Cyber ​​Security. Weekly Review July 1 - July 7, 2013

Summary

Over the past week published information about the closure of a number of vulnerabilities. The most up-to-date update is required for HP server products.



Among the most critical vulnerabilities are remote execution of arbitrary code on the HP LeftHand Virtual SAN Appliance — server-side SAN virtualization infrastructure software for the VMware infrastructure, HP StoreOnce D2D backup system, and the HP ProCurve series of devices, as well as Apple QuickTime and Winamp products; privilege escalation in MongoDB and two remote denial of service vulnerabilities in the Linux kernel.



In open access, there are published exploits for executing arbitrary code in Winamp and Adobe Reader X, elevating privileges in Microsoft Windows, executing code and SQL injections in AVAST and Avira antivirus products, and also an exploit in the form of text SMS messages that cause a failure in phones Nokia.

')

In the statistics of mass and targeted attacks, the largest number of exploits for Java vulnerabilities, however, TOP3 includes exploits for Adobe Reader and Microsoft Office.



The materials for technical specialists include analysis of the Private Exploit Pack exploit pack, the Kuluoz trojan and the Carberp bootkit functional, as well as many descriptions of various types of vulnerabilities, as well as the basics of malware removal.



In the news - an interview with an employee of the American military cyber division, news about the creation of a similar division of the Ministry of Defense of the Russian Federation, a report on the study of the cyber-crime service market from McAfee, vulnerability threatening with the potential compromise of 99% of Android devices and the black market study of Twitter followers.



The full version of the report is available at the link in PDF format.