News Bytes

Riyaz WalikarNull Meet - 10th March 2012

Tool Releases / Updates

Adobe Patches Zero-Day XSS Flaw, Six Other Bugs in Flash Player

Microsoft's February Patch Tuesday Kills 21 Security Bugs

Google patches 14 vulnerabilities in Chrome

Offensive Security Release Backtrack5 R2

Linux Kernel 3.2.9 - 1st March 2012

Adobe Patches Several Bugs Adobe released a security update

addressing seven critical vulnerabilities in its Flash Player software on Feb 15 2012

A universal XSS bug in Flash found by Google

4 memory corruption vulnerabilities and two security bypass vulnerabilities that could lead to code execution

Microsoft’s Busy Valentine Microsoft's February Patch Tuesday Kills 21 Security

Bugs

9 Security Bulletins for IE and the Windows operating system, Microsoft Office and .NET/Silverlight

Four rated critical for IE

Windows Kernel (MS12-008), the .NET/Silverlight (MS12-016),the Microsoft C Runtime flaw in Windows Media Player (MS12-013), DLL-preloading issue in the Color Control Panel (MS12-012) and a flaw in Visio Viewer (MS12-015) were the other issues.

Google patches 14 vulns in Chrome

Google patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including $30,000 for "sustained, extraordinary" contributions to its bug-reporting program.

10 of them were "use-after-free" memory management vulnerabilities

Google paid 4 outside researchers $17,500 in bounty payments

Google also rewarded 3 of them with surprise bonuses of $10,000 each for "sustained, extraordinary" work - Aki Helin and Arthur Gerkis, and to "miaubiz."

Offensive Security Release BT5 r2

Offensive Security released Backtrack 5 r2 on 1st March

Several new tools, upgrades to previous tools and general improvement

arduino, bluelog, bt-audit, dirb, dnschef, dpscan, easy-creds, extundelete, findmyhash, golismero, goofile, hashcat-gui, hash-identifier, hexorbase, horst, hotpatch, joomscan, killerbee, libhijack, magictree, nipper-ng, patator, pipal, pyrit, reaver, rebind, rec-studio, redfang, se-toolkit, sqlsus, sslyze, sucrack, thc-ssl-dos, tlssled, uniscan, vega, watobo, wcex, wol-e, and xspy.

Linux kernel upgraded to 3.2.9

Linux Kernel 3.2.9 brings the usual ARM fixes and improvements, some USB patches, ALSA updates, as well as fixes for various filesystems, like NFSv4 and eCryptfs.

Meanwhile on the Internet.. GitHub hacked with Ruby on Rails public key

vulnerability - Egor Homakov

Polish websites attacked by Anti-ACTA Hackers

Microsoft India store, managed by Quasar Media, down after hackers take user data – Team EvilShadow

WikiLeaks releases alleged Stratfor e-mails

Meanwhile on the Internet.. New Flashback Trojan variant found for

OS X

Nortel was penetrated by hackers for decade - Wall Street Report

Facebook Spammers Use Amazon's Cloud

Albania is the most Malware infected Nation - Norman and Microsoft

Meanwhile on the Internet.. Anonymous Eavesdrops on FBI Call

Anonymous takedown several Vatican Websites

#AntiSec hackers deface Panda Security site to protest LulzSec arrests

Anonymous Sabu was working for FBI to Trace down other LulzSec hackers

Meanwhile on the Internet..

Hackers steal Michael Jackson's entire back catalog from Sony

Siemens and Canon's Databases exploited by Team INTRA

Cyber Criminals took over billion dollar of Brazilian companies – PwC

Pwn2Own Updates

Pwn2Own 2012: Google Chrome browser sandbox first to fall , IE 9 on Windows 7 SP1 hacked with two 0day vulnerabilities

Russian University student Sergey Glazunov managed to execute code but not break out of the Chrome sandbox

Vupen’s attack used a use-after-free bug to bypass DEP and ASLR and then a bug to bypass Chrome’s Sandbox

Meanwhile on the Internet..

5 member team from Vupen Security @Pwn2Own 2012 with CEO Chaouki Bekrar