Parv

  • info
  • discussion
  • exploit
  • solution
  • references
IBM Security Privileged Identity Manager CVE-2016-0353 Information Disclosure Vulnerability

Bugtraq ID: 94543
Class: Design Error
CVE: CVE-2016-0353
Remote: Yes
Local: No
Published: Nov 24 2016 12:00AM
Updated: Nov 25 2016 09:04PM
Credit: The vendor reported the issue.
Vulnerable: IBM Security Privileged Identity Manager 2.0
Not Vulnerable:


SecurityFocus Vulnerabilities

Vulnerable: phpMyAdmin phpMyAdmin 4.6.4
phpMyAdmin phpMyAdmin 4.6.2
phpMyAdmin phpMyAdmin 4.6.1
phpMyAdmin phpMyAdmin 4.6
phpMyAdmin phpMyAdmin 4.6.3
phpMyAdmin phpMyAdmin 4.4.15.8
phpMyAdmin phpMyAdmin 4.4.15.7
phpMyAdmin phpMyAdmin 4.4.15.6
phpMyAdmin phpMyAdmin 4.4.15.5
phpMyAdmin phpMyAdmin 4.4.15.4
phpMyAdmin phpMyAdmin 4.4.15.3
phpMyAdmin phpMyAdmin 4.4.15.2
phpMyAdmin phpMyAdmin 4.4.15.1
phpMyAdmin phpMyAdmin 4.0.10.9
phpMyAdmin phpMyAdmin 4.0.10.8
phpMyAdmin phpMyAdmin 4.0.10.7
phpMyAdmin phpMyAdmin 4.0.10.6
phpMyAdmin phpMyAdmin 4.0.10.5
phpMyAdmin phpMyAdmin 4.0.10.4
phpMyAdmin phpMyAdmin 4.0.10.3
phpMyAdmin phpMyAdmin 4.0.10.2
phpMyAdmin phpMyAdmin 4.0.10.17
phpMyAdmin phpMyAdmin 4.0.10.16
phpMyAdmin phpMyAdmin 4.0.10.15
phpMyAdmin phpMyAdmin 4.0.10.14
phpMyAdmin phpMyAdmin 4.0.10.13
phpMyAdmin phpMyAdmin 4.0.10.12
phpMyAdmin phpMyAdmin 4.0.10.11
phpMyAdmin phpMyAdmin 4.0.10.10
phpMyAdmin phpMyAdmin 4.0.10.1


SecurityFocus Vulnerabilities

Security remains top of mind as over 70 per cent of consumers noted they always think about their security/privacy when shopping online, according to Centrify. Unfortunately, despite the changing attitudes towards security, some consumers are still making basic security faux pas online.

security faux pas

Password hygiene is also a continuing problem when shopping online. Nearly 14 per cent admitted that they share passwords with friends and family so they can login to their accounts, whilst over 50 per cent said they save them to the retailer’s websites so as not to forget them. Over half also said that they only sometimes use different passwords for different retailer’s websites.

Most concerning is that one in eight said they would accept discounts and special offers from retailers in exchange for their passwords, highlighting the risks consumers are willing to take in order to save money online.

83 per cent would sometimes, or never, check the security and privacy terms and conditions of the retailer, leaving them wide open to hacking and data theft if shopping with an unknown or untrusted retailer.

On top of this, more than a fifth would still not ensure there is a secure padlock icon in the browser before making their purchases, and 27 per cent said they would only do this on some occasions.

With Black Friday around the corner and the Christmas shopping season well under way for most, frugal shoppers need to consider their online safety before making any purchases.

Centrify offers ten tips for consumers when shopping online:

  • Always shop with reputable sellers, and be cautious when entering URLs. A misspelled domain, or non-‘https’ site could land you on a false site designed to steal your information
  • Ensure you read the site’s privacy policy to understand how and where your personal information is being used. Lack of an easily visible privacy policy should be a red flag to using that site
  • Be suspicious of links in unsolicited emails – always type the link directly into your browser, do not click on them within the email. Hovering over the links should highlight if the link is unsafe, as you would notice the link underneath may be different to the text
  • Deals that appear too good to be true often are, so treat them with even more caution
  • If an online retailer requests extra personal information, such as a password for your email or bank account as part of the shopping process, do not enter them
  • Secure mobile phones if you plan to use them for shopping by enabling security features such as passwords and encryption
  • Always use different, long, and complex passwords (or passphrases) for each site. If you don’t, and a hacker steals your password for one account they will have free rein over the others! This would have devastating consequences on sites that have your personal and credit card information
  • Enable multi-factor authentication where possible. This involves combining two or more different ‘factors’ for extra security when logging in – such as something an individual has (like an ATM card or smart card), something a user is (such as a biometric characteristic like a fingerprint or retina scan) or something the user knows, like a password
  • Passwords are not meant to be shared. Never give out your passwords online, on the phone or even to friends or family
  • Do not store passwords. Many browsers, programs, or web applications will offer to store your password for you so you only have to enter the password once and never again. While seemingly a convenient option, it is a bad idea to store passwords associated with personal or financial accounts. This is especially true if you use public or shared computers.


Help Net Security

  • info
  • discussion
  • exploit
  • solution
  • references
libTIFF CVE-2016-8331 Type Confusion Remote Code Execution Vulnerability

Bugtraq ID: 93898
Class: Boundary Condition Error
CVE: CVE-2016-8331
Remote: Yes
Local: No
Published: Oct 25 2016 12:00AM
Updated: Nov 20 2016 12:03AM
Credit: Tyler Bohan and Cory Duplantis.
Vulnerable: LibTIFF LibTIFF 4.0.6
Not Vulnerable:


SecurityFocus Vulnerabilities

As we approach Thanksgiving in the U.S., the one thing I look forward to the most — aside from turkey and spending time with my family — is football. As I watch the games, the security geek in me can’t help but notice some parallels between football and network security, particularly firewalls and intrusion prevention.

Network Security Playbook

During a passing play, for example, the tailback needs to protect the quarterback from any defender who breaks through the offensive line. That is critical to the success of the specific play and the quarterback’s long-term health. A firewall is like that offensive line. Even the latest next-generation firewalls (NGFW) occasionally allow threats to break through. Your organization needs a game plan for blocking those attacks that get past the firewall.

That’s why it makes sense to deploy a next-generation intrusion prevention system (IPS) behind your NGFW. By complementing the protection provided by a NGFW, the IPS can stop attacks that firewalls miss, such as those launched from within the enterprise, zero-day attacks, mutated threats, obfuscated exploits and attacks embedded in encrypted channels.

Why not use the built-in IPS capability found in most NGFWs? That’s certainly an option, if you take into the account the additional performance overhead needed to power the IPS feature and size the NGFW properly for your network. But even so, don’t forget about the internal segments of your network that need protection as well.

This an ideal use case for a standalone IPS, since it is a level 2 network device that just sits as a bump in the wire. There is no re-architecting needed to deploy it. You might also consider the fact that 55 percent of security professionals think that a standalone IPS is more effective that one built into a NGFW.

Read More About Firewalls and Securing Your Network

Teamwork Makes the Network

It is also important to remember that the IPS needs to be a good teammate to all the other security solutions you have already deployed, especially since it is capable of stopping threats at the point of attack. For example, your IPS should provide an out-of-the-box integration with your organization’s SIEM so that an attacker can be quarantined when an offense is detected.

Automating containment of threats reduces the spread of malware, halts an attacker’s subsequent lateral movement and stops additional data exfiltration. It’s important to choose an IPS that provides a web server application program interface (WSAPI) so that it can be integrated with the organization’s existing security products.

IBM Security Network Protection (XGS) is a next-generation intrusion prevention system that has a long track record of protecting against both known and unknown threats, often months or years before specific vulnerabilities are disclosed. Read our free solution brief, “A Firewall Is Just the Beginning When Securing Your Network,” to learn how you can significantly improve network security by deploying IBM XGS with your NGFW.


Security Intelligence

US President Barack Obama on Sunday refused to say whether he was considering the dismissal of National Security Agency chief Admiral Michael Rogers, but suggested he was looking at how cyber defenses are organized.

"Admiral Rogers is a terrific patriot and has served this country well in a number of positions," Obama said at a press conference in Peru, amid suggestions that key intelligence and defense officials want him to be dismissed after a series of security breaches.

"I generally don't comment on personnel matters here. I can say, generally, that we have spent a lot of time over the last several years looking at how we can organize our cyber efforts to keep pace with how rapidly the environment is changing."

On Saturday, US media reported that top US military and intelligence leaders were pushing Obama to fire Rogers, even as Rogers was apparently being considered for a senior position in President-elect Donald Trump's administration.

US House Intelligence Committee Chairman Devin Nunes has asked Defense Secretary Ash Carter and Director of National Intelligence James Clapper -- the two reportedly behind the push -- to testify before the end of the year.

If Trump nominates Rogers, and he is confirmed by the Senate, he would succeed Clapper as the official who oversees all 16 US intelligence agencies coordinated by the Office of the Director of National Intelligence.

Rogers, who also heads US Cyber Command, has been at the helm of the NSA and its Central Security Service since 2014, in the wake of a massive leak by former intelligence contractor Edward Snowden linked to broad surveillance methods.

view counter

© AFP 2016

Tags:


SecurityWeek RSS Feed

Vulnerable: Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Oracle Enterprise Linux 7
IBM WebSphere Application Server Liberty Profile 8.5.5
IBM Websphere Application Server 8.5.5
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 7.0 3
IBM Websphere Application Server 7.0 29
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 7.0 10
IBM Websphere Application Server 7.0 .9
IBM Websphere Application Server 7.0 .8
IBM Websphere Application Server 7.0 .2
IBM Websphere Application Server 7.0 .13
IBM Websphere Application Server 7.0 .12
IBM Websphere Application Server 7.0 .11
IBM Websphere Application Server 6.1 41
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .8
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .4
IBM Websphere Application Server 6.1 .33
IBM Websphere Application Server 6.1 .32
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .25
IBM Websphere Application Server 6.1 .23
IBM Websphere Application Server 6.1 .22
IBM Websphere Application Server 6.1 .21
IBM Websphere Application Server 6.1 .20
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .19
IBM Websphere Application Server 6.1 .18
IBM Websphere Application Server 6.1 .17
IBM Websphere Application Server 6.1 .15
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .13
IBM Websphere Application Server 6.1 .12
IBM Websphere Application Server 6.1 .11
IBM Websphere Application Server 6.1 .10
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 8.5.5.9 - Liberty Pr
IBM Websphere Application Server 8.5.5.9
IBM Websphere Application Server 8.5.5.8 - Liberty Pr
IBM Websphere Application Server 8.5.5.8
IBM Websphere Application Server 8.5.5.7 - Liberty Pr
IBM Websphere Application Server 8.5.5.7
IBM Websphere Application Server 8.5.5.6 - Liberty Pr
IBM Websphere Application Server 8.5.5.6
IBM Websphere Application Server 8.5.5.5 - Liberty Pr
IBM Websphere Application Server 8.5.5.5
IBM Websphere Application Server 8.5.5.4 - Liberty Pr
IBM Websphere Application Server 8.5.5.4
IBM Websphere Application Server 8.5.5.3 - ~~Liberty
IBM Websphere Application Server 8.5.5.3
- IBM AIX 4.3
- Linux kernel 2.3 .x
- Microsoft Windows NT 4.0
- Sun Solaris 8_sparc
IBM Websphere Application Server 8.5.5.2 - Liberty Pr
IBM Websphere Application Server 8.5.5.2
IBM Websphere Application Server 8.5.5.1 - Liberty Pr
IBM Websphere Application Server 8.5.5.1
IBM Websphere Application Server 8.5.5.0 - Liberty Pr
IBM Websphere Application Server 8.5.0.2 - Liberty Pr
IBM Websphere Application Server 8.5.0.2
IBM Websphere Application Server 8.5.0.1 - Liberty Pr
IBM Websphere Application Server 8.5.0.1
IBM Websphere Application Server 8.5.0.0 - Liberty Pr
IBM Websphere Application Server 8.5.0.0
IBM Websphere Application Server 8.0.0.9
IBM Websphere Application Server 8.0.0.8
IBM Websphere Application Server 8.0.0.7
IBM Websphere Application Server 8.0.0.6
IBM Websphere Application Server 8.0.0.5
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 8.0.0.3
IBM Websphere Application Server 8.0.0.12
IBM Websphere Application Server 8.0.0.11
IBM Websphere Application Server 8.0.0.10
IBM Websphere Application Server 8.0.0.1
IBM Websphere Application Server 8.0.0.0
IBM Websphere Application Server 7.0.0.7
IBM Websphere Application Server 7.0.0.6
IBM Websphere Application Server 7.0.0.5
IBM Websphere Application Server 7.0.0.41
IBM Websphere Application Server 7.0.0.4
IBM Websphere Application Server 7.0.0.39
IBM Websphere Application Server 7.0.0.37
IBM Websphere Application Server 7.0.0.35
IBM Websphere Application Server 7.0.0.34
IBM Websphere Application Server 7.0.0.33
IBM Websphere Application Server 7.0.0.32
IBM Websphere Application Server 7.0.0.31
IBM Websphere Application Server 7.0.0.27
IBM Websphere Application Server 7.0.0.25
IBM Websphere Application Server 7.0.0.24
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0.0.22
IBM Websphere Application Server 7.0.0.19
IBM Websphere Application Server 7.0.0.18
IBM Websphere Application Server 7.0.0.17
IBM Websphere Application Server 7.0.0.16
IBM Websphere Application Server 7.0.0.15
IBM Websphere Application Server 7.0.0.14
IBM Websphere Application Server 7.0.0.1
IBM Websphere Application Server 7.0.0.0
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1.0.47
IBM Websphere Application Server 6.1.0.45
IBM Websphere Application Server 6.1.0.43
IBM Websphere Application Server 6.1.0.39
IBM Websphere Application Server 6.1.0.37
IBM Websphere Application Server 6.1.0.35
IBM Websphere Application Server 6.1.0.34
IBM Websphere Application Server 6.1.0.31
IBM Websphere Application Server 6.1.0.29
IBM Websphere Application Server 6.1.0.27
IBM Tivoli Storage Productivity Center 5.2.10
IBM Tivoli Storage Productivity Center 5.2.6
IBM Tivoli Storage Productivity Center 5.2.5
IBM Tivoli Storage Productivity Center 5.2.2
IBM Tivoli Storage Productivity Center 5.2.1 0
IBM Tivoli Storage Productivity Center 5.2
IBM Tivoli Storage Productivity Center 5.1.1 3
IBM Tivoli Storage Productivity Center 5.1.1
IBM Tivoli Storage Productivity Center 5.1
IBM Tivoli Storage Productivity Center 5.2.7.1
IBM Tivoli Storage Productivity Center 5.2.7
IBM Tivoli Storage Productivity Center 5.2.5.1
IBM Tivoli Storage Productivity Center 5.2.4.1
IBM Tivoli Storage Productivity Center 5.2.4
IBM Tivoli Storage Productivity Center 5.2.3
IBM Tivoli Storage Productivity Center 5.2.1.1
IBM Tivoli Storage Productivity Center 5.1.1.9
IBM Tivoli Storage Productivity Center 5.1.1.8
IBM Tivoli Storage Productivity Center 5.1.1.7
IBM Tivoli Storage Productivity Center 5.1.1.6
IBM Tivoli Storage Productivity Center 5.1.1.5
IBM Tivoli Storage Productivity Center 5.1.1.4
IBM Tivoli Storage Productivity Center 5.1.1.2
IBM Tivoli Storage Productivity Center 5.1.1.10
IBM Tivoli Storage Productivity Center 5.1.1.1
IBM Tivoli Storage Productivity Center 5.1.1.0
IBM Tivoli Monitoring 6.2.2
IBM Tivoli Enterprise portal server -
IBM Spectrum Control 5.2.11
IBM Spectrum Control 5.2.10
IBM Spectrum Control 5.2.9
IBM Spectrum Control 5.2.8
IBM Spectrum Control 5.2.10.1
IBM Liberty for Java for Bluemix 2.9
IBM Liberty for Java for Bluemix 2.7
IBM Liberty for Java for Bluemix 2.6
IBM Liberty for Java for Bluemix 2.3
IBM InfoSphere Information Server 9.1
IBM InfoSphere Information Server 8.7
IBM InfoSphere Information Server 11.5
IBM InfoSphere Information Server 11.3
IBM FastBack for Workstations Central Administration Console 7.1
IBM FastBack for Workstations Central Administration Console 6.3
IBM Content Integrator 8.6
IBM Bluemix Liberty for Java 2.3
IBM Bluemix Liberty for Java 2.2
IBM Bluemix Liberty for Java 2.1
IBM Bluemix Liberty for Java 2.0
IBM Bluemix Liberty for Java 1.9
IBM Bluemix Liberty for Java 1.8
IBM Bluemix Liberty for Java 1.7
IBM Bluemix Liberty for Java 1.6
IBM Bluemix Liberty for Java 1.5
IBM Bluemix Liberty for Java 1.3
CentOS CentOS 6
Apache Standard Taglibs 1.2.1


SecurityFocus Vulnerabilities

Fortinet researcher Kai Lu warns of a fake email app that is capable of stealing login credentials from 15 different mobile banking apps for German banks.

android banking malware masquerading

“Once this malicious app is installed and device administrator rights are granted, when the user first launches a targeted banking app the malicious app sends a request via HTTPS to its C2 server to get the payload. The C2 server then responds with a fake customized login webpage, and the malicious app displays this fake customized login screen overlay on top of the legitimate banking app to collect entered banking credentials,” he explains.

“There is a different customized login screen for each bank targeted by this malware.”

The malware hides the icon from the launcher once the malware is up and running, and victims might be tricked into believing that they have somehow failed to install the app.

But, in the background, the malware tries to prevent some 30 different anti-virus mobile apps from launching, collects information about the device (as well as the “installed app” list) and sends it to the C&C server, and waits for further instructions.

It can be made to intercept incoming SMS messages, send out mass text messages, update the targeted app list, set a new password for the device, and more.

At the moment, it does not pop overlays to steal credit card info (e.g. when the Google Play or PayPal app is started), but that can soon change.

The researcher says that to remove the app, victims must first disable the malware’s device administrator rights in Settings > Security > Device administrators > Device Admin > Deactivate, then uninstall the malware via ADB (Android Debug Bridge) by using the command ‘adb uninstall [packagename]’. Tech-unsavvy users might want to ask for help with that last step from friends and family who know how to do that.

Lu also recently analyzed another piece of malware that masquerades as an unnamed German mobile banking app. This one also targets five banks in Austria, as well as Google Play (asks users to input credit card info when they start the app).

This particular malware also comes in the form of a fake Flash Player app, and is after credit card info of users of several popular social media apps (Instagram, Skype, WhatsApp, Facebook, etc.).


Help Net Security

I have the great opportunity to spend time with CSOs and IT executives to understand their cybersecurity concerns and help them map out a strategy for success. An increasingly common question I’ve been hearing is, “Does my organization need a threat intelligence team?” Adding threat intelligence capabilities to your organization can be valuable, with their ability to hunt for advanced attacks; profile never-before-seen malware, campaigns or adversaries; and really think like an attacker. However, the number of organizations with their own dedicated threat intelligence team is quite low today, with some very good reasons behind this trend.

The fact is that in-house threat intelligence teams are rare because of the difficulty and cost of identifying and hiring qualified staff. In the grand scheme of things, cybersecurity itself is a relatively new industry, and the number of highly technical threat analysts is still low. The fact is, the number of open security jobs is far greater than the number of candidates, something many of you experience on a daily basis when trying to fill your open positions. For example, most universities don’t offer a cybersecurity major, and many people currently pursuing computer science fields are not aware of the potential opportunity in front of them.

Today’s threat intelligence analysts learned what they know through hands-on work in related computing fields and/or years of experience on the IT frontlines. With threat intelligence analysts in short supply, the demand for their services keeps their salaries high and beyond the budgets of all but the largest organizations.

So my answer to the threat intelligence team question mentioned above usually consists of several more questions:  What is your organization’s current security posture? Are you automatically preventing attacks before they can breach your network? Do you have an information security team, and do they have a proven workflow in place for handling a successful cyberattack? How are you protecting your organization’s intellectual property and high-value assets? Is your network properly segmented? If the answer to any of those questions is “no,” my advice to the customer is to get those issues addressed first, before they even begin to ponder the need for a dedicated threat intelligence team.

This isn’t to say that an organization doesn’t need threat intelligence; good intelligence plays an important role in defending against attacks. But for many organizations, the best way to get value from threat intelligence is by ensuring their security platforms can natively consume and enforce protections derived from it. When you exist in a world where attacks are generated at machine scale, you must ensure you can automate as much of the creation, sharing, ingestion and application of threat intelligence as possible. The desired end state is preventing the majority of attacks, identifying targeted threats, and ensuring your security staff has easy access to the intelligence and context to prioritize the most critical attacks for immediate action. Inherent in this is the belief that more data doesn’t always yield better security: you need the right intelligence, delivered in a simple way.

Once you have established a good baseline for your security posture, I would advise you to start considering how to build a threat intelligence team now. It will take time to identify the right people and secure the support you need to build the team. Think about the following guidelines as you move down this path:

Support From the C-Suite

The cost involved in building a threat intelligence team is so great that most boards of directors will need assurances that the work being done is truly necessary. I would advise any CSOs considering building a threat intelligence team to make sure they can translate the benefits of their threat intelligence team’s research in a way that clearly communicates its value to the board. For instance, you want to report out threats targeting your organization and industry, and make the link between highly technical indicators of compromise and business metrics. If the board isn’t able to understand the impact that not having a threat intelligence team will have on the bottom line, they’re less likely to see it as worth the cost.

Cybersecurity and Threat Intelligence Are Different Disciplines

Don’t expect to plug a cybersecurity specialist into the role of threat intelligence analyst, as the jobs require different skill sets. An example I use to illustrate the difference is scientists and engineers. Scientists, like threat intelligence analysts, spend much of their time researching a subject over time to learn its behavior, motivation and technique. They then publish their findings so others can apply that research in a practical way. Engineers, like cybersecurity specialists, apply the knowledge gained by scientists to the real world by building machines or writing code to produce the desired effect and then maintaining that machine or code over time. Be aware of the difference when staffing up your threat intel team. Not everyone in cybersecurity is meant to be a threat analyst and vice versa.

Good Intel Is Hard to Find

This is a topic I’ve addressed before, but there are a lot of different threat intelligence feeds available today and each of them claims to provide the best, most comprehensive intel on the latest cyberthreats. In an effort to make sure they don’t miss hearing about the latest threat, threat intelligence teams will subscribe to multiple intelligence feeds. But in the intelligence game, it’s quality, not quantity that counts. The value of any threat intel is in its applicability to your network. For example, if you’re organization is responsible for cybersecurity at a large manufacturing facility, you need to be concentrating your threat intelligence spend on feeds that specifically track manufacturing cyberthreats. This will allow you to focus on the threats most likely to impact the organization, and it will free up the budget spent on unnecessary feeds for better use elsewhere.

view counter

Scott Simkin is a Senior Manager in the Cybersecurity group at Palo Alto Networks. He has broad experience across threat research, cloud-based security solutions, and advanced anti-malware products. He is a seasoned speaker on an extensive range of topics, including Advanced Persistent Threats (APTs), presenting at the RSA conference, among others. Prior to joining Palo Alto Networks, Scott spent 5 years at Cisco where he led the creation of the 2013 Annual Security Report amongst other activities in network security and enterprise mobility. Scott is a graduate of the Leavey School of Business at Santa Clara University.

Previous Columns by Scott Simkin:

Tags:


SecurityWeek RSS Feed

USN-3129-1: Linux kernel vulnerability | Ubuntu

Jump to site nav

  • Jump to content
  • Cloud
    • Overview
    • Ubuntu OpenStack
    • Public cloud
    • Cloud tools
    • Cloud management
    • Ecosystem
    • Cloud labs
  • Server
    • Overview
    • Server management
    • Hyperscale
  • Desktop
    • Overview
    • Features
    • For business
    • For developers
    • Take the tour
    • Desktop management
    • Ubuntu Kylin
  • Phone
    • Overview
    • Features
    • Scopes
    • App ecosystem
    • Operators and OEMs
    • Carrier Advisory Group
    • Ubuntu for Android
  • Tablet
    • Design
    • Operators and OEMs
    • App ecosystem
  • TV
    • Overview
    • Experience
    • Industry
    • Contributors
    • Features and specs
    • Commercial info
  • Management
    • Overview
    • Landscape features
    • Working with Landscape
    • Return on investment
    • Compliance
    • Ubuntu Advantage
  • Download
    • Overview
    • Cloud
    • Server
    • Desktop
    • Ubuntu Kylin
    • Alternative downloads


Ubuntu Security Notices