The bottom line of the first "Global Cybercrime Trends and Countermeasures" conference in February was clear: Cybercrime doesn’t care about national borders and no one accessing the internet – companies, authorities or consumers – should consider cyberspace to be a safe place.
Baby monitors serve an important purpose in securing and monitoring our loved ones. An estimated 52k user accounts and video baby monitors are affected by a number of critical security vulnerabilities in "miSafes" video monitor products.
The security status of sex toys is not only relevant technology wise, but much more so regarding data protection and privacy. In the case of the "Vibratissimo Panty Buster", the database containing explicit images, chat logs, sexual orientation, email addresses, passwords in clear text etc. was basically readable for everyone on the Internet...
Over the last weeks I presented talks on the topic of fuzzing at conferences such as DefCamp, Heise Dev Sec, IT-SeCX and BSides Vienna. As promised, I make my slides and demos available to the public with this blog post . The slide deck containing all slides from the conferences. Read more about fuzzing in my last […]
We discovered a vulnerability in Outlook’s S/MIME functionality. The short version: If you used Outlook’s S/MIME encryption in the past 6 months (at least) your mails might not have been encrypted as expected. In the context of encryption this can be considered a worst-case bug. This has been a rather unusual vulnerability discovery. Unlike other cases we kind […]
In this blogpost, I want to explain two topics from a theoretical and practical point of view: How to fuzz windows binaries with source code available (this part is for developers) and How to deal with big input files (aka heatmap fuzzing) and crash analysis (for security consultants; more technical) I (René Freingruber from SEC Consult Vulnerability Lab) am going […]
This article covers some basic hardware reverse engineering techniques on PCB-level, which are applicable to any electronic embedded device to showcase how to analyze a previously unknown (to the researcher or public white-hat community) hardware device. SEC Consult operates a dedicated Hardware Security Lab as part of its SEC Consult Vulnerability Lab. The presented material […]
In this blog post we will go into some of the technical details of the vulnerabilities we identified in the OSCI Library version 1.6.1. German readers can find a less-technical version of the article here. The OSCI-transport protocol is used for data exchange between public agencies. It is the obligatory communication protocol for public administrations […]
SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user. An attacker can gain access to the device, access the network behind it and launch further attacks, add devices into a Mirai-like botnet or just simply […]