Adobe Patches Zero-Day XSS Flaw, Six Other Bugs in Flash Player Microsofts February Patch Tuesday Kills 21 Security Bugs Google patches 14 vulnerabilities in Chrome Offensive Security Release Backtrack5 R2 Linux Kernel 3.2.9 - 1st March 2012
Adobe released a security update addressing seven critical vulnerabilities in its Flash Player software on Feb 15 2012 A universal XSS bug in Flash found by Google 4 memory corruption vulnerabilities and two security bypass vulnerabilities that could lead to code execution
Microsofts February Patch Tuesday Kills 21 Security Bugs 9 Security Bulletins for IE and the Windows operating system, Microsoft Office and .NET/Silverlight Four rated critical for IE Windows Kernel (MS12-008), the .NET/Silverlight (MS12-016),the Microsoft C Runtime flaw in Windows Media Player (MS12-013), DLL-preloading issue in the Color Control Panel (MS12-012) and a flaw in Visio Viewer (MS12-015) were the other issues.
Google patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including $30,000 for "sustained, extraordinary" contributions to its bug-reporting program. 10 of them were "use-after-free" memory management vulnerabilities Google paid 4 outside researchers $17,500 in bounty payments Google also rewarded 3 of them with surprise bonuses of $10,000 each for "sustained, extraordinary" work - Aki Helin and Arthur Gerkis, and to "miaubiz."
Offensive Security released Backtrack 5 r2 on 1st March Several new tools, upgrades to previous tools and general improvement arduino, bluelog, bt-audit, dirb, dnschef, dpscan, easy- creds, extundelete, findmyhash, golismero, goofile, ha shcat-gui, hash- identifier, hexorbase, horst, hotpatch, joomscan, killerb ee, libhijack, magictree, nipper- ng, patator, pipal, pyrit, reaver, rebind, rec- studio, redfang, se-toolkit, sqlsus, sslyze, sucrack, thc- ssl-dos, tlssled, uniscan, vega, watobo, wcex, wol- e, and xspy.
Linux Kernel 3.2.9 brings the usual ARM fixes and improvements, some USB patches, ALSA updates, as well as fixes for various filesystems, like NFSv4 and eCryptfs.
GitHub hacked with Ruby on Rails public key vulnerability - Egor Homakov Polish websites attacked by Anti-ACTA Hackers Microsoft India store, managed by Quasar Media, down after hackers take user data – Team EvilShadow WikiLeaks releases alleged Stratfor e-mails
New Flashback Trojan variant found for OS X Nortel was penetrated by hackers for decade - Wall Street Report Facebook Spammers Use Amazons Cloud Albania is the most Malware infected Nation - Norman and Microsoft
Anonymous Eavesdrops on FBI Call Anonymous takedown several Vatican Websites #AntiSec hackers deface Panda Security site to protest LulzSec arrests Anonymous Sabu was working for FBI to Trace down other LulzSec hackers
Hackers steal Michael Jacksons entire back catalog from Sony Siemens and Canons Databases exploited by Team INTRA Cyber Criminals took over billion dollar of Brazilian companies – PwC
Pwn2Own 2012: Google Chrome browser sandbox first to fall , IE 9 on Windows 7 SP1 hacked with two 0day vulnerabilities Russian University student Sergey Glazunov managed to execute code but not break out of the Chrome sandbox Vupen’s attack used a use-after-free bug to bypass DEP and ASLR and then a bug to bypass Chrome’s Sandbox
5 member team from Vupen Security @Pwn2Own 2012 with CEO Chaouki Bekrar