Cyber ​​security. Weekly review June 24 - June 30, 2013

    Summary


    Over the past week, information has been published on the closure of a number of vulnerabilities. The most up-to-date update is required for Mozilla products.

    Among the most critical vulnerabilities are remote arbitrary code execution in Mozilla Firefox and Thunderbird, as well as VMware vCenter Chargeback Manager; privilege escalation through Mozilla Maintenance Service.

    Open source releases have published PHP code execution exploits for Plesk and the Carberp web control panel, the source code of which has been published in the public domain; privilege escalations in Novell Client; as well as a new exploit to the privilege escalation vulnerability in FreeBSD, which was reported last week.

    Exploits for Java vulnerabilities are leading in the statistics of mass and targeted attacks, but the exploit to CVE-2010-0188 (Adobe Reader) was the first in terms of the number of detections.

    The materials for technical specialists include analysis of the features and vulnerabilities of the Carberp trojan, Neutrino and Styx exploit packs, utilities and cheatsheet for various practical security tools, as well as a description of how to obtain system rights from Recovery mode in Windows 7.

    In the news, a description of the logical vulnerability in Facebook login procedure, details and results of Carberp source code leakage, targeted attack and stolen certificate of Opera Software company, as well as new information about Chinese hacker groups.

    The full report is available here in pdf format.

    Also popular now: