/">Home */}} Home Honeypots Advisories @DTCERT About

Telekom Security

Home Honeypots Advisories @DTCERT About

  • USD: One File Format, Many Vulnerabilities

    03 Apr 2023 • Write-up • Research

    This post covers my project of identifying a series of vulnerabilities (CVE-2020-9878, CVE-2020-9880, CVE-2020-9881, CVE-2020-9882, CVE-2020-9940, CVE-2020-9985) in the processing of USD (Universal Scene Description) files within Apple’s iOS operating system. It also covers the high-level approach to exploit one of these vulnerabilities.

    Continue Reading →

  • Critical remote buffer overflow vulnerability in matrixssl TLSv1.3 server message processing

    09 Jan 2023 • Advisories

    A new critical remote buffer overflow vulnerability (CVE-2022-43974) was discovered in the matrixssl library (versions 4.5.1- 4.0.0, https://github.com/matrixssl/matrixssl) by Security Evaluators of Telekom Security with modern fuzzing methods.

    View the full advisory

    Continue Reading →

  • Apple's iOS & macOS Contacts Vulnerability - Privacy Preferences Bypass

    12 Sep 2022 • Advisories

    A vulnerability has been identified in iOS/iPadOS < 15.7 / < 16.0 and macOS Big Sur < 11.7 that allows an app to bypass Privacy preferences, posing a significant risk. The vulnerability, classified as Improper Input Validation affects the Contacts component.

    Continue Reading →

  • T-Pot Version 22.04 released

    13 Apr 2022 • Honeypots • General

    We are proud to announce the release of T-Pot 22.04 with lots of new features i.e. new honeypots, a distributed installation option, arm64 support, live attack maps, Debian 11 base, ELK 8.x, and more. If you ever wanted to get started with honeypots (or take it to the next level), but with the ease of use of an appliance, now is the best time to get started.

    Continue Reading →

  • Twitter Account of Deutsche Telekom's CERT Resumed

    20 Jan 2022 • General

    We are very pleased to announce that Deutsche Telekom’s CERT recently has resumed their twitter activity. Make sure to follow @DTCERT for technical tweets from CERT, CTI, and DFIR.

    Continue Reading →

  • Enumerating and indexing SMB shares at scale

    19 Jan 2022 • Tools

    In order to improve and harden our group’s critical telco-infrastructure, Deutsche Telekom Security GmbH provides a red team to simulate real world attack scenarios. While our red team also offers its capabilities for external customers, our main focus is improving our internal security by simulating state of the art attacks.

    Continue Reading →

  • Critical DoS vulnerability in SQLCipher SQL command processing

    08 Mar 2021 • Advisories

    A new critical denial-of-service vulnerability (CVE-2021-3119) in the SQLCipher SQL command processing of the master branch was discovered with a self-developed SQLCipher-FAST (Fast Automated Software Testing) framework.

    View the full advisory

    Continue Reading →

  • Denial of service vulnerability in SQLCipher SQL command processing

    12 Nov 2020 • Advisories

    A new critical denial of service vulnerability (Use CVE-2020-27207) in the SQLCipher SQL command processing of the master branch (https://github.com/sqlcipher) was discovered with a self-developed SQLCipher-FAST (Fast Automated Software Testing) framework.

    View the full advisory

    Continue Reading →

« 1 2 3 4 5 6 7 »
Imprint • Disclaimer • Privacy Policy