[CERT-daily] Tageszusammenfassung - Freitag 21-08-2015

Daily end-of-shift report team at cert.at
Fri Aug 21 18:10:14 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-08-2015 18:00 − Freitag 21-08-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Top 3 biggest mistakes enterprises make in application security ***
---------------------------------------------
Enterprise information security encompasses a broad set of disciplines and technologies, but at the highest level it can be broken down into three main categories: network security, endpoint security ...
---------------------------------------------
http://www.net-security.org/article.php?id=2362




*** Apple Patches QuickTime Crash and Code Execution Flaws ***
---------------------------------------------
Apple pushed out a new version of QuickTime that patched nine vulnerabilities, including a handful of denial of service and code execution bugs.
---------------------------------------------
http://threatpost.com/apple-patches-quicktime-crash-and-code-execution-flaws/114375




*** Security Awareness for Managers: Protecting Yourself and Your Company ***
---------------------------------------------
Nowadays, security awareness training (SAT) is a top priority for organizations of any sizes. Thanks to SAT, management and employees can understand IT governance issues and control solutions as well as recognize concerns, understand their relevance and respond accordingly. Many companies invest heavily in cybersecurity education programs for employees to learn how to protect their...
---------------------------------------------
http://resources.infosecinstitute.com/security-awareness-for-managers-protecting-yourself-and-your-company/




*** WordPress Compromises Behind Spike in Neutrino EK Traffic ***
---------------------------------------------
A rash of compromised WordPress websites is behind this week's surge in Neutrino Exploit Kit traffic
---------------------------------------------
http://threatpost.com/wordpress-compromises-behind-spike-in-neutrino-ek-traffic/114380




*** National Cyber Security Strategies: the latest news ***
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/national-cyber-security-strategies-the-latest-news




*** APPLE-SA-2015-08-20-1 QuickTime 7.7.8 ***
---------------------------------------------
APPLE-SA-2015-08-20-1 QuickTime 7.7.8QuickTime 7.7.8 is now available and addresses the following:QuickTimeAvailable for: Windows 7 and Windows VistaImpact: Processing a maliciously crafted file may lead to anunexpected application termination or arbitrary code execution [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2015/Aug/msg00004.html




*** ZDI-15-395: Foxit Reader GIF Conversion Heap Corruption Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-395/




*** ZDI-15-396: ManageEngine Service Desk File Upload Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine ServiceDesk. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-396/




*** Splunk Input Validation Flaw in Splunk Web Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1033339




*** Bugtraq: ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536278




*** Bugtraq: [oCERT-2015-009] VLC arbitrary pointer dereference ***
---------------------------------------------
http://www.securityfocus.com/archive/1/536287


More information about the Daily mailing list