Cyber ​​security. Weekly review June 17 - June 23, 2013

    Summary


    Over the past week, information has been published on the closure of many vulnerabilities. The most up-to-date update is required for Oracle products: information about the closure of many Java vulnerabilities has been published .

    Among the most critical vulnerabilities are remote arbitrary code execution in Symantec Endpoint Protection and ClamAV security products, Huawei routers and HP server firmware; privilege escalation in FreeBSD.

    Remote access code execution exploits for Winamp and PEiD (relevant for virus analysts), privilege escalation in Novell Client, and also 2 exploits to the mentioned privilege escalation vulnerability in FreeBSD OS were published in the public domain.

    In the statistics of mass and targeted attacks, an exploit for the Java vulnerability CVE-2012-1723 shows a significant increase.

    The materials for technical specialists include analysis of the password storage system in popular browsers, exploitation of vulnerabilities in the McAfee ePolicy Orchestrator management interface, work with Cuckoo Sandbox and Metasploit.

    In the news - Microsoft's Bug Bounty program, Facebook user data leakage and a new fraud method in US banks.

    The full version of the report is available here in PDF format.

    Also popular now: