News bytes


Published on

Banglore null Monthly Meet - March 2012

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

News bytes

  1. 1. Riyaz WalikarNull Meet - 10th March 2012
  2. 2.  Adobe Patches Zero-Day XSS Flaw, Six Other Bugs in Flash Player Microsofts February Patch Tuesday Kills 21 Security Bugs Google patches 14 vulnerabilities in Chrome Offensive Security Release Backtrack5 R2 Linux Kernel 3.2.9 - 1st March 2012
  3. 3.  Adobe released a security update addressing seven critical vulnerabilities in its Flash Player software on Feb 15 2012 A universal XSS bug in Flash found by Google 4 memory corruption vulnerabilities and two security bypass vulnerabilities that could lead to code execution
  4. 4.  Microsofts February Patch Tuesday Kills 21 Security Bugs 9 Security Bulletins for IE and the Windows operating system, Microsoft Office and .NET/Silverlight Four rated critical for IE Windows Kernel (MS12-008), the .NET/Silverlight (MS12-016),the Microsoft C Runtime flaw in Windows Media Player (MS12-013), DLL-preloading issue in the Color Control Panel (MS12-012) and a flaw in Visio Viewer (MS12-015) were the other issues.
  5. 5.  Google patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including $30,000 for "sustained, extraordinary" contributions to its bug-reporting program. 10 of them were "use-after-free" memory management vulnerabilities Google paid 4 outside researchers $17,500 in bounty payments Google also rewarded 3 of them with surprise bonuses of $10,000 each for "sustained, extraordinary" work - Aki Helin and Arthur Gerkis, and to "miaubiz."
  6. 6.  Offensive Security released Backtrack 5 r2 on 1st March Several new tools, upgrades to previous tools and general improvement arduino, bluelog, bt-audit, dirb, dnschef, dpscan, easy- creds, extundelete, findmyhash, golismero, goofile, ha shcat-gui, hash- identifier, hexorbase, horst, hotpatch, joomscan, killerb ee, libhijack, magictree, nipper- ng, patator, pipal, pyrit, reaver, rebind, rec- studio, redfang, se-toolkit, sqlsus, sslyze, sucrack, thc- ssl-dos, tlssled, uniscan, vega, watobo, wcex, wol- e, and xspy.
  7. 7.  Linux Kernel 3.2.9 brings the usual ARM fixes and improvements, some USB patches, ALSA updates, as well as fixes for various filesystems, like NFSv4 and eCryptfs.
  8. 8.  GitHub hacked with Ruby on Rails public key vulnerability - Egor Homakov Polish websites attacked by Anti-ACTA Hackers Microsoft India store, managed by Quasar Media, down after hackers take user data – Team EvilShadow WikiLeaks releases alleged Stratfor e-mails
  9. 9.  New Flashback Trojan variant found for OS X Nortel was penetrated by hackers for decade - Wall Street Report Facebook Spammers Use Amazons Cloud Albania is the most Malware infected Nation - Norman and Microsoft
  10. 10.  Anonymous Eavesdrops on FBI Call Anonymous takedown several Vatican Websites #AntiSec hackers deface Panda Security site to protest LulzSec arrests Anonymous Sabu was working for FBI to Trace down other LulzSec hackers
  11. 11.  Hackers steal Michael Jacksons entire back catalog from Sony Siemens and Canons Databases exploited by Team INTRA Cyber Criminals took over billion dollar of Brazilian companies – PwC
  12. 12.  Pwn2Own 2012: Google Chrome browser sandbox first to fall , IE 9 on Windows 7 SP1 hacked with two 0day vulnerabilities Russian University student Sergey Glazunov managed to execute code but not break out of the Chrome sandbox Vupen’s attack used a use-after-free bug to bypass DEP and ASLR and then a bug to bypass Chrome’s Sandbox
  13. 13. 5 member team from Vupen Security @Pwn2Own 2012 with CEO Chaouki Bekrar