Thursday, August 22, 2019
Symantec

SYMSA1485-Symantec Endpoint Encryption Privilege Escalation

Symantec has released an update to address issues that were discovered in the Symantec Endpoint Encryption and Symantec Encryption Desktop products.
Symantec

SYMSA1462-OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A malicious SSL/TLS server can send large DH parameters during connections using DH/DHE cipher suites and cause denial-of-service in the SSL/TLS client. A local attacker can...
Symantec

SYMSA1484-DLP Cross Site Scripting

Symantec has released updates to address an issue that was discovered in the DLP product.
Symantec

SYMSA1426-SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities (aka Meltdown and Spectre attacks). A remote attacker, with the ability to execute arbitrary...
Symantec

SYMSA1443- SA166: OpenSSL Vulnerabilities 27-Mar-2018

Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities.  A remote attacker can forge cryptographic messages and cause denial of service through application crashes.
Symantec

SYMSA1482-Symantec Messaging Gateway Information Disclosure

Symantec has released an update to address an issue that was discovered in the Symantec Messaging Gateway (SMG) product.
Symantec

SYMSA1481-Symantec AV Engine Arbitrary File Deletion

Symantec has released an update to address an issue that was discovered in the Symantec AV Engine.
Symantec

SYMSA1479-Norton SEP Multiple Issues

Symantec has released updates to address issues that were discovered in the Norton Security, Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM), Symantec Endpoint Protection Small Business Edition (SEP SBE) and Symantec Endpoint Protection Cloud (SEP Cloud) products.
Symantec

SYMSA1478-Symantec Endpoint Encryption Privilege Escalation

Symantec has released an update to address an issue that was discovered in the Symantec Endpoint Encryption product.
Symantec

SYMSA1476-Norton Core Arbitrary Code Execution

Symantec has released an update to address an issue that was discovered in the Norton Core product.
Symantec

SYMSA1477-Symantec VIP Enterprise Gateway Cross Site Scripting

Symantec has released an update to address an issue that was discovered in the Symantec VIP Enterprise Gateway product.
Symantec

SYMSA1451- SA165: NTP Vulnerabilities February 2018

Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target from...
Symantec

SYMSA1475-Norton Password Manager Address Spoof

Symantec has released an update to address an issue that was discovered in the Norton Password Manager product.
Symantec

SYMSA1469-OpenSSH Vulnerabilities Jan-Aug 2018

Symantec Network Protection products using affected versions of OpenSSH are susceptible to several vulnerabilities.  A remote attacker, with access to the management interface, can obtain usernames for valid SSH users and cause denial of service through application crashes.
Symantec

SYMSA1467-Linux Kernel Aug 2017 – Sep 2018 Vulnerabilities

Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities.  A remote attacker, with access to the management interface, can obtain unauthorized read/write access to local files, cause denial of service,...
SecurityWeek

Ready or Not, Here Comes FIDO: How to Prepare for Success

Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication” read more
SecurityWeek

Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report

Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. read more
The Register

The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI

Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

New FISMA Report Shows Progress, Gaps in Federal Cybersecurity

No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
ZDNet

A botnet has been cannibalizing other hackers’ web shells for more than a year

Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.