Application Security this Week for August 19

Trend Micro found a really interesting use-after-free vulnerability in the VBScript engine in IE.  Now, before you giggle, think of all of the companies that have standardized on IE. They are out there. Either way, the finding is cool.

https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/

Username enumeration bug discovered in OpenSSH of all things.

http://seclists.org/oss-sec/2018/q3/124

Ever seen a scanner point out that a site is vulnerable to DNS Rebinding, and wonder what the heck it was talking about?  Yeah me too.  These folks wrote up a framework for it.

https://github.com/nccgroup/singularity

Here is a password list sorted by probability. Remember that training course when I said you should check your new passwords against a list of known bad values, because NIST said to? Here ya go. The esteemed Jim Fenton recommends checking against the first 100,000. Neat project.

https://github.com/berzerk0/Probable-Wordlists