How to Fix CVE-2023-38035- API Authentication Bypass Vulnerability on Ivanti Sentry Administrator Interface?

How to Fix CVE-2023-38035- API Authentication Bypass Vulnerability on Ivanti Sentry Administrator Interface?

Application/Appliance
Recently, a critical authentication bypass vulnerability was discovered in Ivanti Sentry by security researchers at mnemonic. This vulnerability tracked as CVE-2023-38035, could allow an unauthenticated threat actor to bypass authentication controls and make unauthorized changes to the Ivanti Sentry server configuration. Ivanti Sentry, formerly known as MobileIron Sentry, acts as a gateway between mobile devices and backend resources like Microsoft Exchange or SharePoint servers. It works together with Ivanti Endpoint Manager Mobile (EPMM) platform to enforce security policies on managed devices. On August 21, 2023, mnemonic disclosed the discovery of a high severity vulnerability in Ivanti Sentry that received a CVSS score of 9.8. If successfully exploited, this flaw could enable network-level attackers to bypass authentication and gain privileged remote access to the Sentry appliance. In this blog, we will summarize everything about this zero-day vulnerability…
Read More
How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217?

How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217?

Data Breaches, Linux
Apple recently released iOS 17.0.3 and iPadOS 17.0.3 to address two critical vulnerabilities, CVE-2023-42824 and CVE-2023-5217, that could allow malicious actors to execute arbitrary code on affected devices. These flaws affect various iPhone and iPad models and could be exploited if a user visits a malicious website or is targeted by specially crafted web content. To protect your Apple devices, it is essential to apply the latest updates as soon as possible to ensure your devices are protected against potential attacks leveraging these vulnerabilities. We published this blog post to provide an overview of the vulnerabilities Apple devices impacted, and educate securitymaster.com users on keeping your devices secure. before we jump into the topic of discussion, let us see a short introduction about WebRTC since these flaws stemmed from the Kernel and…
Read More
How Do I Get Microsoft Copilot on Windows 11?

How Do I Get Microsoft Copilot on Windows 11?

Windows
Microsoft recently announced the general availability of Microsoft Copilot, its AI-powered digital assistant. Copilot aims to boost productivity by helping users complete tasks, generate content, and get insights across applications and devices. Copilot is currently available in different forms across Microsoft 365, Bing, Windows 11, and Edge. While it was initially limited to select testers, Microsoft has now started rolling out Copilot more broadly. So how do you get Copilot on your Windows 11 device? Let’s take a look at what Copilot is, its availability, pricing, and how to enable it on Windows 11. Microsoft first previewed Copilot at its Build developer conference earlier this year. It showed how Copilot can work alongside Office apps like Word, Outlook, and Excel to help users write emails, generate summaries, and analyze data.…
Read More
Raspberry Pi 4 8GB Starter Kit Review

Raspberry Pi 4 8GB Starter Kit Review

Linux, Programming & Scripting
Imagine the heights you can reach with the Raspberry Pi 4 8GB Starter Kit – 128GB Edition! This incredible tech pack comes fully loaded with a Raspberry Pi 4 8GB Model B, featuring a 1.5GHz 64-bit quad-core CPU (8GB RAM). The kit also boasts a highly efficient Raspberry Pi 4B case that contains a supremely quiet 40mm PWM fan and four heat sinks, ensuring your device maintains excellent heat distribution. You also get a perfectly stable 5V 3.6A Type C Power Supply sporting an ON/OFF switch for your convenience, along with TUV and RoHS certifications guaranteeing professional standards. A huge bonus is the 128GB High Speed Class 10 Card that comes with a Card Reader, ensuring compatibility with all versions of Raspberry Pi. And on top of all that, your package…
Read More
How to Upgrade Metasploit Framework on Kali Linux From Metasploit Repository?

How to Upgrade Metasploit Framework on Kali Linux From Metasploit Repository?

Linux, Pen Testing
Metasploit Framework is one of the most popular open-source penetration testing tools used by ethical hackers and cybersecurity professionals. It provides an easy way to find and exploit vulnerabilities on networks and systems. However, like any software, Metasploit needs to be updated regularly to take advantage of the latest exploits, payloads, evasion modules, and other enhancements. Unfortunately, the Metasploit updates are not always available in the standard Kali Linux repositories. So if you rely on the default apt update and apt upgrade commands, you may not have the most recent Metasploit version. In this blog post, we will show you how to easily upgrade Metasploit on Kali Linux directly from the Metasploit repository. This ensures you are running the latest and greatest version with all the newest features. A Short Introduction to Metasploit Framework Metasploit Framework is…
Read More
How to Secure Your Outlook from CVE-2023-23397- A Critical Elevation of Privilege Vulnerability in Outlook?

How to Secure Your Outlook from CVE-2023-23397- A Critical Elevation of Privilege Vulnerability in Outlook?

Mobile, Windows
It’s been a quarter now, but this critical Outlook vulnerability is still one of the hot topics in the security world. Upon public this flaw, there were many security firms, researchers, and threat hunters working on this Outlook vulnerability. Your guess is correct. We are talking about the Critical Microsoft Outlook vulnerability which is being tracked under the CVE ID- CVE-2023-23397. A vulnerability that could be easily exploitable by sending an Outlook message or calendar. Although it has been several weeks now, we still urge all Outlook users to secure your Outlook from CVE-2023-23397; successful exploitation of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak. Let’s understand some technical details about the CVE-2023-23397 vulnerability like, what is CVE-2023-23397, how it works,…
Read More
Step-by-Step Procedure to Install Python on Windows

Step-by-Step Procedure to Install Python on Windows

Linux
Python is a versatile and popular programming language that has gained widespread recognition for its ease of use and readability. It’s suitable for a variety of tasks, ranging from web development to data analysis, and is a valuable skill for professionals in the tech industry. Installing Python on Windows may seem complicated, but with a step-by-step guide, users can have their systems up and running in no time. For those looking to get started with Python on their Windows computer, the process is straightforward and accessible. It involves downloading the appropriate installer, making sure the environment is correctly set up, and using tools like the command-line interface to interact successfully with the programming language. By following a comprehensive step-by-step guide, even those who are new to programming can easily install…
Read More
Step-by-Step Procedure to Install PyCharm on Windows

Step-by-Step Procedure to Install PyCharm on Windows

Linux
Even in 2023, Windows is the most commonly used computer operating system. According to statista’s report, Windows runs more than 74% of global computers. This proves the popularity of Windows, from school projects to university research and gaming to scientific projects. When it comes to high-level programming language, Python is the computer programming language that stands out of the crowd for numerous reasons, such as flexibility, platform independence, a large set of libraries, and open-source licensing. Well, this clarifies how powerful when Windows and Python are used together. But wait, how do you use Python on Windows? You can download the installation package from python.org and install it on Windows like other operating systems. But, there is a more sophisticated way to run Python on Windows. There are several IDE (Integrated Development Environments) available…
Read More
Understand Docker Containers With securitymaster

Understand Docker Containers With securitymaster

Linux
Some of our readers have requested information about Docker and container technology. We have decided to publish an article on Docker Containers to help many users understand the technical aspects of Docker and containers. In this blog post, we will clarify the concept of containers and their different types, explain what Docker is, explore the relationship between Docker and containers, discuss the appropriate use cases for Docker, delve into the problems Docker solves in development, address whether Docker replaces virtualization, explain the differences between Docker containers and virtual machines, and answer a few more questions that will aid in understanding Docker. Before we delve directly into Docker, let’s begin by exploring containers, as it will make it easier to comprehend Docker if you are familiar with containers. What is a Container? A…
Read More
Understand the Docker Architecture with securitymaster

Understand the Docker Architecture with securitymaster

Linux
This is our second article about Docker. We covered most of the basic information about Docker and container technology in a different blog post. Please make sure you read the post “Understand Docker Containers With securitymaster” if you haven’t read it yet. Components of Docker Docker is a popular open-source tool designed to facilitate the creation, deployment, and execution of applications using containers. Containers allow developers to bundle an application with all its necessary parts, such as libraries and dependencies, and distribute it as a single package. Docker requires multiple components to function properly. Before we dive into the Docker Architecture, let’s familiarize ourselves with the different components of Docker. Docker Engine: The Docker Engine is the base layer of the Docker architecture. It’s a lightweight runtime that builds and runs your Docker images.…
Read More