WebExec - an authenticated RCE vulnerability in Cisco WebEx client Security News & Discussion

---

• WebExec - an authenticated RCE vulnerability in Cisco WebEx client
• FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise
• Command and Control via DNS over HTTPS (DoH) for Cobalt Strike
• Multiple 0days used by Magecart
• Mac malware intercepts encrypted web traffic for ad injection
• Embedding Meterpreter in Android APK
• Windows 2000 SP servicing history
• HoneyProcs : Going Beyond Honeyfiles for Deception on Endpoints
• Reverse Engineering ESP8266 Firmware (Part 1)
• jQuery-File-Upload <= 9.x Remote Code Execution (ImageMagick/Ghostscript)
• Nessus 8.0 released
• PhishAPI Tool - Rapid Deployment of Fake Sites and Maldocs with Notifications!

WebExec - an authenticated RCE vulnerability in Cisco WebEx client Posted: 24 Oct 2018 09:26 AM PDT Hey all, During a pentest a couple months back, me and my coworker (/u/jeffmcjunkin) stumbled upon an 0-day in Cisco WebEx. It's neat because it's a remote code execution vulnerability in a client-side app due to bad ACLs. We wrote a high level doc about it, and also a deep dive into why it works. You can also find Nmap scripts to check for it (already pushed to svn) as well as Metasploit modules to exploit it (in a metasploit fork) linked from there. I thought you guys would be interested! Please patch! submitted by /u/iagox86 [link] [comments]

FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise Posted: 24 Oct 2018 02:14 AM PDT submitted by /u/IamNullByte [link] [comments]

Command and Control via DNS over HTTPS (DoH) for Cobalt Strike Posted: 24 Oct 2018 06:29 AM PDT submitted by /u/ratfmuser [link] [comments]

Multiple 0days used by Magecart Posted: 24 Oct 2018 02:31 AM PDT submitted by /u/dtdn [link] [comments]

Mac malware intercepts encrypted web traffic for ad injection Posted: 24 Oct 2018 01:13 PM PDT submitted by /u/EvanConover [link] [comments]

Embedding Meterpreter in Android APK Posted: 24 Oct 2018 12:40 AM PDT submitted by /u/CyberBullets [link] [comments]

Windows 2000 SP servicing history Posted: 24 Oct 2018 12:52 PM PDT submitted by /u/yuhong [link] [comments]

HoneyProcs : Going Beyond Honeyfiles for Deception on Endpoints Posted: 24 Oct 2018 09:01 AM PDT submitted by /u/anoopsaldanha [link] [comments]

Reverse Engineering ESP8266 Firmware (Part 1) Posted: 24 Oct 2018 04:52 AM PDT submitted by /u/BoredPentester [link] [comments]

jQuery-File-Upload <= 9.x Remote Code Execution (ImageMagick/Ghostscript) Posted: 23 Oct 2018 10:47 PM PDT submitted by /u/Ambulong [link] [comments]

Nessus 8.0 released Posted: 24 Oct 2018 10:44 AM PDT submitted by /u/Neo-Bubba [link] [comments]

PhishAPI Tool - Rapid Deployment of Fake Sites and Maldocs with Notifications! Posted: 23 Oct 2018 11:19 PM PDT submitted by /u/IndySecMan [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States