• T-Pot Version 19.03 released

    In Mach 2019 we released T-Pot 19.03. Read more Details here.

    Continue Reading →

  • WeBid Directory Traversal, Blind SQL Injection and XSS

    Multiple vulnerabilities were identified in version 1.2.2 of the popular “WeBid” open source auction system. Patches for all three vulnerabilities are available in their GitHub, and will be included in the next release.

    Continue Reading →

  • ServiceNow Glide Scripting injection leading to privilege escalation

    ServiceNow, an enterprise IT service management solution, is vulnerable to an template injection vulnerability, leading to a full privilege escalation.

    Continue Reading →

  • Variant of Satori/Mirai detected attacking public available ADB shells

    On the 10th of July at 23:30 UTC we noticed an increased traffic on our blackhole monitoring on TCP port 5555. Upon further analysis, we saw a big chunk of this traffic coming from China, USA and the Dominican Republic. In total we gathered 246.434 packets from 68.361 unique IPs. Based on the packet details we gathered, we can assume that the packets were generated by a lot of different devices. In addition, the traffic behavior on port 5555 matches the typicall scan behavior of botnets.

    Continue Reading →

  • Trovebox - Authentication Bypass, SQLi, SSRF

    Trovebox, a photo sharing and management application, is prone to several critical vulnerabilities. Exploiting is trivial and it is recommended to update to the fixed version from Github.

    Continue Reading →

  • Potherder: a Honeypot Story

    It’s been seven years now that I started to contribute to the setup of Deutsche Telekom’s Early Warning System which is running multiple honeypots all over the globe and I would like to share my personal view on the history of the project, its internal goals and its achievements.

    I still remember the first group meeting with my department in November 2010. It was my third day at the new employment in the team “Security of Office and Portals” and I happened to start my new career path all dressed up, because I thought this was the way to go in a large corporation. Turns out I was wrong about this, some people were more technical than I initially thought and it took some time to lose the first impression I made wearing a suit…

    Continue Reading →

  • T-Pot Version 17.10 released

    In October 2016 we released T-Pot 16.10

    Continue Reading →

  • Opensourcing our Honeypot Backend (well, parts of it)

    The last years we have consistently supported the community by releasing new versions of our multi honeypot platform called T-Pot. This November we are proud to release a new version of T-Pot with exciting new features and …

    something more.

    Continue Reading →