Cyber ​​security. Weekly review July 1 - July 7, 2013

Summary

Over the past week, information has been published on the closure of a number of vulnerabilities. The most up-to-date update is required for HP server products.

Among the most critical vulnerabilities are remote arbitrary code execution in the HP LeftHand Virtual SAN Appliance, the SAN virtualization server software for the VMware infrastructure, the HP StoreOnce D2D backup system and the HP ProCurve device series, as well as Apple QuickTime and Winamp products; privilege escalation in MongoDB and two remote denial of service vulnerabilities in the Linux kernel.

Open source exploits of arbitrary code execution in Winamp and Adobe Reader X, privilege escalation in Microsoft Windows, code execution and SQL injection in antivirus products AVAST and Avira, as well as an exploit in the form of SMS text messages causing a denial of service in phones are published Nokia

The statistics of mass and targeted attacks have the largest number of exploits for Java vulnerabilities, however, TOP3 includes exploits for Adobe Reader and Microsoft Office.

The materials for technical specialists include analysis of the Private Exploit Pack exploit pack, the Kuluoz Trojan and the Carberp bootkit functional, as well as many descriptions of vulnerabilities of various types, as well as the basics of malware removal.

In the news - an interview with an employee of the US military cyber division, news about the creation of a similar unit of the Ministry of Defense of the Russian Federation, a report on the study of the cyber crime service market from McAfee, a vulnerability threatening the potential compromise of 99% of Android devices and a black market study of Twitter-followers.

The full version of the report is available here in PDF format.