Discover critical Feeld app vulnerabilities from our pentest. See how flaws in security controls expose personal data and learn key fixes.

We layout the different levels of maturity your organization may be at in their Security Canary Maturity, as well as discussing the value in maturity models themselves.

Welcome back to another watchTowr Labs blog. Brace yourselves, this is one of our most astounding discoveries.


Summary

What started out as a bit of fun between colleagues while avoiding the Vegas heat and $20 bottles of water in our Black Hat hotel rooms…

Explore Cleafy's analysis of a newly discovered TrickMo variant, revealing enhanced malware capabilities and critical endpoints used for storing stolen credentials and data from victims. Here is the latest threat analyst report.

Misconfigurations are often the weakest link in an otherwise secure environment. One of the most dangerous yet easily overlooked…

A disclosure for an OpenSSH keystroke obfuscation bypass affecting current OpenSSH versions after 9.4.

This blog post introduces the Bounty Hunter - a novel Caldera plugin for intelligent cyber adversary emulation. Its main contribution is the emulation of complete, realistic cyber attack chains. The Plugin is available on [**GitHub**](https://github.com/fkie…

Repair functions of Microsoft Windows MSI installers can be vulnerable in several ways, for instance allowing local attackers to escalate their privileges to SYSTEM rights. This vulnerability is referenced as CVE-2024-38014.

Gamedevs of the world, unite! Your favourite language is in danger -- the l33t wrongdoers have figured out how to BYOB (Bring Your Own Bytecode) and pwn the Lua v5.4 interpreter!

CVE-2023-28324 Ivanti Endpoint Manager AgentPortal Improper Input Validation Remote Code Execution Vulnerability.

Uncover how deserialization attacks work with real-world example and learn how to mitigate their risks.

Cracking the simple encryption scheme used by Genesis Market to hunt for malicious browser extensions

In this article, we will learn that using PowerShell's CLIXML deserialization could lead to undesired effects, including remote code execution.

This blog post shows how a user with Reader-level access to an Azure API Management resource actually had the equivalent of Contributor-level access, allowing the user to read, modify and even delete configurations of the resource via the Direct Management…

In recent July Patch Tuesday Microsoft patched a vulnerability in the Microsoft Kernel driver appid.sys, which is the central driver behind AppLocker, the application whitelisting technology built into Windows.

Red Alert ICS CTF Review. Winning a black badge and breaking smart cities.

CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability and Indicators of Compromise

Protection against HTML smuggling attempts. Contribute to RootUp/SmuggleShield development by creating an account on GitHub.

Summary A vulnerability in LANCOM LCOS web interface (usually listening on port 443) allows a remote attacker to trigger a heap overflow in the service listening on this port. Credit An independent security researcher working with SSD Secure Disclosure Vendor…

Have you ever come across a laptop, server or desktop computer that has Full Device Encryption (FDE) and protected by a password/logon screen that you would like to hack into easily? Well Direct Memory Access (DMA) attacks can easily bypass these security…

(6 Months later CZAT 7 Server is offline or changed to another ip address , this post was written 6 months ago, published today 9/2/2024)