Baanboard.com

Go Back   Baanboard.com > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor

Main

Poll
What version of Baan have you installed
Baan IV
38%
FP3
4%
FP4
0%
FP5
0%
FP6
0%
FP7
4%
10.2 (incl. 10.2.1)
0%
10.3
8%
10.4
17%
10.5
25%
Other
4%
Total votes: 24

Baanboard at LinkedIn


Reference Content

 
Security

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance

US-CERT - Alerts - January 4, 2018 - 7:47pm
Original release date: January 04, 2018 | Last revised: January 19, 2018
Systems Affected

CPU hardware implementations

Overview

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Description

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware. Meltdown affects desktops, laptops, and cloud computers.  Spectre is a flaw that an attacker can exploit to force a program to reveal its data. The name derives from speculative execution—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, cloud servers, and smartphones. Many of these security issues are remediated through the Kernel Address Isolation to have Side-channels Efficiently Removed (KAISER) patch described in detail in an academic paper named “KASLR is Dead: Long Live KASLR.” While this paper identifies a fix for Linux operating systems, the exploit concepts in the article can apply to other operating systems.

More details of these attacks are described in detail by

  • CERT/CC’s Vulnerability Note VU#584653,
  •  the United Kingdom National Cyber Security Centre’s guidance on Meltdown and Spectre,
  • Google Project Zero, and
  • the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz).
Impact

An attacker can gain access to the system by establishing command and control presence on a machine via malicious Javascript, malvertising, or phishing. Once successful, the attacker’s next attempt will be to escalate privileges to run code on the machine. Running code will allow the attacker to exploit the Meltdown and Spectre vulnerabilities. Sensitive information could be revealed from a computer’s kernel memory, which could contain keystrokes, passwords, encryption keys, and other valuable information.

Solution

NCCIC encourages users and administrators to refer to their hardware and software vendors for the most recent information. In the case of Spectre, the vulnerability exists in CPU architecture rather than in software, and is not easily patched; however, this vulnerability is more difficult to exploit. 

MICROSOFT

Microsoft has temporarily halted updates for AMD machines. More information can be found here: https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

For machines running Windows Server, a number of registry changes must be completed in addition to installation of the patches.  A list of registry changes can be found here: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

ANTIVIRUS

Microsoft has recommended that third-party antivirus vendors add a change to the registry key of the machine that runs the antivirus software. Without it, that machine will not receive any of the following fixes from Microsoft:

  • Windows Update
  • Windows Server Update Services
  • System Center Configuration Manager 

More information can be found here: https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software.

MITIGATION

Mitre has published Common Vulnerability and Exposure (CVE) notes for Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).

The table provided below lists available advisories and patches. As patches and firmware updates continue to be released, it is important to check with your hardware and software vendors to verify that their corresponding patches can be applied, as some updates may result in unintended consequences. Note: Download any patches or microcode directly from your vendor’s website.

NCCIC recommends using a test environment to verify each patch before implementing.

After patching, performance impacts may vary, depending on use cases. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect, if possible.

Additionally, users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.

The following table contains links to advisories and patches published in response to the vulnerabilities. This table will be updated as information becomes available.

Link to Vendor InformationDate AddedAmazonJanuary 4, 2018AMDJanuary 4, 2018AndroidJanuary 4, 2018AppleJanuary 4, 2018ARMJanuary 4, 2018CentOSJanuary 4, 2018ChromiumJanuary 4, 2018CiscoJanuary 10, 2018CitrixJanuary 4, 2018DebianJanuary 5, 2018DragonflyBSDJanuary 8, 2018F5January 4, 2018Fedora ProjectJanuary 5, 2018FortinetJanuary 5, 2018HPJanuary 19, 2018GoogleJanuary 4, 2018HuaweiJanuary 4, 2018IBMJanuary 5, 2018IntelJanuary 4, 2018JuniperJanuary 8, 2018LenovoJanuary 4, 2018LinuxJanuary 4, 2018LLVM: variant #2January 8, 2018LLVM: builtin_load_no_speculateJanuary 8, 2018LLVM: llvm.nospeculatedloadJanuary 8, 2018Microsoft AzureJanuary 4, 2018MicrosoftJanuary 4, 2018MozillaJanuary 4, 2018NetAppJanuary 8, 2018NutanixJanuary 10, 2018NVIDIAJanuary 4, 2018OpenSuSEJanuary 4, 2018OracleJanuary 17, 2018QubesJanuary 8, 2018Red HatJanuary 4, 2018SuSEJanuary 4, 2018SynologyJanuary 8, 2018Trend MicroJanuary 4, 2018UbuntuJanuary 17, 2018VMwareJanuary 4, 2018XenJanuary 4, 2018

 

References Revision History
  • January 4, 2018: Initial version
  • January 5, 2018: Updated vendor information links for Citrix, Mozilla, and IBM in the table and added links to Debian, Fedora Project, and Fortinet
  • January 8, 2018: Added links to DragonflyBSD, Juniper, LLVM, NetApp, Qubes, and Synology
  • January 9, 2018: Updated Solution Section
  • January 10, 2018: Added links to Cisco and Nutanix
  • January 17, 2018: Added note to Mitigation section and links to Oracle and Ubuntu
  • January 18, 2018: Updated Description, Impact, and Solution Sections, and added an additional link
  • January 19, 2018: Added link to HP

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security

Phishing to Rural America Leads to Six-figure Wire Fraud Losses, (Wed, Jan 3rd)

SANS Internet Storm Center - January 3, 2018 - 10:51pm
We often focus on malware and hacking in terms of the tools the criminals use, but often good old-fashioned deception is simple enough. A recent case I worked on involves phishing sent to rural real estate professionals (law firms, title companies, realtors, etc). It is particularly effective on targets that use the various web-mail / free e-mail services.
Categories: Security


PDF documents & URLs: video, (Tue, Jan 2nd)

SANS Internet Storm Center - January 3, 2018 - 12:50am
I received some questions about my diary entry "PDF documents & URLs: update", and to beter explain the analysis method, I created a video.
Categories: Security

What is new?, (Mon, Jan 1st)

SANS Internet Storm Center - January 1, 2018 - 12:13pm
How to best start the new year? How about a new tool: what-is-new.py.
Categories: Security

Analyzing TNEF files, (Sun, Dec 31st)

SANS Internet Storm Center - December 31, 2017 - 10:25am
Yesterday I came across a file type I rarely have to analyze: "Transport Neutral Encapsulation Format". It's an attachment file format used by Outlook and Exchange.
Categories: Security

2017, The Flood of CVEs, (Sat, Dec 30th)

SANS Internet Storm Center - December 30, 2017 - 9:05am
2017 is almost done and it’s my last diary for this year. I made a quick review of my CVE database (I’m using a local cve-search[1] instance). The first interesting number is the amount of CVE’s created this year. Do you remember when the format was CVE-YYYY-XXXX? The CVE ID format[2] changed in 2014 to break the limit of 9999 entries per year. This was indeed a requirement when you see the number of entries for the last five years:
Categories: Security

What are your Security Challenges for 2018?, (Wed, Dec 27th)

SANS Internet Storm Center - December 27, 2017 - 1:25am
We are almost at the end of another year. Last year I wrote a diary on Talent Shortage [1] and from what I have seen, it is still difficult to find the right people with the right skills [2]. I read more than ever, enterprises have to start coming up with creative recruitment strategies to hire the next generation of security professionals (IP-based skillsets) and develop strong training programs to bring them up-to-speed with the right security skills needed to defend or audit their enterprise. Obviously, you can learn a lot of things in a classroom but some skills can only be acquired in the real world. Anyone willing to learn or is curious about how attacks methods works and how to defend against them, has strong ethics and problem solving skills sound like a candidate you might want to coach and hire.
Categories: Security

Dealing with obfuscated RTF files, (Mon, Dec 25th)

SANS Internet Storm Center - December 26, 2017 - 12:20am
I see a lot of malicious RTF files that are heavily obfuscated. Last, I received a sample that rtfobj or rtfdump could not handle properly to correctly identify OLE objects ("Not a well-formed OLE object"). But my rtfdump tool has an option that can help decode objects that are not well-formed. Let's take a closer look.
Categories: Security


PDF documents & URLs: update, (Sun, Dec 24th)

SANS Internet Storm Center - December 24, 2017 - 5:27pm
I've written before about PDFs with URLs used in social engineering attacks (TL;DR: nowadays, it's more likely you'll receive a malicious PDF that just contains a malicious URL, than a PDF with malicious code).
Categories: Security

Encrypted PDFs, (Sat, Dec 23rd)

SANS Internet Storm Center - December 23, 2017 - 7:55pm
I received a bug report for my pdf-parser: it could not decompress the streams of a PDF document (FlateDecode decompress failed).
Categories: Security

I'm All Up in Your Blockchain, Pilfering Your Wallets, (Thu, Dec 21st)

SANS Internet Storm Center - December 22, 2017 - 12:01am
With the latest “gold rush” in cryptocurrency, many people are investing (or speculating, depending on your perspective) in Bitcoin and various other currencies. Many of these people are not the same tech-savvy people who have been mining for years, they are chasing big rates of returns. While the economic risks are its own discussion, this post will talk about some observations in how to protect the security of your cryptocurrency.
Categories: Security

Guest Diary (Etay Nir) Kernel Hooking Basics, (Wed, Dec 20th)

SANS Internet Storm Center - December 20, 2017 - 6:24pm
A note from HOD: We are recruiting, Etay is mostly through the roadmap. If you are interested in becoming a handler please check out our handler roadmap!
Categories: Security

All times are GMT +2. The time now is 00:45.


©2001-2017 - Baanboard.com - Baanforums.com