Hope you are having a lovely summer vacation.
I have had the good fortune of seeing a few of you in HiTB, it is always a pleasure to meet the faces behind the emails/handles.
We are going to try and get more tickets for to the following conferences:
- Xcon (Mid August 2014)
- BlackHat (Early August 2014)
- Kiwicon (Early Nov 2014)
- NoSuchCon (Mid Nov 2014)
- 44Con (London, UK, 13 - 15 September 2017)
- EkoParty (Buenos Aires, Argentina, 27 - 29 September 2017)
- t2 (Helsinki, Finland, 26 - 27 October 2017)
- CodeBlue (Tokyo, Japan, 7 - 10 November 2017)
- ZeroNights (Moscow, Russia, 16 - 17 November 2017)
- HITCON (Taipei, Taiwan, October 2017)
I got a few requests already for free entry tickets for those events, those that have not yet sent such a request, let me know. The free entry includes both an entry ticket as well as up to 1000$ USD in travel expenses.
Other General Info/Updates
Those who do not familiar with Hack2Win - it's a hacking competition we started at BlueCode 2015.
The competition is focused on IoT devices (Such as NAS / Routers / Switches etc) and the prizes are up to 5,000$ USD.
This year we are doing thing a little different:
- We launched a Hack2Win Online Version (https://blogs.securiteam.com/index.php/archives/3236)
- There is only one target: D-Link router (AC1200 / DIR-850L)
- The total amount of money we will be giving away during the contest 10,000$ USD.
- To help you win – we bought one such device, D-link DIR-850L, and plugged it to the internet (we will disclose the IP address of this device on the 1st of July 2017)
This year we are going to have 3 categories of products.
Each category will contain products at a different difficulty level, for example:
- Category 1: Cisco router, Amazon Echo, Huawei router / Qnap NAS
- Category 3: TP-Link router
- Category 1: up to 10,000$ USD
- Category 2: up to 5,000$ USD
- Category 3: up to 1,000$ USD
BEYOND SECURITY ANNOUNCES WINNERS OF HACK2WIN 2017
Also, our “friend bring friend” program is still running (you are paid 4000$ for every researcher that will start working with us)
Additionally, If you need software License / Hardware to conduct your research - drop me an email and we will see how we can help
We published the following vulnerabilities:
- SSD Advisory – Ubuntu LightDM Guest Account Local Privilege Escalation - https://blogs.securiteam.com/index.php/archives/3134
- SSD Advisory – Emby Media Server Multiple Vulnerabilities - https://blogs.securiteam.com/index.php/archives/3098
- SSD Advisory – SquirrelMail Remote Code Execution - https://blogs.securiteam.com/index.php/archives/3178
- SSD Advisory – CloudBees Jenkins Unauthenticated Code Execution - https://blogs.securiteam.com/index.php/archives/3171
- SSD Advisory – Serviio Media Server Multiple Vulnerabilities - https://blogs.securiteam.com/index.php/archives/3094
- SSD Advisory – WordPress Unauthorized Password Reset - https://blogs.securiteam.com/index.php/archives/3176
- SSD Advisory – TerraMaster Operating System (TOS) File Disclosure - https://blogs.securiteam.com/index.php/archives/3080
- SSD Advisory – Cisco DPC3928AD DOCSIS Wireless Router Information Disclosure - https://blogs.securiteam.com/index.php/archives/2911
- SSD Advisory – Xiaomi Air Purifier 2 Firmware Update Process Vulnerability - https://blogs.securiteam.com/index.php/archives/3205
- SSD Advisory – AContent Multiple Vulnerabilities - https://blogs.securiteam.com/index.php/archives/3207
- SSD Advisory – Bitdefender Code Signing organizationName Buffer Overflow - https://blogs.securiteam.com/index.php/archives/3211
- SSD Advisory – Synology DiskStation Manager Multiple Stored Cross-Site Scripting - https://blogs.securiteam.com/index.php/archives/3075
- SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities - https://blogs.securiteam.com/index.php/archives/3210
- SSD Advisory – KEMP LoadMaster from XSS Pre Authentication to RCE - https://blogs.securiteam.com/index.php/archives/3194
- SSD Advisory – Trend Micro Interscan Web Security Virtual Appliance Multiple Vulnerabilities - https://blogs.securiteam.com/index.php/archives/3050
- SSD Advisory – HPE Intelligent Management Center (iMC) Code Execution - https://blogs.securiteam.com/index.php/archives/3218
- SSD Advisory – IDERA Uptime Monitor Multiple Vulnerabilities - https://blogs.securiteam.com/index.php/archives/3223
Last, but not least, our current customers' interest scope is:
- Privileges Escalation in:
- Linux PE
- Vulnerabilities in Ubuntu Desktop services/programs
- Dropbear SSH
- Web applications:
- Roundcube post/pre-auth RCE
- pre-authentication for Roundcube, Zimbra, Squirrelmail, MailEnable, Joomla, Wordpress, Plesk, cPanel
- Privileges Escalation for Plesk, cPanel
- File Disclosure for Zimbra, MailEnable, Plesk, cPanel
Thank you all and have a nice summer vacation.