Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015 Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform “enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time.” It may be deployed on a network as an appliance.
With all the patching you have been doing lately I thought it would be opportune to have a look at what can and cant be done within two days. Why two days? Well quite a few standards want you to, I guess that is one reason, but the more compelling reason is that it takes less and less time for attacks to be weaponised in the modern world.
Kuddos to Matthew for paying attention to egress traffic. We keep emphasizing how important it is to make sure no systems talk “outbound” without permission
Welcome to the n-th iteration of “patch now” for Java on Workstations. Oracle today published their quarterly patch bulletin, and Java SE is once again prominently featured. This Critical Patch Update (CPU) contains 20 new security fixes for Oracle Java SE. Most of the vulnerabilities are remotely exploitable without authentication, and CVSS scores of 10 and 9.3 indicate that they can be readily exploited, and lead to full compromise
Microsoft is expecting to release 2 critical and 5 important bulletins on Tuesday . There are no patches scheduled for Windows XP even though CVE-2014-1770 does affect Internet Explorer 8, which is the last version of IE to run on Windows XP. Preliminary Patch Table: (the bulletin numbers and anything else may change in the final release) # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS14-030 Cumulative Internet Explorer Update Â Internet Explorer CVE-2014-1770 TBD Vuln
Excellent essay : We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations. The American body politic is suffering a severe case of auto-immune disease: our defense system is attacking other critical systems of our body.
Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks
Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks — 27 retweets 2 favorites
Original release date: June 18, 2013 | Last revised: June 19, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Website owners that host Javadoc HTML API documentation Overview Oracle released the June 2013 Critical Patch Update for Oracle Java SE . This patch contains 40 new security fixes across Java SE products and a fix to the Javadoc Tool . API documentation in HTML format generated by the Javadoc tool that contains a right frame may be vulnerable to frame injection when hosted on a web server.
“This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013. This bulletin advance notification will be replaced with the April bulletin summary on April 9, 2013
“Join the SANS Institute in this 20 Critical Security Controls Briefing. Being held live in Washington, DC hear Tony Sager and John Pescatore as they showcase key solution capabilities and customer success stories