Home > Uncategorized > Security News #0x0E

Security News #0x0E

  • There is a new vulnerability in Adobe Flash prior to 11.2.202.233. The issue, CVE-2012-0779, is apparently currently being exploited in targeted attacks through e-mail on Windows systems.
  • Last week we mentioned CVE-2012-1823, the PHP CGI vulnerability.
    • Exploits for that flaw are now well publicized; exploit-db has code, Eric Romang has a video demo of the metasploit module in use, and TrustWave SpiderLabs has an example.
    • The folks at Dis9 have a post on an nmap script to check for vulnerable targets.
    • Threatpost has the news of an updated patch to solve the problem.
  • WebGoat is a deliberately insecure web application for folks to learn how to attack web sites. A new version (5.4) was released at the end of April.
  • Did you know you can use metasploit to run programs entirely from memory so that they do not touch the disk?
  • While metasploit is on our mind, here is an exploit from last month for Firefox 7, 8 (≤ 8.01).
  • CharmSec is a meetup of information security professionals in Baltimore. The next meeting is Thursday, May 31.
  • Speaking of local meetings, you might also be interested in Unllocated Space in Severn, MD. They are holding a mini-con on May 19, and are looking for speakers.
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: