Meeting Owl Pro: Konferenzeule hat viele Sicherheitslücken #MeetingOwl #Sicherheitslücke glm.io/165766?s

Well as some questions start coming up regarding the #MeetingOwl insecurities. Here are some short and clear infos. Details in our report. modzero.com/modlog/archive…

Meeting Owl videoconference device used by govs is a security disaster arstechnica.com/information-te… by @[email protected] -- Follow me there

MITRE assigned CVE-2022-31463, CVE-2022-31462, CVE-2022-31461, CVE-2022-31460 and CVE-2022-31459 #MeetingOwl

Meet our #infosec-veteran Max Moser at Area41 Security Con! He will provide some insights on our #MeetingOwl research during his talk on Friday and is happy to meet-up on the hallway-track.

We found a security issue in the latest CrowdStrike #FalconSensor. The bug itself isn't worth a tweet as the severity is pretty low. However, we’d like to shed some light on a ridiculous vulnerability disclosure process with CrowdStrike. #CVE-2022-2841 modzero.com/modlog/archive…

We are excited to welcome onboard @[email protected] as our Gold Sponsors this year! Register at bsides.berlin for one of the last remaining in-person tickets. #BSidesBerlin #appsec #infosec #BSides"

Better make sure your password manager is secure -- or someone else will. We found critical security issues in the enterprise password manager Passwordstate that allowed to access passwords and gain a shell -- without any authentication #CVE-2022-3875 modzero.com/modlog/archive…

Happy birthday to us! 🎉 12 years of hacking! Thank you to everyone who helped get this far! 😍 modzero.com/en/blog/12th-a…

Find us on mastodon (and BSIDES Berlin 2023 😉) infosec.exchange/@modzero/11133…

Joining us for a second year as sponsor is @[email protected]. Thanks for your continued support! Register at bsides.berlin for one of the last remaining in-person tickets. #BSidesBerlin #appsec #infosec #BSides

How do you hack Internet-connected devices? Today, our colleagues parzel and @[email protected] will present their research at the #37C3 on how to turn a Poly VoIP phone into a wiretap, giving beginners some starting points for own research projects. events.ccc.de/congress/2023/…

#CVE-2023-4462 Exploits are now available on github: github.com/modzero/MZ-23-… And please find us on infosec.exchange/@modzero

Unfortunately this is necessary: 8532a9e0e49991ffdc3bfe7b728513e254e288a86275c6473e3b42228641e5fa MZ-24-01_8641e5fa.pdf (and please find us on mastodon as well: infosec.exchange/@modzero)

We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/… Kudos to chaos.social/@born0monday and chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond… @[email protected] will also present at Area41 Security Con today.

Lovely to see the Email RFCs abused to embed a command injection payload in the local-part of the address! Nice work Michael Imfeld & parzel modzero.com/en/blog/beyond…

We would really like to get one of those new footballs that are currently being used in the stadiums during the European Championship matches. Just curious. 😁 DMs are open! #uefa #football #soccer #EM2024 #ballleak <3

Tutorial: Our colleague Theresa designed a tutorial guiding through an OpenVPN exploit scenario — for you to try at home! modzero.com/en/blog/how-we…