Researchers at a conference in Norway have uncovered a new piece of OS X malware which attempts to present itself to systems as a signed and authorised application.
iTunes 11.0.3 is the latest version of Apple's media player & digital distribution storefront for Macs and Windows computers.
Anonymous' highly publicized Operation USA has not been the resounding success they expected it to be.
Google has been asked to address numerous security concerns with its Glass technology by committee of US Congress members.
Several users of devices running Google's Android operating system have filed an amended version of an earlier lawsuit accusing the company of illegally collecting, and allowing others to collect, extensive amounts of mobile user data without proper notice or consent.
Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers' priorities and security professionals' concerns.
Oracle has changed the numbering of its Java security updates, prompting one expert to say, 'As if Java updates weren't confusing already.'
CORE Security launched Insight 3.0, which delivers multi-vector vulnerability assessment, asset categorization, threat simulation, penetration testing and security analytics, all in the context of network topography.
Apple has posted an update to address multiple security vulnerabilities in its iconic iTunes media player platform.
Security researchers from Damballa have found a new variant of the Pushdo malware that's better at hiding its malicious network traffic and is more resilient to coordinated takedown efforts.
The developers of the open source cloud storage and collaboration suite ownCloud have released an update to their software that closes a number of critical vulnerabilities. Version 5.0.6 of ownCloud closes holes that allowed authenticated users to inject SQL commands and execute PHP code on the server or allowed them to download other users' calendars.
Microsoft's Internet Explorer 10 is better at blocking malware downloads than rivals Chrome, Firefox, Safari and Opera thanks to superior URL and application reputation technology, a new test by NSS Labs has found. Browser security has been getting more and more layered and complex. How it works and whether it works is probably a complete mystery to even the most attentive browser users but the NSS Labs study found marked and surprising differences between the most popular browsers.
Description:
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 are prone to memory corruption vulnerability, The issue occurs due to improper processing of certain vectors used in the application. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Description:
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 are prone to memory corruption vulnerability, The issue occurs due to improper processing of certain vectors used in the application. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Description:
Memory corruption vulnerability has been discovered in Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860. The issue occurs due to an unspecified error when handling unspecified vectors. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334.
Description:
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 are prone to memory corruption vulnerability, The issue occurs due to improper processing of certain vectors used in the application. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Description:
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 are prone to memory corruption vulnerability, The issue occurs due to improper processing of certain vectors used in the application. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Description:
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 are prone to memory corruption vulnerability, The issue occurs due to improper processing of certain vectors used in the application. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Description:
Memory corruption vulnerability has been discovered in Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860. The issue occurs due to an unspecified error when handling unspecified vectors. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.
Description:
Memory corruption vulnerability has been discovered in Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860. The issue occurs due to an unspecified error when handling unspecified vectors. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335.
Description:
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 are prone to memory corruption vulnerability, The issue occurs due to improper processing of certain vectors used in the application. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Description:
Memory corruption vulnerability has been discovered in Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860. The issue occurs due to an unspecified error when handling unspecified vectors. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service (memory corruption).
Note: A different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.
Exploit of the week
We at CERTStation Labs have selected an exploit that has been released for SAP NetWeaver. The issue occurs due to an error in the 'SXPG_CALL_SYSTEM' function in the SAP SOAP RFC Service, allowing remote attackers to execute arbitrary commands.
http://www.exploit-db.com/exploits/25445/
Security tool of the week
The security tool of the week selected by CERTStation Labs is PacketFence 4.0.0. PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
http://www.packetfence.org/download/releases.html
The website selected this week by CERTStation Labs is
http://www.hackingloops.com/
HackingLoops - a useful online resource for learning Ethical Hacking. It covers wide range of information security topics including tips, password hacking along with relevant information about the latest tool. It also provides guidelines for baseline security.
