Saturday, January 19, 2019
Symantec

SYMSA1467-Linux Kernel Aug 2017 – Sep 2018 Vulnerabilities

Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities.  A remote attacker, with access to the management interface, can obtain unauthorized read/write access to local files, cause denial of service,...
Symantec

SYMSA1462-OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can...
Symantec

SYMSA1443- SA166: OpenSSL Vulnerabilities 27-Mar-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities.  A remote attacker can forge cryptographic messages and cause denial of service through application crashes.
Symantec

SYMSA1451- SA165: NTP Vulnerabilities February 2018

Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target from...
Symantec

SYMSA1428-SA159: OpenSSL Vulnerabilities 7-Dec-2017

Symantec Network Protection products using affected versions of OpenSSL are susceptible to two security vulnerabilities.  A remote attacker can obtain Diffie-Hellman private key information and sensitive information accidentally transmitted in plaintext over an SSL/TLS connection.
Symantec

SYMSA1423-SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities.  A remote attacker can send a crafted X.509 certificate to cause unspecified impact.  They can exploit, under certain circumstances, a computational flaw in the Montgomery squaring...
Symantec

SYMSA1404-SA148: Linux Kernel Vulnerabilities Feb-Apr 2017

Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities.  A remote attacker, with access to the management interface, can exploit these vulnerabilities to execute arbitrary code.  The attacker can also...
Symantec

SYMSA1397-SA144 : OpenSSH Vulnerabilities January 2017

Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities.  A remote attacker with access to an SSH server can exploit these vulnerabilities to execute arbitrary code on an SSH client.  A local attacker can also...
Symantec

SYMSA1377-SA129 : Multiple libxml2 Vulnerabilities

Blue Coat products that include a vulnerable version of the libxml2 library are susceptible to multiple vulnerabilities.  A remote attacker can exploit these vulnerabilities to execute arbitrary code and cause denial of service through memory corruption.
Symantec

SYMSA1374-SA128 : Multiple PCRE Vulnerabilities

Blue Coat products that include vulnerable versions of the PCRE and GLib2 libraries are susceptible to multiple vulnerabilities.  A remote attacker can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.  The attacker can also cause denial...
Symantec

SYMSA1350-SA113 : January 2016 NTP Security Vulnerabilities

Blue Coat products using affected versions of the NTP software distribution from ntp.org are susceptible to multiple vulnerabilities.  A remote attacker may exploit these vulnerabilities to set the victim's system time to an arbitrary value or cause it to...
Symantec

SYMSA1335-SA103 : October 2015 NTP Security Vulnerabilities

Blue Coat products using affected 4.2 versions of the NTP software distribution from ntp.org are susceptible to multiple vulnerabilities.  A remote attacker may exploit these vulnerabilities to cause denial of service due to application crashes, memory corruption and memory...
Symantec

SYMSA1317-SA91 : FREAK Attack

The FREAK attack allows an attacker to substantially degrade the strength of the encryption used in SSL/TLS connections using CVE-2015-0204 previously reported as part of SA88. Blue Coat products using affected versions of OpenSSL or that enable export grade...
Symantec

SYMSA1315-SA88 : OpenSSL Security Advisory 08-Jan-2015

Blue Coat products using affected versions of OpenSSL 1.0.1, 1.0.0, and 0.9.8 are vulnerable to one or more vulnerabilities.  A remote attacker may exploit these vulnerabilities to cause a downgrade of the security of the session, a loss of...
Symantec

SYMSA1323-SA92 : OpenSSL Security Advisory 19-Mar-2015

Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, 1.0.0, and 0.9.8 are vulnerable to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to cause a denial of service, memory corruption, or to decrypt an encrypted session...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more