Hackin9

InfoSec News

MySQL MyISAM Table Symbolic Link CVE-2012-4452 Local Privilege Escalation Vulnerability
 
ProFTPD Race Condition Local Privilege Escalation Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Richard Porter --- ISC Handler on Duty



(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle released two out-of-band patches on Sunday for vulnerabilities in its Java programming language, both of which pose a high risk to users browsing the web.
 

The Age

How to strengthen your computer defences
The Age
However, he also notes that the "most important resource you can have is a professional trained in infosec". "This not something you can just do from a checklist," he said. For those banking, financial services and insurance organisations covered by ...

and more »
 

Oracle has released Java Update 11 which addresses the 0-day vulnerability referenced CVE-2013-0422.

Release notes are available on the Oracle Web Site.

The release also contains a reminder to reactivate your Java installation in the control panel if you turned it off, or to reactivate it in Firefox. Watch for the rush now.

Thanks to Michael and PSZ for the heads-up.

Steve


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The latest critical vulnerability in Java to be exploited through the browser sees Mozilla and Apple moving quickly to block Java in the browser. US and German security authorities say users should disable Java plugins now
 

A handlers shift usually doesnt go by without Roseman writing in telling us that Microsoft have released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced:




Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug.

Procdump v5.12: This Procdump update fixes a bug introduced in v5.11 where it doesnt save information required by the !runaway debugger command.

SDelete v1.61: SDelete v1.61 fixes drive letter syntax consistency in its parsing of command line arguments.


Steve
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
With its patch update next Tuesday, Oracle plans to close a total of 86 holes in its software. 18 vulnerabilities were discovered in the free MySQL relational database alone; two of these can be exploited without authentication


 
Internet Storm Center Infocon Status