Security News #0x29
- Last week the folks at Metasploit uploaded the Java Applet JAX-WS Remote Code Execution module to exploit Java up through Java 7, Update 7, using the recently patched CVE-2012-5076 flaw. Eric Romang has a demo.
- Royce Davis from Accuvant has a nice piece on a Metasploit module to remotely execute commands on a Windows system.
- The folks at Cyber Arms explain how to use Mimikatz to pull clear text passwords from a locked Windows 8 system.
- Bitdefender Labs has a nice technical piece on how Flame gets data from systems unconnected to the Internet to the worm’s command & control servers.
- Two servers at FreeBSD.org were compromised last week.