4 retweets 0 favorites
In the past few years the virtualization concept becomes very popular. A new study by Symantec  discussed the threats to the virtual environment and suggests the best practice to minimize the risk. The study show the new security challenges with the virtual environment, threats such as that the network traffic may not be monitored by services such as IDS or DLP
Original release date: August 11, 2014 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).
Original release date: August 07, 2014 OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol. The following updates are available: OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n OpenSSL 1.0.1 users should upgrade to 1.0.1i US-CERT recommends users and administrators review the OpenSSL Security Advisory for additional information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: August 06, 2014 Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected system
An exploit is no available at exploit-db.com for the Symantec End Point Protection privilege escalation vulnerability.
Original release date: August 04, 2014 US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control
Vulnerability Note VU#252068 Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability Original Release date: 04 Aug 2014 | Last revised: 04 Aug 2014 Overview Symantec Endpoint Protection Client 11.x and 12.x contains a kernel pool overflow vulnerability. Description CWE-788 : Access of Memory Location After End of Buffer An attacker logged into a Windows XP, Vista, 7, or 8 system as an unprivileged user is able to cause a kernel pool overflow in the sysplant driver with specially crafted IOCTL code. The sysplant driver is part of the Application and Device Control functionality in Symantec Endpoint Protection (SEP) client 11.x and 12.x