4 min
Vulnerability Management
CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java
The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.
1 min
Research
A Serial Problem: Exploitation and Exposure of Java Serialized Objects
In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.
1 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup
Welcome to the last Metasploit update of the year! Since January 1st, 2015,
we've had 6364 commits from 176 unique authors, closed 1119 Pull Requests, and
added 323 modules. Thank you all for a great year! We couldn't have done it
without you.
Sounds
The sounds plugin has been around for a long time, notifying hackers of new
shells via their speakers since 2010. Recently, Wei sinn3r Chen gave it a
makeover, replacing the old robotic voice with that of Offensive Security
founder, Kali Linux Core
2 min
Patch Tuesday
R7-2015-09: Oracle Java JRE AES Intrinsics Remote Denial of Service (CVE-2015-2659)
Java 8 servers versions prior to u46 are susceptible to a remote unauthenticated
denial of service (hard crash) when used with AES intrinsics (AES-NI) CPU
extensions on supported processors. AES intrinsics are enabled by default on the
Oracle JVM if the the JVM detects that processor capability, which is common for
modern processors manufactured after 2010. For more on AES-NI, see the
Wikipedia
article [http://en.wikipedia.org/wiki/AES_instruction_set].
This issue was tracked in the OpenJDK pu
2 min
Java
Weekly Metasploit Wrapup: Remote Controlling Java Services
Java Remoting: Sign Me Up!
This is a pretty exciting week for advancing the state of the art of penetration
testing with Metasploit, thanks in large part to Juan Vazquez
[https://twitter.com/_juan_vazquez_]'s work on the new protocol-level support
for Java Remote Method Invocation (RMI). If you've never heard of it before,
it's probably because, like me, you haven't done much (or any) Java programming
since school. Java RMI is essentially a network-exposed API, usually listening
on 1617/TCP, and
2 min
Java
Oracle CPU: July 2014
Oracle's Quarterly Critical Patch Update (CPU) is never a minor event. In April
we saw 104 security issues addressed, in January it was 144. This time around
we are faced with 113 updates. These updates span the entire portfolio of
Oracle software, including the JRE, Solaris, Oracle Database, MySQL, and
numerous web and middleware products.
What stands out is the belated fix for Heartbleed in MySQL Enterprise Server,
coming fully 3 months after Oracle fixed that issue in their other products
2 min
Flash
Weekly Metasploit Update: More Meterpreters!
Meterpreter for All The Platforms
This week is pretty exciting for us, since it's not every day we give out
commit
rights [https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys] to
the Rapid7 Metasploit repo. I'm very happy to report that Tim Wright
[https://github.com/timwr] has agreed to step up and help out with moving
Meterpreter research and development forward, focusing mainly on the Java and
Android implementations.
Many Metasploit users are familiar with Meterpreter for Wi
1 min
Java
Oracle October 2013 CPU roundup
The story here is that Oracle has synced up their Java patching with the rest of
their patching cycle and, when it comes to vulnerabilities, Java always steals
the show. The CPU includes fixes for 127 vulnerabilities in Oracle products, but
aside from Java, it's mostly ho-hum, low impact stuff. There's a CVSS 8.5
vulnerability in MySQL's Enterprise Service manager, but besides the Java
patches, nothing else jumps out as particularly interesting.
The Java patches include 51 of the 127 addresse
2 min
Product Updates
Weekly Update: Sport Fishing for Exploits and Improved Java Hackery
Java Payload Cleanup
If you've been watching the Metasploit source repository
[https://github.com/rapid7/metasploit-framework/], you will have noticed some
movement in Java Payload land -- specifically, PR#1217
[https://github.com/rapid7/metasploit-framework/pull/1217], which landed this
week. Thanks to the refactoring efforts of Michael @mihi42
[https://twitter.com/mihi42] Schriel, testing by @Meatballs
[https://github.com/Meatballs1], and integration from James @egyp7
[https://twitter.com/egyp
2 min
Java
Oracle April 2013 CPU - 42 Java vulns!
Oracle Security had a busy day yesterday. They released two of their Cumulative
Patch Updates, one for Java and one for everything else that they patch. The
Java CPU contains 19 CVEs with CVSS base score of 10 (the highest you can go)
indicating that exploiting the vulnerability is not particularly challenging and
could give complete control of compromised systems. For all of these
vulnerabilities, the browser is the vector of exploit. For one of those
(CVE-2013-1537)some Java server configurat
3 min
Java
Java 7 Exploit for CVE-2013-0431 in the Wild
According to the latest news
[http://malware.dontneedcoffee.com/2013/02/cve-2013-0431-java-17-update-11.html]
, exploit kits such as Cool EK and Popads are integrating a new exploit for
Java, targeting Java 7u11. An exploit for CVE-2013-0431 has been analyzed and
shared by SecurityObscurity
[http://security-obscurity.blogspot.com/2013/01/about-new-java-0-day-vulnerability.html]
, and is also now available as a Metasploit module with some improvements for
testability. We would like to use this b
2 min
Product Updates
Weekly Update: Hollywood Hacking and More Java Exploits
Hollywood Hacking: Tapping Webcams and Mics
This week's update has two new post modules for Metasploit, which enables the
creative pen-tester to hit that creeper vibe so often missing on a typical
engagement, both by Metasploit exploit dev Wei @_sinn3r
[https://twitter.com/_sinn3r] Chen. They're both post-exploitation modules, so
they presume you already have a session on the target via some other exploit.
First up is a webcam control module, which can take a snapshot using the
target's webcam.
10 min
Exploits
New Java Modules in Metasploit... No 0 days this time
Last year Security Explorations published some awesome research
[http://www.security-explorations.com/en/SE-2012-01.html], exploring the
security state of the Java SE from Oracle, and disclosing different
vulnerabilities and exploit vectors in this software. In fact, some of the last
Java exploits found in the wild have been using techniques from the mentioned
research. Today we're publishing two new modules exploiting some of the
documented issues. In this blog post we would like to share somet
2 min
Microsoft
January is not over yet
Seems like a lot of activity already this year in the security world by way of
high profile, already being exploited vulnerabilities. First the Adobe Flash
and Acrobat/Reader fixes [/2013/01/08/adobe-joins-the-january-patching-fun],
then the Ruby on Rails exploit
[/2013/01/10/exploiting-ruby-on-rails-with-metasploit-cve-2013-0156] and now
Oracle turning around a fast fix and Microsoft delivering an out-of-band patch
for Internet Explorer.
Oracle has moved quickly to release a fix for the vuln
5 min
Metasploit
Exploit Trends: Top 10 Searches for Metasploit Modules in October
Time for your monthly dose of Metasploit exploit trends! Each month we gather
this list of the most searched exploit and auxiliary modules from the Metasploit
database. To protect users' privacy, the statistics come from analyzing
webserver logs of searches, not from monitoring Metasploit usage.
October was a quiet month for exploit headlines, so not a whole lot of action on
the list. The high traffic to Java and IE modules from their respective 0-days
settled down, so you'll see some shuffli