Cyber ​​Security. Weekly Review June 24 - June 30, 2013

Summary

Over the past week published information about the closure of a number of vulnerabilities. The most up-to-date update is required for Mozilla products.

The most critical vulnerabilities are remote execution of arbitrary code in Mozilla Firefox and Thunderbird, as well as VMware vCenter Chargeback Manager; privilege escalation through the Mozilla Maintenance Service.

Open source publishes PHP exploits for Plesk and the Carberp web control panel, the source codes of which were published for open access; privilege elevation in the Novell Client; and a new exploit for FreeBSD privilege escalation vulnerability, which was reported last week.
')
In the statistics of mass and targeted attacks, exploits for Java vulnerabilities are in the lead, but the exploit for vulnerability CVE-2010-0188 (Adobe Reader) was in the first place in the number of detections.

The materials for technical specialists include analysis of the features and vulnerabilities of the Carberp Trojan, Neutrino and Styx exploit packs, utilities and cheatsheet for various practical security tools, and a description of how to get system rights from the Recovery mode in Windows 7.

In the news - a description of the logical vulnerability in the authorization procedure on Facebook, details and results of the leak of Carberp source codes, a targeted attack and a stolen certificate from Opera Software, as well as new information about Chinese hacker groups.

The full version of the report is available at the link in PDF format.