🚨 Critical vulns in dormakaba exos 9300! We’re sharing 20 CVEs in dormakaba’s physical access control system: doors can be opened without authentication with network access. Kudos to @dormakaba for excellent handling & patches.
👉 https://t.co/khdsG53EuN #ResponsibleDisclosure
2 y ago we tried to submit a research projet on this components to a defense CFP because this has a huge attack surface since it is used almost anywhere !
->rejected : not innovative (yep, not AI content - literally this)
... but @sec_consult did not try: they did 👌🏻👏👏
After the MS process...and the reward 🙄 our #Microsoft AutoUpdate #EoP vuln. is not a #0day anymore
Good job of our teammate @defane
Note: it is not "just" an #LPE affecting MS products so think about this when using #O365 on your #MacBook
https://t.co/kflNrcjUeb
#patchtuesday
As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024
If you missed the talk, here is the blog post:
https://t.co/zTcENNrZun
Slides:
https://t.co/sWztf0ygM4
Enjoy and find your own bugs 😎
Thanks @orangecyberch for the mention of our recent publication (cc @defane)
Very good paper too, I guess the Bitlocker/PIN privesc is now pretty well documented :p