Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure.

Source: John Edwards via Alamy Stock Photo

Programmable logic controllers (PLCs) that were vulnerable to the Stuxnet attack are still in use globally and rarely have security controls deployed — meaning they're still at risk.

More than 10 years after Stuxnet, new research shows users rarely switch on security controls such as using passwords, and feel updates are too cumbersome to be applied.

Colin Finck, tech lead of reverse engineering and connectivity at Enlyze, says the Siemens proprietary protocol which is used to read and write data as well as to program the S7 PLC. However, this is only protected by obfuscation, which the researchers were able to bypass.

Finck and his colleague Tom Dohrmann, software engineer, reverse engineering and connectivity, will present their findings at Black Hat Europe in London next week, in a talk titled "A Decade After Stuxnet: How Siemens S7 Is Still an Attacker's Heaven."

**Still Feeling the Stuxnet Effects**

In the 2010 attack, the Stuxnet attackers exploited several zero-day vulnerabilities in Microsoft Windows to ultimately gain access to Siemens software and the PLCs. This was done to gain access to and effectively damage high-speed centrifuges at the Iranian Bushehr nuclear power plant.

The impact of Stuxnet was huge, as it remotely damaged around a thousand centrifuges, and the worm's controllers were also able to analyze communication protocols between the PLCs to exploit further technological weaknesses. It also paved the way for things to come: After Stuxnet, a number of industrial control-related attacks were detected over the years, including BlackEnergy and Colonial Pipeline.

Finck tells Dark Reading that after the Stuxnet attacks took place, Siemens developed a revised protocol for the PLCs that added "lots of obfuscation and cryptography layers." However, the researchers in recent probing were able to bypass that obfuscation to give them the ability to read and write instructions for the PLCs, and ultimately stop the controller working in a proof of concept.

A statement from Siemens sent to Dark Reading acknowledged that the levels of obfuscation do not offer enough security, and a Security Bulletin from October 2022 stated that two of the PLCs "use a built-in global private key which cannot be considered anymore as sufficiently protected."

The statement added: "Siemens has deprecated this previous version of the communication protocol and encourages everyone to migrate to V17 or later to enable the new TLS \[Transport Layer Security\]-based communication protocol."

**Improved Firmware**

That most recent Siemens firmware released in 2022 does include TLS, but Finck claims there is no "long-term service for cybersecurity issues" and calls for Siemens to provide better means to update firmware "because right now, it's wide open to anybody who could just access it over the Internet."

In its statement, Siemens said it is aware of the talk scheduled for Black Hat Europe and stated that the talk "will describe the details of the legacy PG/PC and HMI communication protocol as used between TIA Portal/HMIs and SIMATIC S7-1500 SW Controller in versions before V17."

The company stated that no previously unknown security vulnerabilities will be disclosed in this talk and that Siemens is in close coordination with the researchers. Siemens recommended users to apply mitigations, including:

*   Applying client authentication using strong and individual access level passwords.
    
*   Migrating to V17 or later to enable the new TLS-based communication protocol for all SIMATIC S7-1200/1500 PLCs including SW Controller (see Siemens Security Bulletin SSB-898115 \[2\]).
    
*   Implementing the defense-in-depth approach for plant operations and configure the environment according to Siemens operational guidelines for industrial security.
    

Though the researchers praised the response by Siemens, they noted that PLC firmware is rarely updated by users, "and there's not an established update process to quickly roll out \[updates\] to a fleet of machines."

Finck says doing updates is "probably a tedious manual process to walk to every machine, plug something in and update the firmware," and thus, Siemens needs to offer better update processes so customers have an incentive to deploy those updates.

In the meantime, he says, "you better not have a direct connection to all PLCs right now, due to the aforementioned security problems."

**About the Author(s)**

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.




**Welcome to Henschen.com - Government Software**

Henschen & Associates, Inc. is the recognized leader in the development of specialized government software solutions. We are continually updating our programs as legislative changes occur that affect your operations. Our open systems design enables us to meet the challenges of changing trends in computer hardware and software technology. We are comprised of a friendly, knowledgeable, and experienced staff dedicated to providing you with unprecedented customer service. As of 2016, we count over 190 Courts, Prosecutor's and Probation Offices as clients.

CVE-2023-6376: Henschen & Associates, Inc

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.



**Solution**

 No fix available

No patched version is available. No reply from the vendor.

Jesse McNeil discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress wpForo Forum Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 1 present

 16 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-47870: WordPress wpForo plugin <= 2.2.6 - Cross Site Request Forgery (CSRF) on Sign-out vulnerability - Patchstack

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.




**Background**

Tiff Server was one of Aquaforest’s first products, released in 2002.

It enabled users to view TIFF files within a web site or web-based application without requiring the use of special image viewer plugins or applets ( a requirement for the cutting edge Internet Explorer and Netscape Navigator browsers at that time).

It was designed to be used on an intranet, and was never intended to be exposed to the outside world. When TIFF Server was designed, the concept of zero-trust networking and the risk of network-internal threats had not yet entered the mainstream industry consciousness.

Over the years, additional features were added but the underlying model has remained.

**Security Advisory**

External partners have identified that organisations running an insufficiently configured instance of TIFF Server may allow an unauthenticated attacker to craft a request that abuses certain parameters available in TIFF Server’s exposed ASP.NET forms. This weakness can be mapped to the MITRE CWE framework as CWE-22.

Parameters in the *.aspx forms bundled in TIFF Server are designed to leverage the capabilities of IIS to allow it to source files from arbitrary provided locations in order to maximise customisation flexibility. At the time, the implications of these original design decisions were unclear but meant that carefully crafted requests to certain insufficiently configured servers may be able to:

*   Allow an unauthenticated user to view documents that should otherwise require authentication.
*   Detect directories that the user TIFF Server is running as has access to.
*   Count files within directories the user TIFF Server is running as has access to.
*   Detect if files exist in locations TIFF Server has access to.

This architectural design pattern that could allow this flaw is present in all versions of TIFF Server.

As this functionality is intended to allow customisation of features provided by TIFF Server and may be in use by customers still using TIFF Server, there is not a “one-size-fits-all” resolution that does not require customer-side configuration.

**Improving Security Configuration within TIFF Server**

The best way to mitigate the risk of an unauthenticated attacker accessing contents that should not be accessible is to use the Custom Auditing and Security option supplied in Section 13 of the Tiff Server Reference Guide to implement allowlisting for limiting incoming requests to only the directories intended for use with TIFF Server.

Though the Custom Auditing and Security option and its use is described in the reference guide, we had not previously provided examples of using it.

In order to provide guidance to our customers still using TIFF Server, we have provided an example below for implementing such a configuration. The following implementation uses a file containing a list of accepted file paths:

    using System;
    using System.Collections.Generic;
    using System.IO;
    using System.Net;
    using System.Web;
    
    /// <summary>
    /// The following AquaforestTIFFServerAudit code is designed to check 
    /// the filepath is within the allowlisted URLs
    /// </summary>
    namespace AquaforestTIFFServerAudit
    {
        /// <summary>
        /// This code has a hard coded filepath for the AllowList
        /// </summary>
        public class TIFFServerAudit
        {
    
            /// <summary>
            /// This is a skeleton function, add features as required.
            /// </summary>
            /// <param name="fileName"></param>
            /// <param name="action"></param>
            /// <param name="AUTH_USER"></param>
            /// <returns></returns>
            public static bool securityCheck(string fileName, string action, string AUTH_USER)
            {
                // Add check that filepath is within the AllowList
                // Get the filepath from the filename
                string filePath = Path.GetDirectoryName(Path.GetFullPath(fileName).ToLowerInvariant());
    
                // If it is not in the allowlist end the response.
                if (!TiffServerAllowlist.InAllowList(filePath))
                {
                    return false;
                }
                else
                {
                    return true;
                }
                // Return False to disable access
            }
            public static void logAction(string action)
            {
                // Action is one of :
                // VIEW, PRINT, PDF, SAVEPDF, GETANNOTATIONS, SAVEANNOTATIONS, EDIT, SAVEEDIT
                try
                {
                    // Get the file path from one of these supplied sources depending upon the supplied Action
                    string fileName = HttpContext.Current.Request["FN"];
                    if (action == "EDIT" || action == "SAVEEDIT")
                    {
                        fileName = HttpContext.Current.Request["filename"];
                    }
                    else
                    if (action == "GETANNOTATIONS")
                    {
                        fileName = HttpContext.Current.Server.MapPath(HttpContext.Current.Request["an_url"]);
                    }
                    else
                    if (action == "SAVEANNOTATIONS")
                    {
                        fileName = HttpContext.Current.Request["anfile"];
                    }
    
                    // Audit operations
                    string status = "OK"; // Default
                    string auditFileName = (string)HttpContext.Current.Session["ts_audit_file"];
    
                    string PC = HttpContext.Current.Request["PC"];
                    string AUTH_USER = HttpContext.Current.Request.ServerVariables["AUTH_USER"];
                    string REMOTE_HOST = HttpContext.Current.Request.ServerVariables["REMOTE_HOST"];
    
                    if (auditFileName == null || auditFileName == "")
                    {
                        if (!securityCheck(fileName, action, AUTH_USER))
                        {
                            HttpContext.Current.Response.Write($"You do not have permission to {action} this file.{Environment.NewLine}{Path.GetExtension(fileName)}{Environment.NewLine}Please contact your system administrator.");
                            HttpContext.Current.Response.End();
                        }
                        return;
                    }
    
                    /* 
                     * Any Security Checks May Go Here and Terminate Response with 
                     * HttpContext.Current.Response.End() before or after writing log entry
                    */
    
                    if (!securityCheck(fileName,action,AUTH_USER))
                    {
                        if (action == "GETANNOTATIONS")
                        {
                            HttpContext.Current.Response.Write("<ts_annot></ts_annot>");
                            HttpContext.Current.Response.End();
                        }
                        if (PC == "Y")
                        {
                            HttpContext.Current.Response.Write("afPageCount=-5;afMessage='You do not have permission to access this file.  Please contact your system administrator.';");
                            HttpContext.Current.Response.End();
                        }
                        else
                        {
                            HttpContext.Current.Response.Clear();
                            HttpContext.Current.Response.End();
                        }
                    }
    
                  
                    if (action == "VIEW" && PC != "Y")
                    {
                        // Only log for the initial page count request, not for each page 
                        return;
                    }
        			
                    System.IO.StreamWriter auditFile = new System.IO.StreamWriter(auditFileName, true);
                    if (auditFile != null)
    				{
                        auditFile.WriteLine(DateTime.Now + "," + action+","+status+","+fileName+","+AUTH_USER+","+REMOTE_HOST+","+HttpContext.Current.Request.Url);
                        auditFile.WriteLine();
                        auditFile.Flush();
                        auditFile.Close();
    				}
    			}
                catch (WebException wex)
                {
    
                }
    			catch(Exception ex)
    			{
    
    			}
    		}
        }
    
        /// <summary>
        /// This static class checks if a filepath is included in the AllowList
        /// </summary>
        public static class TiffServerAllowlist
        {
            /// <summary>
            /// Static list of AllowListed locations
            /// </summary>
            private static List<string> _AllowList;
    
            /// <summary>
            /// Constructor that loads up the allowlist from the filepath
            /// </summary>
            static TiffServerAllowlist()
            {
                _AllowList = new List<string>();
    
                // This is hard coded to a specified location, it will need to be edited and pointed at a valid text file.
                // The file contains root paths that TifServer is allowed to access.
                string temp =Path.GetFullPath(@"C:\inetpub\wwwroot\tiffserver\AllowList.txt");
                if (File.Exists(temp))
                {
                    string contents = File.ReadAllText(temp);
                    foreach (string line in contents.Split('\n'))
                    {
                        _AllowList.Add(line.Replace("\r", ""));
                    }
                }
            }
            /// <summary>
            /// Returns whether the supplied filepath is within the AllowList
            /// </summary>
            /// <param name="filePath"></param>
            /// <returns></returns>
            public static bool InAllowList(string filePath)
            {
                bool result;
                if (_AllowList.Count == 0)
                {
                    result = true;
                }
                else
                {
                    result = false;
                    foreach(string rootPath in _AllowList)
                    {
                        if (filePath.Contains(rootPath))
                        {
                            result = true;
                            break;
                        }
                    }
                }
    
                return result;
            }
        }
    }
    

Example allowlist file:

    D:\data\project_1\tiffs
    D:\data\project_2\tiffs
    C:\inetpub\wwwroot\tiffserver\samples

As the full source of the Custom Auditing and Security class is available, it’s possible to edit it in other ways if the example given above is not compatible with the way you have implemented TIFF Server.

**The future…**

As described in the blog post TIFF Server Sunsetting (aquaforest.com), Tiff Server will be sunsetted by 31 May 2024. We will continue to provide product support for existing customers until that date, but no updates are planned prior to sunset.

We have provided the example above to help customers hold themselves over until the sunset date while planning their migration to other solutions. Customers are not advised to remain using TIFF Server after the sunset date because no further updates, support, or guidance will be offered at that time.

We would suggest that if you are a current user of TIFF Server and have not begun to plan a replacement, this would be a good opportunity to look at our PSPDFKit Web-Standalone solution that has superseded TIFF Server.

You can explore a demo of the PSPDFKit image viewer **here** and get started with a trial by following **this link**.

As a valued customer, we’d like to provide you with a custom offer tailored to your needs. If you are not sure what products best suit your usage needs, our sales team can help work with you to determine a solution for your needs moving forward. To discuss your requirements, please contact us via the **sales team**.

CVE-2023-6352: Tiff Server security update - Aquaforest

Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 
'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.

**Integrated Software for Courts & Justice Agencies**

Regardless of size or location, courts and justice agencies have one thing in common — the need to improve access to justice for citizens, to empower legal professionals, and to enable collaboration across justice agencies.

Tyler's courts and justice software solutions help agencies share data among all of the offices in the justice system — Connecting courts, prosecutors, and public defenders, as well as jails, auditors, inspectors general, police departments, and supervision offices. This integration saves time and creates operational efficiencies, eliminating redundancies, minimizing errors, and helping you to be more responsive to your citizens.

**Civil Process**

Meet your jurisdiction's unique civil process office, field and financial requirements. Tyler's flexible configuration make operations more efficient from business processes to state reporting requirements.

Explore Civil Process

**Court Case Management - County & State**

Tyler's cutting-edge court case management systems streamline processes and eliminate mountains of paper handling. We have a track record of success across thousands of courts, from the smallest municipal court to the largest statewide systems.

Explore Enterprise Justice

**Court Case Management - Municipal**

Managing court calendars, processing defendant notices, and responding to crowded courtrooms, Tyler understands the challenges high-volume municipal, mayor, traffic and justice courts face. Municipal courts have a unique pace and rhythm, and a set of requirements that are different from those of counties, districts and states. Our Municipal Justice solution meets that pace and exceeds our clients’ expectations.

Explore Municipal Justice

**Dispute Resolution**

Expanding access to justice and allowing citizens to resolve their own disputes online, anywhere, anytime – with proven technology using Online Dispute Resolution.

Explore Online Dispute Resolution

**Electronic Filing**

More than 850,000 users file over 28 million documents annually on our platforms with 99.999% uptime. In addition to an outstanding platform with outstanding support we also provide online tools to guide self-represented litigants through the process of filing online.

Explore eFile & Serve

**Investigations & Audits**

Successful investigations and audits rely on the quality and completeness of the data collected and examined. Our solutions allow investigators to track, share, use, and analyze data in order to resolve cases efficiently.

Explore Investigations & Audits

**Jury Management**

Jury duty may be the only interaction most of your constituents have with the court. Our jury solutions provide an easy experience for citizens to navigate and answer any questions they have.

Explore Jury Management

**Justice Insights**

Tyler’s Justice Insights can provide a broader view of performance while also measuring efficiencies and outcomes across multiple departments or jurisdictions. When strategically implemented, these solutions can give you an instant view of your entire justice system so you can make more informed decisions about resources, policies, and more.

Explore Justice Insights

**Prosecution & Attorneys**

For Prosecutors, Public Defenders, or Trial Lawyers more than anyone else in the justice system, data is key, and we make it easy to track and manage the critical information you need, leveraging electronic case files, effectively managing caseloads, and easily tracking data. Additionally, re:Search® changes the way legal professionals, the courts and court staff, as well as the media and the public, search for court case data.

Explore Enterprise Attorney Manager

**Supervision**

Simplify and streamline adult and juvenile probation functions and pretrial services with Tyler’s Enterprise Supervision solution. Ease your workload with a comprehensive tool to handle multiple supervisory management functions while integrating seamlessly with the full array of Enterprise Justice solutions.

Explore Enterprise Supervision

**Virtual Court**

More than just a secure video stream, Virtual Court directly integrates with the case management system to create a seamless workflow during remote court hearings. It was developed through collaboration with courts of varying sizes from across the country to ensure it provides reliability and security required by the justice system.

Explore Virtual Court

Explore Other Courts & Public Safety Offerings

Courts and public safety agencies of all sizes and locations have one thing in common: the need to improve collaboration, to share information among agencies and all offices in the justice system, and to provide powerful tools to legal professionals for day-to-day operations.

Tyler’s courts and public safety solutions help to break down barriers and share information more easily and more securely across all public safety and justice agencies.

Explore Courts & Public Safety

**Painting the vision of **fully connected communities**.**

At Tyler, we imagine a world where all city, county, and regional government services are connected within a healthy digital infrastructure. Connecting data, processes, and people makes communities safer, smarter, and more responsive to the needs of residents.

More About Connected Communities

CVE-2023-6342: Courts & Justice | Courts & Public Safety

Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation.


**Courts & Land Records  
Customer Support**

**Contact Customer Support for  
Catalis Courts & Land Records  
solutions**

**Contact Customer Support for Catalis  
Courts & Land Records solutions**

**Modernizing government with technology-driven solutions and services**

**Syscon:**  
888-797-2661  
support@syscononline.com

**Landmark:  
**800-280-5281  
landmark@catalisgov.com

**Icon:**  
CMS Support: CMS360@catalisgov.com  
Jury Support: Jury@catalisgov.com  
ICON Desktop Support: icondesktop@catalisgov.com  
E-Filing Support: efilingicon@catalisgov.com  
800-428-4855

**Jurymark:  
**800-280-5281  
Jurymark@catalisgov.com

**Benchmark:**  
800-280-5281  
benchmark@catalisgov.com

**AutoMon:  
**480-368-8555 ext. 2  
support@automon.com

**Taxsmart:  
**800-280-5281  
taxsmart@catalisgov.com

**Axia:  
**800-280-5281  
axia@catalisgov.com

**Excise  
**800-280-5281  
excise@catalisgov.com

Learn more about the Catalis solutions that are modernizing governments across North America.

Request A Consult Now!

CVE-2023-6341: Courts & Land Records Solutions for Government from Catalis

The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.

Source: Yogesh More via Alamy Stock Photo

In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its cybercriminal activity.

The US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Sinbad.io, or just Sinbad, a crypto-mixing service that the feds said has processed millions of dollars worth of virtual currency from crypto heists by the Lazarus Group, according to a press release from OFAC.

As a result of the action, all Sinbad property and interests in property in the US or controlled by anyone in the US must be blocked and reported to OFAC, and people in the US are prohibited from having any involvement with the service. Further, anyone who engages in transactions with the service also may be exposed to sanctions.  

Crypto mixing — a technique that uses pools of cryptocurrency to complicate the tracking of electronic transactions — is a popular service tapped by cybercriminals to obscure their illegal transactions. In the case of Lazarus, the group used Sinbad to launder crypto from various malicious incidents, including the Horizon Bridge and Axie Infinity heist, the government said.

The prolific threat actor is well known for conducting cyberattacks on behalf of the regime of North Korea's leader, Kim Jong Un, engaging in widespread crypto theft through various cyberattacks — including targeting crypto engineers or using compromised systems to mine crypto — to fund government activities, among other endeavors. The US government officially sanctioned Lazarus in 2019, effectively making it a crime to do any kind of business with the group or its associates.

**Crackdown on Crypto Mixing**

Other cybercriminal groups also use Sinbad to keep various illegal financial activities such as drug trafficking, buying child pornography, and other Dark Web transactions away from the prying eyes of law enforcement. However, global authorities have caught on to the use of crypto mixers and are now starting to monitor and block the activity.

In March, an international law enforcement effort led by the US Department of Justice (DoJ) led to the shuttering another known crypto-mixing service, ChipMixer. Then in May and earlier this month, respectively, the feds also seized one crypto mixer, Blender.io (Blender), and redesignated another, Tornado Cash — both known to be used by Lazarus, they said.

OFAC in April also sanctioned two over-the-counter virtual currency traders who facilitated the conversion of stolen virtual currency to fiat currency for North Korean actors associated with Lazarus.

“While we encourage responsible innovation in the digital asset ecosystem, we will not hesitate to take action against illicit actors," said Deputy Secretary of the Treasury Wally Adeyemo, in a statement. "Mixing services that enable criminal actors, such as the Lazarus Group, to launder stolen assets will face serious consequences.”

**Crypto Mixer of Choice**

All told, Lazarus, which has been active for more than 10 years, is believed to have stolen more than $2 billion worth of digital assets across multiple cryptocurrency heists, according to the US government.

Sinbad, which operates on the Bitcoin blockchain, has been one of the primary facilitators of the trafficking of these funds as the group's preferred mixing service. The service, which some security experts believe is the successor to Blender, aids cybercriminal transactions by obfuscating their origin, destination, and counterparties, so they are difficult to track.

Some of the larger sums that Lazarus has laundered through the crypto mixer include "a significant portion" of the following crypto heists: $100 million stolen in June from customers of Atomic Wallet; $620 million stolen from Axie Infinity in March 2022; and $100 million nabbed from Horizon Bridge in June 2022. 

Despite being sanctioned and constantly monitored by security researchers and global authorities alike, Lazarus remains undaunted and shows little sign of slowing down. Some of the group's most recent activity includes posing as Meta to deploy a complex backdoor at an aerospace organization, and aiming to lure crypto pros with fake job postings — the latter a common tactic of the group.

There are signs that the mounting pressure on the group has affected them, though. Lazarus recently aligned with other North Korean state-sponsored threat actors to make them collectively harder to track. However, this collaboration also sets the stage for more aggressive and complex cyberattacks that will demand strategic defense and response on the part of targets.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus

Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.



**Solution**

 Update to fix

Update the WordPress Perfmatters plugin to the latest available version (at least 2.1.7).

Dave Jong (Patchstack) discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Perfmatters Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 2.1.7.

**Other vulnerabilities in this plugin**

 0 present

 4 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-47875: WordPress Perfmatters plugin <= 2.1.6 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities - Patchstack

The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

**Tenable Advisory ID:** TRA-2023-40

**Credit:**  
Joshua Martinelle

**CVSSv3 Base / Temporal Score:**  
8.6

**CVSSv3 Vector:**  
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

**Affected Products:**  
My Calendar WordPress Plugin < 3.4.22

**Risk Factor:**  
High

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

**Tenable Vulnerability Management**

_Formerly Tenable.io_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

100 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

**Try Tenable Nessus Professional Free**

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

**NEW - Tenable Nessus Expert  
Now Available**

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. **Click here to Try Nessus Expert.**

Fill out the form below to continue with a Nessus Pro Trial.

**Buy Tenable Nessus Professional**

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

**Try Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

**Buy Tenable Web App Scanning**

_Formerly Tenable.io Web Application Scanning_

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable Lumin**

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable Security Center**

_Formerly Tenable.sc_

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable OT Security**

_Formerly Tenable.ot_

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Request a demo of Tenable Identity Exposure**

_Formerly Tenable.ad_

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Request a Demo of Tenable Cloud Security**

_**Exceptional unified cloud security awaits you!**_

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

**See  
Tenable One  
In Action**

Exposure management for the modern attack surface.

**See Tenable Attack Surface Management In Action**

_Formerly Tenable.asm_

Know the exposure of every asset on any platform.

**Thank You**

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

**Try Tenable Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Tenable Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Try Nessus Expert Free**

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Already have Nessus Professional?**  
Upgrade to Nessus Expert free for 7 days.

**Buy Tenable Nessus Expert**

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

**Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements**

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.

CVE-2023-6360: SQL Injection in My Calendar WordPress Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10.



**Solution**

 No fix available

No patched version is available.

Brandon Roldan discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Business Directory Plugin Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 1 present

 4 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Tag

#auth