ProLogin version 1.9 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : ProLogin V1.9 Insecure Direct Object Reference Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : https://codecanyon.net/item/pro-login-advanced-secure-php-user-management-system/12388905?s_rank=169               |  | # Dork      : "Login - ProLogin"                                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /index.php/user_settings[-] When you add value (user_settings) after the index.php/,     an error page appears At the same time, it shows you the panel & limited control .[+] http://127.0.0.1/support.ihorizon.sa/index.php/user_settingsGreetings to :=============================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*|===========================================================================================

ProLogin 1.9 Insecure Direct Object Reference

Piyanas version 0.1 suffers from a cross site request forgery vulnerability.

    ====================================================================================================================================| # Title     : Piyanas v0.1 User Login Page CSRF Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://www.piyanassystem.com/                                                                                      |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected file : /add_user.php[+] Use Payload : /admin/add_user.php[+]  http://127.0.0.1/piyanassystemcom/piyanasmember/admin/add_user.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Piyanas 0.1 Cross Site Request Forgery

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3215

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2023-3214

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3217

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3216

By Waqas
BreachForums is already online with a new domain, gaining attraction from members, authorities, and the cybersecurity community.
This is a post from HackRead.com Read the original post: BreachForums Returns Under the Control of ShinyHunters Hackers

The return of BreachForums was announced by Baphomet on Telegram, one of the administrators of the original forum.

BreachForums, the well-known cybercrime and hacking forum that was shut down months ago, has reemerged under new management. The notorious hacking group ShinyHunters has assumed control of the revived platform, raising alarm among cybersecurity experts and law enforcement agencies worldwide.

Confirmation of BreachForums’ return under the management of **ShinyHunters** came through Baphomet, one of the administrators of the original forum. Baphomet, who remains an active figure within the hacking community, announced the resurgence of BreachForums in a PGP-signed message, leaving no room for doubt about its authenticity.

_(Editor’s note: You have been warned – use the forum at your own risk.)_

Furthermore, a Telegram account using the alias ShinyHunters (@shinycorp) has emerged alongside Baphomet, taking charge of addressing the previous users of BreachForums. The account has already begun disseminating information and updates related to the forum’s operations, attracting attention from both potential members and concerned individuals.

Baphomet’s PGP-Signed message and ShinyHunters on Telegram (Hackread.com)

BreachForums, in its previous incarnation, served as a notorious hub for cybercriminals to exchange stolen data, discuss hacking techniques, and orchestrate illicit activities. The return of the forum, now under the auspices of ShinyHunters, has sent shockwaves through the cybersecurity community.

ShinyHunters, a hacking group infamous for their involvement in several high-profile data breaches, has consistently targeted organizations to steal sensitive information for monetary gain by **selling user data** on Clear and the dark web.

The resurgence of BreachForums under ShinyHunters’ control has raised concerns about the potential implications for global cybersecurity. Law enforcement agencies and cybersecurity experts fear an upswing in cyberattacks, data breaches, and the facilitation of illegal activities on the platform.

The reincarnation of BreachForums as posted by ShinyHunters (Image: Hackread.com)

As news of the forum’s return spreads, organizations and individuals are urged to remain vigilant regarding their online security. It is crucial to implement strong security measures, regularly update passwords, and exercise caution when sharing personal information or engaging in online discussions.

**What Happened to Old BreachForums?**

The original BreachForums emerged as an alternative to the **seized RaidForums** but was compelled to cease operations following the arrest of its owner, Conor Brian Fitzpatrick, also known as Pompompurin or Pom. Fitzpatrick, a 2021 graduate of Peekskill High School, was apprehended by the FBI.

Subsequently, the forum remained offline, prompting its members to convene in a Telegram group named “The Jacuzzi” to discuss the forum’s future. It is important to highlight that the FBI was unable to access the forum’s domain, preventing its seizure.

**About ShinyHunters**

ShinyHunters have gained prominence for their involvement in high-profile data breaches. They are known for targeting various organizations, including large corporations and popular websites.

ShinyHunters first gained attention in 2020 when they were linked to a series of data breaches, such as the **breaches of Tokopedia**, a popular Indonesian online marketplace, and **Microsoft’s GitHub repository**. In these incidents, they reportedly accessed and leaked millions of user records.

The group gained further notoriety by selling stolen data on underground hacking forums and dark web marketplaces. They typically target organizations with large user bases and sensitive data, including personally identifiable information (PII), login credentials, and financial details.

While the exact identity of ShinyHunters remains unknown, their activities and the scale of the breaches they have been associated with have raised concerns about cybersecurity and data protection.

**The Arrest and Extradition of Alleged ShinyHunters Member**

In June 2022, **Hackread.com reported** how authorities made an arrest at the Rabat international airport. The detainee was identified as Sébastien Raoult, a 21-year-old French citizen from Epinal City, France. Raoult is believed to be a member of the notorious hacking group known as ShinyHunters.

However, in January 2023, **reports emerged** stating that Raoult, also known by the alias Sezyo, had been extradited to the United States. He appeared in a Seattle federal court and pleaded not guilty to the charges against him.

Despite Raoult’s arrest, concerns persist regarding the resurgence of cyber threats associated with the ShinyHunters group. One significant cause for worry is the return of BreachForums, a platform previously exploited by the group to trade stolen data. This development poses a substantial cybersecurity threat to unsuspecting users and businesses.

In light of the past activities of ShinyHunters, organizations that have been targeted by this group must take immediate action to fortify their security systems. Strengthening security measures and implementing robust protocols are crucial steps to safeguard user data and prevent future attacks.

**RELATED ARTICLES**

1.  ShinyHunters Hack Google-funded delivery service Dunzo
2.  ShinyHunters selling 368m users records stolen from 26 firms
3.  ShinyHunters Hack Image stock site 123RF Leak 8.3m user data
4.  ShinyHunters leak database of Indian wedding site WedMeGood
5.  Raidforums Database Leak: Data of 460,000 Users Dumped Online

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

BreachForums Returns Under the Control of ShinyHunters Hackers

As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server

Tuesday, June 13, 2023 08:06

*   Google’s recent offering of the “.zip” top-level domain (TLD) has led security researchers and likely threat actors to register numerous domains for red teaming and phishing attacks, respectively, causing new challenges for organizations and cybersecurity professionals.
*   As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server.
*   Leaked filenames can be extremely valuable to advanced adversaries who may use this information in a variety of ways, including in lures masquerading as internal company documents and archives for social engineering and infecting targets.

**Top-level domains and file extensions**

As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain as a way of letting an audience know that a domain’s owner is “fast, efficient, and ready to move.” However, the move presents serious concern that domains using the “.zip” filename format could be confused with legitimate filenames, and vice versa, compounding the problem of users recognizing potential phishing attempts.

_Google Domains page_ _for the new “.zip” TLD showing prices to acquire a new domain._

In a very short period of time, the general availability of the “.zip” TLD has led to a suspiciously high volume of domains being registered that resemble a wide variety of internal company filenames. Owning and controlling these domains can benefit attackers by leaking filenames via automatic DNS resolutions or using these domains as launch points for potential exploits and malware artifacts. Cisco’s Umbrella telemetry and open-source research indicate that many of these domains may be used for malicious attacks in the future.

Aggregate data for new domains registered under the TLDs offered by Google since May 3, 2023, shows that “.zip” is the most popular extension by a large margin:

_Domaintools statistics_ _of new domains registered for each new TLD offered by Google since May 3, 2023, show the “.zip” TLD outpacing all others._

The significantly greater popularity of the “.zip” TLD is likely due to the fact that “.zip” is a common file format used in phishing attacks and malware delivery. Security researchers have already highlighted several recently registered “.zip” TLDs with domain names commonly used in phishing attacks:

_A_ _list of domains_ _likely registered by security researchers or possible threat actors, likely with the intention to use as phishing domains._

_Security research group VX-Underground_ _showing an example_ _of a domain that can be used for phishing._

**How URLs based on filenames can leak information**

Talos assesses that domains employing “.zip” and similar TLDs increase the likelihood of sensitive information disclosures through unintended DNS queries or web requests. With the availability of the new “.zip” TLDs, messaging applications like Telegram or internet browsers began reading strings ending in “.zip” as URLs and automatically hyperlinking them. This is especially problematic in chat applications, which sometimes trigger a DNS or web request to show a thumbnail of the linked page. For example, the following chat application changed what was meant to be the name of a file “update\[.\]exe\[.\]zip” to a hyperlink pointing to the URL “https\[://\]update.exe\[.\]zip”:

_Chat application changing a filename to a URL._

In this case, even mentioning a valid filename in a chat could trigger a DNS lookup and leak internal filenames to whoever controls that domain’s DNS server. In other cases, if the user searches for a “.zip” file that doesn’t exist in Windows Explorer, the application will search online for the file and may reach the domain instead.

_Researcher_ _disclosing an issue with Windows Explorer_ _opening “.zip” files as a URL._

In an information leak scenario, a malicious user in control of a “.zip” domain’s DNS server filters requests by the network of the companies they’re targeting and collects internal filenames, providing possible leverage during an actual attack. MITRE even describes some of these activities in the ATT&CK Framework as part of the Reconnaissance Tactics, like T1589 and T1591, which describe techniques to gather information about a target user and the corporation itself.

**Observations in the wild**

When Google announced its offering in early May 2023, Talos began monitoring telemetry data for occurrences of “.zip” usage in URLs. We observed a wealth of filenames being queried against various “.zip” domain names containing all kinds of information. For example, Cisco Umbrella DNS data reveals many filenames that could indicate phishing attempts, like the domain “secure-access-4a907q5xsg5q5354\[.\]fbmsg\[.\]xyz\[.\]zip”, as well as many file names similar to the ones used in malware campaigns (e.g., “report\_<random\_numbers>\[.\]pdf\[.\]zip”).

_Snippet of Cisco Umbrella DNS data showing queries for “.zip” domains in a 24-hour period._

Our data shows occurrences of real filename resolutions containing potentially internal and sensitive information, such as project names, personally identifiable information (PII), geography and order or contract names and numbers – basically anything that can be used in an effective lure by threat actors in a future attack, judging from DNS query data.

Filename

Possible information leaked 

Expressvpn\_windows\_12.49.0.4\_release.\*\*\*.zip

Old versions of applications in use inside the corporate network

Hsbc\_tradinghub\_equity\_orders\_20230511.\*\*\*.zip

Potential business relationships

Sx\_corporateaction\_id000xxxxxxx\_0.\*\*\*.zip

Employee/User ID

Djsb\_labour\_market\_data\_-\_employment\_data\_summary\_sa4\_2018.\*\*\*.zip

Corporate information

fitbitcofceva\_000xxxxxxx\_20230303\_xxxxxxxxxx.\*\*\*.zip

Personal user identification information

Examples of filenames found in DNS query data. Some information has been obfuscated to avoid showing potential identifying information.

**What users can do**

Many cybersecurity professionals currently recommend that companies completely block “.zip” domains at their firewalls. Although this tactic may be currently sufficient since the usage of the “.zip” TLD is not yet widespread, that may not be the case in the future. As more companies begin adopting “.zip” domains, blocking an entire TLD would not be feasible. In any case, SOC operators will need to be aware of the risks of information leaks and phishing attempts using these domains and will have to adapt their tools to monitor for such events.

Umbrella, Cisco's secure internet gateway (SIG), blocks users from connecting to malicious domains, IPs and URLs, whether users are on or off the corporate network. Sign up for a free trial of Umbrella here. Cisco’s Umbrella customers may use wildcards in destination lists to block the “.zip” TLD and open specific domains on a case-by-case situation depending on their users' needs. More information about this can be found in Umbrella documentation.

Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.  
The following Snort SIDs are applicable to this threat: **61861 - 61864.**

".Zip" top-level domains draw potential for information leaks

Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent.

**使用方法**

下記ボタンから新規会員登録をおこなうことで、無料アカウントを発行できます。  
パソコンからブラウザにアクセスすることで、Chatworkをご利用いただけます。

**動作推奨ブラウザ**

*   Google Chrome
*   Firefox
*   Safari
*   Microsoft Edge（Chromiumベース）

最新バージョンをご使用ください。  
（詳しい動作環境はヘルプページをご覧ください。）

※Internet Explorerは2021/09/22（水）にサポート終了しました。詳しくはヘルプページをご確認ください。

※スマホ・タブレットからご利用したいユーザーは、モバイル版Chatworkアプリをご使用ください。

**Chatworkアプリのご紹介**

**デスクトップ版アプリ（Windows/Mac）**

デスクトップ版アプリでは、一度に複数のChatworkアカウントにログインすることができ、GmailやSkypeなど他社のコミュニケーションサービスも1ヶ所にまとめて利用できます。

*   **Windows**
    
    Windows 10 以上
    
     
*   **Mac**
    
    OS X 10.13 (High Sierra) 以上
    

※macOS 版は Intel プロセッサおよび Apple プロセッサ (Apple M1 チップ) を搭載した Mac をサポートしています。

**Chatworkアプリのご紹介****モバイル版アプリ（iOS/Android）**

モバイル版アプリをインストールすることで、お手持ちのスマホ・タブレットから快適にChatworkを閲覧・操作することができます。

動作保証環境については各アプリストアのページをご参照ください。

 

※ スマートフォン以外の携帯電話（フィーチャーフォン）は、現在対応しておりません。

CVE-2023-32546: ダウンロード | ビジネスチャットならChatwork

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.

Tag

#google