Security News #0x78
- The Metasploit blog discusses two privilege escalation attacks on Internet Explorer- one based on MS 13-097 and the other based on MS 14-009.
- It looks like there is a flaw in PHP that could potentially result in the leak of the system’s underlying SSL private key. The underlying problem is CVE 2014-4721.
- There is an exploitable race condition in the Nagios Plugin
check_dhcp 2.0.2. The exploit page lists this as CVE 2014-4703, but it has not yet been assigned by the folks at MITRE.
- Metasploit has added a module to attack the WordPress MailPoet plugin (prior to 2.6.8). The attack allows for remote file injection.
- Do you want to learn more about Burp Suite? The folks at PenTestGeek have a tutorial.
- SpiderLabs has a nice tutorial on the use of Honeytraps with ModSecurity.
- Details of the Futex vulnerability (CVE 2013-3153) can be found over at Tinyhack.com.
- It appears that the Cisco Unified Communications Domain Manager shipped with default SSH keys that allows for remote access. Take a look at the Cisco vulnerability announcement and the coverage from Ars Technica.
- Would you like to hack into an Internet conencted light bulb?