security research, vulnerability, git, github, advisory — 15 January 2021 Attack of the clones 2: Git CLI remote code execution strikes back Introduction This post is the second part of the story of a vulnerability that could be leveraged as a supply chain attack and used to hack millions of software developers around the world. We will describe all details about CVE-2020-26233,...
security research, advisory, vulnerability, mattermost — 20 July 2020 Security advisory: Mattermost Mobile for iOS v1.31.0 Authentication Token Leakage and Account Takeover Advisory information Title: Mattermost Mobile for iOS Authentication Token Leakage and Account Takeover Advisory reference: BLAZE-05-2020 Product: Mattermost Mobile Client for iOS v1.31.0 (Build 293) CVE reference: CVE-2020-13891 Vendor reference: MMSA-2020-0022 Disclosure mode: Coordinated disclosure Product description Mattermost...
security research, advisory, vulnerability, privilege escalation — 22 June 2020 Security advisory: Mullvad VPN client for Windows 2020.3 local privilege escalation Advisory information Title: Mullvad VPN client for Windows 2020.3 local privilege escalation Advisory reference: BLAZE-03-2020 Product: Mullvad 2020.3 for Windows CVE reference: CVE-2020-14197 Disclosure mode: Coordinated Product description Mullvad is a Sweden-based VPN provider with a strong focus...
security research, advisory, i2p, vulnerability, privilege escalation — 29 May 2020 Security advisory: i2p for Windows local privilege escalation Advisory information Title: i2p for Windows local privilege escalation Advisory reference: BLAZE-02-2020 Product: i2p 0.7.5 to 0.9.45 for Windows CVE reference: CVE-2020-13431 Disclosure mode: Coordinated Product description i2p (The Invisible Internet Project) is an anonymous network,...
advisory, telegram, security research, homographs — 25 March 2019 Security advisory: Telegram instant messenger IDN homograph attack Advisory information Title: Telegram instant messenger IDN homograph attacks Advisory reference: BLAZE-02-2019 (CVE-2019-10044) Product: Telegram Disclosure mode: Coordinated disclosure Product description Telegram is a messaging app with a focus on speed and security, it’s super-fast, simple and free. You...
homographs, security research, advisory, signal — 24 March 2019 Security advisory: Signal IDN homograph attack Advisory information Title: Signal IDN homograph attacks Advisory reference: BLAZE-01-2019 (CVE-2019-9970) Product: Signal Disclosure mode: Coordinated disclosure Product description Signal is an encrypted communications app for Android and iOS. A desktop version is also available for Linux, Windows, and macOS....
advisory, security research — 29 March 2017 Security advisory: Porteus Kiosk security restrictions bypass Advisory information Title: Porteus Kiosk security restrictions bypass Advisory reference: BLAZE-01-2017 Product: Porteus Kiosk Disclosure mode: Coordinated disclosure Product description Porteus Kiosk is a popular lightweight Linux designed to be used as a kiosk solution. It implements several restrictions with...