Home > Uncategorized > Security News #0x35- Raise your hand if you haven’t been hacked lately

Security News #0x35- Raise your hand if you haven’t been hacked lately

Who has been hacked lately?

I guess I don’t have to worry about my students being unable to find opportunities to find work…

In other news-

  • There is a zero-day exploit affecting the latest versions of Adobe Reader, found by FireEye, though details are still sketchy. As yet, there is no patch.
  • While we are talking about .pdf vulnerabilities, it should be noted that Metasploit has a new module to exploit Foxit Reader; the exploit was tested on Foxit on Windows 7 SP1 and Firefox 18.0.
  • CVE 2013-0025 is a vulnerability in Internet Explorer 8 that allows for remote code execution. The folks at Metasploit have a module to exploit the problem on Windows XP SP3.
  • There is a PoC for CVE 2013-0871 that allows for privilege escalation on a Linux system.
  • If you are learning a bit about exploitation and penetration testing, then you really need to learn how not to exploit a box. Really- if you are a student, then Read This.
  • If you want to learn how to analyse malware, take a look at the blog post at Malware Must Die, where they take a look at a piece of Flash to exploit CVE 2013-063, a vulnerability in Adobe Flash Player before and 11.x before 11.5.502.149 (on Windows). You may want to read the corresponding Adobe Security Bulletin.
  • Azimuth discusses some of the techniques Evasi0n used to jailbreak the latest iOS 6.x.
  • Patrick Horgan has a nice piece that shows what happens to a Linux program before it gets to main(). Definitely worth reading!
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: