Rhino Security Labs

Strategic Blog

CVE-2024-1212:
Unauthenticated Command Injection
In Progress Kemp LoadMaster

David Yesland
March 19, 2024

While researching the Progress Kemp LoadMaster load balancer we discovered an unauthenticated command injection in the administrator web interface of the appliance. This allowed full compromise of the LoadMaster if you could reach the…

CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM

Working-As-Intended:
RCE to IAM Privilege Escalation in GCP Cloud Build

The Capital One Breach
& “cloud_breach_s3” CloudGoat Scenario

Jeffrey Anderson

Cloud security, specifically AWS security, is once again in the news. This time it’s a major breach at banking giant Capital One. With 100 million customers affected, it ranks as one of the largest data breaches to date. Capital One now…