By Uzair Amir
Phishing has long been a common way to induce a receiver to unveil personal data. Primarily, it works…
This is a post from HackRead.com Read the original post: How to detect phishing images in emails

Phishing has long been a common way to induce a receiver to unveil personal data. Primarily, it works this way: You receive an email from a purportedly reputable source–say, your employer–asking you to click the link and get familiar with new regulations effective in the following week.

You are curious about the contents, so you click the link, which asks you to log in to the company’s systems (looks logical, doesn’t it?). Once you fill out the fields, press enter, and nothing happens, you’ve been phished. A bit late for understanding that you’ve made a mistake. 

But to tell you more, it’s one of the most mundane phishing strategies; these days, much more creative phishing methods exist, with images being among the most effective ones. 

Innocent at first glance, phishing images can pose great danger. And most interestingly, designing phishing images doesn’t necessarily require hackers’ direct intrusion. They can create a tool doing all the legwork for them so that many people won’t even know whether their attached images include viruses.

Therefore, it’s vitally important to use a verified and time-trusted email banner creator to ensure the email is free from bugs and other harmful elements. But not only that. You should also pay close attention to pictures added to received emails. So the main question arises: Can you detect phishing images in emails before hackers access your data? Let’s find out together.

**Don’t be afraid to open and read the email**

You won’t be able to identify the images and whether they contain phishing elements until you open the email. Reading the email itself isn’t dangerous. If your system is up-to-date, you don’t have to worry about the email’s content and attachments. Only after you open the email can you detect whether images are phishing. 

**Turn off the automatic image display option**

Disabling an automatic image display feature is the first thing you should do to stay safe. Modern email apps, like Gmail (_How To_) or Outlook (_How To_), are advanced to the extent they do all the dirty work, automatically eliminating the chances of you getting phishing images. But forewarned is forearmed, and it would be best to turn the mentioned feature off. It will allow you to read the email and be certain about your digital security. 

**Check the email and its details and hover the cursor over the image **

Hackers don’t shun using dirty tricks to achieve their ultimate goals. Not only do they send emails from reportedly credible addresses, e.g., which differ from an authentic company by only one symbol, but they also camouflage phishing images with thought-provoking content. Many people fall into the trap of thoughtful texts; being impressed, they complete the final catchy phrase to “click on the image to learn more,” and voila, their passwords got into the wrong hands.

More to the point, the most effective way to check phishing images is to first go through the email and its details and second peruse the picture. Do not click on the image! Even if you are a hundred percent positive that the email is reliable, it’s best to double-check the image. Simply hover the cursor over the image and tell us – can you see any embedded link? If so, look at it carefully. Phishing images usually include links that are similar to official websites. 

**Did the email trigger a spam filter?**

There is no denying that spam filters are tricky and can consider authoritative websites’ emails spam, propelling them forward to a respective box. So, remember to review your spam box, as you can find long-awaited emails there.

Other than that, pay close attention to any email that has triggered spam filters. Email apps have developed tremendously, and they mainly direct suspicious emails, such as unsolicited commercial emails, to the spam box for a reason. The latter may touch on images, too, so be careful when walking through them.

_Source_

**Look at calls to action dispersed in the email**

Besides mind-boggling content, hackers deceive people by inserting “effective” call-to-action buttons. Such buttons often contain links leading to credible websites. “So what’s their point then?” you might ask.

Call to action buttons aims to make your alertness level plummet. By clicking on several calls to action, you may think the email is informative. As a result, you mindlessly do what the email asks and finally click on the image that leads you to the website that causes no second thoughts as to its reliability. You fill out the sections with sensitive data and end up phished. Under no circumstances should you click on images, even if trustworthy call-to-action buttons back them up.

**Wrapping up**

Viewing images in emails is not a security issue. It can only inform the sender that you have read the email. It’s way more important to stay away from clicking on the image, for it can lead to a page that mirrors a reliable website and asks to provide your credentials. Unless you do that, you are safe. Switching off an automatic display feature is an optional measure to prevent you from being fished. 

Also, try to update your devices and apps so that the chances of phishing images permeating your inbox undetected will equal close to zero. And of course, don’t be gullible, clicking on every image and link included in emails. This way, you are unlikely to be phished.

How to detect phishing images in emails

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**NVIDIA GPU Display Driver**

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2022‑28181

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

8.5

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE‑2022‑28182

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

8.5

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE‑2022‑28183

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.

7.7

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE‑2022‑28184

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.

7.1

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE‑2022‑28185

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

6.8

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVE‑2022‑28186

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering.

6.1

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVE‑2022‑28187

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime has ended, which may lead to denial of service.

5.5

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE‑2022‑28188

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service.

5.5

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE‑2022‑28189

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. 

5.5

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE‑2022‑28190

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.

5.5

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

**NVIDIA vGPU Software**

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2022‑28191

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.

5.5

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE‑2022‑28192

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.

4.1

AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Updates for NVIDIA GPU Display Driver****CVE IDs Addressed in Each Windows Driver Branch**

The following table lists the CVE IDs addressed by the update in each Windows driver branch.

**Driver Branch**

**CVE IDs Addressed**

R510

CVE‑2022‑28181, CVE‑2022‑28182, CVE‑2022‑28183, CVE‑2022‑28184, CVE‑2022‑28185, CVE‑2022‑28186, CVE‑2022‑28187, CVE‑2022‑28188, CVE‑2022‑28189, CVE‑2022‑28190

R470

CVE‑2022‑28181, CVE‑2022‑28182, CVE‑2022‑28183, CVE‑2022‑28184, CVE‑2022‑28185, CVE‑2022‑28186, CVE‑2022‑28188, CVE‑2022‑28189

R450

CVE‑2022‑28181, CVE‑2022‑28182, CVE‑2022‑28185, CVE‑2022‑28186, CVE‑2022‑28188, CVE‑2022‑28189

**Security Updates for NVIDIA GPU Windows Display Driver**

The following table lists the NVIDIA software products affected, versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce

Windows

R510

All versions prior to 512.77

512.77

Studio

Windows

R510

All versions prior to 512.96

512.96

NVIDIA RTX/Quadro, NVS

Windows

R510

All versions prior to 512.78

512.78

R470

All versions prior to 473.47

473.47

Tesla

Windows

R510

All versions prior to 512.78

512.78

R470

All versions prior to 473.47

473.47

R450

All versions prior to 453.51

453.51

**Notes:**

*   Your computer hardware vendor may provide you with Windows GPU display driver versions including 512.36 and 473.34 which also contain the security updates. 
*   The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, NVIDIA recommends upgrading to the latest branch release.

**CVE IDs Addressed in Each Linux Driver Branch**

The following table lists the CVE IDs addressed by the update in each Linux driver branch.

**Driver Branch**

**CVE IDs Addressed**

R510 and R470

CVE‑2022‑28181, CVE‑2022‑28183, CVE‑2022‑28184, CVE‑2022‑28185, CVE‑2022‑28191, CVE‑2022‑28192

R450

CVE‑2022‑28181, CVE‑2022‑28185, CVE‑2022‑28192

R390

CVE‑2022‑28181, CVE‑2022‑28185

**Security Updates for NVIDIA GPU Linux Display Driver**

The following table lists the NVIDIA software products affected, versions affected, and the updated version available from nvidia.com that includes this security update. Download the updates from the NVIDIA Driver Downloads page.

**Software Product**

**Operating System**

**Driver Branch**

**Affected Driver Versions**

**Updated Driver Version**

GeForce,  
NVIDIA RTX/Quadro, NVS

Linux

R510

All versions prior to 510.73.05

510.73.05

R470

All versions prior to 470.129.06

470.129.06

R390

All versions prior to 390.151

390.151

Tesla

Linux

R510

All versions prior to 510.73.08

510.73.08

R470

All versions prior to 470.129.06

470.129.06

R450

All versions prior to 450.191.01

450.191.01

**Security Updates for NVIDIA vGPU Software**

The following table lists the NVIDIA vGPU software components affected, versions affected, and the updated version that includes this security update. Log in to the NVIDIA Enterprise Application Hub to download updates from the NVIDIA Licensing Portal.

**CVE IDs Addressed**

**vGPU Software Component**

**Operating System**

**Affected Versions**

**Updated Version**

**vGPU Software**

**Driver**

**vGPU Software**

**Driver**

CVE‑2022‑28181  
CVE‑2022‑28182  
CVE‑2022‑28183  
CVE‑2022‑28184  
CVE‑2022‑28185  
CVE‑2022‑28186  
CVE‑2022‑28188  
CVE‑2022‑28189  
CVE‑2022‑28190

vGPU software (guest driver)

Windows

All versions prior to and including 14.0

511.65

14.1

512.78

All versions prior to and including 13.2

472.98

13.3

473.47

All versions prior to and including 11.7

453.37

11.8

453.51

CVE‑2022‑28181  
CVE‑2022‑28183  
CVE‑2022‑28184  
CVE‑2022‑28185

vGPU software (guest driver)

Linux

All versions prior to and including 14.0

510.47.03

14.1

510.73.08

All versions prior to and including 13.2

470.103.01

13.3

470.129.06

All versions prior to and including 11.7

450.172.01

11.8

450.191.01

CVE‑2022‑28183  
CVE‑2022‑28184  
CVE‑2022‑28185  
CVE‑2022‑28191  
CVE‑2022‑28192

vGPU software (Virtual GPU Manager)

Citrix Hypervisor,  
VMware vSphere,  
Red Hat Enterprise Linux KVM

All versions prior to and including 14.0

510.47.03

14.1

510.73.06

All versions prior to and including 13.2

470.103.02

13.3

470.129.04

All versions prior to and including 11.7

450.172

11.8

450.191

**Notes:**

*   The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, NVIDIA recommends upgrading to the latest branch release.

**Security Updates for NVIDIA Cloud Gaming**

The following table lists the NVIDIA Cloud Gaming components affected, versions affected, and the updated version. Log in to the NVIDIA Enterprise Application Hub to download updates from the NVIDIA Licensing Portal.

**CVE IDs Addressed**

**Cloud Gaming Component**

**Operating System**

**Affected Versions**

**Updated Version**

**Cloud Gaming Software**

**Driver**

**Cloud Gaming Software**

**Driver**

CVE‑2022‑28181

CVE‑2022‑28182  
CVE‑2022‑28183  
CVE‑2022‑28184  
CVE‑2022‑28185  
CVE‑2022‑28186  
CVE‑2022‑28188  
CVE‑2022‑28189  
CVE‑2022‑28190

Cloud Gaming Guest Driver

Windows

All versions prior to and including the April 2022 Cloud Gaming Release

512.59

May 2022 Cloud Gaming Release

512.78

CVE‑2022‑28181  
CVE‑2022‑28183  
CVE‑2022‑28184  
CVE‑2022‑28185

Cloud Gaming Guest Driver

Linux

All versions prior to and including the April 2022 Cloud Gaming Release

510.68.02

May 2022 Cloud Gaming Release

510.73.05

CVE‑2022‑28183  
CVE‑2022‑28184  
CVE‑2022‑28185  
CVE‑2022‑28191  
CVE‑2022‑28192

Cloud Gaming Virtual GPU Manager

Citrix Hypervisor,  
Red Hat Enterprise Linux with KVM

All versions prior to and including the April 2022 Cloud Gaming Release

510.68.02

May 2022 Cloud Gaming Release

510.73.06

**Notes:**

*   The table above may not be a comprehensive list of all affected supported versions or branch releases and may be updated as more information becomes available.
*   Earlier software branch releases that support these products may also be affected. If you are using an earlier branch release for which an update version is not listed above, NVIDIA recommends upgrading to the latest branch release.

**Mitigations**

None. For the version to install, refer to:

*   Security Updates for NVIDIA GPU Display Driver
*   Security Updates for NVIDIA vGPU Software
*   Security Updates for NVIDIA Cloud Gaming

**Acknowledgements**

NVIDIA thanks Piotr Bania of Cisco Talos for reporting CVE‑2022‑28181 and CVE 2022-28182.

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT) 

**Revision History**

  

**Revision**

**Date**

**Description**

2.0

May 24, 2022

Added version information for the updated R510 drivers for Studio and Tesla, and the vGPU software 14.1 driver

1.0

May 16, 2022

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Frequently Asked Questions (FAQs)**

How do I determine which NVIDIA display driver version is currently installed on my PC?

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2022-28190: Security Bulletin: NVIDIA GPU Display Driver - May 2022

An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the "Display over other apps" permission.

Multiple vulnerabilities have been identified in the Kiddoware Kids Place Parental Control Android App. Users of the parent's web dashboard can be attacked via cross site scripting or cross site request forgery vulnerabilities, or attackers may upload arbitrary files to the children's devices. Furthermore, children are able to bypass any restrictions without the parents noticing.

**Vendor description**

"_Kiddoware is the world’s leading parental control solutions company with a wide range of products and  serving over 5 million families worldwide. Kiddoware is committed in helping you to protect your kids while providing you intelligence to be proactive about your childs’ online activities._"

Source: https://kiddoware.com/

**Business recommendation**

The vendor provides an update for the affected version(s) which should be installed immediately.

An in-depth security analysis performed by security professionals is highly advised, to identify and resolve potential further critical security issues.

The issues identified in this application were part of our blog post "The hidden costs of parental control apps" published a few months ago:  
https://r.sec-consult.com/parents

**Vulnerability overview/description****1) Login and registration returns password as MD5 hash**

Login and registration requests return the unsalted MD5 hash of the password. This indicates that the passwords are stored in an insecure format at the server. Furthermore, MD5 hashing should not be used anymore in modern applications.

**2) Stored XSS via device name in parent Dashboard (CVE-2023-29079)**

The customizable name of the child's device can be used to trigger a XSS payload in the parent web dashboard. Children might be able to attack their parents' account.

**3) Possible CSRF attacks in parent Dashboard (CVE-2023-29078)**

All requests in the web dashboard are vulnerable to CSRF attacks. The requests contain the device Id of the child device which must be known to the attacker in order to successfully attack a child. But the device Id is not considered a secret, as it is used in the URL in some requests. An attacker could have obtained the Id through the browser history.

**4) Arbitrary File Upload to AWS S3 bucket**

The web dashboard lets parents send files to the child's device. The selected file is uploaded to an AWS S3 bucket and the returned URL will be transmitted to the device which will then download it. It is possible to send arbitrary files to the child's device and thereby upload arbitrary files (size restriction ~10MB) to the AWS S3 bucket. The returned link is publicly available, so it is possible to use the server to spread malware.

**5) Disable Child App Restriction without Parent's notice (CVE-2023-28153)**

The child can remove all restrictions temporarily without the parents noticing.

**Proof of concept****1) Login and registration returns password as MD5 hash**

The "Change password" request looks as follows:

    POST /account/change_password/ HTTP/1.1
    Host: kidsplace.kiddoware.com
    Cookie: [...]
    [...]
    
    old_password=c869123c&new_password=password&confirm_password=password

The response from the web server contains the hashed, unsalted password:

    {
    	"error":null,
    	"result":
    		{
    			"email":"xxxxx@example.com",
    			"hashed_password":"5f4dcc3b5aa765d61d8327deb882cf99",
    			"message":"Password successfully changed!"
    		},
    	"status":200
    } 

Proving this is an unsalted MD5 hash:

    $ echo -n "password" | md5sum -t
    5f4dcc3b5aa765d61d8327deb882cf99  -

**2) Stored XSS via device name in parent Dashboard (CVE-2023-29079) **

The device name can be changed by the child's account by sending a POST request to the API with the pushDeviceConfig method. The following payload can be used as a PoC to trigger an alert box on every page the device name is visible in the parent dashboard. Children/attackers would be able to take over their parents' accounts via this attack.

    POST /v2/api/ HTTP/1.1
    Host: kidsplace.kiddoware.com
    Content-Type: application/json; charset=utf-8
    Content-Length: 461
    Accept-Encoding: gzip, deflate
    User-Agent: okhttp/3.12.8
    Connection: close
    
    {
        "method":"pushDeviceConfig",
        "id":null,
        "params":["a28fd8c5-2dcd-11ed-8a7f-0217330f2cf9",
        {
            "isGPSEnabled":false,"deviceGCMRegID":"",
            "deviceUserAgeRange":3,
            "deviceName":"\"><img src=x onerror=\"alert(1)\"/>",
            [...]
        }
    } 

**3) Possible CSRF attacks in parent Dashboard (CVE-2023-29078)**

As an example, an attacker can abuse the CSRF vulnerability to download an arbitrary file to a child's device. It is simply needed to create a form which automatically submits on page load. If a parent is logged in the web dashboard and visits  this malicious site, the authenticated request will be sent and the file specified in the URL parameter will be downloaded by the child's device.

    POST /account/push_content/ HTTP/1.1
    Host: kidsplace.kiddoware.com
    Cookie: [...]
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: https:// kidsplace.kiddoware.com
    Content-Length: 75
    Connection: close
    
    url=https%3A%2F%2Fgoogle.de%2Findex.html&message=&deviceID=XXXXXXX  

**4) Arbitrary File Upload to AWS S3 bucket**

The web dashboard lets parents upload arbitrary files to the Kiddoware AWS S3 bucket and push it to the child device.

    POST /account/push_content_file/ HTTP/1.1
    Host: kidsplace.kiddoware.com
    Cookie: [...]
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
    Content-Type: multipart/form-data; boundary=---------------------------27687116714103572458683268551
    Origin: https:// kidsplace.kiddoware.com
    Content-Length: 296
    [...]
    
    -----------------------------27687116714103572458683268551
    Content-Disposition: form-data; name="push_file"; filename="eicar.com.txt"
    Content-Type: text/plain
    
    <eicar-file>
    -----------------------------27687116714103572458683268551--

The upload of the eicar file worked without errors and could subsequently also be downloaded  via the returned link. So there is no antivirus scan on the uploaded files.

**5) Disable Child App Restriction without Parent's notice (CVE-2023-28153)**

The child can disable the restrictions of the application without the parents noticing.  
For this, the following steps are necessary:  
a) If Android settings are blocked, reboot into Android Safe Mode.  
b) Disable "Display over other apps" Permission for the app in Android settings.  
c) After rebooting into normal mode, the child device can be used without restrictions. 

For example, previously locked apps can now be used. To notice the problem, the parent has to check the parent's dashboard manually, a notification is not sent. If the child turns the permission back on in the meantime, the bypass will go unnoticed.

**Vulnerable / tested versions**

The following version has been tested and downloaded through Google Play store, which was the most recent version available at the time of the test:

*   3.8.45

Later on, version 3.8.49 (2022-10-25) has been verified to be vulnerable as well.

**Vendor contact timeline**

CVE-2023-28153: Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App

The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element

The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker's perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element of any cybersecurity strategy and by providing a clearer picture of potential vulnerabilities and exposures in the organization, security teams can identify weaknesses before they can be exploited.

However, relying solely on ASV can be limiting. In this article, we'll take a look into how combining the detailed vulnerability insights from ASV with the broader threat landscape analysis provided by the Continuous Threat Exposure Management Framework (CTEM) can empower your security teams to make more informed decisions and allocate resources effectively. (Want to learn more about CTEM? Check out this thorough guide to getting started with CTEM.)

**Backgrounder: ASV Delivers a Comprehensive View**

ASV is a critical element of any modern cybersecurity program. It can block high-impact attacks, by using validation to filter exposures that don't compromise your critical assets and to verify remediation that reduces risk. It can also increase efficiency by automatically verifying that security controls are configured correctly, which saves time on analyzing and remediating low-risk exposures. And it optimizes effectiveness by ensuring your investment in security tools is effective in blocking cyber-attacks and complying with policies and regulations. (_Pssst,_ XM Cyber was just named "the undisputed leader" in Frost & Sullivan's 2024 ASV Radar Report – want to learn why? Read the report here!)

By automating the validation process, you can reduce the reliance on manual testing, saving time and resources while increasing accuracy and coverage. Taking a proactive approach like this enables organizations to detect and remediate security gaps, maintaining protection against emerging threats.

Moreover:

*   **ASV provides a comprehensive view.** Traditional security methods can miss hidden assets or fail to account for vulnerabilities hiding in user accounts or security policies. ASV eliminates these blind spots by conducting a complete inventory, which allows security teams to address weaknesses before attackers can leverage them.
*   **ASV goes beyond simple discovery.** ASV solutions analyze the vulnerabilities within each asset and prioritize them based on their potential impact on critical assets. This empowers security teams to focus their efforts on the most pressing threats.
*   **ASV is super-scalable.** ASV's scalability makes it suitable for organizations of all sizes. For smaller teams, ASV automates time-consuming tasks associated with asset discovery and vulnerability assessment, freeing scarce resources for other activities. For large enterprises, ASV offers the necessary scale to effectively manage their constantly-expanding attack surface.
*   **ASV aligns with regulatory frameworks.** Initiatives like the Cybersecurity Maturity Model Certification (CMMC), the National and Information Security (NIS2) Directive, and the General Data Protection Regulation (GDPR) all advocate for ongoing validation of an organization's security posture. Implementing an ASV solution demonstrates efforts towards compliance with these and other frameworks.

**And Yet…ASV on its Own isn't Sufficient**

Attack Surface Validation is a robust solution that provides a comprehensive view of an organization's attack surface, prioritizes vulnerabilities based on risk, and automates tasks for improved efficiency. It's a valuable tool, but it is not sufficient on its own as the basis for a complete and effective cybersecurity strategy. It _does_ hone in on certain risks, but doesn't necessarily give you the full picture of your security status.

Without checking out your attack surface and identifying the vulnerabilities that could harm your organization, relying on ASV alone can leave security teams in the dark. Plus, some ASV tools used in live settings can jeopardize business operations or give cybercriminals a way in later on. This is why its integration into a broader framework – like the Continuous Threat Exposure Management (CTEM) framework – is essential to maximize benefits and mitigate potential limitations.

**How ASV Fits into CTEM**

Since its inception in 2022, the Continuous Threat Exposure Management (CTEM) framework has proven to be a highly effective strategy for mitigating risks and enhancing security posture. Unlike other siloed approaches, CTEM offers a proactive cybersecurity strategy that transcends mere vulnerability identification. Comprising five interconnected stages – scoping, discovery, prioritization, validation (yup, that's where ASV "lives"), and mobilization – CTEM continually identifies and prioritizes threats to your business, empowering Security and IT teams to mobilize around the issues with the greatest impact and fix those first.

By leveraging the capabilities of ASV to deliver on the 4th step of the CTEM framework, organizations can understand how attacks can occur and the likelihood of their occurrence. And all importantly, by pairing it with the exposure assessment that takes place in CTEM's 3rd step (you can read all about this 3rd step of CTEM, prioritization, here) high-impact exposures can be identified and addressed in the most efficient way.

ASV combined with exposure assessment capabilities helps organizations block high-impact attacks and gain remediation efficiency that, on its own, it just can't deliver.

**ASV – Putting the "V" in CTEM's 4th Step, Validation**

This broader perspective offered by CTEM complements ASV's strengths and enables more accurate threat prioritization, more efficient remediation, and a stronger overall security posture. ASV is simply more valuable and reliable when integrated with comprehensive discovery, assessment, and prioritization of vulnerabilities and exposures across the hybrid environment.

Integrating ASV into CTEM allows organizations to leverage the strengths of both approaches. Together, they enable security teams to make informed decisions, allocate resources effectively, and reduce the overall risk to the organization. The combination of ASV with CTEM allows organizations to achieve a more comprehensive, proactive, and effective approach to managing cyber risks.

You may be interested in the series on the 5 Stages of CTEM. In this blog series, we provide a complete understanding of each stage so organizations can tailor the adoption of CTEM to their needs and goals:

    

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework

PrinterLogic build version 1.0.757 suffers from authentication bypass, cross site request forgery, cross site scripting, session fixation, insufficient checks, impersonation, remote SQL injection, and various other vulnerabilities.

PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass

The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack

CVE-2022-2762

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication

CVE-2021-25097

The WP Popup Builder WordPress plugin through 1.2.8 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup

CVE-2022-2405

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

CVE-2022-2369

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us