Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

2013 First Quarter Zero-Day Vulnerabilities

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse



2013 First Quarter Zero-Day Vulnerabilities

Par Symantec Connect Security Response Billets
Le [2013-04-23] à 05:41:37



Présentation : In the first quarter of 2013, we spotted quite a few zero-day vulnerabilities affecting Oracle Java, Adobe Flash, Adobe Reader, and Microsoft Internet Explorer being exploited in the wild. This blog discusses the details of these zero-days exploited to spread malware in the first quarter of 2013. Java zero-day vulnerabilities t1.png During the month of January 2013, we saw some interesting Oracle Java SE zero-day issues being actively exploited in the wild. On January 13, 2013, Oracle released a security alert for Oracle Java Runtime Environment Multiple Remote Code Execution Vulnerabilities CVE-2013-0422 to address multiple vulnerabilities in Java SE. The first vulnerability occurs in the way the public getMBeanInstantiator method in the JmxMBeanServer class is used to obtain a reference to a private MBeanInstantiator object, and then retrieving arbitrary Class references using the findClass method. The second vulnerability occurs because of using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API. Immediately, after patching CVE-2012-0422, Oracle alerted the public about Oracle Java Runtime Environment Remote Code Execution Vulnerability CVE-2012-3174 being exploited in wild to execute arbitrary code. Specifically, the issue occurs when the MethodHandle abstract class is used to invoke a method in the sun.misc.reflect.Trampoline class. This can allow the Security Manager to be bypassed. On February 1, 2013, Oracle released a massive patch update for Java SE addressing 50 vulnerabilities. The Critical Patch Update CPU was originally scheduled for February 19, however it was released well in advance because of the exploitation in the wild of one of the vulnerabilities affecting the Java Runtime Environment JRE in desktop browsers. The details about this vulnerability are currently unknown. On February 19, Oracle released an updated Critical Patch Update CPU with an additional five fixes, bringing the total of fixes in the February 2013 CPU to 55. On March 4, 2013, Oracle released yet another security alert about Oracle Java SE Remote Code Execution Vulnerability CVE-2013-1493 . This issue is prone to a remote code execution vulnerability that leads to arbitrary memory read and writes in the JVM process. This allows attackers to corrupt the memory and disable the Security Manager component. Figure1.png Figure 1. Untrusted Applet exploits a vulnerability to disable the Security Manager and access system resources The exploit conditions for all these vulnerabilities are the same i.e. they are remotely exploitable, without authentication, to execute arbitrary code in the context of the currently logged-in user. To successfully exploit the vulnerabilities, an attacker must entice an unsuspecting user into visiting a specially crafted webpage that contains a malicious applet. Successful exploits can impact the availability, integrity, and confidentiality of a user's system. Please note that these vulnerabilities do not affect Java running on servers, standalone Java desktop applications, or embedded Java applications. Adobe Flash and Adobe Reader zero-day vulnerabilities t2.png On February 7, 2013, Adobe released a security bulletin, APSB13-04, that included fixes for Adobe Flash Player Buffer Overflow Vulnerability CVE-2013-0633 and Adobe Flash Player Remote Memory Corruption Vulnerability CVE-2013-0634 which also affected the Adobe Flash application. These vulnerabilities were exploited in targeted attacks through spear phishing email messages targeting numerous industries. CVE-2013-0633 is a remote buffer-overflow vulnerability and CVE-2013-0634 is a remote memory-corruption vulnerability. An attacker can exploit these issues and execute arbitrary code in the context of the application or cause denial-of-service conditions. The samples discovered in-the-wild were delivered by tricking users into opening a Microsoft Word document sent as an email attachment that contains malicious Flash SWF content. These issues can also be exploited by enticing a user to visit a specially crafted site. Symantec detects these threats as Bloodhound.Flash.19 and Bloodhound.Flash.20. On February 20, Adobe released a security bulletin, APSB13-07, that contained fixes for two interesting zero-day vulnerabilities, Adobe Acrobat And Reader Remote Code Execution Vulnerability CVE-2013-0640 and Adobe Acrobat And Reader Remote Code Execution Vulnerability CVE-2013-0641 , affecting Adobe Reader X. The exploit for these issues worked in the latest versions of Adobe Reader and Adobe Acrobat that were available at the time, including versions X and XI, which both have a sandbox protection feature. Figure2.png Figure 2. CVE-2013-0640 and CVE-2013-0641 vulnerabilities combine to bypass sandbox The exploit was highly sophisticated and contained multiple evasion techniques, including heavily obfuscated JavaScript, ROP-only shellcode, and a multi-staged payload. The exploit worked in two stages. The first stage exploited the first vulnerability to have a code execution inside the sandboxed process in order to drop a malicious DLL file as the payload. The second stage used this payload to exploit the second vulnerability in a broker process and bypass the sandbox protection to drop the malware. Symantec detects the malicious PDF file as Trojan.Pidief and the two dropped DLL files as Trojan.Swaylib. On February 26, 2013, the Adobe Product Security Incident Response Team PSIRT announced the availability of new security updates for Adobe Flash Player. This was the third time in February that they patched their code. The latest security bulletin, APSB13-08, addressed three Flash vulnerabilities, two of which were exploited in wild. These issues were used in targeted attacks that trick a user into visiting a site that contains malicious Flash SWF content. The exploits used for Adobe Flash Player Unspecified Security Vulnerability CVE-2013-0643 and Adobe Flash Player Remote Code Execution Vulnerability CVE-2013-0648 were designed to target the Mozilla Firefox browser. Specifically, the issue related to CVE-2013-0648 exists in the ExternalInterface ActionScript feature and CVE-2013-0643 exists because of a permissions issue with the Flash Player Firefox sandbox. Microsoft Internet Explorer vulnerability t3.png On December 27, 2012, a new Internet Explorer zero-day vulnerability was discovered being exploited in wild. Although this is not a 2013 zero-day, the exploitation of this issue continued into the first quarter of 2013. On January 14, 2013, Microsoft released a security bulletin containing fixes for this issue. The vulnerability occurred because of a user-after-free error when handling the CButton object in the mshtml.dll file. Certain popular websites were compromised to host the exploit as a part of a watering hole style attack. When users visited the compromised website, their computers were infected with malware, allowing attackers to extract valuable and sensitive information. Symantec had earlier published a research document surrounding watering hole attacks The Elderwood Project detailing targets, growing trends, and attack platforms that have been seen since 2009. On March 16, 2013, we saw Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability CVE-2013-1288 being exploited in wild. The issue occurred when handling the CParaElement object that was already freed and reused later and thus triggering the vulnerability. The issue was already patched by Microsoft on March 12, 2013. Discovering new zero-days can be a costly and time consuming business for malware authors. So it is speculated that the attackers may have reverse-engineered the patches to understand this vulnerability and craft an exploit. Though most systems would have already been patched, there would still be many unpatched systems during the first few days that attackers can compromise. Conclusion In total, we observed 11 zero-day vulnerabilities exploited in the first three months of 2013 affecting Oracle Java, Adobe Flash, Adobe Reader, and Microsoft Internet Explorer, which is quite high. This shows an increase in the finding and exploiting of zero-days. Plus the issues were discovered in popular applications allowing for maximum damage. Most of these flaws can be exploited over the Internet by enticing users to visit a site hosting the exploit. We also observed the attackers have started digging deeper to find vulnerabilities in the sandbox protection features of applications in order to bypass the restrictions for complete exploitation. A number of these flaws are used in different exploit kits and sold on the underground market. Symantec recommends users to follow these best security practices Ensure all applications are up to date with the latest security patches. Even though a zero-day exploit cannot be patched, the latest updates will provide protection from previously disclosed vulnerabilities. Ensure antivirus and IPS definitions are up-to-date. Avoid visiting sites of questionable integrity. Avoid opening files provided by untrusted sources. Implement multiple redundant layers of security such as non-executable and randomly mapped memory segments that may hinder an attacker's ability to exploit vulnerabilities.

Les mots clés de la revue de presse pour cet article : zero-day
Les éléments de la revue Twitter pour les mots clé : zero-day



AddThis Social Bookmark Widget



Les derniers articles du site "Symantec Connect Security Response Billets" :

- What you need to know about election apps and your personal data
- Microsoft Patch Tuesday April 2016
- New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits
- Latest Intelligence for March 2016
- New Flash zero-day exploited by attackers in the wild
- Samsam may signal a new trend of targeted ransomware
- Four tax scams to watch out for this tax season
- Most prevalent Android ransomware in the West arrives in Japan
- Taiwan targeted with new cyberespionage back door Trojan
- Seven Iranians charged in relation to cyberattacks against US




S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]



Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :