Security News #0x34
- Last week we talked about a flaw in UPnP (CVE 2012-5958). Well, the Metasploit folks now have a module to exploit this problem.
- Last week we also wrote about problems with a number of DVRs (CVE 2012-1391). You guessed it- there is a Metasploit module.
- There is a potentially serious problem (CVE 2013-0249) with the cURL library; this issue was first found by Volema You may want to follow up with the announcement from the cURL folks.
- It looks like Twitter was attacked and up to 250,000 accounts compromised.
- Did you know that, for a time, the Speed Test web site apparently redirected folks to a site hosting Java malware.
- Brian Krebs reports that Bit9 was hacked and their own encryption keys used to sign malware. Ouch.
- Here is an educational story about breaking your own, forgotten, passwords.
- Victory Chebyshev has a nice description of a piece of Android malware on SecureList. Well worth reading!
- Have you ever wondered how to dump password hashes on a Windows system?