Red Hot Cyber
Condividi la tua difesa. Incoraggia l'eccellenza. La vera forza della cybersecurity risiede nell'effetto moltiplicatore della conoscenza.
Massimiliano Brolli : 5 Agosto 2020 12:39
Researchers from #TIM’s Red Team Research (RTR) have discovered another 4 new zero-day vulnerabilities in the #WOWZA #Streaming Engine product.Last month, the TIM’s Red Team Research (RTR) disclosed 2 new vulnerabilities affecting the Oracle Business Intelligence product with High severity. Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilities that have been addressed by the manufacturer WOWZA Streaming Engine, between the end of 2019 and July 2020.Wowza Streaming Engine (known as Wowza Media #Server) is a unified streaming media server software developed by Wowza Media Systems based in Colorado, in the United States of America and used by many US government entities such as #NASA, US Air force, Boeing, New York Police Department and many other clients around the world.The #vulnerabilities discovered by the team, tracked as #CVE-2019-19454, #CVE-2019-19455, #CVE-2019-19453 and #CVE-2019-19456, are an “Arbitrary File Download”, “#Path traversal” and 2 “#Cross-site #Scripting” (the first two with High Severity and the others with Medium one) respectively. The issues were discovered during laboratory tests, promptly managed in a CVD (Coordinated Vulnerability Disclosure) process with the vendor.Some of these vulnerabilities can be chained together by a remote #attacker to execute arbitrary code on the impacted system, they can also provide full access to all the data it contains, through the user interface.The laboratory has been active for less than a year (based on the registered CVE) and unknown vulnerabilities have already been identified on various products including #NOKIA, #Selesta, and #Oracle. The research team has identified a total of 16 new published #CVEs, as reported on the #NVD (National Vulnerability Database) and on TIM’s Corporate website, available at https://www.gruppotim.it/redteam.TIM is one of the very few Italian industrial realities to conduct research of undocumented vulnerabilities, for this reason I suggest you to follow them carefully.
#redhotcyber #cybersecurity
https://securityaffairs.co/wordpress/106804/hacking/wowza-streaming-engine-zerodays.html
Seguici su Google News, LinkedIn, Facebook e Instagram per ricevere aggiornamenti quotidiani sulla sicurezza informatica. Scrivici se desideri segnalarci notizie, approfondimenti o contributi da pubblicare.
Massimiliano BrolliIl MITRE ha reso pubblica la classifica delle 25 più pericolose debolezze software previste per il 2025, secondo i dati raccolti attraverso le vulnerabilità del national Vulnerability Database. Tali...
Un recente resoconto del gruppo Google Threat Intelligence (GTIG) illustra gli esiti disordinati della diffusione di informazioni, mettendo in luce come gli avversari più esperti abbiano già preso p...
All’interno del noto Dark Forum, l’utente identificato come “espansive” ha messo in vendita quello che descrive come l’accesso al pannello di amministrazione dell’Agenzia delle Entrate. Tu...
In seguito alla scoperta di due vulnerabilità zero-day estremamente critiche nel motore del browser WebKit, Apple ha pubblicato urgentemente degli aggiornamenti di sicurezza per gli utenti di iPhone ...
La recente edizione 2025.4 di Kali Linux è stata messa a disposizione del pubblico, introducendo significative migliorie per quanto riguarda gli ambienti desktop GNOME, KDE e Xfce. D’ora in poi, Wa...
