Banglore null Monthly Meet - March 2012

1. Riyaz Walikar
Null Meet - 10th March 2012

2.  Adobe Patches Zero-Day XSS Flaw, Six Other
Bugs in Flash Player
 Microsoft's February Patch Tuesday Kills 21
Security Bugs
 Google patches 14 vulnerabilities in Chrome
 Offensive Security Release Backtrack5 R2
 Linux Kernel 3.2.9 - 1st March 2012

3.  Adobe released a security update addressing
seven critical vulnerabilities in its Flash Player
software on Feb 15 2012
 A universal XSS bug in Flash found by Google
 4 memory corruption vulnerabilities and two
security bypass vulnerabilities that could lead
to code execution

4.  Microsoft's February Patch Tuesday Kills 21 Security
Bugs
 9 Security Bulletins for IE and the Windows operating
system, Microsoft Office and .NET/Silverlight
 Four rated critical for IE
 Windows Kernel (MS12-008), the .NET/Silverlight
(MS12-016),the Microsoft C Runtime flaw in Windows
Media Player (MS12-013), DLL-preloading issue in the
Color Control Panel (MS12-012) and a flaw in Visio
Viewer (MS12-015) were the other issues.

5.  Google patched 14 vulnerabilities in Chrome and handed
out a record $47,500 in rewards to researchers, including
$30,000 for "sustained, extraordinary" contributions to its
bug-reporting program.
 10 of them were "use-after-free" memory management
vulnerabilities
 Google paid 4 outside researchers $17,500 in bounty
payments
 Google also rewarded 3 of them with surprise bonuses of
$10,000 each for "sustained, extraordinary" work - Aki
Helin and Arthur Gerkis, and to "miaubiz."

6.  Offensive Security released Backtrack 5 r2 on 1st March
 Several new tools, upgrades to previous tools and
general improvement
 arduino, bluelog, bt-audit, dirb, dnschef, dpscan, easy-
creds, extundelete, findmyhash, golismero, goofile, ha
shcat-gui, hash-
identifier, hexorbase, horst, hotpatch, joomscan, killerb
ee, libhijack, magictree, nipper-
ng, patator, pipal, pyrit, reaver, rebind, rec-
studio, redfang, se-toolkit, sqlsus, sslyze, sucrack, thc-
ssl-dos, tlssled, uniscan, vega, watobo, wcex, wol-
e, and xspy.

7.  Linux Kernel 3.2.9 brings the usual ARM fixes
and improvements, some USB patches, ALSA
updates, as well as fixes for various
filesystems, like NFSv4 and eCryptfs.

8.  GitHub hacked with Ruby on Rails public key
vulnerability - Egor Homakov
 Polish websites attacked by Anti-ACTA Hackers
 Microsoft India store, managed by Quasar
Media, down after hackers take user data – Team
EvilShadow
 WikiLeaks releases alleged Stratfor e-mails

9.  New Flashback Trojan variant found for OS X
 Nortel was penetrated by hackers for decade
- Wall Street Report
 Facebook Spammers Use Amazon's Cloud
 Albania is the most Malware infected Nation -
Norman and Microsoft

10.  Anonymous Eavesdrops on FBI Call
 Anonymous takedown several Vatican
Websites
 #AntiSec hackers deface Panda Security
site to protest LulzSec arrests
 Anonymous Sabu was working for FBI to
Trace down other LulzSec hackers

11.  Hackers steal Michael Jackson's entire back
catalog from Sony
 Siemens and Canon's Databases exploited by
Team INTRA
 Cyber Criminals took over billion dollar of
Brazilian companies – PwC

12.  Pwn2Own 2012: Google Chrome browser
sandbox first to fall , IE 9 on Windows 7 SP1
hacked with two 0day vulnerabilities
 Russian University student Sergey Glazunov
managed to execute code but not break out of
the Chrome sandbox
 Vupen’s attack used a use-after-free bug to
bypass DEP and ASLR and then a bug to bypass
Chrome’s Sandbox

13. 5 member team from Vupen Security @Pwn2Own 2012 with CEO Chaouki Bekrar