In an era of fake news and constant misinformation, Facebook/Instagram/WhatsApp hoaxes have become a prime vector for malicious actors to take information from users who are willingly handing it over in the hopes of gaining goods or services in return. Gone are the days of the Nigerian Prince emails, welcome to the new age of […]
Background: While conducting a penetration test of a client’s external network, I discovered a way to enumerate users’ in ManageEngine’s ADSelfService Plus application. This allows an attacker to determine the system Admin username. Product: ManageEngine ADSelfService Plus Software Version: 5.7, build 5704 Issue: The login page is vulnerable to account enumeration. The admin login page […]
Background: While conducting a penetration test of a client’s external network, I discovered three separate instances of information disclosure in VMware’s Horizon Access Web Portal. An unauthenticated user could access information such as internal domain names, the Connection Server’s internal hostname, or the gateway’s internal IP address. Version Tested 4.7.0 CVE Number CVE-2019-5513 Security Advisoriess […]
Introduction Malicious actors have multiple ways to share data they have stolen from websites or services. Some might post to popular forums to gain notoriety while others might post anonymously to paste sites like PasteBin. Combing through all the pastes being posted is beyond the ability of humans, so I’ve created a tool that helps […]
Background While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application. Version Tested: 2.1.8 CVE Number: CVE-2019-7550 Security Advisories: None Issue When creating a new user within the application, the browser sends a GET request to the […]
From Jonathan Swift’s fake almanac in 1708 to the modern Dihydrogen monoxide joke, hoaxes have been around for as long as humans have enjoyed deceiving each other for fun. The ease of communication via technology has made hoaxes and scams even more prevalent, evolving from word-of-mouth and chain email to Instagram, WhatsApp, and Facebook. Users […]
Background In my previous life, I spent a lot of time analyzing malware and figuring out how it worked in order to defend against it. One trend that has increased across the industry is the use of fileless malware and specifically mshta.exe as a method of infection. Now that I’m on offense, I wanted to […]
Background: During a recent penetration test for a client, I came across a tool called MigrationTool from Palo Alto Networks. The tool was littered with issues, like the unauthenticated disclosure of passwords, hashes, versions, and more that were uncovered. So, what’s a TEAMARES team member to do? I quickly grabbed my screenshots and informed Palo Alto […]
Threat intelligence and penetration testing team finds local privilege escalation issue in network monitoring software Plano, TX – October 3, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced its TEAMARES threat intelligence and security research team identified a local privilege escalation vulnerability in Paessler’s PRTG Network Monitor software. The team followed standard vulnerability […]
Background: Recently I’ve seen a decent number of privilege escalations occurring on Windows due to permission issues and using symlinks. The work from Ryan Hanson from Atredis on the Cylance privilege escalation and Windows Standard Collector privilege escalation really inspired me to research more into this issue and potentially find some myself. After several weeks […]
Cisco has issued security alerts for 30 vulnerabilities across a range of its products and services, with three being ranked as critical and remotely exploitable. Some 20 different Cisco products contain a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems. READ MORE Featured in iTnews […]
Cisco published on Wednesday 30 security advisories on vulnerabilities identified in its products. Half of them are for high and critical severity bugs. Only three alerts refer to security problems with critical impact; among them is the recently disclosed remote code execution vulnerability in Apache Struts, for which several proof-of-concept exploits exist. Cisco notes that not all of its products that […]
Two high-severity vulnerabilities have been disclosed in Cisco’s security platform that could allow an attacker to gain administrative privileges – and take full control of the impacted machine. The glitches, disclosed Wednesday, affect two parts of Cisco Umbrella, a secure internet gateway that acts as a cloud-delivered security service for corporate networks. Specifically, the Cisco […]
Cisco has issued a security advisory to customers detailing a swathe of critical and highly-rated vulnerabilities which have been resolved. The security advisory documents three critical vulnerabilities, 19 bugs rated “important,” and a number of medium-severity security flaws. One of the most serious bugs is a vulnerability impacting Apache Struts 2, which was publicly disclosed in August together with […]
Threat intelligence and penetration testing team finds local privilege escalation issues in cloud-based secure internet gateway product; Cisco issues security advisory. PLANO, Texas – September 5, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced its TEAMARES threat intelligence and security research team identified local privilege escalation vulnerabilities in Cisco Umbrella. The team […]
Cisco informed customers on Wednesday that patches are available for over a dozen critical and high severity vulnerabilities affecting the company’s RV series, SD-WAN, Umbrella, and other products. Patches are also available for serious privilege escalation and information disclosure bugs in WebEx, a DoS flaw in Prime Access Registrar, a privilege escalation in Data Center […]
CVE Numbers:
CVE-2018-0437 – Cisco Umbrella ERC releases prior to 2.1.118 and Cisco Umbrella
CVE-2018-0438 – Cisco Umbrella ERC releases prior to 2.1.127
Versions Tested:
Umbrella Roaming Client 2.0.168 […]
Exploits for network devices including routers, switches, and firewalls have been around for as long as networking has been a thing. It seems like every week a researcher discloses a new vulnerability or publishes proof of concept (PoC) code online for these types of devices, and that is exactly what is happening in this article. […]
Introduction Finding Linux servers heavily reliant on Sudo rules for daily management tasks is a common occurrence. While not necessarily bad, Sudo rules can quickly become security’s worst nightmare. Before discussing the security implications, let’s first discuss what Sudo is. Defining Sudo What is Sudo? Sudo, which stands for “superuser do!,” is a program […]
In the age of the breach, it’s a safe assumption that almost every public account’s credentials have been exposed at some point. “Have I Been Pwned” (HIBP), is a database that contains usernames and other information about any compromise they come across. While available for individuals to search against, certain protections have been put in […]
