Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware IBM Spectrum Protect™ for Virtual Environments and IBM Tivoli Storage FlashCopy Manager for VMware IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware IBM Spectrum Protect™ for Virtual Environments and IBM Tivoli Storage FlashCopy Manager for VMware IBM...

Security Bulletin: A security vulnerability has been identified in the Tivoli Storage Manager Client shipped with IBM Tivoli Storage FlashCopy Manager for Windows (CVE-2015-0287)

Summary The IBM Tivoli Storage Manger client IBM Spectrum Protect is shipped as a component of IBM Tivoli Storage FlashCopy Manager for Windows IBM Spectrum Protect Snapshot. Information about a security vulnerability affecting the IBM Tivoli Manager client has been published in a security...

Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2015-0287)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL, used by the Tivoli Storage Manager Client, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0287 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error...

Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Continuous Data Protection for Files (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component in the underlying Tivoli Storage Manager API included in IBM Tivoli Continous Data Protection for Files. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive informatio...

Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by privilege escalation vulnerability (CVE-2015-7429)

Summary The IBM Data Protection Extension in the VMware GUI component of IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware IBM Spectrum Protect for Virtual Environments and IBM Tivoli Storage FlashCopy Manager for VMware IBM Spectrum Protect Snapshot are subject to a...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects the IBM Tivoli Storage Manager Client and the IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware data mover (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects the IBM Tivoli Storage Manager Client. However, the problem only manifests when the Tivoli Storage Manager Client is used as the IBM Tivoli Storage Manager for Virtual Environments: Data...

Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404

Summary The Tivoli Storage Manager TSM password is displayed in plain text via application trace output when the "Change TSM Password" changetsmpassword command is used and application tracing is enabled. Vulnerability Details CVEID: CVE-2015-7404 DESCRIPTION: When using one of the following...

Security Bulletin: Password Disclosure via FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-4949, CVE 2015-6557

Summary The password associated with Tivoli Storage Manager or the Microsoft SQL DB user is displayed in plain text via application pop-up messages for failed operations and in application trace output. Vulnerability Details CVEID: CVE-2015-4949 DESCRIPTION: IBM Tivoli Storage Manager for Databas...

Security Bulletin: Confidential data exposure when restoring Microsoft Exchange mailboxes which have the same alias defined CVE-2015-4950

Summary In environments with duplicated mailbox aliases, FlashCopy Manager for Microsoft Exchange, Data Protection for Microsoft Exchange, and FastBack for Microsoft Exchange may open and restore the wrong mailbox. Vulnerability Details CVEID: CVE-2015-4950 DESCRIPTION: IBM Tivoli Storage FlashCo...

Security Bulletin: Privilege Escalation Vulnerability in the Data Protection for VMware GUI (CVE-2013-6713)

Summary In customer environments that utilize VMware restricted users, users of the Tivoli Storage Manager for Virtual Environments: Data Protection for VMware GUI can back up and restore VMs that they are not authorized to access. Vulnerability Details CVE ID: CVE-2013-6713 DESCRIPTION: In...

Monitoring Data & Data Access to Support Ongoing GDPR Compliance – Part III: Tools

The new European Union EU-wide General Data Protection Regulation GDPR was signed into law in late April 2016, and the compliance deadline came into effect on May 25, 2018. The Regulation is expansive and covers a variety of subject areas, provisions, and actions in the form of documented Article...

Platypuses and Policies: Akamai's Approach to the GDPR and Information Security

Written by Meyer Potashman On May 25, 2018, the EU General Data Protection Regulation GDPR went into effect. In preparation, Akamai, like every other company that does business with or interacts in any way with individuals in the EU, needed to re-evaluate our approach to data protection and priva...

Threat Outbreak Alert RuleID32960: Email Messages Distributing Malicious Software on June 11, 2018

Medium Alert ID: 58147 First Published: 2018 June 11 21:02 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32960 may contain the following files: Name | Siz...

Tips for safe summer travels: your cybersecurity checklist

Summer is just around the corner in the Northern Hemisphere, and with it comes vacation plans for many. Those looking to take some time away from work and home are likely making plans to secure their home, have their pets taken care of, and tie up loose ends at work. But how about securing your...

GDPR: A Compliance Quagmire, for Now

The European Union’s General Data Protection Regulation GDPR has gone into effect – but questions as to what compliance actually means are far from settled. While the GDPR is a European regulation, it affects any organization that handles data on E.U. citizens, whether they be customers or...

Malware analysis: decoding Emotet, part 2

In part two of our series on decoding Emotet, you can catch up on part 1 here, we'll cover analysis of the PowerShell code. Before we do that, however, it is a good idea to list some of the functions and calls that are used in the code for the execution. System.Runtime.InteropServices.Marshal: us...

Virtualization-based security (VBS) memory enclaves: Data protection through isolation

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution...

GDPR Is Here: Put File Integrity Monitoring in Your Toolbox

In this latest post of our series on the EU’s General Data Protection Regulation, we’ll explain how file integrity monitoring FIM can be crucial in helping organizations comply with this severe regulation. GDPR, which went into effect in May and applies to organizations worldwide that handle EU...

Social Media Privacy Dominates Apple iOS 12, macOS Launches

Social media privacy is top of mind for Apple on the heels of the Facebook-Cambridge Analytica controversy. On Monday, Apple released the latest versions of its desktop and mobile operating systems at the Worldwide Developers Conference WWDC, which addresses a bevy of security and privacy concern...