Saturday, October 19, 2019
Symantec

SYMSA1485-Symantec Endpoint Encryption Privilege Escalation

Symantec has released an update to address issues that were discovered in the Symantec Endpoint Encryption and Symantec Encryption Desktop products.
Symantec

SYMSA1462-OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can...
Symantec

SYMSA1484-DLP Cross Site Scripting

Symantec has released updates to address an issue that was discovered in the DLP product.
Symantec

SYMSA1426-SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities (aka Meltdown and Spectre attacks). A remote attacker, with the ability to execute arbitrary...
Symantec

SYMSA1443- SA166: OpenSSL Vulnerabilities 27-Mar-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities.  A remote attacker can forge cryptographic messages and cause denial of service through application crashes.
Symantec

SYMSA1482-Symantec Messaging Gateway Information Disclosure

Symantec has released an update to address an issue that was discovered in the Symantec Messaging Gateway (SMG) product.
Symantec

SYMSA1481-Symantec AV Engine Arbitrary File Deletion

Symantec has released an update to address an issue that was discovered in the Symantec AV Engine.
Symantec

SYMSA1479-Norton SEP Multiple Issues

Symantec has released updates to address issues that were discovered in the Norton Security, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM), Symantec Endpoint Protection Small Business Edition (SEP SBE) and Symantec Endpoint Protection Cloud (SEP Cloud) products.
Symantec

SYMSA1478-Symantec Endpoint Encryption Privilege Escalation

Symantec has released an update to address an issue that was discovered in the Symantec Endpoint Encryption product.
Symantec

SYMSA1476-Norton Core Arbitrary Code Execution

Symantec has released an update to address an issue that was discovered in the Norton Core product.
Symantec

SYMSA1477-Symantec VIP Enterprise Gateway Cross Site Scripting

Symantec has released an update to address an issue that was discovered in the Symantec VIP Enterprise Gateway product.
Symantec

SYMSA1451- SA165: NTP Vulnerabilities February 2018

Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target from...
Symantec

SYMSA1475-Norton Password Manager Address Spoof

Symantec has released an update to address an issue that was discovered in the Norton Password Manager product.
Symantec

SYMSA1469-OpenSSH Vulnerabilities Jan-Aug 2018

Symantec Network Protection products using affected versions of OpenSSH are susceptible to several vulnerabilities.  A remote attacker, with access to the management interface, can obtain usernames for valid SSH users and cause denial of service through application crashes.
Symantec

SYMSA1467-Linux Kernel Aug 2017 – Sep 2018 Vulnerabilities

Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities.  A remote attacker, with access to the management interface, can obtain unauthorized read/write access to local files, cause denial of service,...
The Register

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app

Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive  The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
SC Magazine

Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets

Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions. The developers behind the malicious browser have so far stolen at least $40,000 in...
SC Magazine

UC Browser potentially endangers 500 million users

The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk. UC Browser, which is available from the Google Play store, was found by Zscaler ThreatLabZ...
ZDNet

US stopped using floppy disks to manage nuclear weapons arsenal

US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Bruce Schneier

Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef

It's likely the diamondback squid. There's a video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.