Security News #0x0E
- There is a new vulnerability in Adobe Flash prior to 126.96.36.199. The issue, CVE-2012-0779, is apparently currently being exploited in targeted attacks through e-mail on Windows systems.
- Last week we mentioned CVE-2012-1823, the PHP CGI vulnerability.
- Exploits for that flaw are now well publicized; exploit-db has code, Eric Romang has a video demo of the metasploit module in use, and TrustWave SpiderLabs has an example.
- The folks at Dis9 have a post on an nmap script to check for vulnerable targets.
- Threatpost has the news of an updated patch to solve the problem.
- WebGoat is a deliberately insecure web application for folks to learn how to attack web sites. A new version (5.4) was released at the end of April.
- Did you know you can use metasploit to run programs entirely from memory so that they do not touch the disk?
- While metasploit is on our mind, here is an exploit from last month for Firefox 7, 8 (≤ 8.01).
- CharmSec is a meetup of information security professionals in Baltimore. The next meeting is Thursday, May 31.
- Speaking of local meetings, you might also be interested in Unllocated Space in Severn, MD. They are holding a mini-con on May 19, and are looking for speakers.