About Administrador

This author has not yet filled in any details.
So far Administrador has created 186 blog entries.

Bluetooth vulnerabilities in smart locks

By |29 Sep. 2023|

Detecting and mitigating Bluetooth vulnerabilities in smart locks is critical to securing these IoT devices A smart lock is an IoT device that facilitates access by opening a door without the need for a physical key. In this second part of the analysis of a smart lock, we will focus on evaluating Bluetooth communications. We analyze the security of Bluetooth and the communications of a Yale Linus smart lock and tell you about the identified security problems. The importance of evaluating this mechanism lies in the fact that the smart lock we are analyzing is controlled from a mobile phone via Bluetooth. There are several vulnerabilities in Bluetooth technology. While BIAS and KNOB are the ones that have received the ...

> Read More
Comments Off on Bluetooth vulnerabilities in smart locks

Hardware vulnerabilities in smart locks

By |21 Sep. 2023|

We evaluate the hardware security level of the smart locks, disassembling one and analyzing the elements that make it up We got our hands on a Yale Linus smart lock, one that you can operate from your smartphone, so we thought it was an excellent opportunity to practice many of the hardware hacking concepts and IoT security testing methodologies we have seen here in the past. Over the following few articles, we will walk through the security assessment process of smart locks and tell you our conclusions. Obtaining information for hardware analysis of smart locks The existence of design flaws in the hardware can make a smart lock no longer secure. This security breach would allow us to interact with ...

> Read More
Comments Off on Hardware vulnerabilities in smart locks

CVE-2023-4863: Heap buffer overflow in Google libwebp (WebP)

By |19 Sep. 2023|

The vulnerability CVE-2023-4863 is found in the open source Libwebp library and affects browsers such as Mozilla, Chrome and Edge On September 6th, 2023 Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at the University of Toronto reported a critical vulnerability affecting an image compression library used in Chromium and other software solutions that support WebP images. WebP is an image format that offers superior lossless and lossy compression for images on the Web. Thanks to WebP, developers and webmasters have the ability to generate more compact, high-quality images, which leads to a significant improvement in the loading speed of web pages. Google developed an open source library for manipulating images in WebP format, known as Libwebp, providing ...

> Read More
Comments Off on CVE-2023-4863: Heap buffer overflow in Google libwebp (WebP)

CVE-2023-35082: Unauthenticated API Access Vulnerability in MobileIron Core

By |7 Aug. 2023|

CVE-2023-35082 is a critical vulnerability that allows access to APIs in older versions of MobileIron Core Ivanti is having a tough time as another critical vulnerability has been reported after the latest incident. This time, it's the CVE-2023-35082 vulnerability, which affects older and unsupported versions of MobileIron Core. MobileIron Core is an unsupported product used for managing mobile devices such as phones and tablets. CVE-2023-35082 allows unauthenticated attackers to access the API in older versions of MobileIron Core (11.2 and earlier). This means a cybercriminal could gain access to API endpoints on the exposed management server without the need for authentication. With this access, an attacker could potentially disclose personal data or make modifications to the platform. Furthermore, the attacker ...

> Read More
Comments Off on CVE-2023-35082: Unauthenticated API Access Vulnerability in MobileIron Core

CVE-2023-35078: Remote authentication bypass in Ivanti EPMM API

By |2 Aug. 2023|

CVE-2023-35078 is a critical vulnerability that allows access to restricted functionality of Ivanti mobile management software A new critical vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability, identified as CVE-2023-35078, affects all supported versions, including versions 11.10, 11.9, and 11.8. Older versions are also at risk. Ivanti Endpoint Manager Mobile (Ivanti EPMM) is mobile management software that allows companies to manage mobile devices, applications, and content. CVE-2023-35078 is an authentication bypass vulnerability in Ivanti EPMM that allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is rated as critical and has been given a maximum CVSS score of 10. Main characteristics The main ...

> Read More
Comments Off on CVE-2023-35078: Remote authentication bypass in Ivanti EPMM API

CVE-2023-3519: 0-day vulnerability exploited the wild in Citrix NetScaler

By |20 Jul. 2023|

On July 18, 2023, Citrix released information and updates to address a critical vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway.  This vulnerability allows unauthenticated remote code execution on affected systems. In addition, two other vulnerabilities, Cross-Site-Scripting (CVE-2023-3466) and elevation of privilege (CVE-2023-3467), have been patched in the updates. Citrix NetScaler ADC is an Application Delivery Controller built to optimize, manage and protect Layer 4 to Layer 7 (L4-L7) network traffic. Although no specific details about the vulnerability have been published, it has been known that it is being actively exploited, so an urgent update of the affected assets is needed. CVE-2023-3519 main characteristics The following are the key characteristics of this vulnerability: CVE Identifier: CVE-2023-3519 CVSS Value: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...

> Read More
Comments Off on CVE-2023-3519: 0-day vulnerability exploited the wild in Citrix NetScaler

CVE-2023-33299: Unauthenticated remote code execution vulnerability in FortiNAC

By |30 Jun. 2023|

On June 19, 2023, Fortiguard published the information and updates to fix a critical vulnerability (CVE-2023-33299) in its FortiNAC software, which can allow an unauthorized access on affected systems through the deserialization of untrusted data in the network service on port 1050/TCP. FortiNAC defines itself as a zero-trust access solution that oversees and protects all digital assets connected to the enterprise network. It can be provided as a hardware appliance or as a virtual machine. Between its use cases, this solution can: Perform inventory management, providing visibility over the assets connected to the network, classifying and monitoring them. Identifies security events and allows automations such as notifications to the admins or mitigation measures. Manage rule-based security policies to perform network ...

> Read More
Comments Off on CVE-2023-33299: Unauthenticated remote code execution vulnerability in FortiNAC

The ins and outs of BlueTrust, a Bluetooth vulnerability

By |23 Jun. 2023|

BlueTrust is a Bluetooth vulnerability that allows information about devices and users to be obtained and trust relationships to be traced BlueTrust is a mechanism for discovering trust relationships between Bluetooth devices discovered by Tarlogic, which allows tracing networks of devices and obtaining information about their usage and users. In the previous post about BlueTrust, a Bluetooth vulnerability, we presented the research conducted by the Tarlogic Innovation team and the proof of concept that resulted from it. In this article, we continue detailing how the Bluetooth vulnerability works and the steps that have been necessary to implement it. BlueTrust relies on the findings of research into the BIAS and KNOB vulnerabilities in Bluetooth. As we mentioned in the article BlueTrust, ...

> Read More
Comments Off on The ins and outs of BlueTrust, a Bluetooth vulnerability

CVE-2023-27997: Fortinet Fortigate SSL VPN Pre-Auth RCE critical vulnerability

By |16 Jun. 2023|

Details have been disclosed about a critical vulnerability (CVE-2023-27997) affecting Fortinet Fortigate devices with exposed SSL VPN services. This vulnerability, which does not require prior authentication, would allow a remote attacker to execute code on the device by exploiting a heap-based buffer overflow. This vulnerability exploits the possibility of redirecting the execution flow by sending a specially crafted payload, which's size is not properly checked, and which would corrupt the heap memory area of the device, allowing arbitrary code to be executed or causing a denial of service. This would seriously affect the confidentiality, integrity and availability of the device. Fortinet is a U.S. multinational company headquartered in Sunnyvale, California. It develops and markets cybersecurity software, devices and services, such ...

> Read More
Comments Off on CVE-2023-27997: Fortinet Fortigate SSL VPN Pre-Auth RCE critical vulnerability

CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer

By |8 Jun. 2023|

On May 31, 2023, Progress informed about a critical vulnerability (CVE-2023-34362) in its MOVEit Transfer software, which could potentially lead to privilege escalation and unauthorized access on affected systems through SQL injection (SQLi) in the MOVEit Transfer web application. MOVEit Transfer is a software developed by Progress Software that provides secure collaboration and automated file transfers for sensitive data. It is widely used by numerous organizations globally. Depending on the database engine used, such as MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to gain access to the database's structure and contents, and even execute SQL statements to modify or delete data. It is important to note that these attacks can occur over protocols like HTTP ...

> Read More
Comments Off on CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

Cookies policy