Vulnerability Research
Patch Tuesday Update – April 2024
The post Patch Tuesday Update - April 2024 appeared first on Digital Defense ...
Patch Tuesday Update – March 2024
The post Patch Tuesday Update - March 2024 appeared first on Digital Defense ...
MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135)
Overview In this article we discuss a recent cross-site websocket hijacking (CSWSH) vulnerability that we identified in MeshCentral, a web-based remote monitoring and endpoint management solution. MITRE assigned the CVE identifier CVE-2024-26135 ...
Patch Tuesday Update – February 2024
The post Patch Tuesday Update - February 2024 appeared first on Digital Defense ...
Exploiting Kubernetes through Operator Injection
Intro The Kubernetes documentation describes operators as “software extensions to Kubernetes that use custom resources to manage applications and their components.” These operators automate application resource deployment and management with custom controllers tied to ...
Relution Remote Code Execution via Java Deserialization Vulnerability
Overview In this article we discuss a recent deserialization vulnerability we found in Relution (CVE-2023-48178), a mobile device management product that is popular among multinational German corporations. CVE-2023-48178 can potentially lead to ...
Patch Tuesday Update – January 2024
The post Patch Tuesday Update - January 2024 appeared first on Digital Defense ...
Understanding the Impact of the new Apache Struts File Upload Vulnerability
Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a ...
Patch Tuesday Update – December 2023
The post Patch Tuesday Update - December 2023 appeared first on Digital Defense ...
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...