unauthorized access – Page 3

SSD安全公告-GitStack未经验证的远程代码执行漏洞

Posted on February 6, 2018 by SSD / Maor Schwartz

漏洞概要以下安全公告描述了在GitStack中存在的一个未经身份验证的动作，&#2… Continue reading SSD安全公告-GitStack未经验证的远程代码执行漏洞→

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Posted on January 22, 2018 by SSD / Maor Schwartz

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE POWERFUL … Continue reading SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution→

SSD Advisory – GitStack Unauthenticated Remote Code Execution

Posted on January 15, 2018 by SSD / Maor Schwartz

Vulnerability Summary The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution. GitStack is “a software that lets you setu… Continue reading SSD Advisory – GitStack Unauthenticated Remote Code Execution→

SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

Posted on January 1, 2018 by SSD / Maor Schwartz

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities… Continue reading SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities→

SSD Advisory – Trustwave SWG Unauthorized Access

Posted on December 26, 2017 by SSD / Maor Schwartz

Vulnerability Summary The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27. Trustwave Secure Web Gateway (SWG) “provides dis… Continue reading SSD Advisory – Trustwave SWG Unauthorized Access→

9th Circuit: It’s a federal crime to visit a website after being told not to visit it

Posted on July 13, 2016 by Dissent

Orin Kerr writes: The U.S. Court of Appeals for the 9th Circuit has handed down a very important decision on the Computer Fraud and Abuse Act, Facebook v. Vachani, which I flagged just last week. For those of us worried about broad readings of the Computer Fraud and Abuse Act, the decision is quite troubling. Its reasoning appears […] Continue reading 9th Circuit: It’s a federal crime to visit a website after being told not to visit it→

Report: Federal Reserve Target of Constant Attacks

Posted on June 2, 2016 by Tom Spring

The U.S. Federal Reserve reported 50 breaches over the past five years including two that it is classifying as acts of cyber espionage, according to a Reuters Freedom of Information Request. Continue reading Report: Federal Reserve Target of Constant Attacks→

How a security pro’s ill-advised hack of a Florida elections site backfired

Posted on May 10, 2016 by Dan Goodin

Whistleblowing is overshadowed when SQL injection gives way to unauthorized access. Continue reading How a security pro’s ill-advised hack of a Florida elections site backfired→