Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Migration Toolkit for Applications security and bug fix update  
Advisory ID:       RHSA-2023:4627-01  
Product:           Migration Toolkit for Applications  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4627  
Issue date:        2023-08-14  
CVE Names:         CVE-2020-24736 CVE-2021-46877 CVE-2022-4492   
                   CVE-2022-41721 CVE-2022-41723 CVE-2022-41724   
                   CVE-2022-41725 CVE-2022-41854 CVE-2022-41881   
                   CVE-2023-1667 CVE-2023-2283 CVE-2023-2798   
                   CVE-2023-2828 CVE-2023-22899 CVE-2023-24329   
                   CVE-2023-24532 CVE-2023-24534 CVE-2023-24536   
                   CVE-2023-24537 CVE-2023-24538 CVE-2023-24539   
                   CVE-2023-24540 CVE-2023-26125 CVE-2023-26604   
                   CVE-2023-29400 CVE-2023-34104   
=====================================================================

1. Summary:

Migration Toolkit for Applications 6.2.0 release

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Migration Toolkit for Applications 6.2.0 Images

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* jackson-databind: Possible DoS if using JDK serialization to serialize  
JsonNode (CVE-2021-46877)

* undertow: Server identity in https connection is not checked by the  
undertow client (CVE-2022-4492)

* x/net/http2/h2c: request smuggling (CVE-2022-41721)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK  
decoding (CVE-2022-41723)

* golang: crypto/tls: large handshake records may cause panics  
(CVE-2022-41724)

* golang: net/http, mime/multipart: denial of service from excessive  
resource consumption (CVE-2022-41725)

* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
(CVE-2022-41881)

* htmlUnit: Stack overflow crash causes Denial of Service (DoS)  
(CVE-2023-2798)

* zip4j: does not always check the MAC when decrypting a ZIP archive  
(CVE-2023-22899)

* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce  
incorrect results (CVE-2023-24532)

* golang: net/http, net/textproto: denial of service from excessive memory  
allocation (CVE-2023-24534)

* golang: net/http, net/textproto, mime/multipart: denial of service from  
excessive resource consumption (CVE-2023-24536)

* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

* golang: html/template: backticks not treated as string delimiters  
(CVE-2023-24538)

* golang: html/template: improper sanitization of CSS values  
(CVE-2023-24539)

* golang-github-gin-gonic-gin: Improper Input Validation (CVE-2023-26125)

* golang: html/template: improper handling of empty HTML attributes  
(CVE-2023-29400)

* fast-xml-parser: Regex Injection via Doctype Entities (CVE-2023-34104)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow  
2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client  
2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling  
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding  
2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption  
2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics  
2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters  
2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption  
2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation  
2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing  
2185278 - CVE-2023-22899 zip4j: does not always check the MAC when decrypting a ZIP archive  
2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode  
2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values  
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes  
2203769 - CVE-2023-26125 golang-github-gin-gonic-gin: Improper Input Validation  
2210366 - CVE-2023-2798 htmlUnit: Stack overflow crash causes Denial of Service (DoS)  
2221261 - CVE-2023-34104 fast-xml-parser: Regex Injection via Doctype Entities  
2223355 - CVE-2023-24532 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

5. JIRA issues fixed (https://issues.redhat.com/):

MTA-1015 - Credentials filtering is missing 'Created by' filter  
MTA-1041 - Application inventory page crashes when deleting an application and the right panel is open  
MTA-194 - [RFE] Present a data in more readable format  
MTA-24 - [API][Application] ApiApplication returned from post method is missing the identities name  
MTA-27 - [API][Credentials] It is possible to create more than one credential with the same name  
MTA-464 - [Custom rules] Analysis wizard stucks on custom rules page on moving "Back" from Repository tab.  
MTA-465 - Tags & Reports tabs for the application keeps loading while analysis in progress.  
MTA-468 - Incorrect description for Azure target.  
MTA-469 - Typo under Reports -> Current Landscape UI  
MTA-470 - [UI] Clear Repository button is taking few seconds to re-enable every time when we switch to different tab or perspective.   
MTA-472 - [Reports][RFE] "MIGRATION TOOLKIT FOR APPLICATIONS" can be renamed to "Migration Toolkit for Applications"  
MTA-474 - Validation issue with "Password" field when creating a new Credential  
MTA-476 - Tooltip text for the disabled "Delete" button under "Tags" is incorrect  
MTA-477 - Applications imported even after showing Rejected in "Manage Imports" page.  
MTA-478 - Application Inventory page doesn't get updated after the "Import"  
MTA-479 - Category Color missing when Tag Category is created at the time of import  
MTA-480 - Unable to import application with multiple tags under a single tag category.  
MTA-481 - [RFE] Deleting a Job function associated with Stakeholder  
MTA-483 - EAP6 still present as a target in downstream MTA builds 6.1.0  
MTA-484 - Enforce URL validation for git repo while creating custom target  
MTA-485 - [UI] Filter category by name list is too long  
MTA-500 - Missing space in OpenLiberty target description  
MTA-582 - [API] Job function crud and stakeholder group crud fails  
MTA-590 - Identified risk table shows error when there are no data  
MTA-643 - [Upstream] Success alerts are broken  
MTA-647 - [Upstream] Remove Asterisk for member(s) while creating a stakeholder group  
MTA-651 - Application owner is sent if its added then manually deleted  
MTA-658 - [Upstream] Helper messages are displayed on blur  
MTA-659 - [Upstream] Source repository field accepts only git urls.  
MTA-674 - [RFE][API] Return reference "name" field from POST method  
MTA-678 - Operator failing smoke tests (6.2.0 / release-0.2)  
MTA-680 - [Upstream] [Typo] Migration waves wizard stakeholders groups' field should be in plural  
MTA-681 - [Upstream][RFE] Add a tooltip for delete button disabled only when selected application(s) are in a migration wave  
MTA-682 - [Upstream][Custom Metrics] Initiated assessments total count isn't working correctly  
MTA-695 - Running a second migration wave export with additional apps errors out  
MTA-698 - [Upstream] Replace Jira Server/Datacenter options with a single option  
MTA-699 - [Upstream] Not able to connect to RedHat JIRA account  
MTA-706 - [Upstream] [Migration Waves] Date fields can't be entered manually  
MTA-717 - [Credentials] Save button remains disabled while editing credentials of Jira type  
MTA-739 - Add a tool tip to explain what insecure communication with a Jira instance is  
MTA-741 - [Migration Waves] start date value is not updated correctly  
MTA-747 - Job function can't be removed  
MTA-750 - Applications cannot be selected in the Assessment tab of the Application Inventory  
MTA-753 - Some success notifications include two spaces  
MTA-761 - eap targets listed as konveyor.io/target=eapx on Analysis dialog  
MTA-764 - [UI] Incorrect tooltip when removing credentials  
MTA-765 - [UI] Incorrect tooltip when removing credentials  
MTA-766 - [UI] Incorrect labels in Jira connections table  
MTA-772 - [Upstream] Credentials of type 'Bearer' not listed in Jira instance creation dialog  
MTA-773 - Render analysis details as YAML for better readability.  
MTA-778 - Clicking ?'Show password' icon for Jira Bearer token key doesn't show the key.  
MTA-802 - [Regresssion] Tag list under Tag Category doesn't get updated after new tag creation  
MTA-807 - [Custom metrics] The METRICS_ENABLED environment variable is overridden by its default value   
MTA-808 - [UI] Credentials field is empty when editing existing Jira connection instance  
MTA-809 - [Custom metrics] Exported issues which move from "Error" to "New" state are counted twice  
MTA-81 - CVE-2022-41881 io.netty-netty-parent: codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6]  
MTA-811 - Failed to delete an application that is associated with a ticket on the issues manager  
MTA-814 - [Typo] Application creation notification text starts with lowercase  
MTA-815 - [UI] Incrrect Jira instance type name is shown in Jira connection table  
MTA-826 - [Tags] Color filter isn't working correctly  
MTA-83 - CVE-2022-41881 org.jboss.windup.rules-windup-rulesets-parent: codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6]  
MTA-84 - CVE-2022-41854 dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow [mta-6]  
MTA-845 - CSV Reports cannot be downloaded  
MTA-863 - [UI] Jira credentials have different names in creation wizard and filtering  
MTA-870 - A Migration Wave cannot be exported as a SubTask - using both Jira Datacenter and Cloud  
MTA-872 - After an error ,trying to export the same applications as tasks , fails with an error showing sub-tasks.  
MTA-873 - Exporting migration wave as an Epic does not export it to Jira - using Jira Server/Datacenter   
MTA-877 - in migration waves when exporting a migration wave to jira, and moving the ticket to done it changes status to  "Not Started"  
MTA-881 - Stakeholder: Assertion is missing "No stakeholders available"  
MTA-89 - CVE-2022-41881 org.jboss.windup-windup-parent: codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6]  
MTA-894 - [Custom metrics] Failed analysis is counted twice  
MTA-895 - [UI] Sometimes Jira table doesn't look consistant with other tables  
MTA-898 - [UI] Incorrect tooltip when the bulk deletion button is disabled on application inventory page  
MTA-906 - Migration Waves: The Name field doesn't have the "too sort" validation  
MTA-908 - [UI] Incorrect sorting by URL for Jira instances  
MTA-909 - Tags: Tag Category field is missing helper message "This field is required."    
MTA-91 - CVE-2022-41881 org.jboss.windup.plugin-windup-maven-plugin-parent: codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6]  
MTA-912 - in migration waves - after applying wrong dates, correcting the dates does not remove the error message   
MTA-916 -  Application Inventory  : Sorting applications on tag count is broken   
MTA-923 - in migration waves - when creating two migration waves with same name and same dates - once trying to create the second one an error pops "Failed to create migration wave."  
MTA-93 - CVE-2022-4492 org.keycloak-keycloak-parent: undertow: Server identity in https connection is not checked by the undertow client [mta-6]  
MTA-937 - in migration waves - selecting one migration wave using individual check box will automatically select all applications with the same name  
MTA-943 - [UI] Incorrect sorting in reports   
MTA-973 - Jira Configuration: Success alert is missing while creating any new jira instance  
MTA-974 - Success notification text starts with lowercase  
MTA-984 - Dependencies: Unable to Connect there is an error retrieving data  
MTA-985 - [Custom rules in analysis] Enforce URL validation for git repo

6. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2021-46877  
https://access.redhat.com/security/cve/CVE-2022-4492  
https://access.redhat.com/security/cve/CVE-2022-41721  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2022-41724  
https://access.redhat.com/security/cve/CVE-2022-41725  
https://access.redhat.com/security/cve/CVE-2022-41854  
https://access.redhat.com/security/cve/CVE-2022-41881  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-2798  
https://access.redhat.com/security/cve/CVE-2023-2828  
https://access.redhat.com/security/cve/CVE-2023-22899  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-24532  
https://access.redhat.com/security/cve/CVE-2023-24534  
https://access.redhat.com/security/cve/CVE-2023-24536  
https://access.redhat.com/security/cve/CVE-2023-24537  
https://access.redhat.com/security/cve/CVE-2023-24538  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/cve/CVE-2023-26125  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/cve/CVE-2023-34104  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2Y9pAAoJENzjgjWX9erEhloP+wVFIYOtxx6UGUCxSjGbX4qz  
655durO1rCnxksr0gaVGu4/sXDXQ/5Ez8M3qX2hqiM6PF2viv5iNarNHsv39g8Lq  
3zIFMCvu633vO0USRzb1L9sacNJMm+2r5ENGsuthDBVJMMDVm+7mFz83k8uJXAQt  
A+FAG5V0ZdIKBbNyhOzyuB2HBWDfVwOjRKDPdWyB9Jj/81w0dFjNy7hhVkziWhQi  
5KA2A17fnRPgNDfUbK3QwRCKLZft9otY70ajBCrV2OxNnkuNjgNWjM2MLyFQcmFx  
rVU4zCEHhOV+XV3samGnHd/tVlaTpiYi7SMQz0WmHnzuiJFGOc8e8sMMY1baNPS7  
8e/XPpvxBqL6xA3b94P9IHH3mT2kyzjxon443EIVbLXj9MpHuJzUnum6EDB+CiuN  
eAYE4Gp6v8gEID9+qAiBPDPY8YN3xrnBqTRpG8PFPusgzpFf58mvRAgfe2LCnxrk  
DeL/+vv+qQMdd/2Y4ZSUb/VYW0GaShUwuJpQJGav20Lpq9vPZ02NpzqzaRgYoMey  
ei2SWA2hLn/Rv91QU8aE2ZtVZauqAoC+tOFU/5z574GUDWfvL6ciKimiG24B77Yh  
eQHG2R5dAF3LpiTL8bI3Jbv2nH1tKnPRf4vr76VoOtTkh6oCJ7jxkyJs7BdaVBXa  
dtHt/tOKxsM3gxE4JPHw  
=wiIB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4627-01

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

Expand Up

@@ -13,8 +13,8 @@ static size\_t countChar(const ut8 \*buf, int len, char ch) {

}

  

static int getid(char ch) {

const char \*keys \= "\[\]<>+-,.";

const char \*cidx \= strchr (keys, ch);

const char \*const keys \= "\[\]<>+-,.";

const char \*const cidx \= strchr (keys, ch);

return cidx? cidx \- keys + 1: 0;

}

  

Expand Down Expand Up

@@ -136,13 +136,11 @@ static int assemble(const char \*buf, ut8 \*\*outbuf) {

#define BUFSIZE\_INC 32

static bool decode(RArchSession \*as, RAnalOp \*op, RArchDecodeMask mask) {

int len \= op\->size;

const ut8 \*\_buf \= op\->bytes;

const ut64 addr \= op\->addr;

if (len < 1) {

return false;

}

  

ut8 \*buf \= (ut8\*)\_buf; // XXX

ut8 \*buf \= op\->bytes;

const ut64 addr \= op\->addr;

ut64 dst \= 0LL;

if (!op) {

return 1;

Expand All

@@ -169,29 +167,32 @@ static bool decode(RArchSession \*as, RAnalOp \*op, RArchDecodeMask mask) {

}

r\_strbuf\_set (&op\->esil, "1,pc,-,brk,=\[4\],4,brk,+=");

#if 1

{

if (len \> 1) {

const ut8 \*p \= buf + 1;

int lev \= 0, i \= 1;

len\--;

while (i < len && \*p) {

if (\*p \== '\[') {

switch (\*p) {

case '\[':

lev++;

}

if (\*p \== '\]') {

break;

case '\]':

lev\--;

if (lev \== \-1) {

dst \= addr + (size\_t)(p \- buf) + 1;

if (lev < 1) {

size\_t delta \= p \- buf;

dst \= addr + (size\_t)delta + 1;

op\->jump \= dst;

r\_strbuf\_set (&op\->esil, "1,pc,-,brk,=\[4\],4,brk,+=,");

goto beach;

}

}

if (\*p \== 0x00 || \*p \== 0xff) {

break;

case 0:

case 0xff:

op\->type \= R\_ANAL\_OP\_TYPE\_ILL;

goto beach;

}

if (read\_at && i \== len \- 1) {

break;

#if 0

// XXX unnecessary just break

int new\_buf\_len \= len + 1 + BUFSIZE\_INC;

ut8 \*new\_buf \= calloc (new\_buf\_len, 1);

Expand All

@@ -203,6 +204,9 @@ static bool decode(RArchSession \*as, RAnalOp \*op, RArchDecodeMask mask) {

p \= buf + i;

len += BUFSIZE\_INC;

}

#else

break;

#endif

}

p++;

i++;

Expand Down

CVE-2023-4322: Fix 1byte heap oobread in the brainfuck disassembler · radareorg/radare2@ba919ad

By Owais Sultan
JasmyCoin operates on blockchain technology as a decentralized digital currency, ensuring secure and transparent transactions. 
This is a post from HackRead.com Read the original post: Investing in Ethereum Blockchain-based JasmyCoin: Guide

This article will explore the Ethereum Blockchain-based JasmyCoin market, its advantages, how to get started with JasmyCoin investment, the related risks, and how it relates to other cryptocurrencies. Whether you are a seasoned investor or new to cryptocurrencies, this guide will provide valuable insights to make informed investment decisions.

**The Benefits of Investing in JasmyCoin**

Investing in JasmyCoin offers several benefits:

1.  It provides an opportunity for diversification in your investment portfolio.
2.  Given its increasing value and market demand, JasmyCoin has the potential for high returns.
3.  Investing in JasmyCoin allows for easy and quick transactions, eliminating the need for intermediaries and reducing transaction costs. Get to know the latest JasmyCoin Price and get started. 

**Understanding the JasmyCoin Market: Trends and Insights**

The JasmyCoin market has experienced significant growth and popularity in recent years. JasmyCoin operates on blockchain technology as a decentralized digital currency, ensuring secure and transparent transactions. The market trends and insights indicate a promising future for JasmyCoin, with increasing adoption and acceptance by businesses and individuals worldwide.

**How to Get Started with JasmyCoin Investment**

To get started with JasmyCoin investment, you need to follow a few simple steps. Firstly, choose a reliable cryptocurrency exchange platform that supports JasmyCoin. Create an account and complete the necessary verification process. Once your account is set up, deposit funds into your account and start trading JasmyCoin. It is essential to conduct thorough research, stay updated with market trends and consider consulting with financial advisors before making investment decisions.

**Analyzing the Risks Associated with JasmyCoin Investment**

While JasmyCoin investment offers potential rewards, it is crucial to analyze the associated risks. The cryptocurrency market is highly volatile, and the value of JasmyCoin can fluctuate significantly. Also, there is a risk of security breaches and hacking attempts, which can result in financial losses. Investing only what you can afford to lose and implementing proper security measures to protect your investments is advisable.

**JasmyCoin vs. Other Cryptocurrencies: A Comparative Analysis**

When comparing JasmyCoin to other cryptocurrencies, it is essential to consider factors such as market capitalization, technology, adoption rate and use cases. While Bitcoin remains the most popular and widely accepted cryptocurrency, JasmyCoin offers unique features and advantages. Its focus on privacy, security and scalability sets it apart from other cryptocurrencies, making it an attractive investment option.

In conclusion, investing in JasmyCoin can be a lucrative opportunity for investors. However, it is crucial to understand the market trends, benefits, risks and how it compares to other cryptocurrencies. By following the steps outlined in this guide and staying informed, you can make informed investment decisions and potentially reap the rewards. 

**RELATED ARTICLES**

1.  How To Use ChatGPT To Trade Cryptocurrency
2.  What Makes Bitcoin NFTs Different from Other NFTs?
3.  Tracing the Path: Unraveling the Full History of Toncoin
4.  The Rise of Blockchain Gaming and Secure Marketplaces
5.  Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Investing in Ethereum Blockchain-based JasmyCoin: Guide

The wide-ranging scams, often disguised as game promotions, can all be linked back to one network.

Thousands of websites belonging to US government agencies, leading universities, and professional organizations have been hijacked over the last half decade and used to push scammy offers and promotions, new research has found. Many of these scams are aimed at children and attempt to trick them into downloading apps, malware, or submitting personal details in exchange for nonexistent rewards in _Fortnite_ and _Roblox_.

For more than three years, security researcher Zach Edwards has been tracking these website hijackings and scams. He says the activity can be linked back to the activities of affiliate users of one advertising company. The US-registered company acts as a service that sends web traffic to a range of online advertisers, allowing individuals to sign up and use its systems. However, on any given day, Edwards, a senior manager of threat insights at Human Security, uncovers scores of .gov, .org, and .edu domains being compromised.

“This group is what I would consider to be the number one group at bulk compromising infrastructure across the internet and hosting scams on it and other types of exploits,” Edwards says. The scale of the website compromises—which are ongoing—and the public nature of the scams makes them stand out, the researcher says.

Courtesy of Matthew Burgess

The schemes and ways people make money are complex, but each of the websites is hijacked in a similar way. Vulnerabilities or weaknesses in a website's backend, or its content management system, are exploited by attackers who upload malicious PDF files to the website. These documents, which Edwards calls “poison PDFs,” are designed to show up in search engines and promote “free _Fortnite_ skins,” generators for _Roblox_’s in-game currency, or cheap streams of _Barbie_, _Oppenheimer_, and other popular films. The files are packed with words people may search for on these subjects.

When someone clicks the links in the poison PDFs, they can be pushed through multiple websites, which ultimately direct them to scam landing pages, says Edwards, who presented the findings at the Black Hat security conference in Las Vegas. There are “lots of landing pages that appear super targeted to children,” he says.

For example, if you click the link in one PDF advertising free coins for an online game, you are directed to a website where it asks for your in-game username and operating system, before asking how many coins you would like for free. A pop-up appears saying, “Last Step!” This “locker page” claims the free game coins will be unlocked if you sign up for another service, enter personal details, or download an app. “I've tested it hundreds of times,” Edwards says. He has never received a reward. When people are led through this maze of pages and end up downloading an app, entering personal details, or any number of required actions, those behind the scams can earn money.

These kinds of scams have been around for a while, ad fraud researchers say. But these stand out, as they all have links back to the advertising firm CPABuild and the members that work for its network, Edwards says. All the compromised websites that have PDFs uploaded are calling to command-and-control servers owned by CPABuild, Edwards says. “They're pushing advertising campaigns into someone else’s infrastructure,” he says. Googling for a file linked to the PDFs brings up pages of results of compromised websites.

CPABuild’s website, which lists its legal registry in Nevada, describes itself as a “content-locking network first and foremost.” The company, which has existed since 2016, hosts tasks from its customers, such as giving people the chance to win money by submitting their email and postal code details. Then users of CPABuild, often known as affiliates, try to get people to complete these offers. They often do so via spamming links to YouTube comments or creating the kind of pop-up “locker” pages towards the end of the poison PDF click chain. This results-based process is known as a cost per action (CPA) by advertisers and marketers.

WIRED contacted multiple email addresses listed on CPABuild’s website, as well as sending questions via a contact form, but we did not receive any response. The company website does not name any individuals who are behind CPABuild and is sparse on overall details. The website claims it has “daily” fraud checks in place to catch bad actors abusing its platform, and its terms of service prohibit those using it from being involved in fraud and from sharing multiple kinds of content.

The website claims it has paid out more than $40 million to publishers and has thousands of templates and landing pages. Within CPABuild, there are various tiers of users. The website’s affiliate structure is displayed in an image on its homepage. Members can be categorized as managers, devils, demons, wizards, masters, and knights. In one video uploaded by a CPABuild member on August 11, an admin account can be seen sharing a message with users that indicates the company has taken steps to prevent the platform from being used for fraud. “We are still getting reports that CPABuild publishers are promoting offers in ways that violate our terms of service,” a message seen on the screen reads. Edwards’ research shows, however, that whatever efforts CPABuild has taken have failed to prevent its users from engaging in rampant fraud.

“CPA fraud, which includes cost per app install, is very common,” says Augustine Fou, an independent cybersecurity and ad fraud investigator, who reviewed a summary of Edwards’ findings. “Specialists like the ones identified in the research carve out a niche where they become the category leader in a particular kind of fraud,” Fou says. “Customers come to them for that speciality.”

Scores of websites are currently impacted by the PDFs. This week, the New York State Department of Financial Services removed PDFs uploaded after being contacted by WIRED. Ciara Marangas, a spokesperson for the department, says the issue was first identified in 2022, and following a review and additional steps, the files were removed.

In 2022, Edwards says, he alerted the US Cybersecurity Infrastructure Agency (CISA) to more than 50 compromised websites, which included the Oak Ridge National Laboratory and the Lawrence Berkeley National Laboratory. A spokesperson for Oak Ridge said it “immediately” responded to CISA’s alert, “deleted the suspicious content, and resolved the issue.” No data belonging to the laboratory was impacted, they say. Meanwhile, a spokesperson for Lawrence Berkeley National Laboratory said it cannot comment on the individual case but “no vulnerability has resulted in the compromise of systems for visitors” to its website. CISA's .gov registry manager, Cameron Dixon, says when it is made aware of vulnerabilities in government websites, it notifies them and offers assistance. “In any given day, you could have a list this big of new victims,” Edwards says. (In 2020, Italy’s Computer Security Incident Response Team, CIRST, issued an alert about compromised domains Edwards had found.)

While there has been some reporting linked to potential CPABuild affiliates, Edwards says the scheme can fly under the radar, as the links in the process are passed through redirecting services, which mask their identity. Also, he says, the compromises can get overlooked as they are not as impactful as ransomware or other cyberattacks.

However, there are traces of activity linked to CPABuild members and affiliates spread across the web. Various users of CPABuild have uploaded videos to YouTube exposing how parts of the site work. One video shows someone using a “_Fortnite_ skins generator” and a locker page that is created through CPABuild’s tools. Within another video, the kinds of offers hosted by CPABuild can be seen, including getting people to submit their email and postal code details, submitting their credit card details, installing mobile apps, and completing “general surveys.”

Hundreds of the content lockers on CPABuild’s website have been captured by the Internet Archive over the last seven years. One locker page called “Amazon gift cards” offers people the chance to complete a survey to “Win a $5,000 cash now” or to “enter” to win $25,000. Others push people to download apps, such as the Opera web browser, or enter their details to “get a $100 _Roblox_ Game Card.” Popular kids games are frequently used as a lure for these “offers.”

“We hate this kind of stuff as much as you do, but it helps us to stay alive,” one locker page says. “Please fill in one quick form to get your password and show us your support.”

Website inspection tools, such as URLScan, show multiple suspicious domains communicating with CPABuild’s infrastructure, which is hosted by Amazon’s Web Services (AWS). Amazon's trust and safety teams are looking at the results of Edwards’ research, says Patrick Neighorn, an AWS spokesperson. “AWS's terms of service prohibit customers from using our services for any illegal or fraudulent activity, and our customers are responsible for complying with our terms and all applicable laws,” Neighorn says.

Courtesy of Zach Edwards

Meanwhile, gaming companies say examples of the websites hosting the locker pages are not legitimate. “These are scams,” says Jake Jones, senior communications manager at Epic Games, which created _Fortnite_. “Players have never been able to sell, gift, or trade in-game V-Bucks to another player or sell virtual items to one another,” he says. Similarly, James Kay, a spokesperson for _Roblo_x, says that using third-party services to "buy, sell, trade or give away Robux” is prohibited, and people should avoid “offers” on websites that promise free in-game currency or other items.

Victoria Kivilevich, director of threat research at security firm KELA, says the company has seen CPABuild discussed on cybercrime and hacking forums. On one site, Kivilevich says, someone recommends creating a YouTube channel with stolen games and software content to attract videos. “The user recommends using CPABuild to place a content locker URL—apparently obtained through CPABuild—to the description of the videos and earn on visitors who click on the URL,” Kivilevich says, adding that there are frequent discussions about _Fortnite_ and _Roblox_.

“Multiple users are looking for instructions on how to be approved on CPABuild and for accounts on CPABuild they can buy,” Kivilevich says.

While many of the poison PDFs push people towards scams, not all of them do. “It would appear that specific CPABuild clients are malware authors,” Edwards says. Sometimes, in the days after a negative article about China has appeared in the news, he says, some of these keyword-filled PDFs would appear and include words similar to the news articles. “The legitimate article will show up as the first result of the first page of a search, and then maybe three or four down would be honeypots,” he says. “On all of these pages, it was malware.”

A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight

A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-30186: core/DesktopEditor/doctrenderer/embed/NativeControlEmbed.cpp at 8ca40a44ce47a86168327a46db91253cf6bb205d · ONLYOFFICE/core

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2023-37070: Offensive-Payloads/Cross-Site-Scripting-XSS-Payloads.txt at main · InfoSecWarrior/Offensive-Payloads

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.
The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.
"The attacker seems to be

Website Security / Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.

The attacks, dubbed **Xurum** by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.

"The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days," Akamai researchers said in an analysis published last week, attributing the campaign to actors of Russian origin.

Some of the websites have also been observed to be infected with simple JavaScript-based skimmers that's designed to collect credit card information and transmit it to a remote server. The exact scale of the campaign remains unclear.

In the attack chains observed by the company, CVE-2022-24086 is weaponized for initial access, subsequently exploiting the foothold to execute malicious PHP code that gathers information about the host and drops a web shell named wso-ng that masquerades as a Google Shopping Ads component.

Not only is the web shell backdoor run in memory, it also activated only when the attacker sends the cookie "magemojo000" in the HTTP request, after which information about the sales order payment methods in the past 10 days is accessed and exfiltrated.

The attacks culminate with the creation of a rogue admin user with the name "mageworx" (or "mageplaza") in what appears to be a deliberate attempt to camouflage their actions as benign, for the two monikers refer to popular Magento 2 extension stores.

wso-ng is said to be an evolution of the WSO web shell, incorporating a new hidden login page to steal credentials entered by victims. It further integrates with legitimate tools like VirusTotal and SecurityTrails to glean the infected machine's IP reputation and obtain details about other domains hosted on the same server.

Online shopping sites have been targeted for years by a class of attacks known as Magecart in which skimmer code is inserted into checkout pages with the goal of harvesting payment data entered by victims.

"The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet," the researchers said.

"They demonstrate a high level of expertise in Magento and invest considerable time in understanding its internals, setting up attack infrastructure, and testing their exploits on real targets."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

Monday, August 14, 2023 08:08

*   AI’s influence is growing across the security space, bringing with it major implications for cybercriminals and defenders.
*   The recent adoption of AI has raised significant concerns for cybersecurity due to the many ways that criminals can use AI for disruption and profit.
*   Defenders and law enforcement can use AI to strengthen cybersecurity and counteract illicit activities.

The past decade has seen a massive adoption in machine learning and artificial intelligence. An increasing number of organizations have been leveraging such technologies to automate their operations and make their products and services better.

Despite the extensive use of machine learning (ML) and artificial intelligence (AI) by organizations for some time now, many users have first interacted with such technologies over the past few months in the form of generative AI helping users to generate text, code, images and other digital assets with the provision of limited input. The likes of ChatGPT have brought AI to the top of the public’s mind, fueling an intensive race for AI development.

As with any innovation, the use of AI is expected to have positive and negative effects on global culture as we know it, but I suspect that cybercrime will be one of the areas most affected. On the negative side, AI can help streamline criminals' operations, making them more efficient, sophisticated, and scalable while allowing them to evade detection and attribution. Concerning the positive impact of AI on cybersecurity, defenders, and law enforcement, can use AI to counteract advancements in illicit activity by developing new tools, tactics and strategies to automate data analysis, perform predictive detection of illicit activity and perform more effective attribution of criminal activity.

It is important to acknowledge that the AI use cases discussed in this blog encompass a range of varying complexities to achieve for both criminals and defenders. Certain use cases can be accomplished using readily available AI-enabled tools, while others demand advanced technical skills, costly infrastructure, and considerable time investments.

**Empowering cybercrime**

Cybercriminals are expected to benefit in many ways from advancements in machine learning and artificial intelligence.

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations, such as software development, scamming, extortions, etc., which in turn will decrease the need to recruit new members and lower operational costs due to the reduced need for headcount. While crime-related "job" postings typically find their way onto dark web forums and other anonymous channels, striving to ensure author anonymity, this practice carries significant risks as it could potentially unveil the identities and operations of criminals to whistleblowers and undercover law enforcement agents.

AI presents another avenue for cybercriminals to exploit by utilizing it to analyze enormous amounts of information, including leaked data. This analysis empowers them to identify vulnerabilities or high-value targets, enabling more precise and effective attacks that could potentially yield greater financial gains. Big data analytics is a complex undertaking necessitating significant processing power and thereby limiting its application to potentially large criminal organizations and state-sponsored actors capable of harvesting such power.

Another area of criminal activity that can thrive with AI is the development of more sophisticated phishing and social engineering attacks. This includes the creation of remarkably realistic deepfakes, deceitful websites, disinformation campaigns, fraudulent social media profiles and AI-powered scam bots. To illustrate the impact, consider an incident from 2020 wherein an AI-powered voice cloning attack successfully impersonated a CEO, resulting in the theft of more than $240,000 from a UK-based energy company. Similarly, in India criminals employed a machine learning model to analyze and mimic the writing style of a victim's email contacts to create highly personalized and persuasive phishing emails.

The utilization of AI is anticipated to also be prevalent among state-sponsored actors and prominent criminal organizations, to propagate disinformation and manipulate the public. Such tactics involve the creation and dissemination of deceptive content, including deep fakes, voice cloning, and the deployment of bots. Evidence of such practices already exists by a cybercriminal group employing AI for social media manipulation and spreading disinformation about the COVID-19 pandemic. This campaign relied on machine learning to identify emerging trends and generate highly convincing fake news articles.

The advancement of malware can also be impacted by allowing authors to streamline the process with the help of AI, enabling the creation of sophisticated and more adaptable malware. Allowing AI-powered malware to employ advanced techniques to evade detection by security solutions, utilizing "self-metamorphic" mechanisms rendering them capable of changing their operations based on the environment they operate in. Furthermore, criminals can potentially harness AI technology in the development of AI-powered malware development kits. These kits employ AI agents that learn from the latest tools, tactics, and procedures (TTPs) employed by malware authors, as well as stay updated with the latest advancements in security. An example of AI-powered malware is demonstrated by the researchers behind DeepLocker. Showcased how AI can be used to enhance targeted attacks, ensuring exploitation only when the intended target is present and to evade detection by concealing itself within benign applications.

**Counteracting cybercrime**

On the other side, cybersecurity professionals, defenders, and law enforcement agencies can harness the power of AI to counteract the advancements made in cybercrime. They can utilize AI to develop innovative tools, tactics, and strategies in their fight against malicious activities.

Areas such as threat detection and prevention will be at the forefront of AI security research. Many existing security tools, heavily rely solely on malicious signatures and user input, which render them ineffective for detecting advanced attacks. Consequently, an increasing number of vendors are turning to machine learning (ML) and AI technologies to achieve more precise and effective threat detection. Prominent examples include Cisco Secure Endpoint and Cisco Umbrella utilizing advanced machine learning to detect and mitigate suspicious behavior in an automated manner on end hosts and networks respectively. The inclusion of these technologies is likely to counter the malware being generated by AI discussed above.

Analysis of large amounts of data for the identification of indicators of compromise can be a tedious undertaking, consuming considerable time and money. As such, one area that can benefit from AI is Incident response and forensics for the automated analysis of large volumes of logs, system images, network traffic and user behavior for the identification of indicators of compromise (IOCs) and adversarial activity. AI can help speed up the investigation process, identify patterns that may be difficult to detect manually, and provide insights into the techniques and tools used by adversaries. Allowing more companies globally to have incident response and forensic capabilities.

Another potential use for AI by defenders and law enforcement alike is to enhance the attribution of criminal activity to adversaries through the analysis of multiple data points, including attack signatures, malware characteristics, and historical attack patterns, tools, tactics, and procedures. By examining these data sets, AI can identify patterns and trends that aid cybersecurity experts in narrowing down the potential origin of an attack. This attribution is valuable as it provides insights into the motives and capabilities of the attackers, allowing for a better understanding of their tactics and potential future threats. In addition, it allows defenders to more accurately identify adversaries that are leveraging tactics to evade identification by misleading attribution (e.g., use techniques, methodologies and tools another hacking group is using), which is an existing occurrence that defenders must consider when performing attribution. Such capabilities are primarily expected to be witnessed in the arsenal of state-affiliated cyber agencies as well as on a corporate level from threat intelligence providers.

ML algorithms and AI are set to expand their utilization for automated analysis and the identification of threats. Through the automated analysis of security-related data from multiple sources like threat intelligence feeds, dark web monitoring, and open-source intelligence, emerging threats can be identified and mitigated effectively. Cisco Talos has been leveraging AI for several years to automate threat intelligence operations such as the classification of similarly rendered web pages, identify spoofing attempts through logo analysis, phishing email classification based on text analytics and binary similarities analysis. Although existing work around emerging threats has proven to be highly effective, AI will further the area by allowing for more automate data collection, analysis, and correlation on a larger scale, facilitating the identification of patterns and trends that may signify new attack techniques or threat actors. This empowers cybersecurity professionals to proactively respond to emerging cyber threats by leveraging AI's ability to process and interpret vast amounts of data swiftly and accurately.

AI can also serve as a valuable tool for predictive analytics, enabling the anticipation of potential cyber threats and vulnerabilities based on historical data and patterns. By analyzing data from past attacks and adversaries, AI systems can identify common trends, patterns, or groups that may indicate or trigger future attacks. This capability empowers cybersecurity experts to take a more proactive stance to security, such as promptly patching vulnerabilities or implementing supplementary security controls, to mitigate potential risks before they are exploited by adversaries. Additionally, AI-driven predictive analytics allows for closer monitoring of adversaries' activities, enabling experts to anticipate and prepare for new attacks. By leveraging AI in this manner, cybersecurity professionals can enhance their defenses and stay one step ahead of evolving threats. A sizable number of cybercrime predictive research exists, highlighting how to practically use AI to support cybercrime research, as well as how to perform predictive analysis based on social and economic factors using the Bayesian and Markov Theories.

The rise of AI presents new challenges and great opportunities as its user base and applications continue to expand. The effective and targeted utilization of AI-related technologies will play a pivotal role for cybersecurity experts and law enforcement agencies in detecting, defending against, and attributing digital criminal behavior. By harnessing the power of AI, these entities can enhance their capabilities in combating evolving threats and ensuring the security of digital ecosystems. As the landscape of cybercrime evolves, embracing AI will be instrumental in staying ahead of adversaries.

The rise of AI-powered criminals: Identifying threats and opportunities

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit 2.6.2 and prior. A patch is available at commit 34ab31ee9362da51b9709e178469dbffd7717249.

**Cockpit Cross-site Scripting vulnerability**

High severity GitHub Reviewed Published Aug 14, 2023 to the GitHub Advisory Database • Updated Aug 14, 2023

GHSA-3vf5-xm2p-6mh5: Cockpit Cross-site Scripting vulnerability

By Waqas
Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.
This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

*   **Critical vulnerabilities unveiled in popular data center management platforms, posing serious security risks.**

*   **CyberPower’s PowerPanel Enterprise and Dataprobe’s iBoot PDU were found to have multiple vulnerabilities.**

*   **Potential exploitation could lead to power disruption, malware deployment, and digital espionage.**

*   **Urgent fixes released by vendors, urging affected customers to patch their systems immediately.**

*   **Emphasis on network isolation, remote access management, password updates, and regular software updates to mitigate risks.**

Trellix’s Advanced Research Center has unveiled a series of critical vulnerabilities in **data center** management platforms, shedding light on potential security risks that could cripple the foundation of our interconnected world.

**The Vulnerabilities Unveiled**

In an ongoing research effort to bolster cybersecurity and resilience in the digital realm, Trellix’s Advanced Research Center turned its attention to critical vulnerabilities within data center management platforms.

This initiative aligns seamlessly with the recently announced **2023 National Cybersecurity Strategy**, underscoring the importance of securing national critical infrastructures and enhancing overall digital ecosystem security.

The team’s initial focus was on power management and supply technologies, key components of data center infrastructure. Through detailed investigation, Trellix’s researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe.

**CyberPower’s PowerPanel Enterprise Vulnerabilities**

Trellix’s research identified four vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform:

1.  **CVE-2023-3264:** Use of Hard-coded Credentials
2.  **CVE-2023-3267:** OS Command Injection (Authenticated RCE)
3.  **CVE-2023-3266:** Improperly Implemented Security Check for Standard (Auth Bypass)
4.  **CVE-2023-3265:** Improper Neutralization of Escape, Meta, or Control Sequences (Auth Bypass)

These vulnerabilities, if exploited in tandem, could grant attackers full access to these systems. Such access could lead to substantial damage and potentially pave the way for broader network compromise.

**Dataprobe’s iBoot PDU Vulnerabilities**

Dataprobe’s iBoot Power Distribution Unit (PDU) also exhibited five critical vulnerabilities:

1.  **CVE-2023-3261:** Buffer Overflow (DOS)
2.  **CVE-2023-3262:** Use of Hard-coded Credentials
3.  **CVE-2023-3260:** OS Command Injection (Authenticated RCE)
4.  **CVE-2023-3259:** Deserialization of Untrusted Data (Auth Bypass)
5.  **CVE-2023-3263:** Authentication Bypass by Alternate Name (Auth Bypass)

The potential impact of these vulnerabilities is profound, encompassing scenarios such as power disruption, widespread malware deployment, and **digital espionage**.

**The Implications of Vulnerabilities**

The implications of these vulnerabilities are far-reaching. With data centers forming the backbone of critical services, the risks extend to both consumers and enterprises. The exploitation of such vulnerabilities could lead to the following outcomes:

*   **Power Off:** Attackers could disrupt operations across multiple data centers by cutting power to connected devices, causing extensive outages and financial losses.
*   **Malware at Scale:** Compromised data center equipment could serve as a launchpad for massive ransomware, DDoS, or wiper attacks, potentially surpassing infamous incidents like StuxNet and WannaCry.
*   **Digital Espionage:** Nation-state actors and advanced persistent threats (APTs) could exploit these vulnerabilities for cyberespionage, potentially exposing sensitive information to foreign governments.

It is worth noting that Trellix researchers presented their **findings** on August 12th at the Black Hat security conference in Las Vegas, United States.

Fortunately, these vulnerabilities were discovered before they could be exploited by threat actors, minimizing the risk of malicious exploitation. Nonetheless, data centers remain attractive targets for cybercriminals due to their extensive attack surface and potential for widespread impact.

**Strategies for Mitigation and Future Preparedness**

To address these vulnerabilities, both CyberPower and Dataprobe have promptly released fixes for their affected products. Trellix strongly advises affected customers to implement these patches immediately and adopt additional precautions:

1.  **Network Isolation:** Ensure that data center management platforms are reachable only within secure intranets, shielding them from wider internet exposure.
2.  **Remote Access Management:** Disable remote access to devices and platforms when not needed, reducing potential attack vectors.
3.  **Password Management:** Update passwords for user accounts associated with vulnerable systems and revoke any compromised credentials.
4.  **Regular Updates:** Stay vigilant by applying the latest software and firmware updates promptly to reduce exposure to future vulnerabilities.

**Conclusion**

Trellix’s Advanced Research Center’s findings underscore the critical role played by data centers in modern operations and the urgent need to fortify their defences. By collaborating with vendors, promptly addressing vulnerabilities, and embracing best practices, the digital ecosystem can continue to evolve securely, resiliently, and without compromise.

**RELATED ARTICLES**

1.  China attack National Data Center with watering hole attack
2.  Login Details of Tech Giants Leaked in Two Data Center Hacks
3.  Top sites affected after OVH data center catches disastrous fire
4.  NATO bunker’s dark web data center seized for hosting child porn
5.  BlackCat (ALPHV) Claims Ransomware Attack on NCR Data Center

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#git