LDAP Authentication issues in USM and OSSIM v5.3.2

If you are using LDAP authentication for your OSSIM or USM installation you may want to hold off the v5.3.2 upgrade.

In a recent message from AlienVault, an issue has been detected during the password reset process post upgrade.  The Password reset process was initiated to improve the security of password storage within OSSIM and USM, however this process is not working correctly for LDAP authentication.

LDAP Authentication issues in USM and OSSIM v5.3.2

If you are using LDAP authentication for your OSSIM or USM installation you may want to hold off the v5.3.2 upgrade.

In a recent message from AlienVault, an issue has been detected during the password reset process post upgrade.  The Password reset process was initiated to improve the security of password storage within OSSIM and USM, however this process is not working correctly for LDAP authentication.

Collecting McAfee ePO threat data using AlienVault OSSIM

If you are using AlienVault OSSIM you can collect ePO Threat Data and add it to your SIEM Security Events.

AlienVault have already development a database plugin to connect to the ePO Database, collect and parse the data into the OSSIM Database, but I have struggled to get this to work with our MS-SQL Database cluster, resulting in 'ParserDatabase [INFO]: Can't connect to MS-SQL database' errors.

The steps for enabling the plugin and collecting the data are:

• Enabling the Plugin
• Creating a local configuration file
• Configuring the database connection
• Troubleshooting connection errors

VirusScan 8.8 P8 release - Windows 10 Anniversary Edition

After some issues with VSE 8.8 not being compatible with Windows 10 Anniversary edition, Intel Security have now release Patch 8 which adds compatibility for the current build of Windows 10.

Patch 8 (build 8.8.0.1588) has been released to the update site, and if you are running ePO 5.1.1 or later the Software Manager will be able to pull this update into your Master Repository.

Full details for this release can be found in the release notes PD26631 and the supported platforms, environments and operating systems can be found in KB51111

ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities - July 2016

ePO is vulnerable to the following CVEs reported in Oracle's July 2016 Java SE update.

Collectively, these vulnerabilities affect integrity and availability of the server.

AFFECTED SOFTWARE
ePO 5.1.3 and earlier
ePO 5.3.2 and earlier

REMEDIATED/PATCHED VERSIONS

Oracle Java 7.0 officially reached End of Life (EOL) status in April of 2015. The Java version currently supported in ePO 5.1.x and 5.3.x has been upgraded to Java 8.0. This issue is remediated with ePO 5.x Hotfix 1151890. These fixes will be included in the next ePO patch when scheduled.

ePO 5.1.3 + Hotfix 1151890 (EPO5xHF1151890.zip)
ePO 5.3.1 + Hotfix 1151890 (EPO5xHF1151890.zip)
ePO 5.3.2 + Hotfix 1151890 (EPO5xHF1151890.zip)

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see McAfee Knowledge Base article SB10166.

ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities - May 2016

ePO is vulnerable to multiple CVEs reported in Oracle's April 2016 Java SE update. Collectively, these vulnerabilities affect confidentiality, integrity, and availability of the server.

(ISC)2 SecureLondon 2016

This conference explores the impact of the rise of the virtual organisation on security practice; the solutions that are emerging to tackle this environment; and the lessons being learned within professional practice. Acknowledging the need to step away from the technology–driven approach that often dominates traditional systems security management, delegates will explore the foundational concepts that drive security and still apply in a world that is designed to be much less defined than in the past.
(ISC)²Members - Free
(ISC)² Chapter Members: 50% discount
ISF Members: 15%
ISSA/ISACA Members: 10% discount
Registration available here