#moresecurity — Public Fediverse posts

Great to have @usdAG onboard as a Bronze Sponsor!
Security analyses, consulting & audits all driven by their mission: #moresecurity

Welcome and thank you! 🔥

https://www.usd.de

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

The pentest professionals at #usdHeroLab identified a vulnerability in #EntraID during a cloud #pentest that allows the circumvention of conditional access policies for privileged identities.

Two additional vulnerabilities were identified during a web application pentest of #Tenable Nessus Manager, which allow low-privileged users to read arbitrary files at the operating system level.

All #vulnerabilities were reported to the vendors as part of our Responsible Disclosure policy.

🔎 You can find detailed information on the #SecurityAdvisories here: https://www.usd.de/en/security-advisories-entra-id-tenable-nessus-manager/

#SecurityResearch #SecurityAdvisory #moresecurity #NessusManager #Pentesting #Hacking #CVE_2026_3493 #AppSec #InfoSec #CyberSecurity

Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

🔍 Our professionals at the usd HeroLab have closely examined the software #Vtiger. They discovered two vulnerabiltiies that allow low-privileged authorized users to upload files and thereby execute arbitrary code.

👉 You can find more information in the full security advisories: https://www.usd.de/en/security-advisories-vtiger/

#SecurityAdvisories #Pentest #Pentesting #moresecurity

With the help of this utility we were able to identify all potentially interesting files and download those first to increase efficiency in our analysis. It's now also available on our company GitHub organization: https://github.com/usdAG/webtree.

🔔 Follow us for #moresecurity
🔁 Also, boost the first toot to spread the word!

As we highly support open source and the idea behind it, we'll investigate how to use this tool and ways to contribute to it in the future. Stay tuned for updates.

🔔 Follow us for #moresecurity
🔁 Also, boost the first toot to spread the word!

Proud of our colleagues Tobias ans Nicolas who spoke at the German #OWASP Day!
https://chaos.social/@c3voc_releases/113476273411466531

#SAP #InfoSec #CyberSecurity #Pentesting #MoreSecurity

Hello Fediverse! We protect companies against Hacker and Criminals. Our work is as dynamic and diverse as the threat itself. #moresecurity is our mission which underlines every step we take. The exchange of knowledge with the Community is important to us. Because #moresecurity can
reach its full potential with many comrades joining the mission.

Follow us for exciting IT security Content.

#EthicalHacking #Pentesting #SecurityAdvisories #ZeroDayExploits #HackingEvents #CTFs #Compliance #PentestingTools #OpenSourceTools #SecurityAudits #PaymentSecurity

The #usdHeroLab analysts examined the application #MultiTech Conduit AP MTCAP2-L4E1 while conducting their security analyses.
1⃣ Vulnerability Type: cross-site request forgery attacks (CSRF)
🚨Security Risk: High
👇​ More details

🧐MultiTech Conduit AP MTCAP2-L4E1 is a LoRaWAN access point to provide connectivity of IoT assets. The webinterface allows configuration of settings like user management, LoRaWAN, Firewall and custom applications.

The vulnerability can be used to perform actions on other users behalf which may result in remote code execution.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👨‍💻​👩‍💻​👇
https://herolab.usd.de/en/security-advisories/usd-2023-0004/

Version 1.3.1 of the #CSTC was released on May 22! It contains lots of new features, improvements and contributions from the community. The CSTC will also be part of the BlackHat USA 2024 Arsenal Labs, looking forward to seeing you! #BHUSA #usdHeroLab #moresecurity https://github.com/usdAG/cstc

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

Our #usdHeroLab #Pentest professionals analyzed #IBMQRadarSIEM during their pentests.
1⃣Vulnerability Type: Cross-site Scripting #CWE79
🚨Security Risk: Medium
🔎CVE number: CVE-2023-43057
👇More Details

🧐IBM QRadar SIEM is a security information and event management platform developed by IBM that provides advanced threat detection for its users. The vulnerability can be used to perform actions on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0032/

Ever wondered how attackers can break out of the #Citrix encapsulation and infiltrate the underlying system? It becomes a critical issue when IT environments lack proper virtualization readiness. Addressing these attack vectors requires a special approach. Dive into our latest #LabNews blog post to get insights into what to look out for during your #PentrationTest of virtualized applications 👨‍💻​👩‍💻​👇​
https://herolab.usd.de/en/pentest-virtualized-applications-citrix-breakout-test/

#moresecurity #usdHeroLab #CitrixBreakOut #CitrixSecurity

Our #usdHeroLab #Pentest professionals analyzed #GibbonEdu during their pentests.
1⃣Vulnerability Type: Arbitrary File Write #CWE434
🚨 Security Risk: Critical
🔎CVE number: CVE-2023-45878
🧵👇 More Details

🧐 Gibbon Edu is an #opensource educational software designed for #schools and #institutions to manage their administrative and academic processes. It offers a range of features to facilitate communication, collaboration, and organization within the educational community.

The identified vulnerability allowed unauthenticated attackers to upload arbitrary files to the application and receive code execution on the underlying system. To receive #RCE an attacker must craft a fake image which can be stored as PHP file.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 🧑‍💻👩‍💻👇
https://herolab.usd.de/security-advisories/usd-2023-0025/

The #usdHeroLab analysts examined #ThingsBoard while conducting their #pentests.
1⃣Vulnerability Type: Server-Side Template Injection
🚨Security Risk: High
🧵👇 More Details

🧐ThingsBoard is an open-source IoT platform for data collection, processing, visualization, and device management.

During an assessment a Server-Side Template Injection (SSTI) vulnerability has been discovered. It enables attackers to dynamically create and modify templates, that are used for automated generation of mail content, which results in the execution of arbitrary system commands.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0010/

The #usdHeroLab analysts examined the Content Management System #Contao while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇More details

🧐Contao is an open source Content Management System that allows you to create professional websites and scalable web applications.

The vulnerability enabled attackers with a low-privileged role to use a modified HTTP request to create an article with a JavaScript payload of their choice, which was client-triggered on the frontend and backend. For example, such an attack could upgrade a low-privileged account to an administrator account.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👇

https://herolab.usd.de/en/security-advisories/usd-2023-0020/

The #usdHeroLab analysts examined the #SAP HTTP Content Server while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of HTTP Headers for Scripting Syntax #CWE644 #CVE202326457
🚨 Security Risk: High
👇🧵 More details

The SAP HTTP Content Server returns error messages in the header x-errordescription of the #HTTP Response. When invalid input is provided in a HTTP request, it is also placed in the error message inside this header.

During this process the input is URL-decoded, therefore for example %41 is translated to A and %0a is translated to a newline. This enables an #attacker to add new headers and change the content of the response.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇​
https://herolab.usd.de/security-advisories/usd-2022-0046/

The #usdHeroLab analysts examined the #SAP Partner Portal while conducting their #pentests.
1⃣ Vulnerability Type: Improper Neutralization of Input During Web Page Generation #CWE79 #CrossSiteScripting
🚨 Security Risk: High
👇🧵 More details

In cases where users do not have sufficient permissions to view a specific URL within the #SAP Partner Portal, they get redirected to an error page. During this redirection, the requested URL is passed to the error message as a parameter without any filtering or encoding.
Therefore it is possible to include HTML-Tags and JavaScript in the URL, making it possible for malicious actors to launch #XSS attacks.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👇​
https://herolab.usd.de/security-advisories/usd-2023-0017/

The #usdHeroLab analysts examined the #opensource software #TineGroupware while conducting their #pentest.
1⃣ Vulnerability Type: #SQL Injection (CWE-89)
🚨 Security Risk: Critical
👇🧵 More details

#TineGroupware is an #opensource software that provides a suite of collaborative tools and applications for communication and project management within a business or organization.

🧐​During the research on open open source software, our #PentestProfessionals discovered that the sort parameter of the /index.php endpoint is vulnerable to SQL injection.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻🧑‍💻 👇
https://herolab.usd.de/security-advisories/usd-2023-0002/

In 11 days, the first #MCTTP - MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES will take place, a conference for security professionals and #CISOs that aims to create future-proof #CyberSecurity in companies. Our colleagues Nicolas Schickert and Tobias Hamann from the #usdHeroLab will share their experiences about #SAP pentests there, as the SAP system landscape is the heart of many companies.

#moresecurity

https://www.usd.de/en/presentation-mcttp-sap-from-an-attackers-perspective/

7 days. 3 security analysts. 2 conferences. 4 presentations. 3 tools. An exciting week at #BlackHat and @defcon lies behind our #usdHeroLab colleagues Florian, Nicolas and Matthias. Back in Neu-Isenburg, they share their experiences and highlights.

#tool #FlowMate #sncscan #CSTC #moresecurity

https://www.usd.de/en/retro-of-black-hat-and-def-con-2023/

Understanding a Hacker's Mind. who doesn't wish for it? Our usd AG Advanced Seminar makes it possible. Only if you know and understand the relevant #threats in IT environments, you can take effective countermeasures. Experienced security analysts from the #usdHeroLab will use theory and a lot of practice to show you the intentions and methods of a #hacker and how to protect your #systems in the best possible way.

Due to the great interest in the 1st half of the year, we are offering another date of the two-day attendance seminar in September.
👉​https://www.usd.de/cst-academy/events/usd-seminar-understanding-hackers-mind/

#UnderstandingAHackersMind #CSTAcademy #moresecurity

The #usdHeroLab analysts examined the centralized management tool #WindowsAdminCenter while conducting their security analyses.
1⃣ Vulnerability Type: Cross-Site Scripting (CWE-79)
🚨 Security Risk: High
👇 More details

🧐Windows Admin Center is a centralized management tool developed by Microsoft for IT administrators to manage and monitor Windows Server and Windows 10 systems.

The vulnerability enables an attacker to persist a JavaScript code in the application. The vulnerability can be used to perform actions on other users behalf.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻🧑‍💻 👇
https://herolab.usd.de/en/security-advisories/usd-2022-0028/

Our #HeroesOnTour are sending greetings from #LasVegas. Nicolas, Florian and Matthias presented our #pentesting #tools #FlowMate, #SNCScan and #CSTC to the global #HackerCommunity at #BlackHat and @defcon For those who couldn't join us live and want to learn more about the tools 💡 check out the GitHub repositories here 👇​👨‍💻

📢​https://github.com/usdAG/FlowMate
📢 https://github.com/usdAG/sncscan
📢​ https://github.com/usdAG/cstc

#moresecurity #usdHeroLab

To counteract the increasing complexity of #hacker attacks, high-quality #pentests are essential. This is best achieved when the knowledge and instinct of #pentest professionals are complemented by suitable #tools. 🛠️​

That's why our extensive experience with #TechnicalSecurityAnalyses is continuously contributes to the development of helpful tools. As a result, we proudly present our in-house developments #FlowMate, #SNCScan and #CSTC to the global #SecurityCommunity at #BlackHat and @support. We are proud to provide international security experts with tools for #moresecurity

Our Colleagues Matthias Göhring, Nicolas Schickert and Florian Haag are fine-tuning the very last details before heading to #LasVegas next week. We wish our Heroes great presentations and keep our fingers crossed!🤞​

#CyberSecurity #Innovation #ExcitedToPresent #usdHeroLab

Our Colleague Nicolas Schickert, in charge of #SAPPentest at usd, identified so far unknown vulnerabilities in #SAP products during assessments. They were responsibly reported to #SAP and subsequently fixed. For #moresecurity.
Advisories coming soon - stay tuned.
🧐​👉​ ​https://www.usd.de/en/more-security-for-sap-landscapes/

Critical Foswiki Vulnerabilities: A Logic Error turned Remote Code Execution. Feel free to dive deeper into this topic and join us on the journey to #moresecurity.

https://herolab.usd.de/en/critical-foswiki-vulnerablities-a-logic-error-turned-remote-code-execution/

The #usdHeroLab analysts examined the application #Foswiki while conducting their security analyses.
2⃣ Vulnerability Type: Cross-Site Scripting
🚨Security Risk: High
👇🧵More details

🧐Foswiki is a free and open-source wiki application that allows collaborative editing and content management. The application allows users to add attachments to wiki pages and add comments to the files.

The vulnerability can be used to attack other users and perform actions on their behalf. This may allow the takeover of an admin account, or the creation of a new high priviliged account.

The vulnerabilities were reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👨‍💻​👇
https://herolab.usd.de/security-advisories/usd-2022-0011/

The #usdHeroLab analysts examined the application #Foswiki while conducting their security analyses.
1⃣Vulnerability Type: Path Traversal
🚨Security Risk: High
👇More details

🧐Foswiki is a free and open-source wiki application that allows collaborative editing and content management.
The application allows users to add attachments to wiki pages and move wiki files and attachments around.

This can be used to (re)move arbitrary files on the system. The vulnerability allows the deletion of the AdminGroup.txt file, which handles the membership of the AdminGroup. The file can afterwards be recreated with customized members in it. This results in privilege escalation.

The vulnerabilities were reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻🧑‍💻 👇

https://herolab.usd.de/en/security-advisories/usd-2022-0014/

In 11 days, the first #MCTTP - MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES will take place, a conference for security professionals and #CISOs that aims to create future-proof #CyberSecurity in companies. Our colleagues Nicolas Schickert and Tobias Hamann from the #usdHeroLab will share their experiences about #SAP pentests there, as the SAP system landscape is the heart of many companies.

#moresecurity

https://www.usd.de/en/presentation-mcttp-sap-from-an-attackers-perspective/

In 11 days, the first #MCTTP - MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES will take place, a conference for security professionals and #CISOs that aims to create future-proof #CyberSecurity in companies. Our colleagues Nicolas Schickert and Tobias Hamann from the #usdHeroLab will share their experiences about #SAP pentests there, as the SAP system landscape is the heart of many companies.

#moresecurity

https://www.usd.de/en/presentation-mcttp-sap-from-an-attackers-perspective/

In 11 days, the first #MCTTP - MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES will take place, a conference for security professionals and #CISOs that aims to create future-proof #CyberSecurity in companies. Our colleagues Nicolas Schickert and Tobias Hamann from the #usdHeroLab will share their experiences about #SAP pentests there, as the SAP system landscape is the heart of many companies.

#moresecurity

https://www.usd.de/en/presentation-mcttp-sap-from-an-attackers-perspective/

In 11 days, the first #MCTTP - MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES will take place, a conference for security professionals and #CISOs that aims to create future-proof #CyberSecurity in companies. Our colleagues Nicolas Schickert and Tobias Hamann from the #usdHeroLab will share their experiences about #SAP pentests there, as the SAP system landscape is the heart of many companies.

#moresecurity

https://www.usd.de/en/presentation-mcttp-sap-from-an-attackers-perspective/

To counteract the increasing complexity of #hacker attacks, high-quality #pentests are essential. This is best achieved when the knowledge and instinct of #pentest professionals are complemented by suitable #tools. 🛠️​

That's why our extensive experience with #TechnicalSecurityAnalyses is continuously contributes to the development of helpful tools. As a result, we proudly present our in-house developments #FlowMate, #SNCScan and #CSTC to the global #SecurityCommunity at #BlackHat and @support. We are proud to provide international security experts with tools for #moresecurity

Our Colleagues Matthias Göhring, Nicolas Schickert and Florian Haag are fine-tuning the very last details before heading to #LasVegas next week. We wish our Heroes great presentations and keep our fingers crossed!🤞​

#CyberSecurity #Innovation #ExcitedToPresent #usdHeroLab

To counteract the increasing complexity of #hacker attacks, high-quality #pentests are essential. This is best achieved when the knowledge and instinct of #pentest professionals are complemented by suitable #tools. 🛠️​

That's why our extensive experience with #TechnicalSecurityAnalyses is continuously contributes to the development of helpful tools. As a result, we proudly present our in-house developments #FlowMate, #SNCScan and #CSTC to the global #SecurityCommunity at #BlackHat and @support. We are proud to provide international security experts with tools for #moresecurity

Our Colleagues Matthias Göhring, Nicolas Schickert and Florian Haag are fine-tuning the very last details before heading to #LasVegas next week. We wish our Heroes great presentations and keep our fingers crossed!🤞​

#CyberSecurity #Innovation #ExcitedToPresent #usdHeroLab

Version 1.3.1 of the #CSTC was released on May 22! It contains lots of new features, improvements and contributions from the community. The CSTC will also be part of the BlackHat USA 2024 Arsenal Labs, looking forward to seeing you! #BHUSA #usdHeroLab #moresecurity https://github.com/usdAG/cstc

Version 1.3.1 of the #CSTC was released on May 22! It contains lots of new features, improvements and contributions from the community. The CSTC will also be part of the BlackHat USA 2024 Arsenal Labs, looking forward to seeing you! #BHUSA #usdHeroLab #moresecurity https://github.com/usdAG/cstc

Version 1.3.1 of the #CSTC was released on May 22! It contains lots of new features, improvements and contributions from the community. The CSTC will also be part of the BlackHat USA 2024 Arsenal Labs, looking forward to seeing you! #BHUSA #usdHeroLab #moresecurity https://github.com/usdAG/cstc

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

Our #usdHeroLab #Pentest professionals analyzed #IBMQRadarSIEM during their pentests.
1⃣Vulnerability Type: Cross-site Scripting #CWE79
🚨Security Risk: Medium
🔎CVE number: CVE-2023-43057
👇More Details

🧐IBM QRadar SIEM is a security information and event management platform developed by IBM that provides advanced threat detection for its users. The vulnerability can be used to perform actions on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0032/

Our #usdHeroLab #Pentest professionals analyzed #IBMQRadarSIEM during their pentests.
1⃣Vulnerability Type: Cross-site Scripting #CWE79
🚨Security Risk: Medium
🔎CVE number: CVE-2023-43057
👇More Details

🧐IBM QRadar SIEM is a security information and event management platform developed by IBM that provides advanced threat detection for its users. The vulnerability can be used to perform actions on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0032/