We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.
Tags:
#penetrationtesting
Related Posts
Why No HTTPS? The 2021 Version
Why Companies Need to Extend Penetration Testing to OT Environments
When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs
When Bank Communication is Indistinguishable from Phishing Attacks
Welcoming the Armenian Government to Have I Been Pwned
Weekly Update 432
Weekly Update 431
Weekly Update 430
Weekly Update 429
Weekly Update 428
Weekly Update 427
Weekly Update 426
Weekly Update 425
Weekly Update 424
Weekly Update 423
Weekly Update 422
We’ve published a blog post about a vulnerability we’ve discovered in Bitwarden at the beginning of 2023. It allowed accessing data from the vault without the password in certain circumstances.
We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data.
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege escalation using world-writeable webroot. The issues can be combined to allow privileged access from a remote connection.
VBSpam tests to be executed under the AMTSO framework