Vulnerabilities & Patches
Hash collisions vulnerability in several programming languages including PHP, Java, ASP.NET, Ruby, JavaScript, allow DOS attacks on web servers  
Microsoft released out-of-band patch fixing .NET critical DOS vulnerability 
PHP 5.4.0 RC4 released, fixing critical DOS vulnerability 
Vulnerability in Wi-Fi Protected Setup (WPS) used to automatically configure new wireless networks in SOHO devices including D-Link, Linksys, and Netgear,.Disable WPS   
Cyber Crime & Incidents
Hackers Release More Stratfor Breach Data  
Indian Stock market Website hacked, defaced and data leaked 
Indonesian hacker defaced 6 Siemens websites 
Special Forces Gear, military and law enforcement equipment supplier Hacked, customers database leaked 
California Law enforcement Association website defaced 
18 million users details leaked from Care2, the biggest environmental activism website 
jQuery Powered Malware  
Malicious Password-protected Documents used in Targeted Attacks 
Herpes Botnet, Analysis 
PGP short key IDs are insecure 
Heap overflow 
Stuxnet/Duqu: The Evolution of Drivers 
Asafaweb, ASP.NET configuration vulnerabilities online scanner 
Mobiusft, Python-based Forensics framework that manages cases and case it 
WeBaCoo (Web Backdoor Cookie) is a tiny stealth PHP backdoor 
Cuckoo Sandbox v0.3, automated malware analysis system 
Bluelog, Linux Bluetooth scanner to log devices that are in discoverable mode 
Ghostery, Browsers Addon, protect your privacy. See who's tracking your web browsing and block them , support several browsers. 
Reaver-wps, Brute force attack against Wifi Protected Setup (WPS) 
patator, a multi-purpose brute-forcer, with a modular design and a flexible usage. 
Event’s Materials
28C3 Chaos Communication Congress, Videos   
How governments have tried to block Tor, a look at Iran, China, and Arabic Countries  
Efficient Denial of Service Attacks on Web Application Platforms 
Analysis of Personal Information ‘Anonymous’ Attack on Stratfor 
HTML5 Web security 
Books and Magazine
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, Second Edition 
Low Tech Hacking: Street Smarts for Security Professionals 
How To
Intro to javascript malware analysis 
Exploit writing, Heap spray 
The ultimate Anti-debugging Reference 
Q-CERT Weekly Newsletter Service is prepared by Cyber Security Intelligence Team, and it is in BETA version, all concerns , recommendations and complaints are welcomed.The views and opinions expressed in media article are those of the authors and media organizations alone.

Sent to <<Email Address>> — why did I get this?
unsubscribe from this list | update subscription preferences
Q-CERT · Ministry of Transport and Communications, State of Qatar · Q-CERT · Doha · Qatar