Security News #0x74
- My students know that I am a big fan of Splunk. Well, the folks at Packet Storm have an announcement of a cross site scripting vulnerability in Splunk 6.1.1. I haven’t tested it yet though….
- Sherif Eldeeb has created new Meterpreter stager with more flexible command line options.
- There is a new vulnerability in the Linksys E4200, and it looks like it may also impact other models.
- Aaron Portnoy has a nice piece at Phrack where he discusses modern exploit development. He shows how to attack Adobe Shockwave Player in a way that bypasses most modern security security features; he is able to get remote code execution on Windows 8 x64 with EMET.
- Did you know that you can run Mimikatz against the memory of a virtual machine? I didn’t!
- If you want to learn more about the CVE 2014-0196 Linux kernel privilege escalation bug, head over to Inside Security.
- If you want to learn more about the recently announced OpenSSL bug, head over to the blog post of Masashi Kikuchi, How I discovered CCS Injection Vulnerability (CVE-2014-0224).
- It looks like the folks at TrueCrypt have ceased development work and are recommending folks migrate away from the platform. Brian Krebs has some details from last month’s announcement. A new group, led by Thomas Bruderer and Jos Doekbrijder has sprung up to keep TrueCrypt going in some fashion.
- And if you ever wonder if we are going to evolve past this stage where seemingly every piece of software has a security vulnerability, here is a report of a root level exploit in
chkrootkit, a tool to check to see if an attacker has gotten root on your system. Sigh.
- And if you haven’t read Quinn Norton’s piece Everything is Broken, then let me suggest that you do so. Soon!
- Last week saw an XSS attack that hit users of TweetDeck. Even better, the attack was self-propagating; essentially it was a TweetDeck XSS virus. Of course, if you were on Twitter that day, you almost certainly saw it fly by your feed; it certainly hit mine (@MikeOLearyTU.)