softScheck sheds light on the often-overlooked OT security risk surrounding the PROFINET mechanism ‘Reset to Factory’ and shows how it can be abused without authentication to deliberately disrupt industrial systems.
softScheck proudly announces the open-source release of scans2any, a powerful tool for merging and formatting network scan results.
Short overview of our recent contributions to open-source security tools.
Drones are becoming increasingly popular, but they are also vulnerable. Hackers can take control of a drone, steal its data, or even crash it. We explored possible attacks and countermeasures against civilian UAVs.
During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not …
On November 24th a critical vulnerability in Log4j was reported to Apache. It was later made public under the name Log4Shell (CVE-2021-44228); it can be exploited effortlessly remotely and allows an attacker to execute his own code (RCE). …
ILIAS is a free and open source learning platform which can be used to create and distribute web-based teaching and learning materials. It is often used by universities and companies for e-learning. This blog post describes how we …
Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we continued our …
Netatmo Welcome is a smart camera, which is capable of recognizing faces, streaming recordings into the cloud or alerting the owner in case of a burglary. As part of ongoing research into the Internet of Things security, we performed static …
We analyzed a recent wave of phishing mails trying to spread the Emotet banking trojan via malicious Word documents. This post provides details of the obfuscation methods used in the VBA macro and the PowerShell script contained within the …