As a web application penetration tester, I commonly come across applications using outdated software components, sometimes just a few versions behind, other times several years out of date. This issue […]

As a web application penetration tester, I commonly come across applications using outdated software components, sometimes just a few versions behind, other times several years out of date. This issue […]
Threat actors thrive on stolen credentials, and enterprise emails are often their top prize. While much attention is given to zero-days and vulnerabilities, leaked credentials from third-party data breaches are […]
Organizations are continuing to grapple with a cybersecurity talent shortage during a time of rapid growth of AI-driven threats. The rise in AI usage applies not only to security teams […]
On a recent internal penetration test, I was able to obtain Domain Admin privileges in a segmented network by calling on my ancient digital forensics skill set. I got my […]
This is the second installment of the Exploiting Unitrends series and will focus on several critical unauthenticated SQL Injection vulnerabilities leading to remote code execution.
Multiple vulnerabilities were discovered in the Unitrends Backup appliance and client software. An attacker with network access to the management interface or backup ports on the client or server could be exploited to compromise the machine. Both suffer from critical remote code execution vulnerabilities.
When it comes to security incidents involving malware, most of us rely on the information provided by the investigating firm to understand what the malware does, why it does it, […]
Versions Tested: Aviatrix Cloud Controller UserConnect-5.3.1516 Aviatrix VPN Client 2.8.2 Product: https://aviatrix.com/cloud-network-platform/ Security Advisories: https://docs.aviatrix.com/HowTos/security_bulletin_article.html Summary: CyberOne discovered multiple vulnerabilities in the Aviatrix Cloud Controller appliance v5.3.1516 and Aviatrix VPN client v2.8.2 […]
Summary: VMware Fusion contains a local privilege escalation vulnerability that allows an attacker to inject a malicious path into the system-wide PATH environment variable. Versions Tested: VMware Fusion Professional v15.5.5 […]
Versions Tested: Product: https://mofinetwork.com/ CVE Numbers: Summary: Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE. The initial […]