagerness to adopt cloud platforms and applications, enterprises are neglecting to recognize and address the compliance and security risks that come with implementation. Often the ease of getting a business into the cloud - a credit card and a few keystrokes is all that is required - provides a false sense of security.
However, shortcomings in the cloud providers' security strategy can trickle down to the businesses that leverage their services. In this context, damages can range from pure power outages impacting business performance, data loss, unauthorized disclosure, data destruction, copyright infringement, to brand reputational loss.
Risk in the Cloud
For enterprises planning to transition their IT environment to the cloud, it is imperative to be cognizant of issues such as loss of control and lack of transparency, which are often overlooked. Cloud providers may have service level agreements in place, but security provisions, the physical location of data, and other vital details may not be well defined. This leaves enterprises in a bind, as they must also meet contractual agreements and regulatory requirements for securing data and comply with countless breach notification and data protection laws.

Whether organizations plan to use public clouds, which promise an even higher return on investment, or private clouds, better security and compliance is needed. To address this challenge, organizations should institute policies and controls that match their pre-cloud requirements. At the end, why would you apply less stringent requirements to a third-party IT environment than your own - especially if it potentially impacts your business performance and valuation?
Recent cyber-attacks and associated data breaches of Google and Epsilon (a marketing services firm) are prime examples of why companies need to think about an advanced risk and compliance plan that includes their third-party managed cloud environment.
To protect your business, you should insist that your cloud service provider provides visibility into security processes and controls to ensure confidentiality, integrity, and availability of data.
Best Practices for Cloud Risk Management
According to Jim Reavis, co-founder and executive director of the Cloud Security Alliance (CSA), main inhibitors to the adoption of cloud computing in large organizations are consistent and standardized frameworks, open standards, interfaces that address security controls, and easy-to-implement processes to provide assurances on levels of Governance, Risk, and Compliance and security in cloud environments.
According to a report by Forrester Research (Compliance with Clouds: Caveat Emptor, August 2010) organizations should not wait for the cloud industry to step up its support for regulatory compliance, but instead security professionals should look beyond their cloud providers for compensating controls to aid cloud sourcing.
This view is obviously shared by IT and security leaders, who responded to the 2011 Global State of Information Security Survey of PricewaterhouseCoopers, CIO Magazine, and CSO Magazine, as they identified compliance (34%) and regulatory compliance (33%) among the top five business issues that will drive information security spending in their organization in 2011.
As cloud computing is still an emerging technology space, advice on how to address cloud risk management is limited. What best practices should organizations follow? Probably the best bet are the guidelines developed by the Cloud Security Alliance, a non-profit organization formed to promote the use of best practices for providing security assurance within cloud computing.
The CSA defines three distinct stages of a cloud adoption life cycle, starting with cloud risk readiness assessment, cloud risk operations monitoring, and finally leading to cloud audits (an area that still requires further standardization).
Cloud Risk Readiness
When you transition your IT infrastructure to a cloud environment you have to find ways to determine how to trust your cloud provider with your sensitive data. Practically speaking, you need the ability to assess security standards, trust security implementations, and prove infrastructure compliance to auditors.
To quickly evaluate your tolerance for moving asset to various cloud computing models (e.g., public cloud, private cloud, community cloud, or hybrid cloud) you should apply the followings steps:
  1. Identify the assets for the cloud deployment (e.g., data, applications, functions, processes)
  2. Evaluate the assets as it relates to criticality to the business and answer questions such as:
    • What impact would the business face if the asset became public information?
    • What impact would the business face if the asset would be accessed by the cloud service provider?
    • What impact would the business face if the application would be attacked or corrupted by an outsider?
    • What impact would the business face if the stored data were unexpectedly modified?
    • What impact would the business face if the asset were unavailable for a period of time?
  3. Map the asset to the potential cloud deployment model
  4. Evaluate potential cloud service models and providers and answer questions such as:
    • Does the cloud service provider meet current standards for security (e.g., assessment of threat and vulnerability management capabilities, continuous monitoring, business continuity plan)
    • Is the cloud service provider compliant with applicable regulations and can it pass a regulatory audit?
    • Can the cloud service provider generate dynamic and detailed compliance reports that can be used by the provider, auditors, as well as your internal resources?
Considering that many organizations deal with a heterogeneous cloud eco-system, comprised of infrastructure service providers, cloud software providers (e.g., cloud management, data, compute, file storage, and virtualization), platform services (e.g., business intelligence, integration, development and testing, as well as database), it is often challenging to gather the above mentioned information in a manual fashion. Thus, automation of the vendor risk assessment might be a viable option, especially if the same software tool can be leveraged for the other stages of the cloud adoption life cycle.
In addition, it's important to select a software tool that provides compliance controls assessment frameworks and content from regulations such as PCI DSS 2.0, FISMA 2010, SOX, NIST, ISO, CSA, SANS and BITS, threat controls content from CSA, as well as cloud risk dashboards and reports.
Cloud Risk Operations
A portion of the cost savings obtained by moving to the cloud should be invested into increasing the scrutiny of the security qualifications of an organization's cloud service provider, particularly as it relates to security controls, and ongoing detailed assessments and audits to ensure continuous compliance.
In this context, organizations should consider leveraging monitoring services or security risk management software that achieves:
  • Continuous compliance monitoring
  • Segregation and virtualization provisioning management
  • Automation of CIS benchmarks and secure configuration management integrations with security tools such as VMware vShield, McAfee ePO, and NetIQ SCM
  • Threat management with automated data feeds from zero-day vendors such as VeriSign and the National Vulnerability Database (NVD), as well as virtualized vulnerability integrations with companies such as eEye Retina and Tenable Nessus
Automated technology, which allows a risk-based approach and continuous monitoring for compliance, would be suitable for enterprises seeking to protect and manage their data in the cloud.
Cloud Risk Audit
This stage of the cloud adoption life cycle has not been very well defined yet and therefore requires further standardization driven by an increase in cloud deployments.
Nonetheless, when evaluating cloud service providers, organizations should ensure that they perform automated regulatory health checks and provide transparency in their infrastructure (IaaS), platform (PaaS), and software (SaaS) environments.
Practical Tips in Selecting the Right Cloud Risk Management Tool
When assessing Cloud Risk Management services or software, organizations should apply the following selection criteria:
  • Choose a vendor that offers an all-encompassing solution, meaning providing methodologies, frameworks, tools, and best practices to properly assess and manage your organization's cloud initiatives across all three stages of your cloud adoption life cycle. The solution should cover Governance, Risk, and Compliance (GRC), as well as Security in the form of threat and vulnerability management capabilities.
  • Choose an automated technology with an open architecture, since many organizations have invested heavily in security tools. This will allow data to be fed from the existing tools into the Cloud Risk Management tool and provide an aggregated view into both IT and business compliance and risk.
  • Make sure you work with a vendor that offers a solution that is content rich and includes many of the regulations (PCI, FISMA, SOX, etc.), frameworks, and standards that are applicable to your organization.
  • Seek out a vendor or service provider that can add value by offering innovative technology that goes beyond the traditional view of GRC. Namely, ensure that beyond governance and compliance, the areas of security (e.g., threat and vulnerability) and risk (e.g., enterprise risk management) are well covered, as it ensures higher return on investment.
  • Since you measure the success of a technology implementation by the time it takes to achieve value from its investment, it's crucial to engage with a vendor that offers the most efficient time-to-value. From a deployment perspective, this means that an on-site implementation should not exceed 90 days and as a managed service client, you should be up and running within 30 days.
Summary
There is no doubt that cloud computing will continue growing and, as it does, continue to get safer. But data breaches at some of the largest enterprises highlight the fact that there are still many risks associated with cloud adoption. Constantly changing government regulations are making it more difficult to keep compliant during the audit process as well. While it's exciting to be at the frontline when it comes to embracing a new technology that is poised to change the way we conduct business, we must remember that these technologies almost always come with new risks that have not yet been fully addressed.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook

Posted by Avik Sarkar On 1/02/2014 11:10:00 pm

VOGH Exclusive: URL Redirection Vulnerability Found In Facebook [The Vulnerability Still Active & Not Been Patched]
Facebook -the world's largest social networking site with registered users of more than one billion, is considered among one of the safest site of the cyber space. To maintain such reputation Facebook Inc has done all the required steps, that one could possibly take. Like other high profile and very popular websites, Facebook also stand as one of the hot target of almost every cyber criminals of the world. To get rid of this and make FB safe and secure, the company have introduced what it called 'Bug Bounty' offer; where you can submit vulnerabilities to FB and get rewarded. We have seen many security researchers and hackers across the globe has done this and get their award. But not every time, and today I will talk about that- few days ago a reader of VOGH, who also goes by the nick name of 'Dr41DeY' has figured out a URL redirection vulnerability in Facebook. One of the link in Facebook App which is apps.facebook.com is posing URL redirection vulnerability. The hacker has demonstrated how any one can use  the vulnerability  in order to manipulate millions of innocent Facebook users. Let see  

Before publishing this, one of our VOGH representative have talked with Facebook Security regarding this security vulnerability, but due to some reason FB might overlooked this issue. Finally after waiting for almost a week, we the Team VOGH decided to bring this in-front of our reader. Let briefly go through with the vulnerable link- 

https://apps.facebook.com/a.php?u=http://www.voiceofgreyhat.com&mac=AQLy7nyXi5NBt31j&__tn__=*B&eid=AQLpbizR7KEf3cyD0VTN7fNtv99fMZABDp2gdWhvL-MQocJIPy3w4hUG7_7hrmSMqDq7QLCI9k_0LbB95NEz_6GUDHGNgTDsGP_rX-VWRHxfg5a--VlnN1K9FdG3NAek8r2JPWENkb2Mu56EckbZCGXcPie27OnHxE-H7MBufQel0Pr-ZjpCWB6QF5xHeWsdKqyHzjK2woBGGrjk9Dlgnzcw3d9ZWPzrwbGpm6MSkpks3mqEphXnTP2Vd9UDQxIs68NnTaO35XIwKq5t3CSdb11iU_34gzjfLgvvDo_BYbgtrGe0Juc5CpRSwd5nImw9oPPvn6Za9rrxO_ivROtOGc2b2S3bYzNLWpbDwt3cFN2rJ3JElyIR0vjB4R859PpE9SrZx6AD3s_liikzPh30YLVb8XvPABk7r9MShk6OrVFPiAWZnEvPx49UzPDSF-nEl188rEPAi0KGJ4u1zb10hhzmHUCjH04SezDByUkyNituMb2lgiQz-Xlpgy_tkVYR-U7plDa38N9VzdAj_Bwefd7B85ykZCAy9ZQOt48Ql8KQeKfivk3sThZIkLwWPiju7R28Sw6bj09vS_Y28kFSqanGe9tYAPfKIe4zOzQt9-Q1CC_EwX3ypOlyQ2yXMiU3lwp7M9EriKHRFDsTgsuzzF-uvlpx3UrWh8M55-NX0ULjr4kxjAR5g_1wU-luUyn_Ot6Ly1_ZbBdahyb5uSmCDNvF5kMuIH8Gxvpql45dNffGzKau9oZGn6r1OmsG47JIGipznCVaZnWjXAakDnEMX6X8ZtI-M-db1olzbBpJdj5sZe-x2VM02S5XsXJWe_QLxFDOupjbz8I82HETHQ9PbzSIMsJboll4E3-f_JQFfdzwEguLa8SC_ImRahWBCwKNJeSlmRv91FqWpQaChe5-UyAoqcblvK4jPuRO3qC7o-qMTQ2jEJqqUW46koulOmgNJpMYXPgRxjNGcwjyTPS59Nr08zq6eCNd1aYLh2E4s5MYXBtVUTF8l0uhQ2wYSoR66xZsI2tK0DD1KiQHyTO1QieBwPtCN3eWgRzUTg3lM3ttkuwYKRPPLDvtUOPWmZhYUzUFcbfPM2kXdpqyGlrGx9-ErKGygYKATx2xzrTzktjgW4q0L5wfO3CSKAOCAoKfi_pfz-zIHSNE8ZAjZDtpbC_chgkvbHWJYYIs7pnE1riWJYORACjkkRr6nZoivC3z_g-8JBahghwy2C34kJYZJ6cBC8LKoB6KCTbj_F1tArQAzcSUij4vrJNUATzsdlO_ol6HwUQb8FjoWa38Bhtx81stxB328sgC9IGu1omPG0QeNJVhcJwh6HyEwtgycBLrlcdedaWbkwvnjv3F3BWuJIi763nBeYuAgNUaEUYHaXu_ZJzXW8fQ72nz_hddGT_GH50&sig=89099

Replace voiceofgreyhat.com with any of your favorite site, and the the said vulnerability will allow you to get redirected to that very website you want to from Facebook. This loophole is still active, and any one can test that with the above url, we thought the impact of this loophole is very serious, as any malicious attacker can misuse the trust-hod of Facebook's url in order to harm regular internet users, while redirecting them to any junk or malfunctional websites.

Disclaimer:- Earlier I told that the issue has already brought into the notice of Facebook Security, but they overlooked the whole issue, so being a responsible cyber media, we VOGH are disclosing this to people. If any one misuse this vulnerability, then Voiceofgreyhat will not at all be responsible for any kind of mishap.

Update:- May be doing more that what we call late repent, but finally the above disclosed vulnerability has been patched by Facebook security team. 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search