Tarlogic's Blog - Cybersecurity - Page 2

Cybersecurity articles with security analysis and ethical hacking technics information

CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer
CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer
- S.T.A².R.S Team

On May 31, 2023, Progress informed about a critical vulnerability (CVE-2023-34362) in its MOVEit Transfer software, which could potentially lead to privilege escalation and unautho[...]

Read more
CVE-2023-32353: Local privilege escalation via iTunes in Windows
CVE-2023-32353: Local privilege escalation via iTunes in Windows
- S.T.A².R.S Team

Information has been disclosed about a new high criticality vulnerability that affects the Apple iTunes software in Windows environments. This vulnerability would allow an attacker[...]

Read more
Some notes and reflections on the Terminator threat
Some notes and reflections on the Terminator threat
- José Antonio Lancharro

Throughout the week, a tool called «Terminator» has been discussed in the media, which would allow attackers to disable antivirus, EDR, and XDR platforms. Terminator utilizes a w[...]

Read more
CVE-2023-2825: Critical vulnerability affects Gitlab
CVE-2023-2825: Critical vulnerability affects Gitlab
- S.T.A².R.S Team

Information about a new critical vulnerability affecting Gitlab software has been disclosed. This vulnerability would allow a remote attacker to exploit a path traversal problem to[...]

Read more
CVE-2023-32233: Privilege escalation in Linux Kernel due to a Netfilter nf_tables vulnerability
CVE-2023-32233: Privilege escalation in Linux Kernel due to a Netfilter nf_tables vulnerability
- S.T.A².R.S Team

Recently, a user-after-free vulnerability (CVE-2023-32233) has been published that would allow unprivileged local users to obtain root permissions on Linux Kernel versions 6.3.1 an[...]

Read more
CVE-2023-27363: Proof of concept for remote code execution in Foxit Reader
CVE-2023-27363: Proof of concept for remote code execution in Foxit Reader
- S.T.A².R.S Team

Following the initial announcement of a critical vulnerability (CVE-2023-27363) which allows remote code execution in Foxit Reader, a functional proof-of-concept has recently been [...]

Read more
Fancy Bear and where to find them
Fancy Bear and where to find them
- Ana Junquera Méndez

Spain has been targeted by several APT (Advanced Persistent Threat) recently [1], amongst which we can find APT-28, also known as Fancy Bear. This group has many different names, d[...]

Read more
BlueTrust, goodbye to Bluetooth privacy
BlueTrust, goodbye to Bluetooth privacy
- Antonio Vázquez, David Sandoval and Jesús María Gómez

BlueTrust is the name of a new technique developed by Tarlogic that makes it possible to discover trust relationships between Bluetooth devices to obtain data of interest about the[...]

Read more
IoT Security assessment
IoT Security assessment
- David Sandoval

Discover the IoT security assessment with best practice guides on each of the different stages of an IoT security audir that we have discussed in previous OWASP FSTM methodology ar[...]

Read more
OWASP FSTM, Stage 9: Exploitation of executables
OWASP FSTM, Stage 9: Exploitation of executables
- Jesús María Gómez Moreno, Fran Álvarez Wic, Antonio Vázquez, David Sandoval

Exploitation of executables is the final step in a firmware analysis, in which an exploit is developed for a vulnerability discovered in earlier phases Vulnerability exploitation o[...]

Read more
1 2 3 4 5 11
Advanced penetration testing services