How easily access cards can be cloned and why your PACS might be vulnerable

TL;DR Access cards can be cloned There are practical measures to make card cloning difficult Practical guidance on how these systems work and why you should make sure they’re configured right What is a physical access control system? A physical access control system, or PACS, is the system that...

CVE-2024-10534

Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS allows Traffic Injection. This issue affects Personnel Attendance Control Systems PACS / Access Control Security Systems ACSS: before 2024...

Dataprom Informatics Personnel Attendance Control Systems (PACS)和Access Control Security Systems (ACSS) 访问控制错误漏洞

Access Control Security Systems ACSS and Dataprom Informatics Personnel Attendance Control Systems PACS are both products of Dataprom Informatics.Access Control Security Systems ACSS is a security access control system that is used to control and manage access to specific areas or...

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...

AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities

By Deeba Ahmed The new discovery could have far-reaching implications for Physical Access Control Systems and sensitive facilities. This is a post from HackRead.com Read the original post: AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities...

A Door Isn’t a Door When It’s Ajar - Part 2

A Door Isn’t a Door When It’s Ajar - Part II By Trellix · August 18, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Introduction Software Hacking Software Hacking Shopping List Vulnerabilities Discovered CVE-2022-31479: Command injection via the web interface Vulnerable...

A Door Isn’t a Door When It’s Ajar - Part 2

A Door Isn’t a Door When It’s Ajar - Part II By Trellix · August 18, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Introduction Software Hacking Software Hacking Shopping List Vulnerabilities Discovered CVE-2022-31479: Command injection via the web interface Vulnerable...

A Door Isn’t a Door When It’s Ajar- Part 1

A Door Isn’t a Door When It’s Ajar - Part 1 By Trellix · August 11, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Executive Summary Target Selection What is it? Reconnaissance & Standard Operations Recon Standard Operations Hardware Hacking Hardware Hacking Shopping Lis...

Access Control Specialist of Shenzhen Weikeng Industry Co., Ltd. has a logic flaw vulnerability

Shenzhen Weikeng Industrial Co., Ltd. is a professional manufacturer and developer of access control systems, access control equipment and access control software in China. A logic flaw vulnerability exists in the Access Control Expert of Shenzhen Weikeng Industrial Co. Ltd, which can be exploite...

Access Control Specialist of Shenzhen Weikeng Industry Co., Ltd. has a logic flaw vulnerability

Shenzhen Weikeng Industrial Co., Ltd. is a professional manufacturer and developer of access control systems, access control equipment and access control software in China. There is a logic flaw vulnerability in the Access Control Expert of Shenzhen Weikeng Industrial Co. Ltd, which can be...

SOYAL 701Server 9.0.1 Insecure Permissions

Summary 701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E. Description T...

Ubiquiti: Change Your Password, Enable 2FA

Ubiquiti, a major vendor of cloud-enabled Internet of Things IoT devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud...

Mapping the Attack Surface of an Airport

Aviation security is a complex environment. What first sparked my interest in avionics security was a comment from an airport customer of ours. They had seen the media coverage of the DHS work against a Boeing 757 a few years ago and were concerned that an ‘infected’ airplane might create a fresh...

DHS Not Addressing Cyber Threats to Building Access Systems

Civil watchdogs at the Government Accountability Office are warning the Department of Homeland Security and the Government Services Agency about unaddressed risks posed to building access control systems at federal facilities. The systems in question are those that prevent unauthorized access to...

Cisco Releases Security Advisory for Cisco Secure Access Control Systems (ACS)

Cisco Secure Access Control Systems ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass the TACACS+ based authentication service offered by the product. Cisco has released software updates that address this vulnerability. US-CERT encourages users and...