IBM WebSphere Application Server CVE-2016-0306 Information Disclosure Vulnerability
Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
IBM WebSphere Application Server CVE-2015-7417 Cross Site Scripting Vulnerability
Intel HD Graphics Windows Kernel Driver CVE-2016-5647 Local Arbitrary Code Execution Vulnerability
Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability
libgd 'read_image_tga' Function Heap Buffer Overflow Vulnerability
Flexera Software InstallShield CVE-2016-2542 DLL Loading Local Privilege Escalation Vulnerability
Adobe Acrobat and Reader APSB16-26 Multiple Unspecified Memory Corruption Vulnerabilities
LibTIFF Out of Bounds Read Multiple Memory Corruption Vulnerabilities
Adobe Acrobat and Reader CVE-2016-4255 Use-After-Free Remote Code Execution Vulnerability
Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability

Badware purveyors trying to capitalize on the ongoing Pokémon Go frenzy have achieved an important milestone by sneaking their fake wares into the official Google Play marketplace, security researchers said Friday.

Researchers from antivirus provider Eset report finding at least three such apps in the Google-hosted marketplace. Of the three, the one titled "Pokemon Go Ultimate" posed the biggest threat because it deliberately locks the screen of devices immediately after being installed. In many cases, restarting an infected phone isn't enough to unlock the screen. Infected phones can ultimately be unlocked either by removing the battery or by using the Android Device Manager.

Once the screen has been unlocked and the device has restarted, the app—which by now has the title PI Network—is removed from the device's app menu. Still, it continues to run in the background and surreptitiously clicks on ads in an attempt to generate revenue for its creators.

Read 6 remaining paragraphs | Comments

[SECURITY] [DSA 3619-1] libgd2 security update

With our more and more complex environments and processes, we have to handle a huge amount of information on a daily basis. To improve the communication with our colleagues, peers, it is mandatory to speak the same language and to avoid ambiguities while talking to them. A best practice is to apply a naming convention to everything that canbe labeled. It applies to multiple domains and not onlyinformation security. Examples:

  • Computers (hosts)
  • People (logins, email addresses, profiles)
  • Programs source code (functions, classes and variables names)
  • Files directories
  • Databases (index, fields, ...)
  • ...

A good naming convention is the one that is approved by all the parties and that will help you to perform your job better. If everybody is free to define a new one (while I was working fora company in Belgium, the servers were named with Belgian beers), there are some rules to follow. The example of Belgian beers is a good one: even we have many beers, a big organization withplenty of servers will be limited in the choice of names. Some names will be very simple, other too complex. Here are some rules to follow if you need to implement a naming convention:

  • Choose easily and readable identifier names
  • Favor readability over brevity
  • Do not non-alphanumeric characters (stick to [a-z][0-9][-_])
  • Avoid using identifiers that conflict with keywords of widely used terms
  • Keep it in English

Some rules are more specific to certain types of data. Example for files and directories, use timestamps like YYYYMMDDHHMMSS in the beginning of file names to have an automatic order. Prependingnames with the project number or the customers ID can be useful to find quickly details about a customer.

In the security landscape, we can apply naming conventions to many objects or assets. In the configuration ofsecurity tools, objects must respect a naming convention. Examples:

  • Objects in a firewall configuration
  • Rules in an IDS server
  • Groups and IOCs in a threat intelligence solution
  • In Forensics investigation (files, evidences)

This sounds easy to implement but it" />

This isnt a recent issue, it was already discussed in 1991(!):

And you? Do you have good rules to share to build a naming convention? What did you normalize? Feel free to share.

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
[security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution
Internet Storm Center Infocon Status