On January 3, 2018 Google researchers announced a security vulnerability that affects all microprocessors including the IBM POWER family.

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html.

IBM announced they will be bringing out firmware patches on January 9, 2018 for all POWER7+ and higher servers. An announcement regarding prior generations will be forthcoming.

Linux operating system patches will also start to be available January 9 and patches to AIX and IBMi operating systems are scheduled to become available February 12, 2018.

IBM also posted a Blog entry on their PSIRT site and will be providing updates there.
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

Per IBM “This vulnerability doesn’t allow an external unauthorized party to gain access to a machine, but it could allow a party that has access to the system to access unauthorized data.” However, it is still recommended that you review the remediation patches in the context of your environment.

Vmware has addressed these vulnerabilities thru patches released during the 2nd half of 2017. Below is a summary of the vulnerabilities identified and resolution

CPU Vulnerabilities

VMware Resolution

  • VMware Security Advisory VMSA-2018-0002released 2018-01-03.
  • VMware blog post in conjunction with VMSA-2018-0002.
  • Important note: ESXi 5.5 patch does not contain the fix for CVE-2017-5753

Flagship Solutions Group technical experts are closely monitoring the situation and will be testing updates, wherever possible,  as soon as they are available. If you need assistance evaluating the risks or performing remediation please contact your Flagship Representative or call us at 561-208-3941 opt 3.

 

 

Stay connected online:

Facebook | Twitter | LinkedIn | Instagram

Subscribe to our newsletter:

IBM Security

IBM's integrated solutions harness security-relevant information from across your organization, and use analytics and automation to provide context and help you detect threats faster, identify vulnerabilities, prioritize risks, perform forensics analysis and automate compliance activities. 

Video: IBM Watson: Taking on the Cybercriminals | WIRED

The sixth and final installment in the Cognitive Insight series highlights how IBM Watson is being trained to take on the cybercriminals.Read more: http://www.wired.co.uk/article/a-new-line-of-defence-in-cybersecuritySubscribe to WIRED►► http://po.st/SubscribeWiredCONNECT WITH WIREDWeb: http://po.st/WiredVideoTwitter: http://po.st/TwitterWiredFacebook: http://po.st/FacebookWiredGoogle+: http://po.st/GoogleWiredInstagram: http://po.st/InstagramWiredMagazine: http://po.st/MagazineWiredNewsletter: http://po.st/NewslettersWiredABOUT WIREDWIRED brings you the future as it happens – the people, the trends, the big ideas that will change our lives. An award-winning printed monthly and online publication. WIRED is an agenda-setting magazine offering brain food on a wide range of topics, from science, technology and business to pop-culture and politics.IBM Watson: Taking on the Cybercriminals | WIREDhttps://www.youtube.com/user/WiredVideoUK

www.youtube.com

Video: Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar

Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputation damage to an organization. You need an endpoint security platform that can detect threats, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints.IBM BigFix seamlessly integrates with IBM QRadar to provide closed loop vulnerability management, accelerating risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your endpoints and data secure.For more information, please visit http://ibm.co/1oSThIF

www.youtube.com

Infographic: A survey of the cyber security landscape

Understand the threat landscape to improve your security posture. There’s very little that cyber criminals can do today that’s truly new—and yet, 2015 was filled with serious incidents across the entire industry. View our 2016 Cyber Security Intelligence infographic to learn more, and determine what you can do to improve your security posture.

Video: Endpoint Management with IBM BigFix

Discover, manage and control your endpoints–in real time. With IBM BigFix, you can find and fix problems in minutes with real-time visibility and control into all your endpoints. Our single-console, single-agent, single-server architecture helps reduce the cost, risk and effort of managing virtually any mix of endpoints—so you can focus on higher value projects for increased productivity.To learn more about IBM BigFix, please visit http://ibm.co/1Ok4bBs

www.youtube.com

Video: IBM MaaS360 Enterprise Mobility Management

IBM MaaS360 has massively redefined mobile security and productivity for enterprise management. Identity and access, malware protection and a containerized environment that feels native await inside your free 30 day trial. Start managing iOS, Android and Windows phones and tablets today https://ibm.biz/Bd4a8g

www.youtube.com

Study: 2016 Cost of Data Breach Study: Global Analysis

IBM and Ponemon Institute released the 2016 Cost of Data Breach Study: Global Analysis. According to this research, the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study.Read the complete report to learn more.