SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
CloudLinux CageFS Token Disclosure (CVE-2020-36771) CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. Full security advisory… Read More
MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device. Full security advisory Credits… Read More
The 18th International Conference on Availability, Reliability, and Security (ARES 2023) took center stage in Benevento, Italy, from August 29 to September 1, 2023, offering a platform for experts and enthusiasts to explore the latest developments in the field. Co-located with ARES 2023 was the International IFIP Cross Domain Conference… Read More
On the 28th of July, Sebastian Schrittwieser gave a talk at the WeAreDevelopers World Congress, one of the world’s largest software development conferences. It took place from July 27th to 28th in Berlin. More than 10,000 attendants were able to join talks on 13 parallel stages. Read More
Reinhard Kugler held the opening talk of this year’s Hagenberg Forum. He showed current challenges in the automotive domain and how to get started in security testing of electronic control units. Reinhard showed vulnerabilies and testing methods of automotive applications, focusing on… Read More
Gerald Sendera, data protection supervisor & legal counsel at SBA Research, moderated a Round Table at PriSec 2020 – Jahresforum für Privacy & Security – on the topic of Corona Prevention & Data Protection Limits. In the run-up to the event,… Read More