A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

**Kiali content spoofing vulnerability**

Moderate severity GitHub Reviewed Published Sep 23, 2023 to the GitHub Advisory Database • Updated Sep 25, 2023

GHSA-6f4m-j56w-55c3: Kiali content spoofing vulnerability

Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage.

Mandiant researchers published findings this week about a newly revealed Chinese espionage operation that used Sogu malware to spy on the African operations of both European and US organizations. The campaign is significant for the scope of its victims, but also because attackers used a classic malware distribution method: thumb drives. The attacks are the latest example of China's aggressive global espionage—but read on for statements from the Chinese government about alleged US cyberattacks and digital espionage.

After Elon Musk claimed recently that primates used in Neuralink implant research were close to death anyway, a WIRED investigation this week revealed grisly details about the truth of their deaths that appear to dispute the characterization that the animals were all terminally ill. The revelations come as Neuralink is pursuing human trials of its brain-chip implants. 

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Kia and Hyundai cars have been plagued for years by vulnerabilities—and simply missing protective features—in their antitheft systems that make the cars far too easy to steal. Recently, the companies have been attempting to distribute updates to remedy the situation, but the flaws have already resulted in skyrocketing car theft rates around the United States. New data from 10 US cities compiled by Motherboard through public records requests illustrate the extent of the problem. In Chicago, for example, average car theft rates of about 850 per month are now consistently up to more than 2,000 per month. Similarly, before 2021, rates in Denver used to hover around 800 stolen cars per month. They now typically top 1,000. Atlanta's car theft rates have doubled from their old level before 2022 of fewer than 250 incidents per month. 

“Stolen car rates are not up by 10 percent, or 20 percent, or even 50 percent,” the report says. “In many cities, they are up hundreds of percentage points, Motherboard has found. Rates of stolen Kias and Hyundais in particular are up thousands of percentage points.”

Over the past two weeks, MGM Resorts has been dealing with the very public fallout of a recent cyberattack. Caesars Entertainment also admitted last week that it recently suffered a data breach and faced criminal extortion demands. Adding to the larger context, an executive for the enterprise identity management firm Okta said this week that the same gang that targeted MGM and Caesars, known as Alphv, also hacked three other targets since August as part of the same spree.

That makes five Okta customers in total that were affected. David Bradbury, Okta's chief security officer, would not name the other three victims but said they are in the technology, retail, and manufacturing sectors. Bradbury said Okta is cooperating with law enforcement investigations into the hacks.

Wiz security firm published findings this week that Microsoft AI researchers unintentionally exposed 38 terabytes of private data on the developer platform GitHub while attempting to open-source a repository of training data. The leak included internal Microsoft data, including more than 30,000 Teams messages, passwords, and private keys. The exposure occurred because of a misconfiguration in how the researchers used an Azure Storage data-sharing feature.

This week, officials from China's Ministry of State Security publicly accused the US government of breaching and monitoring Huawei's networks in a 2009 espionage attack. The statement also alleges that the US has conducted “tens of thousands of malicious network attacks” on Chinese institutions and organizations to surveil networks and steal data. Furthermore, the officials claimed that the US government has planted backdoors in software and hardware produced around the world to enable global surveillance. China has accused the US of cyberespionage before—and certainly conducts its share of surveillance and data exfiltration operations. Meanwhile, Huawei has been a particular lightning rod in longtime disputes between the US and China about digital and technical security.

The Shocking Data on Kia and Hyundai Thefts in the US

By Waqas
Former Egyptian MP targeted with predator spyware ahead of 2024 presidential run - Therefore, Update your macOS Ventura, iOS, and iPadOS devices NOW, as Apple has released emergency updates to address the flaws.
This is a post from HackRead.com Read the original post: Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

****Key Findings****

*   **Ahmed Eltantawy, a former Egyptian MP and presidential candidate, was targeted with Cytrox’s Predator spyware after announcing his bid for the presidency.**

*   **The spyware was delivered through SMS, WhatsApp messages, and network injection attacks, highlighting the advanced tactics used against Eltantawy.**

*   **Researchers obtained an iPhone zero-day exploit chain used to install Predator on iOS devices, affecting versions through 16.6.1.**

*   **The network injection attack was attributed with high confidence to the Egyptian government, as it originated from a device physically located within Egypt.**

*   **This case raises concerns about the lack of controls on the export of spyware technologies and underscores the importance of security updates and lockdown modes on Apple devices.**

In a recent investigation by Citizen Lab, alarming findings reveal that former Egyptian Member of Parliament, Ahmed Eltantawy, was the victim of a sophisticated cyber espionage campaign that leveraged Cytrox’s Predator spyware.

This targeting occurred between May and September 2023, shortly after Eltantawy publicly announced his intention to run for President in the 2024 Egyptian elections.

Here, it is worth noting that Cytrox’s Predator spyware was initially discovered targeting Android devices **in May 2022**. However, in August 2022, Citizen Lab **pointed out** a connection between the spyware and the European spyware vendor, Intellexa Alliance.

At that time, the spyware was used to target a lawmaker in Greece, and interestingly, the same firm had previously **made headlines in November 2019** when Cypriot authorities seized a surveillance van belonging to Intellexa. This surveillance van was equipped with hacking tools capable of intercepting, cracking, and tracking smartphones.

The campaign against Eltantawy utilized various tactics, including SMS and WhatsApp messages containing malicious links. Moreover, Eltantawy’s mobile connection with Vodafone Egypt was persistently selected for targeting via network injection.

When Eltantawy visited non-HTTPS websites, a device within Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone with Cytrox’s Predator spyware.

Citizen Lab’s **investigation** uncovered an iPhone zero-day exploit chain designed to install Predator on iOS versions through 16.6.1. They also obtained the first stage of the spyware, which shared notable similarities with a sample of Cytrox’s Predator spyware obtained in 2021. With high confidence, Citizen Lab attributes the spyware to Cytrox’s Predator spyware.

Given Cytrox’s known association with the Egyptian government, which is a customer of the Predator spyware, and the fact that the spyware was delivered via network injection from a device physically located within Egypt, Citizen Lab confidently attributes the network injection attack to the Egyptian government.

This isn’t the first time Eltantawy has been targeted. In November 2021, his phone was infected with Cytrox’s Predator spyware through a text message containing a link to a Predator website.

These revelations raise serious concerns about the use of spyware to target opposition figures in a democratic process. Ahmed Eltantawy’s case underscores the need for strong cybersecurity measures and heightened awareness of potential threats during election campaigns.

****Apple Releases Emergency Updates Amid Citizen Lab’s Disclosure****

In response to Citizen Lab’s findings, Apple has issued three emergency updates for iOS, iPadOS **(1)**, and macOS Ventura **(2)**. The updates address the following vulnerabilities:

*   CVE-2023-41991
*   CVE-2023-41992
*   CVE-2023-41993

Apple has also acknowledged the researchers’ findings and **stated** that the company is aware of reports suggesting that this issue may have been actively exploited in versions of iOS prior to iOS 16.7.

Commenting on this, **Dr Klaus Schenk**, senior vice president of security and threat research at Verimatrix, said “The vulnerabilities discovered in Apple’s platforms are highly concerning due to their potential impact. Privilege escalation, arbitrary code execution, and especially remote exploitable arbitrary code execution rank among the most dangerous issues for any computing system.”

Dr Klaus emphasised that “It’s reassuring that Apple has not yet disclosed technical details of the attack vectors. Keeping that information private significantly reduces the risk of widespread exploits, since threat actors have less information to engineer effective attacks. For remote code execution to occur, a user would need to visit a website specifically crafted to leverage these vulnerabilities and distribute malicious code. With details undisclosed, the number of sites currently capable of mounting such an attack is likely very low.”

“That said, Apple customers should immediately install these emergency security updates to protect themselves against potential targeted attacks. Timely patching is critical, as threat actors will eventually reverse engineer the fixes to understand the underlying flaws. By updating promptly, users ensure their devices cannot be compromised by attacks exploiting these particular zero-day vulnerabilities, he advised.” “Moving forward, it’s essential that Apple continue working diligently to identify and rectify security issues in their software before they can be weaponised against users.”

This marks the second time in a month that Citizen Lab has detected a sophisticated spyware campaign targeting Apple devices. **On September 7th, 2023**, Apple released a critical security update to address a zero-click vulnerability that was actively delivering NSO Group’s Pegasus spyware to iPhones. These revelations were initially reported by Citizen Lab, which classified the attack as a BLASTPASS operation.

****Conclusion****

The Citizen Lab’s findings also shed light on the importance of maintaining up-to-date software and enabling security features like Lockdown Mode on Apple devices. They emphasize the critical role that security measures play in safeguarding individuals from cyber threats.

Additionally, the report calls for increased controls on the export of technologies that can be misused to violate human rights. It highlights the need for greater transparency and accountability in regulating dual-use technology exports, especially in cases involving companies headquartered in Canada.

In a world where cyber threats are becoming increasingly sophisticated, these findings serve as a stark reminder of the importance of digital security and the potential consequences of inadequate measures.

****RELATED ARTICLES****

1.  QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks
2.  Apple AirTags can be used as trojan for credential hacking
3.  Israeli spyware used in hacking phones of journalists globally
4.  Android Version of Sophisticated Pegasus Spyware Discovered
5.  Israeli Spyware Vendor Uses Chrome 0day to Target Journalists

Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-43470: GitHub - ae6e361b/Online-Voting-System

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.

**Function Pointer Hijack mjs/mjs.c in mjs\_execute****Affected Projects**

mjs 2.20.0 (https://github.com/cesanta/mjs)

**Problem Type**

CWE-822 (Untrusted Pointer Dereference)

**Description**

I discovered a vulnerability that could potentially lead to function pointer hijacking. I believe this is a logical vulnerability since it does not trigger any out-of-bounds (OOB) or use-after-free (UAF) assertions when compiled with AddressSanitizer. An attacker can exploit this vulnerability by providing a specially crafted input to the affected program, leading to the execution of arbitrary code.

The function hijack happend in mjs.c:8824

call\_stack\_push\_frame(mjs, bp.start\_idx + i, retval\_stack\_idx);

/\* Perform the cfunction call \*/
((void (\*) (struct mjs \*)) mjs\_get\_ptr(mjs, \*func))(mjs);

call\_stack\_restore\_frame(mjs);

**PoC:****Log:**

    $ clang -g -O2 -o mjs mjs.c -DMJS_MAIN
    $ ./mjs poc.js 
    Illegal instruction

CVE-2023-43338: Function Pointer Hijack mjs/mjs.c in mjs_execute · Issue #250 · cesanta/mjs

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-43130: dlink/DIR-806/3 at main · mmmmmx1/dlink

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.

CVE-2023-43129: dlink/DIR-806/2/readme.md at main · mmmmmx1/dlink

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.

**SQl injection in jeecgboot**

High severity GitHub Reviewed Published Sep 22, 2023 to the GitHub Advisory Database • Updated Sep 22, 2023

GHSA-rwhx-6hx7-pqc8: SQl injection in jeecgboot

By Waqas
Another day, another data security incident at T-Mobile – Because why not! A cybersecurity year without a T-Mobile…
This is a post from HackRead.com Read the original post: 90GB of Data Posted on Hacker Forum Linked to T-Mobile Glitch

Another day, another data security incident at T-Mobile – Because why not! A cybersecurity year without a T-Mobile security incident is a rare occurrence.

*   **T-Mobile US Inc. suffered a data breach, causing the exposure of users billing data.**

*   **The company claims the breach was caused by a ‘temporary system glitch” and not a security breach.**

*   **However, a database was posted on a hacker forum and the hacker stated that the data was stolen in a previous breach.**

*   **When examined, the database contained records worth 90GB of data.**

*   **The telecom firm has experienced a third data breach within a year.**

The world’s leading telecom giant, T-Mobile USA, is in the news for a mistakenly conducted technology update that exposed the private information of some of its customers to other users.

The glitch was confirmed by many users who took to social media, informing the company that they were shown billing details (including credit card details, purchase history, current credit balance, and home address) of other customers instead of their own when they signed into their T-Mobile accounts.

Reportedly, this incident lasted for over three hours. T-Mobile confirmed that the issue occurred, claiming a faulty update caused it. The company also confirmed that a data breach or cyberattack didn’t cause it.

T-Mobile’s rep stated that a temporary system glitch happened while carrying out an already planned technology update, which involved limited account details of less than 100 customers. Moreover, the company claims that the issue was quickly resolved.

However, threat actors have posted a database on a hacker forum claiming that the information belonged to T-Mobile customers. As per their post, having the caption “T-Mobile, Connectivity Source,” the database contained data stolen from T-Mobile in April 2023.

Screenshot from the hacker forum where the alleged T-Mobile data has been leaked (Credit: Hackread.com)

It comprised private information such as email addresses, partial Social Security numbers, customer data, and the company’s sales and analytics data, etc., belonging to T-Mobile. For your information, the connectivity source refers to authorized retailers of T-Mobile offering services via T-Mobile branded stores.

Security experts who have examined the data assert that the post seems legitimate and claim that the database is gigantic, having 90GB worth of data.

T-Mobile, which Deutsche Telekom owns, has had a rocky year so far because the company has repeatedly become a target of data breaches in the past 12 months. **Back in August 2021**, the company lost data of 49 million T-Mobile account holders, whereas the hackers claimed they stole data of 100 million users.

T-Mobile has experienced at least five reported data breaches (**1, 2, 3, 4, 5**) between 2015 and 2021, making it safe to say that a cybersecurity year without a T-Mobile security incident is a rare occurrence.

Tag

#git