Why Data Ethics Is a Growing CISO Priority

With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

(by mobius via Adobe Stock)

Data and its necessity in business is not a new phenomenon. The collection and use of data to advance objectives has been an integral part of strategy for years – and it only continues to grow, right along with the data that fuels it. By 2025, IDC says worldwide data will grow 61% to 175 zettabytes.

But along with growing data collection and use, there are increased concerns about how companies are handling the data. As such, the role of the Chief Data Officer is finding its place in more organizations. A study by NewVantage Partners cited in Harvard Business Review reveals the number of companies with a CDO rose from 12% in 2012 to 68% in 2018. The same research also finds 55% of executives say data ethics is a top business priority.

“In these times of pandemic, personal data is being requested more frequently than ever before for track and trace purposes whether this be by your local restaurant, your medical practitioner or even your employer who may be taking personal medical information details around your health and well-being before allowing you back into the workplace,” says Steve Durbin, managing director of the Information Security Forum. “No wonder then that the ethical use of data is becoming more of a talking point.”

But how do these concerns intersect with the security team’s and CISO’s role as data protectors? How should security find its place into the conversation about data ethics?

“Security has always been intimately involved in taking responsibility for the confidentiality, integrity and accessibility of data and I do not see that changing,” says Durbin. “But as we move more into the realms of privacy by design, there will increasingly be a need for the CISO to be working closely with the Chief Data Officer.”

A ‘Natural’ Extension of Security’s Role

The concern around how data is handled – and potentially misused – is top of mind for consumers as well as regulators. The obvious main concern is privacy. Research from KPMG that looked at attitudes among 1000 Americans finds consumers are distrustful of how companies safeguard their personal data against misuse and theft. Among the findings, 54% feel that companies cannot be trusted to use their personal data in an ethical way and 68% believe that companies will not sell personal data in a responsible way.

“Cybersecurity and data ethics are intertwined and are dependent on each other for the success of sustained digital trust with clients,” says Jason Albuquerque, CIO and CISO with Carousel Industries. “Cybersecurity team are enablers of data ethics strategies. There are several core ideals of data ethics and how security plays a critical role in their success. The first is obvious: is your organization protecting sensitive data to the best of its ability?”

The benefits of a cooperative relationship between security and a data team are numerous. In an age where consumers care more, and regulators are watching, it can mean reduced legal liability, and better protections in the event of a data breach if a business can prove it has handled data in a responsible and ethical way. Without this synergy, notes Albuquerque, the consequences can be dire, ranging from reputational damage to monetary loss.

“Organizations that lack the proper data ethics frameworks can cause immeasurable damage,” he says.

Thankfully, the relationship between the Chief Data Officer and the security team is a natural one, according to Bjorn Townsend, security consultant for CI Security. In addition to safeguarding systems and information, a good CISO should ensure that the business is also trusted as a good steward of data.

“Security needs to be built into the conversation from the beginning,” he says. “Without assurance that adequate security measures are in place to defend our personal data, we cannot meaningfully be said to have control of it.”

A Collision of Objectives?

But sometimes, security and privacy objectives collide, says Laura Noren, New York University visiting professor for data science and VP of privacy and trust at Obsidian Security. The tension between merely handling data securely and treating it ethically (to ensure privacy) can in some organizations present challenges.

“For instance, a traditional approach to data loss prevention requires that the contents of email messages, files, and chat transcripts be captured and scanned to make sure Social Security numbers, sensitive health and education data, financial account data, [are] not entering or exiting organizational safe storage locations via unsafe transfer mechanisms,” says Noren. “That approach is generally accepted as valid and helpful in the security community. Privacy defenders disagree. Capturing, storing, and scanning all email, chat, and file content means millions and billions of fully compliant, non-risky files and emails are scanned and sometimes stored” as well.

The retention of data is also another issue under the ethics umbrella that will only get moreuse of certain types of consumer data. The European Union’s General Data Protection Regulation set powerful new, followed by the California Consumer Privacy Act (CCPA). Now privacy advocates in California have placed a proposition on the ballot this fall that is seen as an attention in the foreseeable future, especially as more legislation addresses the storing and extension of the CCPA and would expand the protections for the contents of Californians’ emails, texts, and chats that would into effect in 2023 if passed.

“I don’t believe the ethics picture can be complete without considering privacy and the responsibility to properly secure, manage and respond to cyber security risks,” says James Chappell, co-founder and chief innovation officer at Digital Shadows.

In a heated regulatory landscape, making sure data collection is done securely and ethically will require a much larger cooperate effort between data and security teams, who should be thinking now how to work together.

“I personally would actively encourage Chief Data Officers to engage with existing teams or build out companywide security and privacy governance capabilities as part of their role,” says Chappell. “Just like any other part of a business, a data officer or ethics officer should be seeking to enable the business whilst helping to manage the risks.”

Related content:

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full BioRecommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts
More Webcasts

White Papers

Container Security Best Practices: A How-To Guide

A Guide to the Iranian Threat Landscape

More White Papers

Reports

The Threat from the Internet–and What Your Organization Can Do About It

DNS Network Traffic Volumes During the 2020 Pandemic

More Reports

https://www.malwaredevil.com/2020/08/03/why-data-ethics-is-a-growing-ciso-priority/?utm_source=rss&utm_medium=rss&utm_campaign=why-data-ethics-is-a-growing-ciso-priority

Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw

Almost two months after a high-severity flaw was disclosed – and seven months after it was first reported – Netgear has yet to issue fixes for 45 of its router models.
Read More

https://www.malwaredevil.com/2020/08/03/netgear-wont-patch-45-router-models-vulnerable-to-serious-flaw/?utm_source=rss&utm_medium=rss&utm_campaign=netgear-wont-patch-45-router-models-vulnerable-to-serious-flaw

Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020

Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.

Omdia, the global research powerhouse within Informa Tech, is pleased to partner once again with the Black Hat global security event series through its participation in Black Hat USA 2020.

Black Hat USA 2020 will be a fully virtual event for its 23^rd year. It is the world’s leading information security event, providing attendees with cutting edge security research, technological developments, and information security industry trends.

Analysts from Omdia’s Cybersecurity Accelerator research group will participate in the event during the Black Hat Briefings seminar series, taking place Aug. 4-6. Omdia analysts participating in the event will include:

. Maxine Holt, Senior Research Director

. Jeff Wilson, Chief Analyst

. Rik Turner, Principal Analyst

. Tanner Johnson, Senior Analyst (IoT Security)

. Eric Parizo, Senior Analyst (SecOps, Infrastructure)

. Alan Rodger, Senior Analyst (GRC, Security Management)

. Don Tait, Senior Analyst (Identity, Authentication, and Access)

Omdia analysts will lead two briefings during the event.

In a talk titled, “State of the cybersecurity technology market in the COVID-19 era,”Chief Analyst Jeff Wilson will tackle how malicious hackers have already taken advantage of the pandemic to launch new attacks. This session will focus on technologies, architectures, and solutions that companies can use to securely connect and protect users, data, and infrastructure during the pandemic, and after it passes.

Meanwhile, Senior Research Director Maxine Holt will discuss “Organizational approaches to cybersecurity complexity.” This session will define the Office of the CISO, the responsibilities that it encompasses — including technology and other security controls — and offer suggestions as to how organizations of all sizes can begin to bring some order to this crucial function.

In addition, Omdia Cybersecurity Accelerator analysts will be accessible throughout the event by visiting the Omdia virtual booth in the Business Hall.

At the Omdia virtual booth, attendees can learn about Omdia’s history, mission, and research objectives, as well as view exclusive video content created by the Cybersecurity Accelerator analysts.

Visitors to the Omdia virtual booth also will have the opportunity to meet with an Omdia analyst in a 1-on-1 virtual setting. Attendees may request an appointment on a first-come first-serve basis.

Related Content:

Register now for this year’s fully virtual Black Hat USA, scheduled to take place August 1-6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Eric Parizo supports Omdia’s Cybersecurity Accelerator, its research practice supporting vendor, service provider, and enterprise clients in the area of enterprise cybersecurity. Eric covers global cybersecurity trends and top-tier vendors in North America. He has been … View Full BioRecommended Reading:

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Enterprise Database Strategies for 2020

More Webcasts

White Papers

CyberSecurity Trends 2020

A Guide to the Iranian Threat Landscape

More White Papers

Reports

The Threat from the Internet–and What Your Organization Can Do About It

Cloud-Native Security Platforms: The Solution for the Digital Age

More Reports

https://www.malwaredevil.com/2020/08/03/omdia-cybersecurity-accelerator-analysts-to-take-part-in-black-hat-usa-2020/?utm_source=rss&utm_medium=rss&utm_campaign=omdia-cybersecurity-accelerator-analysts-to-take-part-in-black-hat-usa-2020

Are You Effectively Addressing API Security? – Michael Borohovski – BH20 #1

All applications use APIs—they’re nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively?

We’ve seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure.

Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software.

This segment is sponsored by Synopsys.

Visit https://securityweekly.com/synopsys to learn more about them!
Visit https://securityweekly.com/summercamp2020 to view the Live Stream and previously recorded micro-interviews.

Chat live with the Security Weekly Staff, Hosts, and Guests in our Discord Server: https://discord.gg/pqSwWm4
Show Notes: https://securityweekly.com/bh201

https://www.malwaredevil.com/2020/08/03/are-you-effectively-addressing-api-security-michael-borohovski-bh20-1/?utm_source=rss&utm_medium=rss&utm_campaign=are-you-effectively-addressing-api-security-michael-borohovski-bh20-1

Havenly discloses data breach after 1.3M accounts leaked online

Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum.
Read More

https://www.malwaredevil.com/2020/08/03/havenly-discloses-data-breach-after-1-3m-accounts-leaked-online/?utm_source=rss&utm_medium=rss&utm_campaign=havenly-discloses-data-breach-after-1-3m-accounts-leaked-online

ESET Threat Report Q2 2020

A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.

Read more at welivesecurity.com!

https://www.malwaredevil.com/2020/08/03/eset-threat-report-q2-2020/?utm_source=rss&utm_medium=rss&utm_campaign=eset-threat-report-q2-2020

FastPOS Malware Creator Pleads Guilty to Federal Charges

A one-time member of the infamous Infraud Organization and the creator of a malware strain called FastPOS has pleaded guilty to federal conspiracy charges, according to the U.S. Justice Department.
Read More

https://www.malwaredevil.com/2020/08/03/fastpos-malware-creator-pleads-guilty-to-federal-charges/?utm_source=rss&utm_medium=rss&utm_campaign=fastpos-malware-creator-pleads-guilty-to-federal-charges

Google: Eleven zero-days detected in the wild in the first half of 2020

The current number puts 2020 on track to have just as many zero-days as 2019 when Google security researchers said they tracked 20 zero-days all of last year.
Read More

https://www.malwaredevil.com/2020/08/03/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/?utm_source=rss&utm_medium=rss&utm_campaign=google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020

Monday review – our recent stories revisited

Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time.
Read More

https://www.malwaredevil.com/2020/08/03/monday-review-our-recent-stories-revisited-2/?utm_source=rss&utm_medium=rss&utm_campaign=monday-review-our-recent-stories-revisited-2

GandCrab ransomware distributor arrested in Belarus

In a press release last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware.
Read More

https://www.malwaredevil.com/2020/08/03/gandcrab-ransomware-distributor-arrested-in-belarus/?utm_source=rss&utm_medium=rss&utm_campaign=gandcrab-ransomware-distributor-arrested-in-belarus

The COVID-19 pandemic and its impact on cybersecurity

The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, leading to a 63% rise in attacks related to the pandemic, according to a survey by ISSA and ESG.
Read More

https://www.malwaredevil.com/2020/08/03/the-covid-19-pandemic-and-its-impact-on-cybersecurity/?utm_source=rss&utm_medium=rss&utm_campaign=the-covid-19-pandemic-and-its-impact-on-cybersecurity

Security Alert: Alert Regarding Vulnerability (CVE-2020-5617) in SKYSEA Client View

Alert Regarding Vulnerability (CVE-2020-5617) in SKYSEA Client View

last update: 2020-08-03

        <div class="contents_container">
            <article class=""><div class="at">

JPCERT-AT-2020-0031
JPCERT/CC
2020-08-03

I. Overview

Sky Co., LTD. published information about a vulnerability in SKYSEA Client View (CVE-2020-5617). An attacker who can login to a client PC where SKYSEA Client View is installed may be able to execute arbitrary code with system privileges on the PC by leveraging the vulnerability.

As for the details of the vulnerability, please refer to the following URL.

Sky Co., LTD.
[Important] Privilege escalation vulnerability (CVE-2020-5617) (JAPANESE)
https://www.skygroup.jp/security-info/200803.html

JVN#25422698
SKYSEA Client View vulnerable to privilege escalation
https://jvn.jp/en/jp/JVN25422698/

II. Affected Products

Affected products and versions are as follows:

– SKYSEA Client View Versions from Ver.12.200.12n to 15.210.05f

III. Solution

Affected users are recommended to apply the module provided by Sky Co., LTD. that addressed the vulnerability.

Sky Co., LTD.
Website for contracted users (JAPANESE)
https://sp.skyseaclientview.net/topics/detail_2092.html
* Requires User ID and password for login

IV. References

Sky Co., LTD.
[Important] Privilege escalation vulnerability (CVE-2020-5617) (JAPANESE)
https://www.skygroup.jp/security-info/200803.html

Sky Co., LTD.
FAQ regarding the vulnerability (CVE-2020-5617) (JAPANESE)
https://sp.skyseaclientview.net/faq/detail_875.html
* Requires User ID and password for login

JVN#25422698
SKYSEA Client View vulnerable to privilege escalation
https://jvn.jp/en/jp/JVN25422698/

If you have any information regarding this alert, please contact JPCERT/CC.

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

<

p class=”pg_top”>Top

            </article>

Was this helpful?

Yes
No

Add comment:

Please use this form to send us your feedback. For more information on the individual products, please contact the developers.

To provide feedback, please enable JavaScript.

Thank you.
To report an incident, please click here.

<< Previous
Next >>

        </div>

Read More

https://www.malwaredevil.com/2020/08/03/security-alert-alert-regarding-vulnerability-cve-2020-5617-in-skysea-client-view/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-alert-regarding-vulnerability-cve-2020-5617-in-skysea-client-view

TrickBot Anchor Malware Infects Both Linux and Windows Systems

Security experts spotted TrickBot adding a new capability to its Anchor malware that carries a Windows executable to infect both Linux and Windows systems on the same network.
Read More

https://www.malwaredevil.com/2020/08/03/trickbot-anchor-malware-infects-both-linux-and-windows-systems/?utm_source=rss&utm_medium=rss&utm_campaign=trickbot-anchor-malware-infects-both-linux-and-windows-systems

Silent BadPower Attacks Could Give Your Devices a Meltdown

Using the BadPower attack technique, the manipulation of charging parameters to deliver higher voltages than the device can cause damage and even destroy a device.
Read More

https://www.malwaredevil.com/2020/08/03/silent-badpower-attacks-could-give-your-devices-a-meltdown/?utm_source=rss&utm_medium=rss&utm_campaign=silent-badpower-attacks-could-give-your-devices-a-meltdown

Twitter Hackers Accessed Twitter Analytics-related Data for Eight Accounts

For eight Twitter accounts (none of them blue-ticked verified accounts), attackers downloaded account data through the “Your Twitter Data” feature.
Read More

https://www.malwaredevil.com/2020/08/03/twitter-hackers-accessed-twitter-analytics-related-data-for-eight-accounts/?utm_source=rss&utm_medium=rss&utm_campaign=twitter-hackers-accessed-twitter-analytics-related-data-for-eight-accounts

ESB-2020.2645 – [Linux] Hitachi: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2645
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi
Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure
                 Analytics Advisor and Hitachi Ops Center.
                               3 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Hitachi Command Suite
                   Hitachi Automation Director
                   Hitachi Configuration Manager
                   Hitachi Infrastructure Analytics Advisor
                   Hitachi Ops Center
Publisher:         Hitachi
Operating System:  Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote/Unauthenticated      
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Mitigation
CVE Names:         CVE-2020-14664 CVE-2020-14621 CVE-2020-14593
                   CVE-2020-14583 CVE-2020-14581 CVE-2020-14579
                   CVE-2020-14578 CVE-2020-14577 CVE-2020-14573
                   CVE-2020-14562 CVE-2020-14556 

Reference:         ASB-2020.0128
                   ESB-2020.2545

Original Bulletin: 
   https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-122/index.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center.

Security Information ID
hitachi-sec-2020-122

Vulnerability description
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center.

CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-14664

Affected products and versions are listed below. Please upgrade your version to the appropriate version, or apply the Workarounds.
The product name in Hitachi Command Suite is changed in Hitachi Ops Center series on some products. To find fixed products, need to find same number following product name in [Affected products] and [Fixed products].

Affected products
The information is organized under the following headings:

(Example)
Product name: Gives the name of the affected product.

Version:

Platform
Gives the affected version.
- - Hitachi Command Suite

Product name: Hitachi Device Manager ---(1)
Component name: Device Manager Server

Version(s):

All versions

Product name: Hitachi Device Manager ---(1)
Component name: Device Manager Agent

Version(s):

All versions

Product name: Hitachi Device Manager ---(1)
Component name: Host Data Collector

Version(s):

All versions

Product name: Hitachi Tiered Storage Manager ---(2)

Version(s):

All versions

Product name: Hitachi Replication Manager ---(3)

Version(s):

All versions

Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager server

Version(s):

All versions

Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager - Agent for RAID

Version(s):

All versions

Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager - Agent for NAS

Version(s):

All versions

Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager - Agent for SAN Switch

Version(s):

All versions

Product name: Hitachi Dynamic Link Manager ---(5)

Version(s):

All versions

Product name: Hitachi Global Link Manager ---(6)

Version(s):

All versions

Product name: Hitachi Compute Systems Manager ---(7)

Version(s):

All versions

Product name: Hitachi Automation Director ---(8)

Version(s):

All versions

Product name: Hitachi Configuration Manager ---(9)

Version(s):

All versions

Product name: Hitachi Infrastructure Analytics Advisor ---(10)
Component name: Hitachi Infrastructure Analytics Advisor

Version(s):

All versions

Product name: Hitachi Infrastructure Analytics Advisor ---(10)
Component name: Analytics probe server

Version(s):

All versions

- - Hitachi Ops Center

Product name: Hitachi Ops Center Automator ---(8)

Version(s):

All versions

Product name: Hitachi Ops Center API Configuration Manager ---(9)

Version(s):

All versions

Product name: Hitachi Ops Center Analyzer ---(10)

Version(s):

All versions

Product name: Hitachi Ops Center Analyzer viewpoint ---(11)

Version(s):

All versions

Product name: Hitachi Ops Center Common Services ---(12)

Version(s):

All versions


Fixed products

The information is organized under the following headings:

(Example)
Product name: Gives the name of the fixed product.

Version:

Platform
Gives the fixed version, and release date.
Scheduled version:

Platform
Gives the fixed version scheduled to be released.
- - Hitachi Command Suite

Product name: Hitachi Device Manager ---(1)

Scheduled version(s):

Product name: Hitachi Tiered Storage Manager ---(2)

Scheduled version(s):

Product name: Hitachi Replication Manager ---(3)

Scheduled version(s):

Product name: Hitachi Tuning Manager ---(4)

Scheduled version(s):

Product name: Hitachi Dynamic Link Manager ---(5)

Scheduled version(s):

Product name: Hitachi Global Link Manager ---(6)

Scheduled version(s):

Product name: Hitachi Compute Systems Manager ---(7)

Scheduled version(s):

Product name: Hitachi Automation Director ---(8)

Scheduled version(s):

Product name: Hitachi Configuration Manager ---(9)

Scheduled version(s):

- - Hitachi Ops Center

Product name: Hitachi Ops Center Automator ---(8)

Scheduled version(s):

Product name: Hitachi Ops Center API Configuration Manager ---(9)

Scheduled version(s):

Product name: Hitachi Ops Center Analyzer ---(10)

Scheduled version(s):

Product name: Hitachi Ops Center Analyzer viewpoint ---(11)

Scheduled version(s):

Product name: Hitachi Ops Center Common Services ---(12)

Scheduled version(s):

For details on the fixed products, contact your Hitachi support service representative.

Workarounds

Hitachi Command Suite, Hitachi Infrastructure Analytics Advisor, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Ops Center Analyzer, Hitachi Ops Center Automator and Hitachi Ops Center API Configuration Manager
None
If you have support agreement with Oracle Java, execute the following temporary solution. Change the JDK used by Hitachi Command Suite products to the Oracle JDK(8u261 or later).
For details about precondition and procedure, see product documents.(*1)

Hitachi Ops Center Analyzer viewpoint
Change the JDK used by Hitachi Ops Center Analyzer viewpoint to the Amazon Corretto(11.0.8).
For details on the procedure, see Installation and Configuration Guide.

Hitachi Ops Center Common Services
Change the JDK used by Hitachi Ops Center Common Services to the Amazon Corretto(8.262).
For details on the procedure, see Installation and Configuration Guide.

*1About Hitachi Infrastructure Analytics Advisor (including Analytics probe) and Hitachi Ops Center Analyzer (including Analyzer probe), contact your Hitachi support service representative.
Revision history
July 31, 2020
This page is released.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyefDONLKJtyKPYoAQj9zxAApIAYScfGnrkkzzXRyrXJeFseubY1CRRN
O4wpQA9P0vMCTKWtyp2eGlIpWS0Phf2Rx33T5Wa3qehMiGBYJmzBeLP3buTV67Xe
jaFd/u5JWQAuap71Uwn/QIoRLEhla1b7To7jfCol1I9NKc1ZMfuo55Fs9YfqucFU
4GpjiJkjPJqa3mhdRNBxs2vDsmyIRGdwabjmBksrjBj+/PYSn6k5IxdVmjKx25F0
mt8Gbqnm/rxG8tTm7cC2otYe2Um5Tv+BNA+JAd4zWApyCdSdYPHKKheZ0WDasW08
v5kVZhq6PR5S74rfaX2EDB9u0MpA8xI/V8LBGINetixY/WpnMwB++zDalifb3a2u
XKkVpxlsbqAVfcVppg+8YesBIAEbp94vx+J147FrjdNc6i0SgujhsYlNwPNb0jYE
9LM9Ian8g1HUw/j8z2f6duo3wjdNjQyLcJ1t1EOFdl6g9KVU0E/LF9/E2UetbnhY
KGyqSeUKEa1kXUko13YV/aiWbA5b1GRWAifyes8MyanjNSw6HV0XxMw27XTVUB7h
m3h1/kWo+pgIaQQHDIqMJOC7sOcAkyTB4pi8AUUqrjZOQtUC73l4qG8JIarnng6U
E4zyg/cPWuEYHc/h50RKneVc3U1fcMKVlvnop9CgUN7SNDaU38NpQ8nECfrlN5NW
Ns7ZgbtcPj4=
=9Ynt
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/03/esb-2020-2645-linux-hitachi-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2645-linux-hitachi-multiple-vulnerabilities

ESB-2020.2646 – [AIX] IBM Java SDK: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2646
  Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
                               3 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Java SDK
Publisher:         IBM
Operating System:  AIX
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-2830 CVE-2020-2805 CVE-2020-2803
                   CVE-2020-2800 CVE-2020-2781 CVE-2020-2757
                   CVE-2020-2756 CVE-2020-2755 CVE-2020-2754
                   CVE-2020-2654 CVE-2019-2949 

Reference:         ESB-2020.2622
                   ESB-2020.2565

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6255212

- --------------------------BEGIN INCLUDED TEXT--------------------

Multiple vulnerabilities in IBM Java SDK affect AIX

Security Bulletin

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions
7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2020-2654
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Libraries component could allow an unauthenticated attacker to cause a denial
of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
174601 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-2805
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Libraries component could allow an unauthenticated attacker to take control of
the system.
CVSS Base score: 8.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179703 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2020-2803
DESCRIPTION: An unspecified vulnerability in multiple Oracle products could
allow an unauthenticated attacker to take control of the system.
CVSS Base score: 8.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179701 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2020-2830
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Concurrency component could allow an unauthenticated attacker to cause a denial
of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179728 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-2781
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
JSSE component could allow an unauthenticated attacker to cause a denial of
service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179681 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-2800
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Lightweight HTTP Server component could allow an unauthenticated attacker to
cause low confidentiality impact, low integrity impact, and no availability
impact.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2020-2757
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Serialization component could allow an unauthenticated attacker to cause a
denial of service resulting in a low availability impact using unknown attack
vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-2756
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Serialization component could allow an unauthenticated attacker to cause a
denial of service resulting in a low availability impact using unknown attack
vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-2755
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Scripting component could allow an unauthenticated attacker to cause a denial
of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179655 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-2754
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Scripting component could allow an unauthenticated attacker to cause a denial
of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-2949
DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos
component could allow an unauthenticated attacker to obtain sensitive
information resulting in a high confidentiality impact using unknown attack
vectors.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169254 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

+--------------------+----------+
|Affected Product(s) |Version(s)|
+--------------------+----------+
|AIX                 |7.1       |
+--------------------+----------+
|AIX                 |7.2       |
+--------------------+----------+
|VIOS                |2.2       |
+--------------------+----------+
|VIOS                |3.1       |
+--------------------+----------+

The following fileset levels (VRMF) are vulnerable, if the respective Java
version is installed:
For Java7: Less than 7.0.0.665
For Java7.1: Less than 7.1.0.465
For Java8: Less than 8.0.0.610

Note: To find out whether the affected Java filesets are installed on your
systems, refer to the lslpp command found in AIX user's guide.

Example: lslpp -L | grep -i java

Remediation/Fixes

Note: Recommended remediation is to always install the most recent Java package
available for the respective Java version.

IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 65 and
subsequent releases:
32-bit
64-bit

IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 65 and
subsequent releases:
32-bit
64-bit

IBM SDK, Java Technology Edition, Version 8 Service Refresh 6 Fix Pack 11 and
subsequent releases:
32-bit
64-bit

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyefLeNLKJtyKPYoAQhGwA/+JsMkxfTcoOz6hBCH0pI4MFb+c2yO6+3e
z+RikW7Fgv2aF0crY+WEw7N1bPBxQmrJXty2jEs2qd2Q/Xnou1xsjXwDlhV3SqZY
7KrutvUh/7anolY2ybyXZqA/fQPW5cIP0R6t6douWH1Y97vxBMqSACarRGvBEqpP
oW75lZUjaDftpCn38702SNLWv/y1KUjGCYXwr5Ans33FGpUWGBgYWEp5mdrUZjcR
EeB3sLDaLbi+srGVZBndkaGxmd9F/dJzzHRAtI9KmIQCKl+ArWreFtBXZEpDzsMN
dMH8X0TZjdo2HyLkeCxARpJZAwqaJjQz4fR/Fs6h0FkiMNECitgzwPXMY3Eg4RwE
BQtGxBl2zZxV0MD1XnnECV5sHk0GQoamXp7wPaEZ3tMMm3T7EVcvnAE7UNGg4Cys
YWgsiPN+r//r1WmaF/lH8hV3Yi2OhFB7qVtkJsHkQgJBmY2rwrT8B5OAXSZrXio0
8dc2/MdEy77FcqejMW/cJ8/ECSpFEPWG2/XtPlizoRdsd0Xxc0gBKCz4ECmpwPwP
rFq7xQa6fiaSFR7JD+ozPCiRMoLUm7SuO30avoQSV7gKap1f1fgna9uVrE5NzCNc
OWM9Qvwy1ChVkjL4jQSa2+Umtwkxojxup/rIxkDA0ZLa3Qqds2jMqK7wxDCHIDqg
CriD4otKG8Q=
=4CZN
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/03/esb-2020-2646-aix-ibm-java-sdk-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2646-aix-ibm-java-sdk-multiple-vulnerabilities

ESB-2020.2644 – [Cisco] Cisco Systems: Reduced security – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2644
  Cisco Adaptive Security Appliance Software and Firepower Threat Defense
                Software Trustpoint Configuration Defaults
                               3 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Adaptive Security Appliance
                   Cisco Firepower Threat Defense
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Reduced Security -- Remote/Unauthenticated
Resolution:        Mitigation

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-racerts-WvuYpxew

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Trustpoint Configuration Defaults

Priority:        Informational

Advisory ID:     cisco-sa-racerts-WvuYpxew

First Published: 2020 July 31 16:00 GMT

Last Updated:    2020 July 31 22:35 GMT

Version 1.1:     Final

Workarounds:     YesCisco Bug IDs:   CSCvt50528CSCvv11051CSCvv11100

CWE-295

Summary

  o Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
    Defense (FTD) Software can be configured for certificate authentication in
    remote access VPN deployments.

    An external researcher has identified several misconfigured Cisco ASA and
    FTD Software remote access devices where the ASA/FTD device may admit VPN
    remote access to users who possess a valid certificate from a public
    certificate authority (CA) when the VPN endpoint is configured to have its
    server identity certificate issued from the same public CA.

    Cisco would like to raise awareness for customers in regard to how Cisco
    ASA and FTD Software apply default settings to trustpoints for imported
    certificates, and how to ensure a trustpoint is configured for its desired
    function only.

    Cisco does not consider this a vulnerability in Cisco ASA or FTD Software
    or the digital certificates authentication feature, but a configuration
    issue.

    Future releases of Cisco ASA and FTD Software, including Cisco Adaptive
    Security Device Manager (ASDM), Cisco Security Manager, and Cisco Firepower
    Management Center (FMC), will raise warning alerts when importing
    certificates to alert customers of the default behavior and to provide
    guidance how to harden the configuration via Cisco bug IDs CSCvt50528,
    CSCvv11100, and CSCvv11051.

    However, it is not a requirement to run code integrated with these Cisco
    bug IDs to take the appropriate hardening actions. Customers are advised to
    review this advisory and make any respective configuration changes.

Details

  o The target audiences for this informational advisory are customers who have
    deployed Cisco ASA/FTD devices as remote access VPN endpoints and are
    performing any client-based certificate authentication.

    When a new certificate is imported to the configuration, the default
    settings for the trustpoint usage are for ipsec-client and ssl-client
    validation, so by default, that trustpoint can be used to authenticate VPN
    users. If the trustpoint's intended use is only as a server identity
    certificate and the corresponding certificate authority trust should not be
    used for VPN validation, the ASA/FTD administrator has to configure the
    device as such using the validation-usage command.

    Without altering the configuration, if using client certificate
    authentication without other authentication and authorization methods, it
    may be possible to authenticate using any user identity certificate that is
    issued by the same certificate authority as the ASA/FTD device's identity
    certificate. Installations that use additional authentication and
    authorization would either prevent or require the additional steps to be
    passed before being granted access to the network.

Recommendations

  o Identification

    While all trustpoint configurations should be reviewed to ensure they are
    configured for their desired purpose, the primary risk is when using:

       The ASA/FTD devices as a remote access VPN endpoint.
       Client certificate authentication where certificates are issued by
        certificate authority A.
       A certificate for the identity of the ASA/FTD device issued by
        certificate authority B.

    The intention would be that the administrators of the ASA/FTD VPN endpoint
    only wish to consider client certificates issued by certificate authority
    A. For example, the client-issued certificates could come from a company's
    private CA (CA A), while the ASA/FTD identity certificate may have been
    issued by a public CA (CA B).

    To determine whether a Cisco ASA or FTD device is affected by the issue
    described in this advisory, use this process:

    1) Confirm if the device is configured to allow remote access VPN.

    Cisco ASA Feature                 Identification Configuration
    AnyConnect IKEv2 Remote Access    crypto ikev2 enable 
    (with client services)            client-services port 
    AnyConnect SSL VPN                webvpn
                                      enable 
    Clientless SSL VPN                webvpn
                                      enable 

    Alternatively, on FMC, go to Devices -> VPN -> Remote Access and see if any
    profiles exist.

    If enabled, proceed to the next step.

    2) Confirm if using client certificate authentication.

    Administrators can use the show running-config all tunnel-group command
    from either the ASA CLI or FTD CLI to determine whether any of the
    connection profiles are using an authentication method that contains a
    certificate. If either the Authentication, Authorization and Accounting
    (AAA) or Security Assertion Markup Language (SAML) 2.0 method alone is
    used, the device is not affected. The following example shows the output of
    the command for an ASA device that is using both AAA and client certificate
    authentication:

        ciscoasa# show running-config all tunnel-group
         authentication aaa certificate
        .

    Alternatively, on FMC, go to Devices -> VPN -> Remote Access and click the
    Remote Access profile name. For the different connection profiles, examine
    the AAA column; if any of the Authentication fields indicate Client
    Certificate Only or Client Certificate & AAA , then client certificates are
    in use. Proceed to the next step.

    Note : If alternative authentication methods are configured, those
    authentication methods will still need to be fulfilled to pass
    authentication and be granted access to the network.

    3) Determine if using a certificate for the identity of the ASA/FTD issued
    by a certificate authority that the administrator doesn't control.

    Administrators can first use the show running-config ssl | include
    trust-point command to identify the device's identity certificate used on
    the remote access VPN-enabled interface:

        ciscoasa# show running-config ssl | include trust-point
        ssl trust-point IDENTITY outside

    In the previous example, the interface named outside is associated with the
    identity certificate configured within the trustpoint named IDENTITY .

    Administrators can view the certificates included in this trustpoint and
    specifically look at the Subject Name of the CA Certificate to identify
    whether this certificate has been issued by a public CA:

        ciscoftd# show crypto ca certificate IDENTITY
        Certificate
          .
          .
          Issuer Name:
          l=Sydney
          c=AU
          o=GoDaddy.com, Inc.
          ou=http://certs.godaddy.com/repository/
          cn=Go Daddy Secure Certificate Authority - G2
          Subject Name:
          .
          .
            cn=FPR2100-FTD
          Validity Date:
            start date: 07:16:53 UTC Jul 26 2020
            end   date: 07:16:53 UTC Jul 26 2021
          Storage: config
          Associated Trustpoints: FPR2100-FTD.cisco.com


    Alternatively, on FMC, go to Devices -> VPN -> Remote Access and click the
    Remote Access profile name. Click Access Interfaces . This will show you
    the identity certificate presented on the remote access VPN interface in
    the SSL Global Identity Certificate field.

    Remediation

    When a new certificate is imported to the configuration, the default
    settings for the trustpoint usage are for ipsec-client and ssl-client
    validation, so by default, that trustpoint can be used to authenticate VPN
    users. Administrators should review all their trustpoint usage
    configurations. If the trustpoint holds the certificates for server
    authentication, that trustpoint should be configured with the
    validation-usage ssl-server configuration command. Any trustpoint not used
    explicitly for client authentication should have the no validation-usage 
    configuration applied as per the following procedures:

    For ASA, administrators can log into the device and reconfigure the
    trustpoint using the validation-usage command:

        crypto ca trustpoint 
         no validation-usage

    For FTD managed via FMC, administrators can use FlexConfig. Proceed with
    the following steps:

    1. Validate the configuration of the trustpoint that needs reconfiguring
    via the show running-config all crypto ca trustpoint FTD CLI command and
    confirm that validation-usage is set to ipsec-client ssl-client .

    2. On FMC, go to Objects -> Object Management -> FlexConfig -> FlexConfig
    Object, and fill in the Name and Description fields. Complete the text box
    with the command as shown in the following example. Note you could define
    the TrustPointName as a variable or just enter the name of the
    TrustPointName you wish to alter:

        Name: NoValidationUsage
        Description: no validation-usage ipsec-client ssl-client
        Text Box:
        crypto ca trustpoint TrustPointName
        no validation-usage

    3. Apply FlexConfig to the affected devices by selecting Devices ->
    FlexConfig .

    4. Click New Policy , create a name, and select the devices to assign the
    policy to. On the next screen, select Add FlexConfig Object and click the
    object you created in the previous steps; in this example,
    NoValidationUsage .

    5. Save the FlexConfig.

    6. Deploy the FlexConfig.

    7. Validate the configuration was a success by logging into the device and
    issuing the show running-config all crypto ca trustpoint FTD CLI command.
    Under the public trustpoint, it should say no validation-usage.

    If the client certificates are issued from a different CA than the identity
    certificate, that trustpoint will still be required to have the default
    settings of validation-usage ipsec-client ssl-client or just
    validation-usage ssl-client , depending on the designed usage.

    For FTD managed via Firepower Device Management (FDM), there is currently
    no way to alter the trustpoint configuration via FlexConfig. A new version
    will be released that supports the ability to reconfigure the trustpoint.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Mike Guy of CenturyLink for reporting this issue.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-racerts-WvuYpxew

Revision History

  o +---------+------------------------------+---------+--------+-------------+
    | Version |         Description          | Section | Status |    Date     |
    +---------+------------------------------+---------+--------+-------------+
    | 1.1     | Republish for external email | -       | Final  | 2020-JUL-31 |
    |         | notification.                |         |        |             |
    +---------+------------------------------+---------+--------+-------------+
    | 1.0     | Initial public release.      | -       | Final  | 2020-JUL-31 |
    +---------+------------------------------+---------+--------+-------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyee8ONLKJtyKPYoAQiv5hAAsIxKNr3YA11kLPGFLFyTL6z0FsNPSebn
RwblN8oFqA7QqrVqAlM3kJk1kKflIvAJtd7lgMf2Co5QrWC4LPJEerWKWN0+Zln1
C9RbqG8PSWcxZFE7RH1jBB+wxMgBA4qELSGb7W7j8huiXrOfGAecPuec52onFney
71/jAwFO0dKGMNPOVOWtRZFqctGAyamMTbrfLie9u2Mi/p9eAmUC0/PRLb1jRF2h
8HttZylixEPTfcu2UNfOI5cEIrB1Doi1p2SeTZOs/o6Jg16Gg62btrttbVxbNH06
XuKJGCANUpCOw2yh2Rx34bOFcRuhIst7wzbSnMK40dpweq+HwraPIKAkaGMOIyYs
t2fggAOEM+1fLarfpCMhL6OjdagAtsb7ddJFLjPj+OytcIY5JVVltdqJNQZjd4yg
AvYq0z15cdu20EnUyren2bKhTMsJDUwB4zSTOTlF2k1GsSt/QXFbc6try0KWQo9d
llh6pZvYZg3g51nzWmdFk9tL8LGIUL6d5xwGb1i8iB28GdaoFP/2AH5p6qqXsSVV
2nLXeJ8kDrsj/2IDsaMqG70sVarUShaR9mbdMqvk23xdMQuf6x8RhZeOnAiTTIwG
jvJj5Rin3diludWAqw1o0pZPpvB+A6PH/xe/r3ZOVDADMBB/IVLe9AXriCKQA0oV
RYQf3ywLNFE=
=8n4A
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/03/esb-2020-2644-cisco-cisco-systems-reduced-security-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2644-cisco-cisco-systems-reduced-security-remote-unauthenticated

ESB-2020.2643 – [RedHat] OpenShift Container Platform 4.5.4 jenkins-2-plugins: Cross-site scripting – Remote with user interaction

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2643
   OpenShift Container Platform 4.5.4 jenkins-2-plugins security update
                               3 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenShift Container Platform 4.5.4 jenkins-2-plugins
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-2190  

Reference:         ESB-2020.1973

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3207

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.5.4 jenkins-2-plugins security update
Advisory ID:       RHSA-2020:3207-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3207
Issue date:        2020-07-31
CVE Names:         CVE-2020-2190 
=====================================================================

1. Summary:

An update for jenkins-2-plugins is now available for Red Hat OpenShift
Container Platform 4.5.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.5 - noarch

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

* jenkins-script-security-plugin: A vulnerability was found in Jenkins
Script Security Plugin 1.72 and earlier does not correctly escape pending
or approved classpath entries on the In-process Script Approval page,
resulting in a stored cross-site scripting vulnerability. (CVE-2020-2190)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For OpenShift Container Platform 4.5 see the following documentation, which
will be updated shortly for release 4.5.4, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel
ease-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster
- - -cli.html.

5. Bugs fixed (https://bugzilla.redhat.com/):

1847337 - CVE-2020-2190 jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts

6. Package List:

Red Hat OpenShift Container Platform 4.5:

Source:
jenkins-2-plugins-4.5.1595405982-1.el7.src.rpm

noarch:
jenkins-2-plugins-4.5.1595405982-1.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-2190
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyQpktzjgjWX9erEAQi/Ag//XpNvKRk5QAsyhWHEDjNPrYlB3TThfqpT
fy8L9+QIPrXyYL8Kyb4vAHibZ1Dnzfsqnp22iBTRR8j6w6PGGYKWrZCqYsQDGm2Q
b9TVRv3Abm1oQ7uC3zbcxkMmYCzPQ4Z7Bb2RcG+svdq7djfv4f2H4QZDTxHDBe7E
UukaapNR8jj/rL9nIHirCxYUHmJnGZSS9xLekew5hHYmhE763Z4Jwk997Yzvrr2k
sUZlqnCilko4g4w9Lko0g98rZbJ/GKBoWL1gXvHR/W/6oXvSNYdgOQx8Z4KW6nOc
SzVR+SGDSC94ITOGZ7Rz3gu13N9YxP8R4lZSDyhyn1/sKL6KcDe67UB7p0+dWHvQ
AzxPlyOjxvMzzLTjaBoX7sLogKo0qit1G3OtoLKGNwJlHgeUPrQgn1TsskPjk/JE
jZEYbi+Omze1U5MYlEQhGV/GGLrnka8sSx3sLBQLrvb1fvQY+u82zCTS6zkSN+lo
1XFnVmhy4Fwq7UjeASEik3LWR1PtOfS9yDF7Xvl0rMp6UUaHL6k37sxllVrOy2QE
5pEBlGvwBE65fMCtKhGpY4U3fBmoWPYtuJijUDEO1WLsATZJoiBJe4XXwaPoAYsk
vTmH+pVBpIiizfNMaWgLCi9ab7HDorV2GwIFMJHTQDG+Nnd1JxGn385giYNfFgFm
5HG+6CBN/Zg=
=m7/S
- -----END PGP SIGNATURE-----

- --
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyee0+NLKJtyKPYoAQgm1Q//WTEfq2JbjV8xqeAdDuZZdKoOIkr76cxf
Tib7hcLZjwG9SS0AnDoslPstq/fkPLFJNE52hDT29JEacBbiuHtT+6L9aF1DCctW
eEt9k1Bb26e4unzPmI7b2qDcWJzIeIsVcxgRg4Y9P69+RLtWafttK1rN8RhKBPcl
9KVUJRyHH177ZrbiG1ZXjHy5tce9YXN7Gv2vY/ulWHorp6VWtjH5bEuKDnRtn1uW
a4Eoxy8kz/N9NrgS0pVlPjm3nEb+ZXhaWvs6Iz8AxqjAr17k1QX6tyk6V34yO8AZ
gPdZ1ymL6FmX/KpbY9g4gFDinHLXtq7Uh1TNQr16HJAPQ81986nRkoS4GCAuFNM0
UXlGaqtWJyih6frdfx9K1Ku9vLsry7od+qOMpfh4Pn+KkztViD/j58LnY1oFVk9C
+/kWhLl70pMVwHpoafHtE4s3AvYS1Lv9fL+ZWBJ8gPYc6Q/49s8cKZMeYmpwyuis
10fGdVO38KWIpB8aSIfBffiD1WqwDWIiyeDsVdLYCdybaUmhDRLnGl/zY1TxPswE
9NxLvraS01/RkLT8lviKJ6V8HUrNnBM/InSdgPFJrM0djevQbo2HjttIOynXYrR6
TN9XgJdXkYnA/DfwKR8cAYulSykhUPUQWRnZaAh6Bo8c8lYm8+3eSmbdDg5l0fBA
AlvhAANf6bU=
=cPzA
-----END PGP SIGNATURE-----

Read More

https://www.malwaredevil.com/2020/08/03/esb-2020-2643-redhat-openshift-container-platform-4-5-4-jenkins-2-plugins-cross-site-scripting-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2643-redhat-openshift-container-platform-4-5-4-jenkins-2-plugins-cross-site-scripting-remote-with-user-interaction