The CyberSKR Maritime Security team identified and registered multiple vulnerabilities in the Furuno250 / Furuno500 Inmarsat FleetBroadband Systems. The vulnerabilities relate to client-side authentication (server-side auth bypass), incorrect access control (unauthorised password change) and (cleartext) password disclosure.
The CyberSKR team identified and registered three vulnerabilities in the Sonus (now Ribbon Communications) SBC 1000 / 2000 and SWELite Edge web interface. The vulnerabilities include a method for root privilege escalation via access to the shadow file, Local File Inclusion (LFI) and Remote Command Execution (RCE). Having responsibly disclosed the findings and working with the vendor to ensure a patch was released, we are now releasing the details and a PoC Python script that exploits the vulnerabilities.
CyberSKR discovered a biometric identity verification system operated by South Africa's Department of Home Affairs (DHA) had been left online since at least August 2013. The Home Affairs National Identification System (HANIS) provides a service for financial institutions, mainly banks, that "enables the verification of the customer’s identity by checking their identity number and biometric data against the data hosted at the Department of Home Affairs" (securitysa.com).
If you would like to inquire about our services or ask a question please fill in the form below