SUSE-SU-2018:2362-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarmtimernsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktimeaddsafe is not us...

SUSE-SU-2018:2350-1 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606460 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE-SU-2018:2364-1 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606493 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE-SU-2018:2352-1 Security update for the Linux Kernel (Live Patch 26 for SLE 12)

This update for the Linux Kernel 3.12.61-5289 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE-SU-2018:2369-1 Security update for the Linux Kernel (Live Patch 36 for SLE 12)

This update for the Linux Kernel 3.12.61-52136 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other...

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2332-1) (Foreshadow)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache use...

Enhanced Infrastructure DDoS Protection Analytics: Targeted Visibility for Greater Accuracy

We've rolled out enhanced infrastructure protection analytics which shows top traffic patterns for traffic flowing through our Incapsula Infrastructure DDoS Protection service. Imperva clients can now view network statistics categorized by source or destination IPs and ports, or by packet size fo...

Unbreakable Enterprise kernel security update

4.14.35-1818.0.15 - tcp: add tcpoootrycoalesce helper Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: call tcpdrop from tcpdataqueueofo Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: detect malicious patterns in tcpcollapseofoqueue Eric Dumazet Orabug: 28453849 CVE-2018-5390 - tcp: avoid...

Open Redirect

Django is vulnerable to open redirects. If the library is configured to accept URL patterns ending in a slash, a malicious user can pass a URL request to conduct a open redirect attack...

Introducing: Malwarebytes Browser Extension

Are you tired of all the unwanted content the world wide web offers up, whether you like it or not? It is our privilege to introduce you to the Malwarebytes Browser Extension BETA. Or, better said, the Malwarebytes Browser Extensions, because we have one for Firefox and one for Chrome. Introducti...

Drupal, Phishing and A New Cryptomining Botnet

It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to...

A week in security (June 25 – July 1)

Last week on Labs, we looked at comment moderation duties, Viagra spam on a news-making restaurant's website, and how to manage your child's online presence for Internet safety month. We also looked at a set of big breaches and leaks, as well as malware threats with a World Cup vibe. Other news...

Norwegian Agency Dings Facebook, Google For “Unethical” Privacy Tactics

While GDPR is forcing large data-crushing service providers to be transparent around data collection and usage, some are still employing a number of tactics to nudge end users away from data privacy. That’s what the Norwegian Consumer Council said in an in-depth report, released Wednesday, which...

Manipulative Social Media Practices

The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy. From the executive summary: Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to g...

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2012-5783)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

Security Bulletin: Information disclosure in WebSphere Application Server with SAML bundled with IBM WebSphere Application Server Patterns (CVE-2018-1614)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Versions 1.7.0 and 1.7.1 that are used by IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns (CVE-2015-2590, CVE-2015-4733, CVE-2015-4748, CVE-2015-2621, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Versions 1.7.0 and 1.7.1 that are used by IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details...

Security Bulletin: IBM Software Delivery and Lifecycle Patterns for the glibc vulnerabilities (CVE-2015-7547)

Summary IBM Software Delivery and Lifecycle Patterns requires client action for the glibc vulnerabilities. The GNU C Library glibc is vulnerable to a heap-based buffer overflow, a local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with ro...

Security Bulletin: IBM Software Delivery and Lifecycle Patterns for the Open Source libuser Vunlerabilities (CVE-2015-3245 and CVE-2015-3246)

Summary IBM Software Delivery and Lifecycle Patterns requires client action for the Open Source libuser Vunlerabilities. The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived...