Samba Releases Security Updates

Original release date: May 24, 2017

The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Samba's Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.

A wormable code-execution bug has lurked in Samba for 7 years. Patch now!

Enlarge (credit: Guido Sorarù)

Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed.

The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code to execute malicious code, as long as a few conditions are met. Those requirements include vulnerable computers that (a) make file- and printer-sharing port 445 reachable on the Internet, (b) configure shared files to have write privileges, and (c) use known or guessable server paths for those files. When those conditions are satisfied, remote attackers can upload any code of their choosing and cause the server to execute it, possibly with unfettered root privileges depending on the vulnerable platform.

"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba maintainers wrote in an advisory published Wednesday. They urged anyone using a vulnerable version to install a patch as soon as possible.

Read 9 remaining paragraphs | Comments

For Three Years Running, McAfee Advanced Threat Defense Places in Radicati’s Top Players Quadrant for APT Protection

In this year’s Radicati APT Protection—Market Quadrant, McAfee Advanced Threat Defense attained a position in the Top Players quadrant for the third year running.

The Radicati report assesses advanced persistent threat (APT) solutions from major security vendors and places them in its quadrant based on the depth and breadth of product functionality and strategic vision. Top Players are typically market leaders that shape the industry through their technology innovations and understanding of market forces.

In the APT area, vendors are evaluated on multiple parameters. Some of these are: deployment options, malware detection methods, firewall and URL filtering for attack behavior analysis, web and email security, analysis of zero-day and advanced threats, sandboxing and quarantining, data loss prevention, administration, real-time updates, remediation, environment threat analysis, and more.

McAfee Advanced Threat Defense landed its position in the Radicati quadrant because of its ability to detect complex, sophisticated threats and to connect with other security components and turn threat information into action and protection.

Here are the key areas of strength emphasized by Radicati:

  • Deployment flexibility—appliances, virtual appliances, and cloud form factors—with CapEx and OpEx purchase options.
  • The powerful, layered detection approach combines in-depth static code and dynamic analysis. Proprietary static code analysis does a thorough job unpacking and unencrypting samples to expose executables in order to examine anomalies. Dynamic analysis uses sandboxing to look at malware behavior.
  • Reporting and outputs, including the ability to share indicators of compromise (IoCs) for targeted investigations.
  • The overall breadth of protection provided by the McAfee product portfolio—from endpoints to desktops to servers.
  • Additional detection engines, such as signatures, reputation, and real-time emulation, that accelerate analysis.
  • The centralized analysis device acts as a shared resource among multiple Intel Security devices.
  • Tight integration with all McAfee solutions and third-party partner products, whether directly or through the McAfee Data Exchange Layer communications fabric. This enables real-time information sharing across the entire security ecosystem when attacks and malware are detected.
  • Application of DLP technology is applied in-line to traffic by way of integration with McAfee Web Gateway.

Download your copy of the Radicati APT Protection—Market Quadrant 2017.

For information on how McAfee Advanced Threat Defense can detect and protect your enterprise from stealthy malware and zero-day threats, visit our website.

The post For Three Years Running, McAfee Advanced Threat Defense Places in Radicati’s Top Players Quadrant for APT Protection appeared first on McAfee Blogs.

Darknet – The Darkside 2017-05-24 09:56:26

So there’s been a massive Acunetix Online update that has pushed out a brand new UI plus a whole bunch of new features and capabilities, including really powerful stuff for security professionals and organisations who take their security seriously The update has focused a lot on Usability of the UI and features for infosec pros […] The post...

Read the full post at