During a security audit for a LiveConfig customer, Raphael Kuhn from DriveByte GmbH discovered a so-called Unauthenticated Path Traversal vulnerability in LiveConfig up to version 2.5.1.
Simple yet effective. The story of some simple bugs that led to the complete compromise of a network
By spying on the process creation of a UCS connected server with extensive permissions, it was possible to gather a large amount of LDAP data. This data includes different credentials and other authentication information. The vendor responded extremely professional and fixed the issues very quickly. He did not only fix the script where we found the issue, but also checked their code base for similar problems and fixed them as well.
Life momentarily came to a halt in the Israeli cities of Jerusalem and Eilat as air raid sirens were triggered, despite there being no projectile in motion. The Israeli military announced that they suspect the false alarm to have been triggered by a cybersecurity attack at the municipal levels, not via military systems. Iran is suspected to have triggered the air raid sirens in Israel, a reminder of their growing cyber warfare capabilities.