Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research | Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research

Vulnerability in LANCOM Systems Wireless Controller Series uncovered

Thursday, May 7, 2020

Posted by Editorial_Staff_Team

Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020

Thursday, April 30, 2020

Posted by Editorial_Staff_Team

Microsoft Windows 2012 R2 (x64) - (MMC) Local DoS Vulnerability

Wednesday, April 29, 2020

Posted by Editorial_Staff_Team

Published Vulnerabilities

1 comment(s)

Reader's rate:

Pointer Issue crashs local mmc.exe process on Microsoft Windows 2012 R2 x64 Due to a test in a staging-system that was fresh setup with a windows 2012 r2 release the researcher of the vulnerability lab identified a serious local denial of service vulnerability affecting different other microsoft... + continue reading

Bundeswehr Career Page - Weak spot permanently closed

Saturday, April 4, 2020

Posted by Editorial_Staff_Team

Published Vulnerabilities

2 comment(s)

Reader's rate:

Security gap in search function of Bundeswehr web application patched About some time ago, we had a look at the latest Bundeswehr website (https://www.bundeswehrkarriere.de/) in our lab. We noticed an error in the output of the validation of an application. We then investigated this error in... + continue reading

Microsoft starts Xbox & Xbox Live Bug Bounty Program

Tuesday, February 11, 2020

Posted by Editorial_Staff_Team

Bug Bounty

3 comment(s)

Reader's rate:

Microsoft starts Xbox... + continue reading

Apple launches public Bug Bounty Program and delights Security Community

Friday, December 20, 2019

Posted by Editorial_Staff_Team

Bug Bounty

3 comment(s)

Reader's rate:

Apples Whitehat Hacker gift for Xmas Due to a longer period of time (January) we have stopped our Responsible Disclosure Bug Bounty Program at Apple. The reason was that Apple's security department made many mistakes in dealing with independent security researchers and did not seriously reward... + continue reading

Zero Day Vulnerability in Deutsche Bahn Ticket Machine Series System uncovered

Friday, December 13, 2019

Posted by Editorial_Staff_Team

Published Vulnerabilities

4 comment(s)

Reader's rate:

Whitehat in action discovers Kiosk Escape... + continue reading

Skype v8.49.0.49 Export History v7 - Persistent Web Vulnerability

Friday, November 22, 2019

Posted by Editorial_Staff_Team

Published Vulnerabilities

3 comment(s)

Reader's rate:

Last month, security researcher and founder of the vulnerability lab Benjamin Kunz Mejri discovered a new Microsoft Skype vulnerability. The problem has a local and a remote attack vector that can be exploited. Surprisingly, the way the attack takes place is via the client infrastructure to an... + continue reading

Imperial & Dabman Internet Radio - Undocumented Telnetd & Code Execution

Monday, September 9, 2019

Posted by Editorial_Staff_Team

Published Vulnerabilities

6 comment(s)

Reader's rate:

Undocumented Telnetd... + continue reading

Featured Cooperative Security Articles

Vulnerability in LANCOM Systems Wireless Controller Series uncovered

Thursday, 07/05/20 - 2 comment(s)

Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020

Thursday, 30/04/20 - 8 comment(s)

This Week Most Popular

BUG BOUNTY ISSUES

Microsoft starts Xbox & Xbox Live Bug Bounty Program

Tuesday, 11/02/20 - 3 comment(s)

Microsoft starts Xbox... + continue reading

Apple launches public Bug Bounty Program and delights Security Community

20/12/19 - 3 comment(s)

GPSRP pays researchers for reporting abusiv google playstore apps

02/09/19 - 1 comment(s)

Apple iOS 12.0 - 12.1.1 - PassCode Bypass Vulnerability

24/12/18 - 0 comment(s)

VULNERABILITIES & BUGS

Microsoft Windows 2012 R2 (x64) - (MMC) Local DoS Vulnerability

Wednesday, 29/04/20 - 1 comment(s)

Bundeswehr Career Page - Weak spot permanently closed

04/04/20 - 2 comment(s)

Zero Day Vulnerability in Deutsche Bahn Ticket Machine Series System uncovered

13/12/19 - 4 comment(s)

Skype v8.49.0.49 Export History v7 - Persistent Web Vulnerability

22/11/19 - 3 comment(s)

BEST SECURITY VIDEOS

Telekom Magenta Musik 360 - Multiple Cross Site Scripting Vulnerabilities

Thursday, 07/03/19 - 2 comment(s)

Telekom Magenta Musik 360 - CERT Coordinates The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-... + continue reading

PayPal Inc patched medium severity Cross Site Request Forgery Issue

25/08/15 - 0 comment(s)

Shopify | Buy Button | Persistent Embed POST Inject Vulnerability

13/08/15 - 8 comment(s)

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

11/08/15 - 0 comment(s)

LAB MAGAZINE ISSUES

Welcome to "Vulnerability Magazine"

Tuesday, 11/03/14 - 1 comment(s)

Vulnerability Magazine Welcome to the Vulnerability Magazine! The the vulnerability magazine, publishes the latest vulnerabilities and security informations from our laboratory infrastructure.... + continue reading

IT-SECURITY EVENTS

Edward Snowden free speech at JBFone - Data Security & Privacy

Thursday, 23/11/17 - 2 comment(s)

Legendary free speech - You are the Key! In the last weeks we got invited to the very famous JBFone Conference organized by the Fiducia & GAD IT AG. The Fiducia & GAD IT AG is a public... + continue reading

Internet Security Conference 2017 by Qihoo 360

22/09/17 - 0 comment(s)

Manchester City - Football Club hosts first Hackathon in July 2016

05/07/16 - 0 comment(s)

Hack in the Box | Amsterdam 2015 | HITB

30/05/15 - 3 comment(s)

ARTICLES - IMAGES GALLERY PREVIEW

Vulnerability in LANCOM Systems Wireless Controller Series...

Advanced Persistent Threat Golden_hands - Digital Bank...

Microsoft Windows 2012 R2 (x64) - (MMC) Local DoS...

Bundeswehr Career Page - Weak spot permanently closed

Microsoft starts Xbox & Xbox Live Bug Bounty Program

Apple launches public Bug Bounty Program and delights...

Zero Day Vulnerability in Deutsche Bahn Ticket Machine...

Skype v8.49.0.49 Export History v7 - Persistent Web...

Imperial & Dabman Internet Radio - Undocumented Telnetd...

GPSRP pays researchers for reporting abusiv google...

Apple extends exisiting private bug bounty program at the...

Telekom Magenta Musik 360 - Multiple Cross Site Scripting...

Swiss Governemnt Starts E-Voting PIT Bug Bounty Program in...

Apple iOS 12.0 - 12.1.1 - PassCode Bypass Vulnerability

Microsoft BingPlaces Business - (url) Redirect Vulnerability

Google Expands Vulnerability Reward Program - Combat...

New Banana PI R1 SD V3 Case for Devs & PenTesters...

Mozilla's New ASan Nightly Build Project Bug Bounty...

Hacker Injects Arbitrary Codes to Main Lead Database of...

New Bug Bounty Program for Identity Technologie by Microsoft

Thu

May

Vulnerability in LANCOM Systems Wireless Controller Series uncovered

Submitted by Editorial_Staff_Team on Thu, 05/07/2020 - 16:05

LANCOM Systems Wireless Controller Series (Public Spot) - Several Patches Released by Support Today

Security researchers of the vulnerability laboratory core research team uncovered about 3 weeks ago a new vulnerability in the LANCOM Systems wireless controller product series. With WLAN controllers, access points can be configured and controlled locally and centrally, fully automatically. LANCOM WLAN controllers offer you uniform network control, scalability, security and reliability. Planning and management of the WLAN is thus conveniently and easily handled centrally via the WLAN Controller.

Thu

Apr

Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020

Submitted by Editorial_Staff_Team on Thu, 04/30/2020 - 14:09

The Digital Bank Robbery of the Year 2020 - APT "Golden_hands" (Government Emergency Aid)

In last 4-5 weeks our company Evolution Security GmbH and all around us were affected by the economy crisis that came cold from the back. This is a story about advanced persistent threats in Germany and the European Union during the crisis affecting the finance system and economy sector.

All began about in January when we still planned with different other security companies and institutions to start an awareness program cause we have noticed the upcoming wave of phishing, hacker attacks and malware. Shortly after we all took together several resources and build up a refreshing list of phishing / fraud and malware domains.