Contact Us Blog

Furuno Felcom250 / Felcom500 Vulnerabilities

The CyberSKR Maritime Security team identified and registered multiple vulnerabilities in the Furuno250 / Furuno500 Inmarsat FleetBroadband Systems. The vulnerabilities relate to client-side authentication (server-side auth bypass), incorrect access control (unauthorised password change) and (cleartext) password disclosure.

Sonus SBC 1000 / 2000 / SWELite Vulnerabilities + PoC

The CyberSKR team identified and registered three vulnerabilities in the Sonus (now Ribbon Communications) SBC 1000 / 2000 and SWELite Edge web interface. The vulnerabilities include a method for root privilege escalation via access to the shadow file, Local File Inclusion (LFI) and Remote Command Execution (RCE). Having responsibly disclosed the findings and working with the vendor to ensure a patch was released, we are now releasing the details and a PoC Python script that exploits the vulnerabilities.

South African Government Biometric Identity Verification System Exposed Online

CyberSKR discovered a biometric identity verification system operated by South Africa's Department of Home Affairs (DHA) had been left online since at least August 2013. The Home Affairs National Identification System (HANIS) provides a service for financial institutions, mainly banks, that "enables the verification of the customer’s identity by checking their identity number and biometric data against the data hosted at the Department of Home Affairs" (securitysa.com).

This website uses cookies
Close

Contact CyberSKR

If you would like to inquire about our services or ask a question please fill in the form below

Contact Details
Your Comments
Are you human?