Blog
When it comes to security incidents involving malware, most of us rely on the information provided by the investigating firm to understand what the malware does, why it does it,
Vulnerability Management concepts are changing. The idea that vulnerability management is limited to scanning alone is being replaced with a wider and more comprehensive view. It’s now transforming to a
Versions Tested: Aviatrix Cloud Controller UserConnect-5.3.1516 Aviatrix VPN Client 2.8.2 Product: https://aviatrix.com/cloud-network-platform/ Security Advisories: https://docs.aviatrix.com/HowTos/security_bulletin_article.html Summary: CyberOne discovered multiple vulnerabilities in the Aviatrix Cloud Controller appliance v5.3.1516 and Aviatrix VPN
Summary: VMware Fusion contains a local privilege escalation vulnerability that allows an attacker to inject a malicious path into the system-wide PATH environment variable. Versions Tested: VMware Fusion Professional v15.5.5
When CyberOne began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory, we initially started by reading the advisory and mitigation steps, which contained minimal details but
Many organizations are shocked to learn their systems have been breached, with attackers having exposed vulnerabilities. However, you can defend your organization against these threats by taking some proactive measures.
Versions Tested: GlobalProtect App < 5.1.4 on Windows GlobalProtect App < 5.0.10 on Windows Product: https://www.paloaltonetworks.com/products/globalprotect Security Advisories: https://security.paloaltonetworks.com/CVE-2020-2032 CVE Numbers: CVE-2020-2032 CVSS Score: 7.0 CWE: CWE-367 Time-of-check Time-of-use (TOCTOU)
Missing HttpOnly flags on cookies are a common finding in Web Application penetration testing. Many times, there is confusion surrounding whether it is necessary to enable this flag though. However,