Security News #0x79
- Metasploit has a new exploit for the WordPress plugin WPTouch. Versions less than 3.4.3 are vulnerable to an authenticated file upload attack.
- There a new tool named Exploit Suggester. If you have local unprivileged access to a Windows system, this Python script will use Microsoft’s Security Bulletin Database and the local system information to suggest potential additional exploits.
- The tool OSUETA has been released. It is designed to enumerate users on OpenSSH by exploiting the time it takes the system to respond to login requests.
- Registration for BSidesDC opens August 15. Last year, the entire first round of 400 tickets sold in less than 24 hours.
- If you want to learn more about Microsoft’s new approach to protecting the heap, check out Zhenhua ‘Eric’ Liu’s piece over at the Fortinet Blog.
- If you travel, be sure to be wary of hotel business centers. Brian Krebs reports on criminals’ use of keyloggers.