Security Blog

Solari di Udine

Vulnerability Disclosure – Solari di Udine

Introduction During a Penetration Testing activity, the Italian company Swascan (Tinexta Cyber) has identified a new Zero Day relating to an attendance management service that potentially impacts the over 40 devices installed. TermTalk’ is responsible for transferring information from the network of terminals and concentrators to the database of the various application software, for configuring

MSI

Security Advisory: MSI

Introduction Swascan Cyber Security Team has identified at least 3 Critical vulnerabilities on MSI digital assets passively identified by using the Domain Threat Intelligence (DTI) service. Micro-Star International (MSI) is a Taiwanese multinational computer company headquartered in New Taipei with subsidiaries in the Americas, Europe, Asia, Australia and South Africa. It designs, develops and supplies

Visual Tools

Security advisory: Visual Tools DVR (CVE-2021-42071)

Visual Tools DVR VX16 4.2.28.0 – OS Command Injection (unauthenticated) Swascan identified a critical vulnerability during regular penetration testing on a client related to Visual Tools (trademark) a software from AX Solution LA (https://visual-tools.com). At the time of publication (see the timeline at the bottom of the article), Swascan informed AX Solution of the vulnerability

Entando

Security advisory: Entando (CVE-2021-35450)

Entando Admin Console <= 6.3.9 – Server Side Template Injection Swascan has proactively pursued a Responsible Vulnerability Disclosure activity with the system integrator Entando after a vulnerability of high severity was identified during a penetration testing activity. Entando in brief Entando is an open-source software company providing the leading modular application platform building enterprise web

Lenovo Swascan

Lenovo and Swascan collaborate to fix security issue

Swascan Cyber Security Team has identified at least 3 Critical vulnerabilities in “My Lenovo” digital assets passively identified by using the Domain Threat Intelligence (DTI) tool. DTI – Domain Threat Intelligence – is service from Swascan’s Cyber Security Testing Cloud Suite. The service does not perform any security tests on the target and only operates

data scraping

LinkedIn data scraping: 1 Billion data record for sale

LinkedIn data scraping – “Over 1Billion LinkedIn data available”, over “520 million email addresses and phone numbers of LinkedIn users” – are just some of the “announcements” Swascan‘s SOC as a Service and Cyber Threat Intelligence Teams first identified on April 5th, 2021 via its Security Testing and Threat Intelligence platform, as noted in the

Scraped data of 70 Million Twitter users

Scraped data of 70 Million Twitter users?

On April 5th Swascan’s SOCaaS and Cyber Threat Intelligence Teams first identified and reported the presence of a huge Linkedin database for sale on the web and dark web. The Linkedin news was preceded by the discovery of the most recent Facebook data leak which involved 553 million users. https://www.linkedin.com/feed/update/urn:li:activity:6785063470124560384/ Traslated: “Over 1Billion recds of