#git

Russian hackers have convinced targets to share their app passwords in very sophisticated and targeted social engineering attacks.

Malware hidden in fake Minecraft Mods on GitHub is stealing passwords and crypto from players. Over 1,500 devices may be affected, researchers warn.

Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe!

Scammers used Inferno Drainer to steal $43,000 in crypto from 110 CoinMarketCap users through a fake wallet prompt embedded in the site’s front-end.

European police, led by Denmark and Sweden, are arresting individuals in a crackdown on violence-as-a-service, where criminal groups recruit teenagers online for contract killings. Learn about Europol's OTF GRIMM task force and how they're fighting this disturbing trend.

As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.

Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of the rs1 register as the same as the rs2 register due to a lack of constraints in the rv32im circuit. This vulnerability was reported by Christoph Hochrainer via our Hackenproof bug bounty. The fix for the circuit was implemented in [zirgen/pull/238](https://github.com/risc0/zirgen/pull/238), and the update to risc0 was implemented in [risc0/pull/3181](https://github.com/risc0/risc0/pull/3181). Impacted on-chain verifiers have already been disabled via the estop mechanism outlined in the [Verifier Management Design](https://github.com/risc0/risc0-ethereum/blob/release-2.0/contracts/version-management-design.md#base-verifier-implementations). ## Mitigation It is recommend all impacted users u...

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. ### Fixed in https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff ### Impact The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.

A new detection method from Varonis Threat Labs turns hackers' sneaky random patterns into a way to catch hidden cyberattacks. Learn about Jitter-Trap and how it boosts cybersecurity defenses.

### Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. ### Details The RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/v5.2.1/middleware/strip.go#L55 The Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware ### PoC Create a simple server which uses the RedirectSlashes middleware ``` package main import ( "fmt" "net/http" "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" // Import the middleware package ) func main() { // Create a new Chi router r := chi.NewRouter() // Use the built-in RedirectSlashes middleware r.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes // Define a route handler r.Get("/", func(w http.ResponseWriter, r *http.Request) { // A simple response w.Write([]byte("Hello, World!")) }) ...