
STM Cyber
@stm_cyber
Followers
358
Following
390
Media
22
Statuses
73
HACK THE UNHACKABLE
Warsaw / Poland
Joined September 2020
We are so proud to announce that the 🇵🇱Poland -🇫🇮Finland team, under the command of the @CyberWojska, won second place in the world's largest cyber defense exercise, Locked Shields, 2024! 🥈 @trodbert, which included as many as 8 people from STM Cyber, achieved the best result in
6
1
17
Przypominamy, że 8 marca odbędzie się Dzień Otwarty STM Academy!.Zgłoszenia prosimy wysyłać na info@stm-academy.com, liczba miejsc ograniczona, więc lepiej się pośpieszyć. Agenda:.10.00 – 10.30 Przywitanie uczestników - powitalna kawa .10.30 - 12.00 Warsztat: Jak rozpoznać i.
0
2
2
Zapraszamy wszystkich chętnych na dzień otwarty 8.03.2024, żeby zapoznać się z STM Academy! Odbędzie się pokazowe szkolenie na platformie @hacking_dept , spotkanie z ekspertami cyberbezpieczeństwa oraz członkami najlpeszych polskich grup CTF w Polsce - @p4_team team oraz
1
2
6
RT @TheHackersNews: Popular PAX PoS systems used in countless stores worldwide are vulnerable to crippling attacks. Hackers could hijack t….
thehackernews.com
Popular PAX PoS systems used in countless stores worldwide are vulnerable to crippling attacks.
0
44
0
@rysiacz Their efforts resulted in the identification of two vulnerabilities:.1. CVE-2024-20916 - SQL injection - found by Patryk Rejchert.2. CVE-2024-20917 - DOM-Based Cross-Site Scripting - found by Piotr Konopko & Patryk Rejchert.Patch has been released on the 16th of January.
0
0
2
We are excited to share that our employees @rysiacz and Piotr Konopko from @stm_cyber conducted a security assessment of Oracle Enterprise Manager. Read more in the comments.
1
1
7
Current list of vulnerabilities:.- CVE-2023-42134.- CVE-2023-42135.- CVE-2023-42136.- CVE-2023-42137.- CVE-2023-4818. Kudos to @CERT_Polska_en for helping with the disclosure process 🤝.
0
0
3
We are releasing the first wave of vulnerabilities targeting @paxtechnology PAX Android POS terminals. The list includes pre-auth RCE on the root account by exploiting a hidden bootloader functionality via USB. You can expect more POS CVEs soon™ :).
blog.stmcyber.com
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
2
31
66
Another happy hunting 👊 .Dell Technologies would like to thank @redfr0g_ Brzozowski (redfr0g), Franek Kalinowski, and Stanisław Koza from STM Cyber for reporting these issues:.CVE-2023-44277 .CVE-2023-44284.CVE-2023-44286.
0
0
3
RT @redfr0g_: Together with @albercik007 and Szymon Jacek from @stm_cyber we found several vulnerabilities in SolarWinds Platform 2023.4. A….
0
1
0
Congrats! We are so proud 💪.
We managed to win yet another space-related CTF, this time organized by @esaoperations. We managed to join forces with 2 great hackers from @HPI_DE, to form a 🇵🇱🇩🇪 team. 🛰️ 🔫 🦆.
0
0
1
Bartosz Śmigielski @glasnostt from STM Cyber found a security vulnerability in SAP Business Objects identified by CVE-2023-42474. DOM-Based XSS was possible by injecting a URL in the GET parameter during window printing in analytical reporting. More info:
blog.stmcyber.com
Sap Business Objects version 420 is vulnerable to DOM-XSS attack.
0
2
9
Our pentesters Stanisław Koza and Jakub Sajniak (@kubolos231) found another high vuln in the Cisco product. It was marked CVE-2023-20211 and it allows any auth user to extract any info from the Cisco Unified Communications Manager using SQLi. Our PoC:
blog.stmcyber.com
A vulnerability in the web mgmnt interface of Cisco Unified CM and CM SME could allow an authenticated, remote attacker to conduct SQL injection attack.
1
4
11
Our pentesters Janek and Szymon pranked us in our Microsoft Teams group using interesting phishing 🎣 trick!.Check out what they have discovered and how they manage to earn a free pizza 🍕 using message replay spoofing on Teams:.
blog.stmcyber.com
Earlier this year, we discovered an interesting behavior in Microsoft Teams chat functionality that allowed us to phish our coworkers and earn a free pizza. By modifying the request it’s possible to...
0
3
8
RT @redfr0g_: I am excited to lead a brand new course from @stm_cyber Academy - Network Security. If you want to take a deep dive into L2….
0
1
0
RT @p4_team: Get ready, set, hack! just hit the ground! ⏰ Less than 24hrs to uncover flags, conquer snacks & tackle….
0
7
0
RT @CONFidenceConf: Soon at #CONFidenceConf members of @p4_team 🐦 - Adam Kliś (security researcher @stm_cyber) and Krzysztof Zając (senior….
0
2
0
Congrats! You finally did it! 💪 🇵🇱🚀🌌 Poland truly can into space!.
Third time's a charm! Once again @p4_team and @DragonSectorCTF have joined forces as the Poland Can Into Space team to conquer space 🇵🇱🚀🌌 and this time we did🏆! We won @hack_a_sat, the space security competition! Thanks to🥈SpaceBitsRUs and🥉@solarwine_ctf for a fierce fight!
0
2
12