Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30335: Incognitolab We secure the nation

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.

CVE
#sql#web#ios#microsoft

INCOGNITO LAB

WHAT WE DO

Incognito Lab provides a full-range of professional cyber security services for organisations of all sizes and of all industrial sectors. More than 10+ years in the field, our foundation and mastery delivered to the clients were brought with passion and responsibility.

Highly-ethical standard and solid experienced of our certified team can provide a full range of security assessment services to meet your requirement.

We will bombard your security controls from adversaries’ perspective in order to measure your security capabilities and train your people.

Developing and maintaining effective information security strategy and standard can be difficult without experienced individuals. Incognito Lab’s consulting services are set to be your partner.

Incognito Lab team develops training courses and brings our knowledge to help organisations secure their business.

WHAT’S NEW

We wish to contribute to the industry, educate people, and empower organisations to know the adversaries and fight against cyber attacks. The ways we convey come from our works and our passions.

WHY INCOGNITO LAB

As a vendor-neutral company with no external investment, we could apply our team’s years of solid experience and diverse skills to provide security know-how on technical and non-technical subjects. We did not just test but we believe that a strong cyber security drives our client’s business growth and innovation; this is our goal.

0

CYBER DRILLS
*NOT PHISHING

WHATWE HACKWEBAPPS34%IOT/KIOSK5%APIS5% MOBILE APPS18%INFRASTRUCTURE*including AD28%OTHER*Cloud,Wireless, Thick Client Apps, ICS/SCADA, Physical,VDI 10%

WHATWE HACKWEBAPPS34% 5%IOT/KIOSK5%APIS18%MOBILEAPPS28%INFRASTRUCTURE*including ADOTHER*Cloud,Wireless,Thick Client Apps,ICS/SCADA,Physical,VDI10%

2016

SANS Holiday Hack Challenge - Honorable Mention

2016

NRCT - Expert System on Security Analytics and System Security Surveillance for General Users

2018

SANS Holiday Hack Challenge - Super Honorable Mention

2020

SANS Holiday Hack Challenge - Honorable Mention

Certified Information
Systems Auditor

Certified Information
Security Manager

Certified Information Infomation
Systems Security Professional

Systems Security
Certified Practitioner

Certificate of Cloud
Security Knowledge

GIAC Reverse
Engineering Malware

GIAC Certified
Incident Handler

GIAC Certified
Intrusion Analyst

GIAC Mobile Device
Security Analyst

AWS Certified
Security Specialty

AWS Certified Solutions
Architect Associate

SEE MORE

Certified Information Systems Security Professional (CISSP)

GIAC Security Expert (GSE)

GIAC Penetration Tester (GPEN)

GIAC Certified Forensic Analyst (GCFA)

eLearnSecurity Certified Professional Penetration Tester (eCPPT)

EC-Council Certified Ethical Hacker (CEH)

CREST Registered Penetration Tester (CRT)

AWS Certified Security - Specialty

Certified Information Systems Auditor (CISA)

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

GIAC Mobile Device Security Analyst (GMOB)

GIAC Certified Intrusion Analyst (GCIA)

eLearnSecurity Web Application Penetration Tester (eWPT)

EC-Council Certified Security Analyst (ECSA)

Offensive Security Certified Professional (OSCP)

AWS Certified Solutions Architect – Associate

Certified Information Security Manager (CISM)

GIAC Web Application Penetration Tester (GWAPT)

GIAC Reverse Engineering Malware (GREM)

GIAC Security Essentials (GSEC)

eLearnSecurity Certified Threat Hunting Professional (eCTHP)

CREST Practitioner Security Analyst (CPSA)

Offensive Security Certified Expert ( OSCE)

Related news

CVE-2022-30335: Incognitolab We secure the nation

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907