Organisations are increasingly moving to outsource risk tothe cloud. We were recently tasked by a client to perform research around oneof the major e-signature cloud offerings. After 2 days of research we were ableto reveal some critical design flaws (e.g. RCE via memory corruption that couldbe exploited from the Internet, by leveraging old-school bugs in third partylibraries).
Thedevelopers of the third party library almost certainly never expected to havetheir software exposed in such a manner, and this is how local vulnerabilitiesbecome Internet exposed vulnerabilities.
To share some of the detail David Klein, one of our consultants based in Melbourne, speaks to RiskyBiz on their latest podcast released this week.
Stay tunedfor the upcoming blog post, where more technical details will be discussed,including details of the vulnerability and the exploit, which was crafted byanother of our Melbourne based team, François Goichon.