Cyber Security. Weekly Review June 3 - June 9, 2013
We present an analytical report on current cyber-threats and news, which is weekly prepared by our company employees.
The main objectives of the report are to increase the awareness of specialists about current technologies and trends in cyber threats and offer recommendations on prioritizing operational tasks of information protection.
The report will be useful in and recommended for study by specialists and information security managers, system administrators, engineers, as well as all professionals who should always be aware of the main trends in cyber security.
')
Over the past week published information about closing a variety of vulnerabilities. The most rapid update is required for 5 critical vulnerabilities, one of which has already been developed and published an exploit.
The most critical vulnerabilities are remote execution of arbitrary code on Mac OS X, Apple QuickTime and Google Chrome; remote denial of service in MongoDB and OpenSSL.
Openly published 7 exploits, including remote code exploits for Microsoft Internet Explorer 8, Oracle Java SE 7 Update 17 and Apple Mac OS X up to 10.6.8, as well as Parallels Plesk and Exim.
In the statistics of mass and targeted attacks, the percentage of JAVA-exploits has increased. No day zero exploit detected.
Materials for technical specialists include memory analysis using Volatility and a detailed analysis of buffer overflow vulnerabilities in Mac OS X, analysis of a botnet, a number of Trojans and backdoors, as well as a series of articles on working with Java bytecode.
In the news - data on the disclosure of a new cyber-spy network, details of the secret program of the NSA PRISM and the successful joint operation of Microsoft and the FBI against botnets based on Citadel.
The full version of the report is available at the link in PDF format.
Voldokhin , dukebarman and alisaesage took part in the preparation of the report.
The main objectives of the report are to increase the awareness of specialists about current technologies and trends in cyber threats and offer recommendations on prioritizing operational tasks of information protection.
The report will be useful in and recommended for study by specialists and information security managers, system administrators, engineers, as well as all professionals who should always be aware of the main trends in cyber security.
')
Summary
Over the past week published information about closing a variety of vulnerabilities. The most rapid update is required for 5 critical vulnerabilities, one of which has already been developed and published an exploit.
The most critical vulnerabilities are remote execution of arbitrary code on Mac OS X, Apple QuickTime and Google Chrome; remote denial of service in MongoDB and OpenSSL.
Openly published 7 exploits, including remote code exploits for Microsoft Internet Explorer 8, Oracle Java SE 7 Update 17 and Apple Mac OS X up to 10.6.8, as well as Parallels Plesk and Exim.
In the statistics of mass and targeted attacks, the percentage of JAVA-exploits has increased. No day zero exploit detected.
Materials for technical specialists include memory analysis using Volatility and a detailed analysis of buffer overflow vulnerabilities in Mac OS X, analysis of a botnet, a number of Trojans and backdoors, as well as a series of articles on working with Java bytecode.
In the news - data on the disclosure of a new cyber-spy network, details of the secret program of the NSA PRISM and the successful joint operation of Microsoft and the FBI against botnets based on Citadel.
The full version of the report is available at the link in PDF format.
Voldokhin , dukebarman and alisaesage took part in the preparation of the report.
Source: https://habr.com/ru/post/183276/
All Articles