Configuration Shell Escape injecting OS/IPV6 commands, and HTML Injection in LLDP Packet System Name Field Leading to Persistent Cross-site Scripting in Antaira LMX-0800AG
(two advisories in document) An authenticated malicious user with access to the web interface (with manager privileges) or via SSH/Serial connection (with enable/config privileges) can inject Operating System (OS) commands in ipv6 commands, which will be executed with root privileges on the switch. An unauthenticated attacker located in an adjacent network could send malicious Link Layer Discovery Protocol (LLDP) packets containing JavaScript code embedded in the System Names attribute. It should be noted that LLDP discovery is not enabled by default in firmware v2.8.
ASUS – ZenUI Launcher AppLockReceiver | AppLockProvider Exposed
(2) A malicious application without any permission could remove applications and gain read and write access from the list of locked applications configured in AppLock, therefore bypassing the security pattern configured by the user to protect them. (two advisories in document)
ASUS – ZenUI Dialer & Contacts PrivateContactsProvider | BlockListProvider Exposed
(2) A malicious application without any permission could gain read and write access to the list of Private Contacts and blocked numbers configured in ZenUI Dialer & Contacts. (two advisories in document)
ASUS – ZenUI Messaging PrivateSmsProvider-PrivateMmsProvider | SmsReceiverService Exposed
(2) A malicious application without any permission could gain read and write access to the private SMS and MMS messages configured in ZenUI Messaging as well as send arbitrary SMS messages to arbitrary phone numbers. (two advisories in document)
Internet of Planes: Hacking Millionaires’ Jet Cabins
The push to incorporate remote management capabilities into products has swept across a number of industries. A good example of this is the famous Internet of Things (IoT), where modern home devices from crockpots to thermostats can be managed remotely from a tablet or smartphone. One of the biggest problems associated with this new feature is a lack of security. Unfortunately, nobody is surprised when a new, widespread vulnerability appears in the IoT world. However, the situation becomes a bit more concerning when similar technologies appear in the aviation sector….
Critical Infrastructure: Hack the Smart City
Cesar Cerrudo, CTO, IOActive, provides a webinar presentation on the ever-growing risks of using technology that enables smart cities. With the advancement of information, communication, and IoT technologies, come new vulnerabilities, and opportunities for cyber attacks, resulting in disruption and denial of services.
IOActive Corporate Overview
Research-fueled Security Assessments and Advisory Services -IOActive has been at the forefront of cybersecurity and testing services since 1998. Backed by our award-winning research, our services have been trusted globally by enterprises and product manufacturers across a wide variety of industries and in the most complex of environments.
Application Security: Security Testing Stock Trading Applications
In this two-part webinar series, Alejandro Hernandez, IOActive Senior Security Consultant, provides insight to security testing stock trading applications. Part 1 gives an overview of stock trading platforms technology and risks, and application security testing, and Part 2 provides a deeper dive into the technical aspects of the application security testing methods and discoveries.
Thoughts on Supply Chain Integrity
In this video presentation, John Sheehy, VP, Sales and Strategy at IOActive, shares his comprehensive view on the myriad considerations facing business as they undertake supply chain integrity assessments. He delves deeply into the pertinent details of: industry definitions of what a supply chain is; potential supply chain disruptions; real-world examples of attacks; various approaches to ensuring supply chain integrity; and thoughts on solutions and what can be done.
Multiple Vulnerabilities in Android’s Download Provider (CVE-2018-9468, CVE-2018-9493, CVE-2018-9546)
Android’s Download Provider is a component of the Android framework and is designed to handle external downloads for other applications, such as web browsers (including Google Chrome), email clients (including Gmail), and the Google Play Store, among many others. In this blog post, I’ll describe three different high-severity vulnerabilities which affected several of the most recent versions of Android. Android’s Download Provider Any app can delegate its external downloads through this provider. As a developer, you’ll only need to insert a row with the appropriate parameters (invoking the Download Content…