#git

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website ("chrome-web[.]com") serving malicious installer packages masquerading as Google's Chrome browser, indicating that users searching for the software on the

Plus: More Pegasus spyware controversy, a major BIOS controversy, and more of the week’s top security news.

## Description Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Version 1.20.0 fixes the vulnerability. ### PoC Have some custom command which prints out information from a potentially untrusted/unverified source. ``` [custom.git_commit_name] command = 'git show -s --format="%<(25,mtrunc)%s"' style = "italic" when = true ``` ### Impact This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone.

Affected versions of the crate failed to catch C++ exceptions raised within the `XmpFile::close` function. If such an exception occured, it would trigger undefined behavior, typically a process abort. This is best demonstrated in [issue #230](https://github.com/adobe/xmp-toolkit-rs/issues/230), where a race condition causes the `close` call to fail due to file I/O errors. This was fixed in [PR #232](https://github.com/adobe/xmp-toolkit-rs/pull/232) (released as crate version 1.9.0), which now safely handles the exception. For backward compatibility, the existing API ignores the error. A new API `XmpFile::try_close` was added to allow callers to receive and process the error result. Users of all prior versions of `xmp_toolkit` are encouraged to update to version 1.9.0 to avoid undefined behavior.

The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.

## usd-2024-0009 | Reflected XSS in Oveleon Cookiebar ### Details **Advisory ID**: usd-2024-0009 **Product**: Cookiebar **Affected Version**: 2.X **Vulnerability Type**: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') **Security Risk**: HIGH, CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N **Vendor URL**: https://www.usd.de/ **CVE Number**: Not requested yet **CVE Link**: Not requested yet ### Affected Component The `block` function in `CookiebarController.php`. ### Desciption Oveleon's Cookiebar is an extension for the popular Contao CMS. The `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected XSS. ### Fix Sanitize the `locale` input to prevent XSS payloads from being executed in a user's browser. ### Timeline * **2024-04-24**: Vulnerability discovered by Daniel Ruppel of usd AG. * *...

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform"

"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named

The European Commission is allocating €7.3 billion for defense research over the next seven years. From drones and tanks of the future to battleships and space intelligence, here's what it funds.

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.