Latest Articles
Advisory CVE-2021-41550 Leostream Connection Broker - Authenticated Remote Code Execution
Software: Leostream Connection Broker Affected Versions: 9.0.40.17 Vendor page: https://leostream.com/ CVE Reference: CVE-2021-41550 Published: 25/01/2022 Attack Vector: Remote, authenticated Credits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party Content functionality, it was found that the application allowed the listed filenames below the ability to execute Perl programming language by default on the web application.
January 26, 2022,Lenk Ratchakrit Seriamnuai
Advisory CVE-2021-41551 Leostream Connection Broker - Authenticated Zip Slip
Software: Leostream Connection Broker Affected Versions: 9.0.40.17 Vendor page: https://leostream.com/ CVE Reference: CVE-2021-41551 Published: 25/01/2022 Attack Vector: path traversal, authenticated Credits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading a ZIP file that contains a symbolic link. Mitigation The Leostream has released a patch for this vulnerability, JUMPSEC recommend upgrading the affected versions to this new version as soon as possible. Leostream’s advice and release notes can be found here.
January 26, 2022,Lenk Ratchakrit Seriamnuai
No Logs? No Problem! Incident Response without Windows Event Logs
By Dray Agha In this article, we discuss some Digital Forensics and Incident Response (DFIR) techniques you can leverage when you encounter an environment without Windows event logs. Where are the logs?At JUMPSEC, we regularly respond to security incidents with ineffective logging and auditing for the purposes of a cyber incident. In some cases, organisations we encounter don’t have any recognisable SIEM or centralised log repository. In others, organisations with otherwise sufficient logging have seen adversaries intentionally manipulate the logs on an endpoint to prevent analysis - sometimes even wiping them entirely.
November 22, 2021,dray