AppCheck Security Blog
Featured post
vBulletin Zero Day Details & Plug-in
/ Posted August 10, 2020
Security researcher Amir Etemadieh has released a pre-authentication zero-day remote command execution (RCE) exploit in vBulletin. This exploit is bypasses the patch for a previous RCE in vBulletin 5.0 through 5.4 and has since been assigned CVE-2019-16759.
read moreFilter by:
vBulletin Zero Day Details & Plug-in
News Product Security Alerts / Posted August 10, 2020
Security researcher Amir Etemadieh has released a pre-authentication zero-day remote command execution (RCE) exploit in vBulletin. This exploit is bypasses the patch for a previous RCE in vBulletin 5.0 through 5.4 and has since been assigned CVE-2019-16759.
Read moreSaltStack scanning tool to detect CVE-2020-11651 & CVE-2020-11652
Product Research Security Alerts / Posted May 05, 2020
These CVE's are now being actively exploited in the wild and so we have created a free standalone scanner to detect and report on these.
Read moreCritical Vulnerabilities in SaltStack CVE-2020-11651 & CVE-2020-11652
Security Alerts / Posted May 01, 2020
Vulnerabilities within SaltStack infrastructure automation software may lead to RCE attacks and full system takeover. According to security researchers who found these vulnerabilities, attacks are expected in the wild as soon as today.
Read moreGhostCat Vulnerability - CVE-2020-1938
Security Alerts / Posted February 27, 2020
Aside from being a – by all accounts truly terrible – direct-to-TV movie about a recently deceased cat who comes back from the dead to try and stop scammers and wealthy businessmen from making unnecessary land-development deals, “Ghostcat” is also the fond nickname for vulnerability CVE-2020-1938.
Read moreAppCheck Scan Template for Pulse Secure CVE-2019-11510
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
Read moreAppCheck Scan Template for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template to detect a remote code execution flaw in Citrix appliances.
Read moreAppCheck Plug-in for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted December 18, 2019
AppCheck have released a plug-in to detect a remote code execution flaw in Citrix appliances.
Read moreMacy's falls victim to hack exposing customer data
Security Alerts / Posted November 20, 2019
Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.
vBulletin Zero Day Vulnerability Released by Anonymous Source
News Security Alerts / Posted September 25, 2019
AppCheck's Head of Development states: "We have confirmed the exploit does work and is an unauthenticated RCE that attackers can exploit. Depending on the user level they access this could range from simply accessing data, editing it or even full system takeover. Earlier today we have included a plug-in for our customers to identify and safely exploit this vulnerability."
Read moreNew feature announcement: Subdomain takeover audit
Product Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.
Read more