Cyber ​​Security. Weekly Review June 17 - June 23, 2013

Summary

Over the past week published information about closing a variety of vulnerabilities. The most up-to-date update is required for Oracle products: published information about closing multiple Java vulnerabilities.

Among the most critical vulnerabilities are remote execution of arbitrary code in the protection products Symantec Endpoint Protection and ClamAV, Huawei routers and server firmware from HP; privilege escalation in the FreeBSD OS.

The open access contains exploits for remote code execution for Winamp and PEiD (important for virus analysts), privilege elevation in the Novell Client, and also 2 exploits to the privilege elevation vulnerability in FreeBSD.
')
In the statistics of mass and targeted attacks, an exploit for the Java vulnerability CVE-2012-1723 shows significant growth.

The materials for technical specialists include analyzing the password storage system in popular browsers, exploiting vulnerabilities in the McAfee ePolicy Orchestrator control interface, working with Cuckoo Sandbox and Metasploit.

In the news - Microsoft's Bug Bounty program, Facebook user data leakage and a new fraud method in US banks.

The full version of the report is available at the link in PDF format.