Surviving the Week 8/24/12

Get Off Your AMF and Don’t REST On JSON

At “BSides Los Angeles“, I presented on “Get off your AMF and don’t REST on JSON”. This talk described how SQL Injection and other attacks remain possible with JSON, REST and AMF. The presentation can be accessed at –
http://www.manvswebapp.com/resources/Get_off_your_AMF_and_dont_REST_on_JSON.pptx

Apache Server 2.4.3 fixes over fifty bugs and two security holes

The Apache Software Foundation has released version 2.4.3 of the Apache HTTP Server, fixing over fifty bugs and closing two security holes. The two vulnerabilities are present in the mod_proxy_aip, mod_proxy_http and mod_negotiation modules. Time to patch
http://www.h-online.com/open/news/item/Apache-Server-2-4-3-fixes-over-fifty-bugs-and-two-security-holes-1672035.html

US Investigating Siemens Security Flaw

The US government is investigating claims from a cyber security researcher that flaws in software component of Siemens networking equipment could enable hackers to attack power plants and other critical systems.
http://www.stuff.co.nz/technology/gadgets/7528325/

Mystery Malware That Targeted Energy Group Contains Amateur Coding Goof

The mystery malware that recently caused havoc on energy sector computers contains an amateur programming error that’s not typical of state-sponsored attacks. As per the malware researcher “This error indirectly confirms our initial conclusion that the Shamoon malware is not the Wiper malware that attacked Iranian Systems,”
http://arstechnica.com/security/2012/08/mystery-malware-amateur-coding-error/

VMware Virtual Machines Targeted by “Crisis” Espionage Malware

Researchers have uncovered a single espionage malware attack that is capable of infecting multiple platforms, including computers running the Windows and Mac OS X operating systems, Windows-powered mobile devices, and VMware virtual machines. This may be the first malware that attempts to spread onto a virtual machine.
http://arstechnica.com/security/2012/08/crisis-espionage-malware-targets-virtual-machines/

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*