Monday, September 26, 2016
Posted by Editorial_Staff_Team
Reader's rate:
3.75
FaceDancer 2 Platin - New Universal Case for PenTests The FaceDancer allows a computer (or "host") to masquerade as a USB "device" to communicate with other Hosts. One USB ports connects to the victim (or host) the other connects to a development machine. Python can then... + continue reading
Tuesday, September 6, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2
Critical Vulnerabilities in the Sparkassen Newsletter, Emails & Paydirect The core research team of the vulnerability laboratory is helping the german sparkasse to identify new threats of security for the "finance informatik gmbh team" in frankfurt. During the last year we... + continue reading
Saturday, September 3, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2.75
Parse HTTP Host Header Attack - Redirect Bug The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to... + continue reading
Monday, August 8, 2016
Posted by Editorial_Staff_Team
Reader's rate:
2.6
Affected FortiManager, FortiAnalyzer, FortiVoice & FortiCloud The Fortinet  company has released several security fixes and patches for different appliance products. The vulnerabilities was disclosed by the core research team of the vulnerability laboratory. The Fortinet Security Team... + continue reading
Friday, August 5, 2016
Posted by Editorial_Staff_Team
Reader's rate:
5
New Apple (Cipertino) Bug Bounty Program Upcoming in 2016 As part of a security presentation given at this year's Black Hat conferences, Apple announced that it would be starting up a new bug bounty program for cupertino products. The offical bug bounty program will reward security... + continue reading

Featured Cooperative Security Articles

Monday, 26/09/16 - 0 comment(s)
FaceDancer 2 Platin - New Universal Case for PenTests The FaceDancer allows a computer (or "host") to masquerade as a USB "device" to communicate with other Hosts. One USB ports connects to the victim (or host) the other connects to a development machine. Python can then be used to send USB commands in real time.This... + continue reading
Tuesday, 06/09/16 - 0 comment(s)
Critical Vulnerabilities in the Sparkassen Newsletter, Emails & Paydirect The core research team of the vulnerability laboratory is helping the german sparkasse to identify new threats of security for the "finance informatik gmbh team" in frankfurt. During the last year we discovered several vulnerabilities in the bank... + continue reading

TOP SECURITY STORIES

BUG BOUNTY ISSUES

Saturday, 03/09/16 - 1 comment(s)
Parse HTTP Host Header Attack - Redirect Bug The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-... + continue reading

VULNERABILITIES & BUGS

0DAY SECURITY VIDEOS

Tuesday, 25/08/15 - 0 comment(s)
PayPal Inc patched medium severity Cross Site Request Forgery Issue The independent and individual vulnerability laboratory researcher paresh parmar discovered during the participate in the... + continue reading

IT-SECURITY EVENTS

Tuesday, 05/07/16 - 0 comment(s)
Manchester City - Football Club hosts first Hackathon in July 2016 The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to... + continue reading
Mon
26
Sep
Editorial_Staff_Team's picture

FaceDancer 2 Platin - New Universal Case for PenTests

FaceDancer 2 Platin - New Universal Case for PenTests

The FaceDancer allows a computer (or "host") to masquerade as a USB "device" to communicate with other Hosts. One USB ports connects to the victim (or host) the other connects to a development machine. Python can then be used to send USB commands in real time.This allows passive monitoring and injecting it into the USB bus.
 
Think of this as doing the same thing the Bus Pirate does for SPI and i2c, except that it’s doing it on the USB protocol itself. This way you can feel your way through all of the road-bumps of developing a new device (or testing an exploit) without the need to continually compile and flash your hardware.
 
Tue
06
Sep
Editorial_Staff_Team's picture

Critical Vulnerabilities in Sparkassen Bank Server discovered by Researchers

Critical Vulnerabilities in the Sparkassen Newsletter, Emails & Paydirect

The core research team of the vulnerability laboratory is helping the german sparkasse to identify new threats of security for the "finance informatik gmbh team" in frankfurt. During the last year we discovered several vulnerabilities in the bank infrastructure, which were silently patched but responsible and safe resolved case. Savings banks in german-speaking countries are called Sparkasse. They do work as commercial banks in a decentralized structure, that is connected on different points. Today we would like to talk about the last resolved security vulnerabilities in the official german sparkasse bank web infrastructure.

Sat
03
Sep
Editorial_Staff_Team's picture

Parse HTTP Host Header Attack - Redirect Bug

Parse HTTP Host Header Attack - Redirect Bug

The vulnerability laboratory core research team (SaifAllah benMassaoud) discovered a HTTP HOST Header attack (Injection & Redirection) via X-Forwarded-Host in the official Parse online service web-application. The host header can be changed to something outside the target domain and cause it to redirect to an attackers malicious site. The HTTP HOST Header attack (Injection & Redirection ) via X-Forwarded-Host vulnerability is located in the `/user_session/new/` and "/account/plan/" modules GET method request.
 
Mon
08
Aug
Editorial_Staff_Team's picture

Fortinet Patches Series of Remote Vulnerabilities in Appliance Products

Affected FortiManager, FortiAnalyzer, FortiVoice & FortiCloud

The Fortinet  company has released several security fixes and patches for different appliance products. The vulnerabilities was disclosed by the core research team of the vulnerability laboratory. The Fortinet Security Team coordinated with PSIRT multiple patches for all discovered issues for  the FortiManager, FortiAnalyzer, FortiVoice and FortiCloud appliance web-applications. Lets move deeper into to explain more about our new findings, locations and exploitation.

Fri
05
Aug
Editorial_Staff_Team's picture

Apple Cupertino announces to startup official Bug Bounty Program in 2016

New Apple (Cipertino) Bug Bounty Program Upcoming in 2016

As part of a security presentation given at this year's Black Hat conferences, Apple announced that it would be starting up a new bug bounty program for cupertino products. The offical bug bounty program will reward security researchers who uncover vulnerabilities in Apple's products and bring them to the company's attention. The scopes of the bug bounty programs are clearly defined by the apple product security team in the public ahead to the basic start-up of the full program.

Thu
07
Jul
Editorial_Staff_Team's picture

BMW Core Web Portal & ConnectedDrive - Exploitation of Car Configurations

BMW Core Web Portal & ConnectedDrive vulnerable

Today we will talk about  two vulnerabilities that was discovered by Vulnerability Laboratory core team member "Benjamin Kunz Mejri", the vulnerabilities which are not patched yet! There are two main bugs both related to the BMW online service and web app for ConnectedDrive .

Tue
05
Jul
Editorial_Staff_Team's picture

Manchester City - Football Club hosts first Hackathon in July 2016

Manchester City - Football Club hosts first Hackathon in July 2016

The city of football club ManchesterCity had organized a new event #HackMCFC, which will provide participants with access to the world  leading performances including  match data associated with  players to help them to uncover detailed sight , students who are interested  in fields like (tech,  data , Digital Product Design ) are invited to participates in this event for a weekend of hacking. The Event is supported by  Premier League, OptaPro and ChyronHego,  which will take place from 29 - 31 July at the City Football Academy. Participants will be able to access rarely released data sets provided by OptaPro and ChyronHego to help them catalyst new ideas and insights about player and team performance.
 
Wed
15
Jun
Editorial_Staff_Team's picture

Hack the Pentagon - More then 120 valid Security Vulnerabilities uncovered

Hack the Pentagon - More then 120 valid Vulnerabilities uncovered

Today the washington-post published the first article after the "Hack the Pentagon" Program was finished. Over 121 security vulnerabilities was discovered and verified during the bug bounty contest. One unnamed member of the vulnerability laboratory was successful accepted to participate in the program. The core team researcher discovered about 21 security vulnerabilities at the startup of the government bug bounty program.

The Defense Secretary "Ashton Carter" confirmed “Hack the Pentagon program launched in March exceeded the military’s expectations by uncovering dozens of previously unnoticed security issues affecting the Department of Defense’s public, non-classified computer systems.” at the public tech forum conference in Washington, D.C.

Thu
26
May
Editorial_Staff_Team's picture

Hacking the Bugcrowd - Core Researcher scores in Main Program Site

Hacking the Bugcrowd - Evading the Filter Validation of Bugcrowd

Today we would like to talk about a vulnerability that was located in the main bugcrowd web-application. Normally we do hack in regular and public bug bounty programs, but in case of the issue we exploited the manufacturers official program site web-application to score.

Mon
25
Apr
Editorial_Staff_Team's picture

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

In april 2016 the well known MIT EDU started a new official bug bounty program. The MIT Bug Bounty program is an experimental program aiming to improve MIT's online security and foster a community for students to research and test the limits of cyber security in a responsible fashion.

In- Scope Domains

In-Scope Vulnerabilities

Pages

Subscribe to VULNERABILITY MAGAZINE - Bug Bounties, Acknoweldgements & Security Research RSS