Monday, July 3, 2023
Posted by Editorial_Staff_Team
Reader's rate:
3.32487
Citrix Gateway... + continue reading
Tuesday, October 11, 2022
Posted by Editorial_Staff_Team
Reader's rate:
5
DNS Cache Snooping Vulnerability on Wifi Hotspots by Siemens The Rhein-Ruhr-Express (RRX) is a program currently being implemented to provide regional transport on the core route of the Ruhr area and the central Rhineland from Dortmund via Essen, Duisburg and Düsseldorf to Cologne. The RXX is... + continue reading
Monday, October 25, 2021
Posted by Editorial_Staff_Team
Reader's rate:
3.333335
Responsible Disclosure Program (VDPBW) 2021 One year has now passed since the Bundeswehr made public the first vulnerability disclosure policy (vdpbw) for a responsible disclosure program. Since our security researchers always like to be the first to test and actively participate in a bug bounty... + continue reading
Tuesday, October 19, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
A vulnerability researcher of the vulnerability lab team disclosed a simple but effective technique that was used against microsoft and adobe some years ago. A persistent input validation web vulnerability has been discovered in the official BMW online service portal web-application. The... + continue reading
Wednesday, July 28, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
10th Anniversary - VRP Upgrade Google announced this week on its official security blog that the current bug bounty program will be rebranded for its anniversary. As with other vulnerability disclosure platforms, a gamification model will be used to further motivate the research community.... + continue reading
Tuesday, April 6, 2021
Posted by Editorial_Staff_Team
Reader's rate:
3.5
New Teams Desktop Client Bug Bounty Program Microsoft Teams is a platform developed by Microsoft that combines chat, meetings, notes and attachments. The service is integrated into the Microsoft 365 suite with Microsoft Office and Skype/Skype for Business. In recent weeks, microsoft's msrc... + continue reading
Friday, January 15, 2021
Posted by Editorial_Staff_Team
Reader's rate:
5
New Ebay Inc Identity Security Check Default PIN in 2021 In the last weeks we have reviewed several identity security check mechanisms of large coporates. Due to that we figured out a funny case with ebay inc. Ebay inc owns a new security identity check function that uses a algorithm to... + continue reading
Thursday, October 22, 2020
Posted by Editorial_Staff_Team
Reader's rate:
4.76923
Bundeswehr Responsible Disclosure Program (VDPBw) Today, on october 22, the German Armed Forces "Bundeswehr" officially launched the new Responsible Disclosure Program for reporting vulnerabilities and security vulnerabilities. Preparations have been underway for a few weeks now and can be... + continue reading
Wednesday, September 16, 2020
Posted by Editorial_Staff_Team
Reader's rate:
4
Bypassing using Exchange of Session Credentials In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents... + continue reading

Featured Cooperative Security Articles

Tuesday, 11/10/22 - 0 comment(s)
DNS Cache Snooping Vulnerability on Wifi Hotspots by Siemens The Rhein-Ruhr-Express (RRX) is a program currently being implemented to provide regional transport on the core route of the Ruhr area and the central Rhineland from Dortmund via Essen, Duisburg and Düsseldorf to Cologne. The RXX is from the company "Abello". The vehicles of the RRX... + continue reading

TOP SECURITY STORIES

BUG BOUNTY ISSUES

Wednesday, 28/07/21 - 0 comment(s)
10th Anniversary - VRP Upgrade Google announced this week on its official security blog that the current bug bounty program will be rebranded for its anniversary. As with other vulnerability... + continue reading

BEST SECURITY VIDEOS

Thursday, 07/03/19 - 2 comment(s)
Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

IT-SECURITY EVENTS

Thursday, 23/11/17 - 2 comment(s)
Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading
Fri
12
Jun

Hacker Attack on the German Parliament

hacked...

Hacker Attack on the German Parliament

There is new insight into the hacker attack on the German Bundestag Parliament: the attackers were looking for current Word documents, among other things.The focus were documents that were drawn up after May 1, and the hacker stole about 20 gigabytes of data from the network. The hack was first discovered when two computers infected with malicious software tried to contact a server to transfer data. German media states that the Bundestag may need to replace 20,000 computers after the recent attack.

“The trojans are still active,” quoted the Spiegel online edition, highlighting the possible risks in terms of security. The hackers had managed to dig deep into the network of the Bundestag for months. Ultimately, they were able to take over the so-called directory service of the Bundestag.

Tue
09
Jun

Heroku Bug Bounty 2015 (API) - Re Auth Session Token Bypass Vulnerability

Heroku Bug Bounty 2015 (API) - Re Auth Session Token Bypass Web Vulnerability

An application-side re-auth session bypass vulnerability has been discovered in the official heroku API & web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re authentication module.

The heroku web-service provides to all web services an expire session function that disallows to visit the page without re authentication. The dataclips page session of the editor and the postgres service allows to add for example new context. If the session expires in the main heroku web-service the user will be forced to login again. 

Pages

Subscribe to Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research RSS