Trend Micro Research Uncovers Major Flaws in Leading IoT Protocols

Dateline City:
DALLAS

Hundreds of thousands of unsecured machine-to-machine deployments put global organizations at risk

DALLAS–(BUSINESS WIRE)–Trend
Micro Incorporated
(TYO:
4704
; TSE:
4704
), a global leader in cybersecurity solutions, today warned
organizations to revisit their operational technology (OT) security
after finding major design flaws and vulnerable implementations related
to two popular machine-to-machine (M2M) protocols, Message Queuing
Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).

Language:
English

Contact:

Erin Johnson
817-522-7911
media_relations@trendmicro.com

Ticker Slug:
Ticker:
4704

Exchange:
TOKYO

ISIN:
JP3637300009

Ticker:
TMICY

Exchange:
NQB

read more

Related:

Replication Error – “Unable to fetch changed data from remote site: Invalid Hex String:0x00000000”

I need a solution

Hello everyone. I could use some help.

Please don’t ask me why this was setup with this as I have no answer.

I have a client with two SEPM 14 servers. Each server sees the other as a remote site and each server lists the other one as a Replication Partner.

When replicating from Server02 to 01, it shows being successful. However, when the opposite is done (from 01 to 02), it appears to go through all the process and as normal as I can tell. However towards the end, it fails and shows this message:

Replication from remote site Site opc-srv-av-02 to local site Site opc-srv-av-01 finished unsuccessfully“. “Unable to fetch changed data from remote site: Invalid Hex String:0x00000000”

We are using the embedded database, not SQL.

If you need further details or logs, please let me know. Thank you all.

0

Related:

http.method & ICAP

I need a solution

Hello,

I used to configure for ICAP RESPMOD …

<Cache>

policy.BC_malware_scanner policy.ICAP_Content_Scan_Security

Is there any internal/performance reason using instead …

<Cache>

http.method=GET policy.BC_malware_scanner policy.ICAP_Content_Scan_Security

… to prevent sending CONNECT, POST and all other non relevant methods

Best Regards,

Vincent

0

Related:

ViPR Controller: “Error 2000: Unable to find entity specified” when running a custom catalog entry[1]

Article Number: 525313 Article Version: 4 Article Type: Break Fix



ViPR Controller

The user is trying to run a custom ViPR Controller Catalog entry that was created/modified and it errors with the following message:

Error 2000: Unable to find entity specified in URL with the given id urn:storageos:VirtualPool:xxx-xxx-xx-xxx:vdc1

The same type of error could occur for other URNs and not just limited to Virtual Pools.

Previously the user had used ViPR Controller’s functionality to copy an existing catalog entry, rename the copy, and edited the new catalog entry to “Lock in” some values for some of the catalog entries options.

The custom catalog entry was linked to a specific virtual Pool that had since been deleted from VIPR-C.

In this scenario, the user had deleted a virtual pool from their ViPR Controller setup.

Workaround:

Since the Virtual Pool (and Virtual Array in this example) were deleted via the GUI, and since the user had previously locked in those values in a Catalog entry, the workaround was to re-edit the catalog entry and select new values (instead of the old deleted values).

When the user edited the problem catalog entry, they noticed that the “Locked” check box was still selected but the “value” field was empty:

screenshot of catalog editing screen

The user should either select a new value or uncheck the box if they do not want to lock in a specific value.


Resolution:

ViPR Engineering is currently addressing this problem, but has not provided a fix in a released patch.

This solution will be updated with the patch when it has been released.

Related:

Dell EMC Unity: Unisphere Job page fails to load with “Error Code:0x7d13001” (Dell EMC Correctable)

Article Number: 524995 Article Version: 2 Article Type: Break Fix



Dell EMC Unity Family

When accessing Events>Jobs tab in Unisphere you are met with the following error.

The system encountered an unexpected error. Search for the error code on the support website or product forums, or contact your service provider, if available. (Error Code:0x7d13001)Reload Unisphere UI?

EMCCEMlogcemtracer.log

23 Aug 2018 11:50:16 – [COMMON_DB_SHARED_LIB] ERROR – {0:254709:387164896}[22728|28131|d77ffb40][performRequest @ ../../../components/UI/CLI/plugins/commands/common_db/src/DBOperating.cpp:55] Caught pqxx::pqxx_exception (ERROR: integer out of range).

<.>

23 Aug 2018 11:50:16 – [UemCliProvider] ERROR – {0:254709:388543223}[22728|28131|d77ffb40][processRequest @ ../../../components/providers/native/CliProvider/src/UemCliProvider.cpp:435] Request processing completed with error: The system encountered an unexpected error. Search for the error code on the support website or product forums, or contact your service provider, if available. (Error Code:0x100e000)

There is potentially a Job with an elapsed time greater than 24 days which causes the Job tab to fail to load.

Please contact Dell EMC Technical Support or your Authorized Service Representative, and quote this Knowledgebase article ID.

Fix for this issue is scheduled in a future Unity OE release. The problem is cosmetic and only affects the viewing of active jobs. The workaround is non-disruptive and will require support only commands to address.

Related:

NTP status displays “No association ID ” error message on Secondary NetScaler

On the Secondary NetScaler, ” No association ID error” gets displayed when “Show NTP Status command ” is executed

Primary NetScaler Appliance:

=======================

> show ntp status

remote refid st t when poll reach delay offset jitter

=======================================================

adljj.john.com .LOCL. 1 u 9 64 7 0.293 -212012 2.175


Secondary NetScaler Appliance:

===========================

> show ntp status

No association ID’s returned

Done

Log Analysis:

==============

1) From the logs, we found that, NTP was configured after upgrade and during that time secondary device interface was down.

2) We can see that interface was down in the time interval of10:01 – 11:18 A.M. In that interval, none of the command gets propagated. Because of that ntp config was missing from secondary.

3) As per current design, even if the Secondary comes UP and the NTP configurations are Synchronized through HA Synchronization, we have to manually restart the NTP Daemon to get the NTP status on Secondary. Which is a current limitation on NetScaler.

4) Hence, Enhancement request was raised to address this limitation. 5) The limitation was fixed in the following versions: 12.1 50.x 12.0 60.x 11.1 60.x

Logs from Primary:

—————————–

var/log/ns.log

ns.log.0:649:Apr 23 10:15:59 <local0.info> X.X.X.X 2018:01:15:59 GMT NetScaler-Internal-TDC-01 0-PPE-1 : default GUI CMD_EXECUTED 136 0 : User nsroot – Remote_ip X.X.X.20 – Command “add ntp server X.X.X.3 -minpoll 6 -maxpoll 10 -devno 32833536” – Status “Success”

ns.log.0:651:Apr 23 10:15:59 <local0.info> X.X.X.X 04/23/2018:01:15:59 GMT NetScaler-Internal-TDC-01 0-PPE-1 : default GUI CMD_EXECUTED 137 0 : User nsroot – Remote_ip X.X.X.20 – Command “unset ntp server X.X.X.3 -autokey” – Status “Success”

Logs from secondary:

——————————–

var/log/ns.log

Apr 23 10:00:34 <local0.info> X.X.X.25 04/23/2018:01:00:34 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default CLI CMD_EXECUTED 131 0 : User nsroot – Remote_ip 127.0.0.1 – Command “logout” – Status “Success”

Apr 23 10:01:13 <local0.notice> X.X.X.25 04/23/2018:01:01:13 GMT NetScaler-Internal-TDC-02 0-PPE-0 : default EVENT DEVICEDOWN 79 0 : Device “interface(0/1)” – State DOWN

Apr 23 10:01:13 <local0.notice> X.X.X.25 04/23/2018:01:01:13 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default EVENT DEVICEDOWN 132 0 : Device “interface(0/1)” – State DOWN

Apr 23 11:18:15 <local0.notice> X.X.X.25 04/23/2018:02:18:15 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default EVENT DEVICEUP 133 0 : Device “interface(0/1)” – State UP

Apr 23 11:18:15 <local0.notice> X.X.X.25 04/23/2018:02:18:15 GMT NetScaler-Internal-TDC-02 0-PPE-0 : default EVENT DEVICEUP 80 0 : Device “interface(0/1)” – State UP

Apr 23 11:18:29 <local0.info> X.X.X.25 04/23/2018:02:18:29 GMT NetScaler-Internal-TDC-02 0-PPE-1 : default AAA Message 134 0 : “rba authentication : user nsroot response_len-0 cmdPolicyLen-0, partitionLen-0 PromptLen-0 timeout 805307268 authPolicyLen-0 authActionLen-0 ssh_pubkey_len

Related:

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
 
The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. A successful exploit could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-dos

Security Impact Rating: High

CVE: CVE-2018-0443

Related:

The following error occurred during an authentication attempt for user:domain.comabc with realm:

At the Storefront server open a command line and run the following command:

>set u

There would be two fields called USERDOMAIN and USERDNSDOMAIN

And these will be like this:

USERDNSDOMAIN=DOMAIN.COM

USERDOMAIN=DOMAIN

Open Netscaler Gateway Virtual server session profile.

Go to Published applications tab and look for SSODomain field

As per the error it would be domain.com

We need to change it to domain, and save the configuration on Netscaler.

Also confirm that Storefront has either “Any” domain selected or has “domain.com” and “domain” added as trusted domain.

Related:

3 Surprising Video Trends that Should Inform Your L&D Strategy

EMC logo


Imagine a cattle stampede that continues for five years, and you’ve also pictured how the populace has stampeded from text to video. According to YouTube’s Press page, people watched a lot of YouTube video in 2013. In 2014, they watched three times as much as they did in 2013. In 2015, the numbers tripled again.

The masses aren’t merely watching video. They’re turning to online video as their preferred method of learning, whether the topic is how to do math or how to use a chainsaw. This mass transition to educational videos has dragged corporate Learning and Development departments into the video-production business – and if you’re a corporate L&D pro with no background in video, you’re having to glean knowledge along the way.

Formulating Courseware Strategy on Common Knowledge Is a No-go

What’s the approach to formulating a strategy for video-based courseware effectively?

You hear tidbits on trends and “common knowledge” in the industry such as: “A training video can be only five minutes long,” or “Millennials watch training videos on smartphones, but everyone else watches on PC.”

Is such “common knowledge” really… knowledge? Where’s the data that supports these “facts”?

Folklore deserves healthy skepticism.

To plan and gauge our courseware effectively and optimize our customer’s learning experiences, we need firsthand, well-sourced data about how people actually interact with video.

I get such data from Ooyala, a resource that offers broadcasters and premium content providers (such as Vudu, Sky Sports UK, Star India) management tools that help them monetize video content. Ooyala tracks and analyzes the viewing behavior of more than 120,000 anonymized viewers in more than 100 countries, then publishes their findings quarterly. You can download Ooyala’s Global Video Index free and study it yourself.

Defying conventional wisdom, three surprising findings from Ooyala’s most recent report could help you optimize your Learning & Development efforts.

Video Trend #1: Longform Is In on Smartphone, Tablets and PCs

For three of the last five quarters, the majority of video watched online was longform – industry-speak for running times over 20 minutes.

  • Videos running 2-5 minutes account for only 38% of the time spent watching video on smartphones.
  • On tablets, longform accounts for 75% of all video time watched.
  • On PCs, viewers watch longform content to completion a whopping 71% of the time.
  • Viewers watch longform to completion on tablets 61.3% of the time.
  • Viewers watch longform to completion on phones 56.6% of the time.

The takeaway: While many factors determine how long your viewer sticks with you (to name a few: relevance, production quality, their reason for watching), the latest research directly contradicts the rote “knowledge” that viewers leave after a few minutes. Although the video offerings Ooyala measures mostly consist of entertainment, their data reveals that the majority of viewers will complete a 22-minute video if it’s interesting, regardless of subject material.

Questions to consider: How might using a longer format affect the way you subdivide your content? Can your content hold interest that long? Can you identify topics where learning and retention would benefit from not being shoe-horned into five minutes?

Video Trend #2: Mobile Video Is Mainstream Now

In Q1 of 2018, the number of videos viewed on mobile devices was up all over the world. For example, of all video plays in Asia-Pac, 60.7% occurred on mobile devices. EMEA and Latin America hit all-time highs for mobile’s share of video plays.

Mobile video views also rose to being the majority of views in every age demographic, everywhere.

The takeaway: Common knowledge held that mobile viewership was a niche for the young or for early adopters. Now, the majority of all video views occur on a tablet or phone. If you’re still developing courseware primarily for desktop PCs, you’re offering yesterday’s modality to an audience that’s rapidly leaving it. Consider whether your courseware developers should start thinking, “Mobile first.”

Video Trend #3: Streaming Is Overtaking Conventional TV

Sixty percent of all households that have a broadband Internet connection have at least one Streaming Video On Demand (SVOD) service (think Netflix, Hulu, HBO Now). The most rapidly growing segment is “households with four or more services.”

Content creators are scaling up massively to meet the anticipated need for content on demand. Top content providers processed three times as much content in Q1 2018 as they did in Q1 2017. This trend won’t abate as heavyweights such as Apple and Disney race smaller providers to launch new streaming services in 2019.

The takeaway: Consumer culture drives relentlessly toward “get what you want, when you want it.” In that context, how happy are your customers to wait weeks for your five-day training class to roll around again? Businesses that offer customers video training on demand will probably enjoy a growing advantage over competitors offering conventional courseware.

At Dell EMC Education Services, we are working tirelessly to develop an on-demand video learning platform so customers can choose traditional classes, instant video support, or a combination.  We’ve also begun adding interactivity so that viewers can click on a video table of contents, or click within a video to branch to a more in-depth related video. This is the near-term future of learning.

Summary

In times when what “everyone knows” about learning videos might be unfounded, finding a reliable source of data can improve your predictions and planning. Ooyala is not the only source, but it’s free, well-derived, and gives me a refreshing reality check against what I thought I knew. Check out the report for yourself. When it comes to customer behavior, timely trend-spotting can determine whether your training content lands with a thud or a whoop – and whether your fiscal year ends with an oops or a yay!

Please feel free to comment or share your insights with me below.

The post 3 Surprising Video Trends that Should Inform Your L&D Strategy appeared first on InFocus Blog | Dell EMC Services.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-dos

Security Impact Rating: Medium

CVE: CVE-2018-15399

Related: