#auth

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Nice Equipment: Linear eMerge E3-Series Vulnerabilities: Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with Dangerous Type, Incorrect Authorization, Exposure of Sensitive Information to an Authorized Actor, Insufficiently Protected Credentials, Use of Hard-coded Credentials, Cross-site Request Forgery, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Nice Linear eMerge E3-Series are affected: Linear eMerge E3-Series: versions 1.00-06 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL') CWE-22 Nice Linear eMerge E3-Series versions 1.00-06 and prior are vulnerable to path traversal....

Last year, 11% of all detections on Macs were caused by malware. The illuminating figure gives a view into the world of Mac cyberthreats.

By Deeba Ahmed The CHAVECLOAK banking Trojan employs PDFs, ZIP downloads, DLL sideloading, and deceptive pop-ups to target Brazil's unsuspecting banking users financial sector.  This is a post from HackRead.com Read the original post: New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

### Summary A vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider (such as public providers like `google.com`). ### Details During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register (e.g. `[email protected]` would match the allowed domain `corp.com`). An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider. ### Impact Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot regi...

### Summary Hello go-zero maintainer team, I would like to report a security concerning your CORS Filter feature. ### Details Go-zero allows user to specify a [CORS Filter](https://github.com/zeromicro/go-zero/blob/master/rest/internal/cors/handlers.go) with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via domain like `evil-victim.com` ```go func isOriginAllowed(allows []string, origin string) bool { for _, o := range allows { if o == allOrigins { return true } if strings.HasSuffix(origin, o) { return true } } return false } ``` ### PoC Use code below as a PoC. Only requests from `safe.com` should bypass the CORS Filter ```go package main import ( "errors" "net/http" "github.com/zeromicro/go-zero/rest" ) func main() { svr := rest.MustNewServer(rest.RestConf{Port: 8888}, rest.WithRouter(mockedRouter{}), rest.WithCors("safe....

By Waqas Another day, another third-party data breach! This is a post from HackRead.com Read the original post: American Express Cardholders Impacted by Third-Party Vendor Data Breach

By Deeba Ahmed Leaked Military Audio Raises Stakes in Russia-Ukraine Conflict. This is a post from HackRead.com Read the original post: Russian Operatives Expose German Military Webex Conversations

BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.