"##load php code, opening the door for remote code execution. additionally, sql database errors were public and the platform was vulnerable to a time - based blind sql injection, giving a bad actor direct access to the database. these exploits could allow full access to potentiall…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
67%
"##berg. was any sensitive information stolen or compromised? at this point, we can ’ t predict whether information was actively stolen or compromised by attackers or unauthorized users. but it certainly was possible, and these types of vulnerabilities could very well be present i…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
46%
"collaborating with your peers. but we are telling you that no platform is immune. if a new third - party solution, no matter what it may be for, isn ’ t properly vetted and evaluated against its security posture — then it is not a solution, it is a problem. how do you stop a supp…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
42%
"zero - day vulnerabilities in platforms could leave msps exposed | huntress let ’ s put our adversarial hats on, shall we? say you were a malicious hacker, and you wanted to target the top managed service providers ( msps ). how would you do it? where would you start? well … a go…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
We unveil zero-day vulnerabilities we discovered in virtual event platforms used in MSP/Fortune 500 communities, plus some insight on supply chain attacks.