View
784
Download
1
Embed Size (px)
DESCRIPTION
Banglore null Monthly Meet - March 2012
Citation preview
News Bytes
Riyaz WalikarNull Meet - 10th March 2012
Tool Releases / Updates
Adobe Patches Zero-Day XSS Flaw, Six Other Bugs in Flash Player
Microsoft's February Patch Tuesday Kills 21 Security Bugs
Google patches 14 vulnerabilities in Chrome
Offensive Security Release Backtrack5 R2
Linux Kernel 3.2.9 - 1st March 2012
Adobe Patches Several Bugs Adobe released a security update
addressing seven critical vulnerabilities in its Flash Player software on Feb 15 2012
A universal XSS bug in Flash found by Google
4 memory corruption vulnerabilities and two security bypass vulnerabilities that could lead to code execution
Microsoft’s Busy Valentine Microsoft's February Patch Tuesday Kills 21 Security
Bugs
9 Security Bulletins for IE and the Windows operating system, Microsoft Office and .NET/Silverlight
Four rated critical for IE
Windows Kernel (MS12-008), the .NET/Silverlight (MS12-016),the Microsoft C Runtime flaw in Windows Media Player (MS12-013), DLL-preloading issue in the Color Control Panel (MS12-012) and a flaw in Visio Viewer (MS12-015) were the other issues.
Google patches 14 vulns in Chrome
Google patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including $30,000 for "sustained, extraordinary" contributions to its bug-reporting program.
10 of them were "use-after-free" memory management vulnerabilities
Google paid 4 outside researchers $17,500 in bounty payments
Google also rewarded 3 of them with surprise bonuses of $10,000 each for "sustained, extraordinary" work - Aki Helin and Arthur Gerkis, and to "miaubiz."
Offensive Security Release BT5 r2
Offensive Security released Backtrack 5 r2 on 1st March
Several new tools, upgrades to previous tools and general improvement
arduino, bluelog, bt-audit, dirb, dnschef, dpscan, easy-creds, extundelete, findmyhash, golismero, goofile, hashcat-gui, hash-identifier, hexorbase, horst, hotpatch, joomscan, killerbee, libhijack, magictree, nipper-ng, patator, pipal, pyrit, reaver, rebind, rec-studio, redfang, se-toolkit, sqlsus, sslyze, sucrack, thc-ssl-dos, tlssled, uniscan, vega, watobo, wcex, wol-e, and xspy.
Linux kernel upgraded to 3.2.9
Linux Kernel 3.2.9 brings the usual ARM fixes and improvements, some USB patches, ALSA updates, as well as fixes for various filesystems, like NFSv4 and eCryptfs.
Meanwhile on the Internet.. GitHub hacked with Ruby on Rails public key
vulnerability - Egor Homakov
Polish websites attacked by Anti-ACTA Hackers
Microsoft India store, managed by Quasar Media, down after hackers take user data – Team EvilShadow
WikiLeaks releases alleged Stratfor e-mails
Meanwhile on the Internet.. New Flashback Trojan variant found for
OS X
Nortel was penetrated by hackers for decade - Wall Street Report
Facebook Spammers Use Amazon's Cloud
Albania is the most Malware infected Nation - Norman and Microsoft
Meanwhile on the Internet.. Anonymous Eavesdrops on FBI Call
Anonymous takedown several Vatican Websites
#AntiSec hackers deface Panda Security site to protest LulzSec arrests
Anonymous Sabu was working for FBI to Trace down other LulzSec hackers
Meanwhile on the Internet..
Hackers steal Michael Jackson's entire back catalog from Sony
Siemens and Canon's Databases exploited by Team INTRA
Cyber Criminals took over billion dollar of Brazilian companies – PwC
Pwn2Own Updates
Pwn2Own 2012: Google Chrome browser sandbox first to fall , IE 9 on Windows 7 SP1 hacked with two 0day vulnerabilities
Russian University student Sergey Glazunov managed to execute code but not break out of the Chrome sandbox
Vupen’s attack used a use-after-free bug to bypass DEP and ASLR and then a bug to bypass Chrome’s Sandbox
Meanwhile on the Internet..
5 member team from Vupen Security @Pwn2Own 2012 with CEO Chaouki Bekrar