19 matches found
KnowBe4 RCE and LPE
Introduction Our latest investigation has uncovered significant security flaws in three KnowBe4 applications- Phish Alert Button, PasswordIQ, and Second Chance. These applications, commonly used in security awareness and training, were found to have vulnerabilities allowing remote command executi...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
CVE-2024-29209
The CVE-2024-29209/29210 family concerns Phish Alert Button (PAB) for Outlook and related KnowBe4 clients. Technical details across connected records show: attack via update mechanism (CVE-2024-29209) where the client fails to validate the update server’s TLS/SSL and ignores digital signatures, e...
CVE-2024-29209
A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...
CVE-2024-29210
CVE-2024-29210 describes a local privilege escalation in Phish Alert Button for Outlook (PAB) caused by insecure permissions on the configuration file (update server URL). An unprivileged local user can modify the configuration to point updates to a malicious server, enabling LPE in conjunction w...
CVE-2024-29210
A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
Smart Helmets Flaw Exposed Millions to Risk of Hacking and Surveillance
By Deeba Ahmed According to cybersecurity firm Pen Test Partners, Livall’s smart helmets had an inherent flaw that could lead to… This is a post from HackRead.com Read the original post: Smart Helmets Flaw Exposed Millions to Risk of Hacking and Surveillance...
PTP at DEF CON 31 2023
Come and see us at the Aerospace Village, at Caesars Forum. Aerospace Village Fri 11th to Sun 13th Activity Take off in an A320 with hacked engine performance calculator. Then try to land it again. Fri 11th August 5:00 PM Pen Test Partners Power Hour We’ll be talking about: Hacking Electronic...
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, soft attack surface left that way for nearly 18 months as the company tried to fix a DNS rebinding vulnerability in customers’...
We’re Hiring!
Were growing and we need to fill these 5 UK based roles: PHP Full-Stack Developer Pen Testing Consultant Red Team Support Digital Forensic Analyst IT Support Technician You can find all the details here. We think were a good bunch and there are some really good perks. If you have the skills and...
Your Smart Christmas Lights Are Safer Than They Were Last Year
Thinking about putting up smart Christmas lights but worried about your internet of things IoT security? You can rest a bit easier this year because at least one festive light option is a bit safer than it used to be, new research has found. Manufacturers of the Twinkly smart lights have taken in...
WordPress WPGraphQL 0.2.3 Authentication Bypass / Information Disclosure
!/usr/bin/env python Author: Simone Quatrini of Pen Test Partners CVEs: 2019-9879, 2019-9880, 2019-9881 Tested on Wordpress 5.1.1 and wp-graphql 0.2.3 https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/ import argparse import requests import base64 import json import sys parse...
Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data
Researchers have found a slew of vulnerabilities in a pair of smart headphones designed to fit under ski helmets. The flaws could allow a bad actor to view victims’ personal information, track them and even listen to their private conversations via the headphones’ walkie-talkie function, which us...
Lenovo Watch X Riddled with Security Vulnerabilities
Researchers are raking the Lenovo Watch X over the security coals in a report that blasts the device for shipping with a half dozen “disturbing” privacy and security vulnerabilities. The budget $50 smartwatch was introduced in June 2018 and was initially praised for its design, features and...
Thousands of Internet connected hot tubs vulnerable to remote attacks
By Waqas Weak security practices have rendered IoT devices vulnerable to hacking and all sorts of cyber-attacks. According to the research from a Buckinghamshire-based security group Pen Test Partners, hot tubs can also be hacked using an app simply because there isn’t any authentication process ...
Mitsubishi Hybrid SUV Hack Puts Drivers At Risk, Says Researcher
Security experts are warning owners of Mitsubishi Outlander Plug-In Hybrid Electric Vehicles that their cars can be hacked via the automobile’s on-board WiFi network used for remote control of key car features. The hybrid electronic vehicle, which is slated to be sold here in the U.S. starting th...
Samsung smart Refrigerator presence of the vulnerability can lead to Gmail credentials theft-vulnerability warning-the black bar safety net
The recent Internet of things and new security issues, this time security researchers from the Samsung smart fridge to extract the Gmail authentication information. The middleman steal authentication At the recent DEFCON hacking conference, hackers have made a through the middle attack to steal t...