Tageszusammenfassung - Freitag 21-08-2015

End-of-Shift report

Timeframe: Donnerstag 20-08-2015 18:00 − Freitag 21-08-2015 18:00 Handler: Stephan Richter Co-Handler: n/a

Top 3 biggest mistakes enterprises make in application security

Enterprise information security encompasses a broad set of disciplines and technologies, but at the highest level it can be broken down into three main categories: network security, endpoint security ...

http://www.net-security.org/article.php?id=2362

---

Apple Patches QuickTime Crash and Code Execution Flaws

Apple pushed out a new version of QuickTime that patched nine vulnerabilities, including a handful of denial of service and code execution bugs.

http://threatpost.com/apple-patches-quicktime-crash-and-code-execution-flaws/114375

---

Security Awareness for Managers: Protecting Yourself and Your Company

Nowadays, security awareness training (SAT) is a top priority for organizations of any sizes. Thanks to SAT, management and employees can understand IT governance issues and control solutions as well as recognize concerns, understand their relevance and respond accordingly. Many companies invest heavily in cybersecurity education programs for employees to learn how to protect their...

http://resources.infosecinstitute.com/security-awareness-for-managers-protecting-yourself-and-your-company/

---

WordPress Compromises Behind Spike in Neutrino EK Traffic

A rash of compromised WordPress websites is behind this week's surge in Neutrino Exploit Kit traffic

http://threatpost.com/wordpress-compromises-behind-spike-in-neutrino-ek-traffic/114380

---

National Cyber Security Strategies: the latest news

http://www.enisa.europa.eu/media/news-items/national-cyber-security-strategies-the-latest-news

---

APPLE-SA-2015-08-20-1 QuickTime 7.7.8

APPLE-SA-2015-08-20-1 QuickTime 7.7.8QuickTime 7.7.8 is now available and addresses the following:QuickTimeAvailable for: Windows 7 and Windows VistaImpact: Processing a maliciously crafted file may lead to anunexpected application termination or arbitrary code execution [...]

http://prod.lists.apple.com/archives/security-announce/2015/Aug/msg00004.html

---

ZDI-15-395: Foxit Reader GIF Conversion Heap Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

http://www.zerodayinitiative.com/advisories/ZDI-15-395/

---

ZDI-15-396: ManageEngine Service Desk File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine ServiceDesk. Authentication is not required to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-15-396/

---

Splunk Input Validation Flaw in Splunk Web Lets Remote Conduct Cross-Site Scripting Attacks

http://www.securitytracker.com/id/1033339

---

Bugtraq: ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability

http://www.securityfocus.com/archive/1/536278

---

Bugtraq: [oCERT-2015-009] VLC arbitrary pointer dereference

http://www.securityfocus.com/archive/1/536287