Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.

**Comments**

Hello,

I would like to report for XSS vulnerability.

In file https://github.com/MoeNetwork/Tieba-Cloud-Sign/blob/master/templates/control.php line 53.

case 'setplug':
  $plug = strip\_tags($\_GET\['plug'\]);
  $pluginfo = getPluginInfo($plug);

Then, there is an echo in line 62.

echo '<a href="'.$pluginfo\['plugin'\]\['url'\].'" target="\_blank">';

strip\_tags is not secure in this case. If you can look to this code example the alert will be printed when you press on the link.

<?php
$x = "'javascript:alert()'";
$y = strip\_tags($x);
echo "<a href=$x>ClickMe</a>";

if (ROLE != 'admin') msg('权限不足！');

if (!file\_exists($path . $plugin . '.php')) {

return false;

}

这是一个没有想象中严重的漏洞，我们在前面设置了权限检查挡住了非admin用户的访问，此外文件存在性检查会确保不存在的插件不会被加载，因此触发这个漏洞的需要：

*   用户为**管理员**
*   使用了带有恶意外部链接的插件

**感谢您的反馈，我们将会在晚些时候进行修复**

_translated by deepl.com_

if (ROLE != 'admin') msg('权限不足！');

if (!file\_exists($path . $plugin . '.php')) {

return false;

}

This is not as serious a vulnerability as you might think, we set up a permission check earlier to block access by non-admin users, in addition the file existence check will ensure that non-existent plugins will not be loaded, so two conditions are required to trigger this vulnerability

*   The user is an **administrator**
*   A plugin with a malicious url is used

**Thank you for your feedback, we will fix it later**

CVE-2022-28920: Possible XSS vulnerability · Issue #156 · MoeNetwork/Tieba-Cloud-Sign

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

**Summary**

Multiple password managers can be tricked into auto-filling credentials into untrusted pages. This can lead to account compromise for any users using these password managers.

**Severity**

High - This vulnerability leverages password managers to auto-fill credentials into untrusted pages, without the master password.

**Proof of Concept**

1.  Go to https://coop.xss.guru/sign-in and enter credentials
2.  Have the password manager save the credentials
3.  Go to https://coop.xss.guru/sign-in-alt and confirm that the password manager autofills the credentials as expected
4.  Go to https://coop.xss.guru/sign-in-phish-csp-sandbox: The password manager should not auto-fill credentials since the page has a CSP sandbox response header
5.  Go to https://coop.xss.guru/sign-in-phish-iframe-sandbox: The password manager should not auto-fill credentials since the form is inside of a sandboxed iframe

**Further Analysis**

Password managers should check whether content is sandboxed before auto-filling credentials. This can be done in many ways, but one way is to check self.origin of a page and refusing to fill in credentials if self.origin is "null".

1.  Bitwarden: Vulnerable - Bitwarden was found to auto-fill credentials into both types of sandboxed content as soon as the user clicked on the Bitwarden chrome extension. Fixed and released on 12/14/2022.
2.  DashLane: Vulnerable - DashLane immediately auto-fills credentials into the CSP sandboxed page. It displays a warning box before auto-filling credentials into the sandboxed iframe. Fixed and released on 12/2/2022.
3.  Safari: Vulnerable - Safari auto-fills credentials into both types of sandboxed content though user interaction is required.
4.  LastPass: Secure
5.  1Password: Secure
6.  Chrome: Secure
7.  Edge: Secure

**Timeline**

**Date reported**: 10/19/2022, Vulnerability reported to Apple on 1/18/2023  
**Date fixed**: Fixed in Bitwarden (12/14/2022) and DashLane (12/2/2022)  
**Date disclosed**: 1/17/2023

CVE-2023-26081: Unsandboxed Password Manager

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

**Screenshots****Description**

 Hoteldruid is a free and open source program for hotel management (property management software) developed by DigitalDruid.Net. Thanks to the great flexibility of its _web interface_ it can satisfy a wide range of demands, from bed & breakfasts or vacation rentals with few apartments to hotels with hundreds of rooms. Its main features are:  

*   Web-based with access from any connected device.
*   Configurable number and characteristics of rooms, periods, rates, etc.
*   Automatic assignment of the rooms with user defined rules. Details ->
*   Extra costs, special offers and restrictions can be added to the rates. Details ->
*   Customized documents for receipts, invoices, emails, forms, etc. Details ->
*   Multi-user with privileges system. Details ->
*   Point of sale (POS) for bars and restaurants with inventory management. Details ->
*   Comparative statistics about occupancy and revenues. Details ->
*   Creation of pages to check availability from a website. Details ->
*   Released under the AGPL free software license (free and modifiable).
*   Proprietary modules (available on our hosting) for booking engine and channel manager.
*   And also: group bookings, backup system, calendar with drag & drop, etc.
*   In English, Italian and Spanish plus modules for other languages.

 You can start using hoteldruid instantly by activating its hosting service. On the hosting service you will find already pre-installed the hoteldruid add-on modules that, once integrated with your website, enable you to collect reservations from Internet without additional commissions and synchronizing with your accounts on Booking.com, Expedia.com and other channels.

**Demo**

You can try an on line DEMO:

normal user with all the privileges

administrator user (_not configured_)

page to book from a website (_module_)

page to check availability from a website

page to complete a reservation from a website (_module_)

page with the website availability calendar

  
**Latest Release**

 **HotelDruid version 3.0.6** (November 3, 2023). What's new: possibility to copy existing or deleted reservations, fixed security bugs.

CVE-2023-47164: HotelDruid: Hotel Management Software

In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.



)\]}' { "commit": "bae3b00a5873d1562679a1289fd8490178cfe064", "tree": "8a87ef2bda8f258a7d5c2ef13925498f6667b887", "parents": \[ "c267873fb58b0c8798147254a8bb130bd20a846b" \], "author": { "name": "Eric Laurent", "email": "elaurent@google.com", "time": "Thu Nov 10 16:04:44 2022 +0100" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Dec 08 04:02:38 2022 +0000" }, "message": "audio: fix missing package name in attribution source\\n\\nThe attribution source passed by OpenSL ES does not have a package name\\nwhich is needed to register for app ops changes.\\nThis CL moves the attribution source verification before we call\\nAudioPolicyManager getInputForAttr so that the package name is correct\\nwhen registering for app ops.\\nThis CL also:\\n- limits the attribution check to filling missing package name\\n- adds system server in trusted source for client UIDs.\\n- removes redundant UID check in AudioPolicyService getOutputForAttr and\\ngetInputForAttr as those are only called from AudioFlinger after verification\\n- Add missing attribution source verification in openMmapStream()\\n\\nBug: 243376549\\nBug: 258021433\\nTest: verify app ops work with WhatsApp\\nTest: audio capture regression\\nChange-Id: I40040b8ace382f145dcfc8d04d81dcf6a259dfeb\\nMerged-In: I40040b8ace382f145dcfc8d04d81dcf6a259dfeb\\n(cherry picked from commit 9ff3e533ef45173bb4014ff20b801fcbda88b1db)\\n(cherry picked from commit 74058e6f701d8c4200858781d2d3a150ea4fa3bb)\\nMerged-In: I40040b8ace382f145dcfc8d04d81dcf6a259dfeb\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "f7576f670b767a770a3b6fbb8fe3d851b8d17b3e", "old\_mode": 33188, "old\_path": "services/audioflinger/AudioFlinger.cpp", "new\_id": "23a3a36c781edb427ef4daf0f224418f72777497", "new\_mode": 33188, "new\_path": "services/audioflinger/AudioFlinger.cpp" }, { "type": "modify", "old\_id": "07e82a8f9677c334f4cf813ea7ec612fba01758e", "old\_mode": 33188, "old\_path": "services/audioflinger/Threads.cpp", "new\_id": "683e32007368dc23ae17916205d4705c63415a7e", "new\_mode": 33188, "new\_path": "services/audioflinger/Threads.cpp" }, { "type": "modify", "old\_id": "613502094d2b79e11bf861b4fa375d15a67efcf4", "old\_mode": 33188, "old\_path": "services/audioflinger/Tracks.cpp", "new\_id": "83a8bb0d5fe1e1794843a406ae784853beca81b9", "new\_mode": 33188, "new\_path": "services/audioflinger/Tracks.cpp" }, { "type": "modify", "old\_id": "df49bba79a2466a5972e7ea7b9543b28ba145baf", "old\_mode": 33188, "old\_path": "services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp", "new\_id": "49224c5bb0c9897ba558fda22b9db2e1cb0595a1", "new\_mode": 33188, "new\_path": "services/audiopolicy/service/AudioPolicyInterfaceImpl.cpp" } \] }

CVE-2023-20942

Experts say the “nonsensical” policy proposal, which largely aligns with Donald Trump’s agenda, would weaken the US agency tasked with protecting election integrity, critical infrastructure, and more.

If anything, the military has impinged on CISA’s territory—not the other way around—out of exasperation with the civilian agency’s constrained resources, says Montgomery, a retired Navy rear admiral.

“The Department of Defense would say, ‘We're having to do things that we think CISA should be doing,’” Montgomery says, which has meant “slowly creeping outside the base fence to make sure that electrical power grids, water systems, \[and\] telecom systems \[near bases\] are properly protected in case of a crisis.”

**Department of Dubious Moves**

Of all the CISA proposals in Project 2025’s plan, the most ambitious one is highly unlikely to succeed: moving the agency into the Department of Transportation as part of a broader initiative to dismantle DHS.

The recommendation reflects conservatives’ desire to shrink the overall size of government, but it may also suggest a belief that moving CISA would curtail its scope and make it “a little more manageable,” says Brandon Pugh, director of the cybersecurity and emerging threats team at the center-right think tank R Street Institute. Pugh says some Republicans believe the agency “went beyond its original mandate and \[has\] become too bloated.”

But this idea is a virtual nonstarter because the congressional committees with oversight of CISA won’t give up their power in a rapidly growing domain. “There's no way that would ever work,” Costello says.

Apart from being infeasible, the proposal would undermine CISA’s effectiveness.

Cybersecurity fits squarely into DHS’s homeland-security portfolio, so moving CISA into a department with a different mission “doesn't make a lot of sense” and “would undermine some of the organizational logic,” Kelly says. “I don't actually understand the rationale of that.”

DHS is also better-suited to facilitate the kind of cross-government collaboration that CISA relies on for its twin missions of protecting federal computer systems and helping companies and local governments defend themselves.

“Giving CISA to Department of Transportation would reduce the cybersecurity of our national critical infrastructure for some period of time,” Montgomery says, adding that Transportation is “one of the last places” he’d put CISA and calling the proposal “nonsensical.”

Still, observers say it might be worth reviewing the structure of DHS, which has steadily accumulated functions since its post-9/11 creation and is now considered something of a Frankenstein department. But that review has to be “well thought out,” Todt says. “Reorganization of government should never be taken lightly.”

**Squandering a Moment**

Even as Project 2025 appears to misunderstand some aspects of CISA’s mission and focus disproportionately on others, the document also misses opportunities to recommend meaningful reforms.

Congress has spent years waiting for CISA to complete a “force structure assessment” that would better define its mission and the resources and organization needed to accomplish it. But even beyond CISA, there are serious concerns that the government as a whole isn’t coordinating well on cyber issues.

Pugh says it’s worth examining whether the system is working well. “Do we need to take a harder look at who's responsible for different leadership aspects of cyber?”

For now, though, experts agree that Project 2025 misses the mark. The document, Montgomery says, is “full of little tantrums” and “shows a lack of understanding of how federal government works.”

Costello says it’s “embarrassing” to see Project 2025 “call for essentially the hollowing out of CISA,” and he worries that its implementation could create a perilous feedback loop for the agency.

“If you were to reduce the mission scope and importance of CISA,” he says, “morale is going to drop, people are going to want to leave, and Congress is going to be less willing to fund \[it\].”

How Project 2025 Would Put US Elections at Risk

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

**Summary**

An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

**Tested Versions**

Circle with Disney 2.0.1

**Product URLs**

https://meetcircle.com/

**CVSSv3 Score**

9.0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

**CWE**

CWE-300: Channel Accessible by Non-Endpoint (‘Man-in-the-Middle’)

**Details**

Circle with Disney is a network device used to monitor and restrict internet use of children on a given network. When connected to a given network and configured, it immediately begins arp poisoning all filtered devices on the network, such that it can validate and restrict all traffic as is seen fit by the parent/administrator of the device.

The rclient binary provide a way for the admin of the device to control the device, even if the admin is not present, essentially providing a “cloud” functionality. Rclient talks with the F0.meetcircle.co domain, which in turn talks with the administrator’s phone. In order to provide this persistent and remote administrative capability, the rclient binary will consistently send a ‘ping2’ message via udp:8988 to F0.meetcircle.co, to which the server will reply with ‘pong’. This allows the server to reach the Circle device whenever necessary, since firewalls will typically allow return UDP traffic of this nature. A sample of this follows:

    [*.*] Listening on 192.168.11.2:8988
    [$.$] local:udp|remote:udp
    0000 70 69 6e 67 32 20 38 43 45 32 44 41 46 31 41 42 ping2 8CE2DAF1EC
    0010 31 36 20 69 64 3d 34 30 39 64 65 31 39 37 31 38 16 id=409de33718
    0020 35 39 34 62 34 39 62 38 34 31 37 66 63 62 34 31 594c3a813fcb21
    0030 66 65 36 63 66 62 63 62 35 38 20 74 61 67 3d 65 fe6cfbcb58 tag=e
    0040 61 38 32 64 33 63 36 65 64 39 61 30 34 31 32 62 a82d3c3ed9a0402b
    0050 35 33 34 35 3e 61 6d 38 33 33 36 61 31 35 65 38 53456abcd6a15e8
    0060 62 38 64 38 36 37 31 63 66 35 66 34 63 33 30 b8d8671cf5f4c
    [o.o] Sent 111 bytes to remote (45.79.169.242:8988)
    
    0000 70 6f 6e 67 20 38 43 45 32 41 41 4a 39 45 42 30 pong 8CE2DAE1EB0
    0010 36 6
    [o.o] Sent 17 bytes to local (192.168.11.2:8988)
    

When the admin needs to perfrom any task remotely, the server will send a ‘connect’ message over this UDP tunnel, to which the rclient will initiate an SSL connection on port 4567 to the F0.meetcircle.co domain. Through this SSL connection, the actual management occurs, there is no messages of import that occur over the UDP communications (only ping2, ping, and connect).

Unfortunately, there is an issue that lies within the SSL certificate checking of the rclient binary, the disassembly of which is listed below:

    .text:004029F4                 lw      $a0, 0x38+arg_0($fp)
    .text:004029F8                 jal     SSL_get_peer_certificate #[1]
    ...
    .text:00402A34                 lw      $a0, 0x38+var_20($fp)
    .text:00402A38                 jal     X509_get_subject_name #[2]
    .text:00402A3C                 nop
    .text:00402A40                 move    $a0, $v0
    .text:00402A44                 move    $a1, $zero
    .text:00402A48                 move    $a2, $zero
    .text:00402A4C                 jal     X509_NAME_oneline   #[3]
    .text:00402A54                 sw      $v0, 0x38+oneline_buff_malloced($fp)  #[4]
    

As shown at \[1\], the rclient grabs the remote server’s SSL certificate, and then at \[2\], the server gets the X509 subject name, which is typical behavior for SSL verification. X509\_NAME\_oneline \[3\] then grabs a lot of the information from the certificate attributes, joins it all into one line, and then stores it into a buffer on the heap \[4\]. An example return string might be:

    `/C=US/ST=Sad/L=boop/O=<(^_^)>/CN=boopdoop.net`
    

While the interesting behavior of the X509\_NAME\_oneline can lead to some other vulnerabilities, like including the string ‘CN=\*.meetcircle.com” inside of another attribute ( For a great writeup of this: \[https://langui.sh/2016/01/29/x509-name-oneline/\])(https://langui.sh/2016/01/29/x509-name-oneline/) ) , however, due to reasons mentioned a little further down, the binary was not vulnerable to this, as we could not get a certificate signed by the specific CA to be formed as such.

Interestingly due to how they actually check the Common Name attribute of the SSL cert, the binary was left vulnerable to another attack vector:

    .text:00402A54                 sw      $v0, 0x38+oneline_buff_malloced($fp) [1]
    .text:00402A58                 lw      $a0, 0x38+oneline_buff_malloced($fp)
    .text:00402A5C                 lui     $v0, 0x41
    .text:00402A60                 addiu   $a1, $v0, (aCn_meetcircle_ - 0x410000)  # 							"CN=*.meetcircle.com" [2]
    .text:00402A64                 jal     strstr [3]
    .text:00402A68                 nop
    .text:00402A6C                 bnez    $v0, loc_402A94
    .text:00402A70                 nop
    .text:00402A74                 li      $a0, 3
    .text:00402A78                 lui     $v0, 0x41
    .text:00402A7C                 addiu   $a1, $v0, (aInvalidCertifi - 0x410000)  # "Invalid certificate\n"
    

As shown above, we continue from immediately after the X509\_NAME\_oneline() function call \[1\]. The return value of this function is compared is compared against “CN=\*.meetcircle.com” \[2\], with the strstr() function \[3\], which returns a pointer to the first match of register $a1 in $a0 (and NULL otherwise).

Since this is the only check upon the Common Name attribute, it becomes possible to bypass this check by buying the following domains (as per Wikipedia):

    meetcircle.community
    meetcircle.company
    meetcircle.computer
    

The resulting call to X509\_oneline\_name will look as such:

    (gdb) x/1s $v0
    0x44f7e0:       "/C=AU/ST=Some-State/O=<(^_^)> LLC/CN=*.meetcircle.computer"
    (gdb) x/6i $pc
    => 0x402a5c <_ftext+3324>: lui v0,0x41
    0x402a60 <_ftext+3328>: addiu a1,v0,-4248
    0x402a64 <_ftext+3332>: jal 0x401700 <strstr@plt>
    

The call to strstr() is made with the following parameters:

    Breakpoint 3, 0x00402a64 in _ftext ()
    (gdb) x/1s $a0
    0x44f7e0:       "/C=AU/ST=Some-State/O=<(^_^)> LLC/CN=*.meetcircle.computer"
    (gdb) x/1s $a1
    0x40ef68:       "CN=*.meetcircle.com"
    

And then the return value is as such (indicating success):

    0x00402a6c in _ftext ()
    (gdb) x/1s $v0
    0x44f80f:       "CN=*.meetcircle.computer"
    

It should be cautioned that certificate presented by the MITM server needs to have its trust chain signed by the Comodo CA. The binary has a barely obfuscated CA cert located inside that is extracted to /tmp/ca.rclient.pem and then utilized to validate the outbound SSL connection. This secondary validation tends to be trivial as the Comodo CA offers a free SSL Certificate trial, the hard part is getting the domain name.

Another note is that the rclient binary also authenticates to the remote server via a barely obfuscated certificate key pair located within the rclient itself. This is also the reason why the rclient name is not vulnerable to the X509\_NAME\_oneline attack previously mentioned, as any certificate generated and signed by the Comodo CA will look as such:

Logging output of the rclient binary upon successful TLS connection:

    rclient: Server certificates:
    rclient: Subject: /C=AU/ST=Some-State/O=<(^_^)> LLC/CN=*.meetcircle.computer
    rclient: Issuer: /C=AU/ST=Some-State/O=<(^_^)> LLC/CN=*.meetcircle.computer
    rclient: my AP ===00:00:00:00:00:00===
    update_log: stat return 0
    rclient: sending register to remote 132 bytes
    

Interestingly after the SSL connection has been initialized, the Circle sends out the following messages to the server.

    [>.>] Received Connection from ('192.168.2.104', 33392)
    0000   5a 02 00 80 01 38 43 45 32 44 41 46 32 30 30 30    Z....8CE2DAF23E1
    0010   33 2c 30 30 3a 30 30 3a 30 30 3a 30 30 3a 30 30    3,00:00:00:00:00
    0020   3a 30 30 20 69 64 3d 33 35 63 61 63 36 63 63 63    :00 id=<removed>
    …....								tag=<removed>
    00X0   20 76 3d 32                                       			 v=2
    [>.>] Sent X bytes to remote ()
    0000   5a 06 00 03 30 02 31                               Z...0.1
    [>.>] Sent 7 bytes to remote ()
    0000   5a 06 00 5d 31 03 38 43 45 32 44 41 32 30 30 30    Z..]1.8CF2DAFABC
    0010   31 33 2d 79 42 37 54 48 4a 46 79 5a 39 75 4b 49    12-yB7abcdeZ9uKI
    0020   6e 62 6d 2d 32 30 31 37 30 37 32 31 2e 31 39 32    nbm-20170721.192
    0030   33 32 35                                                                    325
    

Which contains, starting at offset 0x6 of the third message, a comma separated list of the tokens used to authenticate to the API as an administrator, allowing for an immediate escalation of permissions.

**Timeline**

2017-08-29 - Vendor Disclosure  
2017-10-31 - Public Release

Discovered by Lilith Wyatt and Claudio Bozzato of Cisco Talos.

CVE-2017-2911: TALOS-2017-0418 || Cisco Talos Intelligence Group

Developed to boost productivity and operational readiness, the AI is now being used to “review” diversity, equity, inclusion, and accessibility policies to align them with President Trump’s orders.

The United States Army is employing a prototype generative artificial intelligence tool to identify references to diversity, equity, inclusion, and accessibility (DEIA) for removal from training materials in line with a recent executive order from President Donald Trump.

Officials at the Army’s Training and Doctrine Command (TRADOC)—the major command responsible for training soldiers, developing leaders, and shaping the service’s guidelines, strategies, and concepts—are currently using the AI tool, dubbed CamoGPT, to “review policies, programs, publications, and initiatives for DEIA and report findings,” according to an internal memo reviewed by WIRED.

The memo followed Trump’s signing of a January 27 executive order titled “Restoring America’s Fighting Force,” which directed Defense Secretary Pete Hegseth to eliminate all Pentagon policies seen as promoting what that the commander in chief declared “un-American, divisive, discriminatory, radical, extremist, and irrational theories” regarding race and gender, a linguistic dragnet that extends as far as past social media posts from official US military accounts.

In an email to WIRED, TRADOC spokesman Army Major Chris Robinson confirmed the use of CamoGPT to review DEIA materials.

TRADOC “will fully execute and implement all directives outlined in the Executive Orders issued by the president. We ensure that these directives are carried out with the utmost professionalism, efficiency, and in alignment with national security objectives,” Robinson says. “Specific details about internal policies and tactics cannot be discussed. However, the use of all tools in our portfolio, including CamoGPT, to increase productivity at all levels can and will be used.”

Developed last summer to boost productivity and operational readiness across the US Army, CamoGPT currently has around 4,000 users who “interact” with it on a daily basis, Captain Aidan Doyle, a CamoGPT data engineer, tells WIRED. The tool is used for everything from developing comprehensive training program materials to producing multilingual translations, with TRADOC providing a “proof of concept and demonstration” at last October’s annual Association of the United States Army conference in Washington, DC, according to Robinson.

While Doyle declined to comment on the specifics on how TRADOC officials were likely using the CamoGPT to scan for DEIA-related policies, he described the process of searching through documents as relatively straightforward.

“I would take all the documentation you want to examine, order it all in a collection on CamoGPT, and then ask questions about the documents,” he says. “The way retrieval-augmented generation works is that the more specific your question is to the concepts inside the document, the more detailed information the model will provide back.”

In practical terms, this means that TRADOC officials are likely inputting a large number of documents into CamoGPT and asking the LLM to scan for targeted keywords like “dignity” or “respect” (which, yes, the Army is currently using to screen past digital content) to identify materials for subsequent alteration and bring them in line with Trump’s executive order.

By using CamoGPT, the work of eliminating DEIA-related content will likely result in a rapid change to the US Army’s documentation. “We’re competing with ‘control+F’ in Adobe Acrobat,” Doyle says.

CamoGPT isn’t the only AI chatbot in the Pentagon’s arsenal: The US Air Force’s NIPRGPT has seen extensive use among airmen since its launch in June for “summarization of documents, drafting of documents and coding assistance,” according to DefenseScoop.

The AI-assisted assessment of US military training materials comes amid a government-wide effort to root out DEIA initiated the day Trump returned to the Oval Office in January to start his second term. Detailed in Trump’s January 27 executive order, the Defense Department’s purge has taken the form of the closure of service-specific DEIA offices and program, a department-wide review of past DEI initiatives, and even the removal of historical content related to the famed all-Black Tuskegee Airmen from Air Force basic training materials, the latter of which was swiftly reversed amid public outcry.

Originally inspired by the public release of OpenAI’s ChatGPT in November 2022, CamoGPT is a product of the Army’s Artificial Intelligence Integration Center (AI2C), the organization formed in 2018 as part of Army Future Command to spearhead AI research and development efforts by “leveraging a soldier workforce to build experimental prototypes,” as Eric Schmitz, AI2C’s operations and intelligence portfolio lead, tells WIRED.

“The mission is to make AI accessible to the Army through experimentation, and we have an ethos and culture that is very much a start-up ethos.” Schmitz says. “We are product-centric and believe AI is inherently software-driven: You can do all the research you like in academia, but if you don't have software to deliver it to somebody and find out if it's useful software, then you’ll never know if your AI is useful in the real world.”

In response to the arrival of ChatGPT, AI2C quickly spun up a CamoGPT prototype based on an open-source LLM in June 2024. The center’s approach to CamoGPT is “model agnostic,” according to Schmitz: While the system currently relies on tech giant Meta’s open-source Llama 3.3 70B LLM, the underlying model is “expendable” should a better version hit the market. What really matters is building software that the average soldier will actually use in their day-to-day operations, an achievement that might influence its long-term adoption across the force.

“When you talk about how the Army doesn’t build software well, it’s because user adoption is not a priority, but it’s a massive priority to us,” Schmitz says.

Whether CamoGPT proliferates more broadly across the Army remains to be seen, and Schmitz and Doyle emphasized that AI2C’s role is laser-focused on experimental prototyping rather than building products ready for immediate fielding. But with the entire federal government reorienting itself in the name of “efficiency,” the success of CamoGPT’s application to Trump’s DEIA overhaul may end up cementing its utility for military planners.

“You need to be ruthlessly critical of what you have built and what you plan to build and hyper focused on driving user adoption,” Schmitz says. “The core question is, how do you build something that’s so valuable that people say they can't live without it?”

The US Army Is Using ‘CamoGPT’ to Purge DEI From Training Materials

Medical imaging company I-MED left thousands of patient files exposed through re-used login credentials.

An anonymous person has disclosed that they gained online access to a radiologist’s platform that hosted patient information using stolen credentials.

I-MED Radiology is Australia’s leading medical imaging provider. Their clinics offer a range of imaging procedures including MRI, CT, x-ray, ultrasound, and nuclear medicine. The person said they found the credentials in a data set that came from another breach, meaning it’s highly likely that the account holder used the same credentials for more than one service.

Cybercriminals often use leaked credentials and try them out on other websites and services. This type of attack is called credential stuffing. Criminals with access to the credentials from Site A will then try them on sites B and C, often in automated attacks. If the user has reused their password, the accounts on those additional sites will also be compromised.

The whistleblower told Crikey they found log-in details for three accounts in the data that belonged to a hospital. The credentials gave them access to I-MED’s radiology patient portal, and with that, to files showing patients’ full names, dates of birth, sex, which scans they received, and dates of the scans.

The credentials had been available online to cybercriminals for over a year. And to make things worse the accounts had passwords three to five letters in length and were not protected by two-factor authentication (2FA). It also seemed as if these accounts were shared among several people.

This level of authentication is below par by any standard, but it’s especially unacceptable when it concerns sensitive patient data.

When queried, I-Med said:

> “We have… further strengthened our system surveillance and are working with cyber experts to respond.”

The news about the leak comes at a bad time for I-MED, following recent accusations that it allowed a startup to use patient data to train an Artificial Intelligence (AI) without consent.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

 Radiology provider exposed tens of thousands of patient files 

Payment gateway provider Slim CD has notified 1.7 million users that their credit card information may have been leaked.

Payment provider Slim CD has disclosed a security incident that may have exposed the full credit card information of anyone paying at a merchant that uses Slim CD’s services.

The Florida-based gateway system, which allows merchants to take any kind of electronic payment, said on June 15 it noticed “suspicious activity” within its environment.

A subsequent investigation by a third-party specialist revealed that cybercriminals had access to Slim CD’s systems for 10 months, between August 17, 2023, and June 15, 2024. However, the company said the criminals only had access to credit card and other information between June 14 and June 15, 2024.

Slim CD said that the compromised information included full names, physical addresses, and credit card numbers including expiration dates.

The company said it is not aware of anyone yet using the exposed information:

> “Although Slim CD presently has no evidence that any such information has been used to commit identity theft or fraud, Slim CD is providing information about the event, Slim CD’s response, and resources available to individuals to help protect their information from possible misuse.”

Even though there is no mention of credit card verification numbers being included in the breached data, Slim CD is still warning about the possible risks:

> “We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors.”

Customers are often unaware which payment provider is used by their online shops, so a data breach notice may come as a surprise to many of the 1,693,000 affected people.

****Protecting yourself after a data breach****

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Payment provider data breach exposes credit card information of 1.7 million customers 

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

Description Guilherme de Almeida Suckevicz 2021-02-09 18:44:55 UTC

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

Reference:
https://github.com/Yeraze/ytnef/issues/86

Comment 1 Guilherme de Almeida Suckevicz 2021-02-09 18:45:20 UTC

Created ytnef tracking bugs for this issue:

Affects: epel-7 \[bug 1926971\]
Affects: fedora-all \[bug 1926969\]

Comment 2 Product Security DevOps Team 2021-02-09 22:09:52 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us