Tagged: symantec

Threats to virtual environments, (Thu, Aug 14th) 0

Threats to virtual environments, (Thu, Aug 14th)

In the past few years the virtualization concept becomes very popular. A new study by Symantec [1] discussed the threats to the virtual environment and suggests the best practice to minimize the risk. The study show the new security challenges with the virtual environment, threats such as that the network traffic may not be monitored by services such as IDS or DLP

SB14-223: Vulnerability Summary for the Week of August 4, 2014 0

SB14-223: Vulnerability Summary for the Week of August 4, 2014

Original release date: August 11, 2014 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).

Open SSL Patches Nine Vulnerabilities 0

Open SSL Patches Nine Vulnerabilities

Original release date: August 07, 2014 OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol. The following updates are available: OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n OpenSSL 1.0.1 users should upgrade to 1.0.1i US-CERT recommends users and administrators review the OpenSSL Security Advisory for additional information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Cisco EnergyWise Module Vulnerability 0

Cisco EnergyWise Module Vulnerability

Original release date: August 06, 2014 Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected system

VU#252068: Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability 0

VU#252068: Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability

Vulnerability Note VU#252068 Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability Original Release date: 04 Aug 2014 | Last revised: 04 Aug 2014 Overview Symantec Endpoint Protection Client 11.x and 12.x contains a kernel pool overflow vulnerability. Description CWE-788 : Access of Memory Location After End of Buffer An attacker logged into a Windows XP, Vista, 7, or 8 system as an unprivileged user is able to cause a kernel pool overflow in the sysplant driver with specially crafted IOCTL code. The sysplant driver is part of the Application and Device Control functionality in Symantec Endpoint Protection (SEP) client 11.x and 12.x