By using data to drive policy underwriting, cyber-insurance companies can offer coverage without a price tag that drives customers away.

A flood or fire might have devastated a business in the mid-1990s when offices were filled with filing cabinets and paper records. Today, most of those assets are in the cloud, and business insurance must cover them in modern form. 

Cyber insurance should be a priority in this business landscape, yet too often it is an outlier. There is no other insurance product where so few have coverage but so many need it.

According to Fortune Business Insights, the global cyber-insurance market was $13.33 billion in 2022 and is forecast to grow to $84.62 billion by 2030. Many companies aren't sure how much cyber insurance they need, and, more critically, insurers aren't sure what the risk landscape looks like for an individual company that seeks coverage. 

This risk miscalculation has spurred huge losses and changed the landscape of the cyber-insurance market. In its latest report, the National Association of Insurance Commissioners (NAIC) shows the top 20 groups reporting on cyber supplements had direct loss ratios of up to 130.6%.

Insurance coverage isn't necessarily hard to obtain — a company with a mature security posture can likely get multiple quotes without a problem. However, specific sectors with historically poor security postures, like education, or highly targeted sectors, like software developers, may have a more challenging time. 

Let's look at how the market has changed and where it's heading.

**How the Market Hardened**

The cyber-insurance market has rapidly transitioned from a soft cycle, characterized by lower premiums and higher limits, to a hard cycle. This shift resulted in insurance premiums skyrocketing.

Some businesses have been surprised when their policies increased dramatically despite nothing changing on their end. But most insurance companies saw more demand than supply, and risk increased as more claims were filed. According to Verizon's "2023 Data Breach Investigations Report," ransomware accounted for roughly 5% of breaches in 2020 and soared to 24% in 2022 and 2023. Insurers raised rates accordingly.

Those rates finally dipped by 10% in June, partly because insurance companies mandated their customers implement better protections. Insurance companies must excel in risk management to offer competitive rates. This enables the insurer to accept risk and ensure prices don't have to jump to a point that makes the company noncompetitive. 

**Where SMBs Fit In**

When the market began less than a decade ago, only big businesses were looking for coverage. Underwriters want balanced books, with a few large risks and many smaller ones, but the market demanded half of that. Industrial-sized companies sought coverage, while small and midsized businesses (SMBs) were on the sidelines. 

Large tech companies had risk-management processes at the board level requiring them to seek cyber insurance. SMBs didn't know their threats, and their risks weren't considered imminent. The dynamic shifted when the threat landscape changed, and cyber insurance became more commercialized with offerings that made sense to SMBs. According to NetDiligence's 2022 Cyber Claims Study, large companies represented only 2% of cyber claims from 2017-2021, but those claims accounted for 51% of total incident costs. 

These days, large businesses require their smaller partners to carry cyber insurance, and brokers can be sued for negligence if they don't offer it to their clients. Some brokers have clients sign a waiver if they don't buy the policy, saying they at least offered it.

With these forces pushing the market, we're seeing more and more small businesses turning to cyber insurance.

**Where Things Are Going**

When insurance companies have limited capacity, they choose customers with lower risk. Low-risk companies take measures to minimize their exposure. Traditionally, it's been hard to prove where those exposures are, let alone if they've been mitigated. 

Technology is changing this. Companies now have better ways to understand where to harden their security posture, and insurance companies have new methods to determine how risky their potential client is. 

This data empowers underwriters to mitigate risk that would impact policies and offers mitigation strategies for companies seeking coverage. These efforts promote a hardened security posture, which means lower risk for insurance companies so that they can offer competitively priced premiums. This eventually translates into lower loss ratios and higher profitability for the whole industry. That in turn enables more affordable rates for businesses. 

In less than a decade, cyber insurance has grown from a niche product to a multibillion-dollar industry. By using data to drive policy underwriting, cyber-insurance companies can offer the coverage so many want without a price tag that will drive them away.

How Data Changes the Cyber-Insurance Market Outlook

By Waqas
If you've downloaded a rocket alert app from a third-party source, ensure it's spyware-free and delete it from your device.
This is a post from HackRead.com Read the original post: Hackers Target Israeli Rocket Alert App Users with Spyware

While the identity of the culprits behind this spyware campaign remains uncertain, their tactics closely resemble those used by pro-Palestinian hackers, such as AnonGhost.

On October 9th, 2023, **Hackread.com reported** on the infiltration by pro-Palestinian hackers associated with AnonGhost into the Red Alert app, an Israeli application designed by Kobi Snir exclusively for delivering missile and rocket alerts to the Israeli population. Seizing this opportunity, AnonGhost maliciously disseminated fabricated rocket, missile, and even nuclear bomb alerts to Israelis.

Now, Cloudflare’s Cloudforce One Threat Operations Team has uncovered a similar incident, this time targeting a different rocket alert app. The researchers identified a malicious website (redalertsme) hosting a Google Android Application (APK) impersonating the legitimate RedAlert – Rocket Alerts application originally created by Elad Nava. The motive behind this malicious website was to infect unsuspecting Israeli app users with spyware.

Rocket alert apps have gained immense popularity in Israel, providing crucial alerts to citizens about incoming air strikes, which have sadly become an all too common occurrence. The misuse of these applications, as witnessed in the recent hack, has the potential to create widespread panic and further escalate an already tense situation.

According to a **blog post** by Cloudflare, the malicious domain in question offered both iOS and Android versions of the mobile application. However, while the link for the iOS version directed users to the legitimate App Store page, the Android version was a manipulated variant.

Screenshot of the malicious website (Cloudflare)

The malicious application, while retaining elements of the original code, had been equipped with the capability to collect sensitive user data. This included access to contacts, call logs, text messages, account information, SIM card details, and a list of installed applications on the victim’s device.

To make matters worse, the malicious app operated stealthily in the background, continuously harvesting data from the compromised device. The stolen information was then sent to a remote server.

Although the data was encrypted, the use of RSA encryption with a bundled public key within the app made it theoretically possible for anyone intercepting the data packets to decrypt the information.

The website hosting the spyware-infested version of RedAlert has since been taken down. However, users who may have unwittingly installed this malicious application remain at risk. They are advised to take immediate action to cleanse their devices of the spyware.

To determine whether their devices have been compromised, users are urged to check the permissions that the app has requested. Suspicious permissions include access to call logs, contacts, phone features, and SMS capabilities. These indicators should be taken seriously to ensure the security of their devices and personal information.

While malicious **AI chatbots like WormGPT and FraudGPT** assist malicious actors in generating novel ideas with user-friendly technology, traditional cyber warfare tactics, such as hackvisits, persist. Presently, both pro-Palestinian and Israeli hackvisits **are focusing on** each other’s critical ICS products.

As hackers continuously innovate, it is crucial for users to remain vigilant and informed about safeguarding themselves from the ever-evolving landscape of cyber threats.

****_RELATED ARTICLES_****

1.  Israel’s Channel 10 TV Station Hacked by Hamas
2.  Hamas hacked the smartphones of over 100 IDF soldiers
3.  Hamas posed as women to con IDF into downloading malware
4.  Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack
5.  Hamas hacked phones of IDF soldiers with seductive phones of women

Hackers Target Israeli Rocket Alert App Users with Spyware

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.2 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

Hello,

When using Healer to fuzz the Linux kernel, the following crash  
was triggered on:

HEAD commit: fdf0eaf11452d72945af31804e2a1048ee1b574c (tag: v6.5-rc2)

git tree: upstream

I tried to reproduce this bug on v6.5-rc3(HEAD commit:  
6eaae198076080886b9e7d57f4ae06fa782f90ef), it still exists.

console output:  
https://drive.google.com/file/d/1Lq71bFwtEDix82PEf\_193CLG6uh1Pjj9/view?usp=drive\_link  
kernel config: https://drive.google.com/file/d/1dApy7OR4KDYdhF96ZUowZQ1r-uLYTd-0/view?usp=drive\_link  
C reproducer: https://drive.google.com/file/d/1Dkj31wwYP7p-AEJeemD3yrIUr7-VdBqF/view?usp=drive\_link  
Syzlang reproducer:  
https://drive.google.com/file/d/1ib6zTs4srKI1RnUcHG3mSZ5HeW7rZhnd/view?usp=drive\_link

If you fix this issue, please add the following tag to the commit:  
Reported-by: Yikebaer Aizezi <yikebaer61@gmail.com>

WARNING: CPU: 0 PID: 10232 at mm/gup.c:229 try\_grab\_page+0x2dd/0x3a0  
mm/gup.c:229  
Modules linked in:  
CPU: 0 PID: 10232 Comm: syz-executor Tainted: G B 6.5.0-rc2 #1  
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS  
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014  
RIP: 0010:try\_grab\_page+0x2dd/0x3a0 mm/gup.c:229  
Code: ff be 04 00 00 00 4c 89 e7 e8 cf fa 13 00 f0 41 ff 04 24 e8 65  
96 cb ff 45 31 e4 5b 44 89 e0 5d 41 5c 41 5d c3 e8 53 96 cb ff <0f> 0b  
e8 4c 96 cb ff 41 bc f4 ff ff ff 5b 44 89 e0 5d 41 5c 41 5d  
RSP: 0018:ffffc9000e99f268 EFLAGS: 00010202  
RAX: 0000000000002f80 RBX: ffffea00003ae340 RCX: ffffc90002d79000  
RDX: 0000000000040000 RSI: ffffffff81ad81ed RDI: ffffea00003ae374  
RBP: ffffea00003ae340 R08: 0000000000000000 R09: fffff94000075c6e  
R10: ffffea00003ae377 R11: 0000000000000000 R12: ffffea00003ae374  
R13: 0000000000210052 R14: ffffea00003ae340 R15: 000000000eb8d225  
FS: 00007fc6339a4640(0000) GS:ffff888063e00000(0000) knlGS:0000000000000000  
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033  
CR2: 0000000000000000 CR3: 000000002c3ea000 CR4: 0000000000752ef0  
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  
PKRU: 55555554  
Call Trace:  
<TASK>  
follow\_page\_pte+0x18c/0x1610 mm/gup.c:651  
follow\_pmd\_mask mm/gup.c:727 \[inline\]  
follow\_pud\_mask mm/gup.c:765 \[inline\]  
follow\_p4d\_mask mm/gup.c:782 \[inline\]  
follow\_page\_mask+0x2e4/0xbd0 mm/gup.c:839  
\_\_get\_user\_pages+0x3fa/0xcf0 mm/gup.c:1256  
\_\_get\_user\_pages\_locked mm/gup.c:1487 \[inline\]  
get\_user\_pages\_unlocked+0x183/0x580 mm/gup.c:2387  
hva\_to\_pfn\_slow arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2536 \[inline\]  
hva\_to\_pfn+0x198/0xbc0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2674  
\_\_gfn\_to\_pfn\_memslot+0x202/0x3e0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2736  
\_\_kvm\_faultin\_pfn arch/x86/kvm/mmu/mmu.c:4329 \[inline\]  
kvm\_faultin\_pfn+0x21b/0x12d0 arch/x86/kvm/mmu/mmu.c:4365  
kvm\_tdp\_mmu\_page\_fault arch/x86/kvm/mmu/mmu.c:4503 \[inline\]  
kvm\_tdp\_page\_fault+0x167/0x4d0 arch/x86/kvm/mmu/mmu.c:4549  
kvm\_mmu\_do\_page\_fault arch/x86/kvm/mmu/mmu\_internal.h:320 \[inline\]  
kvm\_mmu\_page\_fault+0x2f4/0x1a40 arch/x86/kvm/mmu/mmu.c:5756  
handle\_ept\_violation+0x20a/0x620 arch/x86/kvm/vmx/vmx.c:5760  
\_\_vmx\_handle\_exit arch/x86/kvm/vmx/vmx.c:6539 \[inline\]  
vmx\_handle\_exit+0x4a1/0x18d0 arch/x86/kvm/vmx/vmx.c:6556  
vcpu\_enter\_guest arch/x86/kvm/x86.c:10848 \[inline\]  
vcpu\_run+0x24b6/0x44b0 arch/x86/kvm/x86.c:10951  
kvm\_arch\_vcpu\_ioctl\_run+0x416/0x1830 arch/x86/kvm/x86.c:11172  
kvm\_vcpu\_ioctl+0x4de/0xcc0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:4112  
vfs\_ioctl fs/ioctl.c:51 \[inline\]  
\_\_do\_sys\_ioctl fs/ioctl.c:870 \[inline\]  
\_\_se\_sys\_ioctl fs/ioctl.c:856 \[inline\]  
\_\_x64\_sys\_ioctl+0x173/0x1e0 fs/ioctl.c:856  
do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]  
do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80  
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd  
RIP: 0033:0x47959d  
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48  
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d  
01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48  
RSP: 002b:00007fc6339a4068 EFLAGS: 00000246 ORIG\_RAX: 0000000000000010  
RAX: ffffffffffffffda RBX: 000000000059c0a0 RCX: 000000000047959d  
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006  
RBP: 000000000059c0a0 R08: 0000000000000000 R09: 0000000000000000  
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000059c0ac  
R13: 000000000000000b R14: 0000000000437250 R15: 00007fc633984000  
</TASK>

Modules linked in:  
CPU: 0 PID: 10232 Comm: syz-executor Tainted: G B 6.5.0-rc2 #1  
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS  
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014  
RIP: 0010:try\_grab\_page+0x2dd/0x3a0 mm/gup.c:229  
Code: ff be 04 00 00 00 4c 89 e7 e8 cf fa 13 00 f0 41 ff 04 24 e8 65  
96 cb ff 45 31 e4 5b 44 89 e0 5d 41 5c 41 5d c3 e8 53 96 cb ff <0f> 0b  
e8 4c 96 cb ff 41 bc f4 ff ff ff 5b 44 89 e0 5d 41 5c 41 5d  
RSP: 0018:ffffc9000e99f268 EFLAGS: 00010202  
RAX: 0000000000002f80 RBX: ffffea00003ae340 RCX: ffffc90002d79000  
RDX: 0000000000040000 RSI: ffffffff81ad81ed RDI: ffffea00003ae374  
RBP: ffffea00003ae340 R08: 0000000000000000 R09: fffff94000075c6e  
R10: ffffea00003ae377 R11: 0000000000000000 R12: ffffea00003ae374  
R13: 0000000000210052 R14: ffffea00003ae340 R15: 000000000eb8d225  
FS: 00007fc6339a4640(0000) GS:ffff888063e00000(0000) knlGS:0000000000000000  
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033  
CR2: 0000000000000000 CR3: 000000002c3ea000 CR4: 0000000000752ef0  
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000  
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400  
PKRU: 55555554  
Call Trace:  
<TASK>  
follow\_page\_pte+0x18c/0x1610 mm/gup.c:651  
follow\_pmd\_mask mm/gup.c:727 \[inline\]  
follow\_pud\_mask mm/gup.c:765 \[inline\]  
follow\_p4d\_mask mm/gup.c:782 \[inline\]  
follow\_page\_mask+0x2e4/0xbd0 mm/gup.c:839  
\_\_get\_user\_pages+0x3fa/0xcf0 mm/gup.c:1256  
\_\_get\_user\_pages\_locked mm/gup.c:1487 \[inline\]  
get\_user\_pages\_unlocked+0x183/0x580 mm/gup.c:2387  
hva\_to\_pfn\_slow arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2536 \[inline\]  
hva\_to\_pfn+0x198/0xbc0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2674  
\_\_gfn\_to\_pfn\_memslot+0x202/0x3e0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2736  
\_\_kvm\_faultin\_pfn arch/x86/kvm/mmu/mmu.c:4329 \[inline\]  
kvm\_faultin\_pfn+0x21b/0x12d0 arch/x86/kvm/mmu/mmu.c:4365  
kvm\_tdp\_mmu\_page\_fault arch/x86/kvm/mmu/mmu.c:4503 \[inline\]  
kvm\_tdp\_page\_fault+0x167/0x4d0 arch/x86/kvm/mmu/mmu.c:4549  
kvm\_mmu\_do\_page\_fault arch/x86/kvm/mmu/mmu\_internal.h:320 \[inline\]  
kvm\_mmu\_page\_fault+0x2f4/0x1a40 arch/x86/kvm/mmu/mmu.c:5756  
handle\_ept\_violation+0x20a/0x620 arch/x86/kvm/vmx/vmx.c:5760  
\_\_vmx\_handle\_exit arch/x86/kvm/vmx/vmx.c:6539 \[inline\]  
vmx\_handle\_exit+0x4a1/0x18d0 arch/x86/kvm/vmx/vmx.c:6556  
vcpu\_enter\_guest arch/x86/kvm/x86.c:10848 \[inline\]  
vcpu\_run+0x24b6/0x44b0 arch/x86/kvm/x86.c:10951  
kvm\_arch\_vcpu\_ioctl\_run+0x416/0x1830 arch/x86/kvm/x86.c:11172  
kvm\_vcpu\_ioctl+0x4de/0xcc0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:4112  
vfs\_ioctl fs/ioctl.c:51 \[inline\]  
\_\_do\_sys\_ioctl fs/ioctl.c:870 \[inline\]  
\_\_se\_sys\_ioctl fs/ioctl.c:856 \[inline\]  
\_\_x64\_sys\_ioctl+0x173/0x1e0 fs/ioctl.c:856  
do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]  
do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80  
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd  
RIP: 0033:0x47959d  
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48  
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d  
01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48  
RSP: 002b:00007fc6339a4068 EFLAGS: 00000246 ORIG\_RAX: 0000000000000010  
RAX: ffffffffffffffda RBX: 000000000059c0a0 RCX: 000000000047959d  
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006  
RBP: 000000000059c0a0 R08: 0000000000000000 R09: 0000000000000000  
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000059c0ac  
R13: 000000000000000b R14: 0000000000437250 R15: 00007fc633984000  
</TASK>  
Kernel panic - not syncing: kernel: panic\_on\_warn set ...  
CPU: 0 PID: 10232 Comm: syz-executor Tainted: G B 6.5.0-rc2 #1  
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS  
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014  
Call Trace:  
<TASK>  
\_\_dump\_stack lib/dump\_stack.c:88 \[inline\]  
dump\_stack\_lvl+0x92/0xf0 lib/dump\_stack.c:106  
panic+0x570/0x620 kernel/panic.c:340  
check\_panic\_on\_warn+0x8e/0x90 kernel/panic.c:236  
\_\_warn+0xee/0x340 kernel/panic.c:673  
\_\_report\_bug lib/bug.c:199 \[inline\]  
report\_bug+0x25d/0x460 lib/bug.c:219  
handle\_bug+0x3c/0x70 arch/x86/kernel/traps.c:324  
exc\_invalid\_op+0x14/0x40 arch/x86/kernel/traps.c:345  
asm\_exc\_invalid\_op+0x16/0x20 arch/x86/include/asm/idtentry.h:568  
RIP: 0010:try\_grab\_page+0x2dd/0x3a0 mm/gup.c:229  
Code: ff be 04 00 00 00 4c 89 e7 e8 cf fa 13 00 f0 41 ff 04 24 e8 65  
96 cb ff 45 31 e4 5b 44 89 e0 5d 41 5c 41 5d c3 e8 53 96 cb ff <0f> 0b  
e8 4c 96 cb ff 41 bc f4 ff ff ff 5b 44 89 e0 5d 41 5c 41 5d  
RSP: 0018:ffffc9000e99f268 EFLAGS: 00010202  
RAX: 0000000000002f80 RBX: ffffea00003ae340 RCX: ffffc90002d79000  
RDX: 0000000000040000 RSI: ffffffff81ad81ed RDI: ffffea00003ae374  
RBP: ffffea00003ae340 R08: 0000000000000000 R09: fffff94000075c6e  
R10: ffffea00003ae377 R11: 0000000000000000 R12: ffffea00003ae374  
R13: 0000000000210052 R14: ffffea00003ae340 R15: 000000000eb8d225  
follow\_page\_pte+0x18c/0x1610 mm/gup.c:651  
follow\_pmd\_mask mm/gup.c:727 \[inline\]  
follow\_pud\_mask mm/gup.c:765 \[inline\]  
follow\_p4d\_mask mm/gup.c:782 \[inline\]  
follow\_page\_mask+0x2e4/0xbd0 mm/gup.c:839  
\_\_get\_user\_pages+0x3fa/0xcf0 mm/gup.c:1256  
\_\_get\_user\_pages\_locked mm/gup.c:1487 \[inline\]  
get\_user\_pages\_unlocked+0x183/0x580 mm/gup.c:2387  
hva\_to\_pfn\_slow arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2536 \[inline\]  
hva\_to\_pfn+0x198/0xbc0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2674  
\_\_gfn\_to\_pfn\_memslot+0x202/0x3e0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:2736  
\_\_kvm\_faultin\_pfn arch/x86/kvm/mmu/mmu.c:4329 \[inline\]  
kvm\_faultin\_pfn+0x21b/0x12d0 arch/x86/kvm/mmu/mmu.c:4365  
kvm\_tdp\_mmu\_page\_fault arch/x86/kvm/mmu/mmu.c:4503 \[inline\]  
kvm\_tdp\_page\_fault+0x167/0x4d0 arch/x86/kvm/mmu/mmu.c:4549  
kvm\_mmu\_do\_page\_fault arch/x86/kvm/mmu/mmu\_internal.h:320 \[inline\]  
kvm\_mmu\_page\_fault+0x2f4/0x1a40 arch/x86/kvm/mmu/mmu.c:5756  
handle\_ept\_violation+0x20a/0x620 arch/x86/kvm/vmx/vmx.c:5760  
\_\_vmx\_handle\_exit arch/x86/kvm/vmx/vmx.c:6539 \[inline\]  
vmx\_handle\_exit+0x4a1/0x18d0 arch/x86/kvm/vmx/vmx.c:6556  
vcpu\_enter\_guest arch/x86/kvm/x86.c:10848 \[inline\]  
vcpu\_run+0x24b6/0x44b0 arch/x86/kvm/x86.c:10951  
kvm\_arch\_vcpu\_ioctl\_run+0x416/0x1830 arch/x86/kvm/x86.c:11172  
kvm\_vcpu\_ioctl+0x4de/0xcc0 arch/x86/kvm/../../../virt/kvm/kvm\_main.c:4112  
vfs\_ioctl fs/ioctl.c:51 \[inline\]  
\_\_do\_sys\_ioctl fs/ioctl.c:870 \[inline\]  
\_\_se\_sys\_ioctl fs/ioctl.c:856 \[inline\]  
\_\_x64\_sys\_ioctl+0x173/0x1e0 fs/ioctl.c:856  
do\_syscall\_x64 arch/x86/entry/common.c:50 \[inline\]  
do\_syscall\_64+0x35/0xb0 arch/x86/entry/common.c:80  
entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd  
RIP: 0033:0x47959d  
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48  
89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d  
01 f0 ff ff 73 01 c3 48 c7 c1 b4 ff ff ff f7 d8 64 89 01 48  
RSP: 002b:00007fc6339a4068 EFLAGS: 00000246 ORIG\_RAX: 0000000000000010  
RAX: ffffffffffffffda RBX: 000000000059c0a0 RCX: 000000000047959d  
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006  
RBP: 000000000059c0a0 R08: 0000000000000000 R09: 0000000000000000  
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000059c0ac  
R13: 000000000000000b R14: 0000000000437250 R15: 00007fc633984000  
</TASK>  
Dumping ftrace buffer:  
(ftrace buffer empty)  
Kernel Offset: disabled  
Rebooting in 1 seconds..

CVE-2023-40791: LKML: Yikebaer Aizezi: WARNING in try_grab_page

Categories: News
A list of topics we covered in the week of October 9 to October 15 of 2023



(Read more...)




The post A week in security (October 9 - October 15) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

For Personal

Windows Antivirus

Mac Antivirus

Android Antivirus

Free Antivirus

VPN App (All Devices)

Malwarebytes for iOS

See all

Company

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Rootkit Scanner

Trojan Scanner

Virus Scanner

Spyware Scanner  

Password Generator

Anti Ransomware Protection

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (October 9 - October 15)

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security.
"The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include

Authentication / Endpoint Security

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security.

"The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos."

IAKerb enables clients to authenticate with Kerberos across a diverse range of network topologies. The second feature, a local Key Distribution Center (KDC) for Kerberos, extends Kerberos support to local accounts.

First introduced in the 1990s, NTLM is a suite of security protocols intended to provide authentication, integrity, and confidentiality to users. It is a single sign-on (SSO) tool that relies on a challenge-response protocol that proves to a server or domain controller that a user knows the password associated with an account.

It has since been supplanted by another authentication protocol called Kerberos since the release of Windows 2000, although NTLM continues to be used as a fallback mechanism.

"The main difference between NTLM and Kerberos is in how the two protocols manage authentication. NTLM relies on a three-way handshake between the client and server to authenticate a user," CrowdStrike notes. "Kerberos uses a two-part process that leverages a ticket granting service or key distribution center."

Another crucial distinction is that while NTLM relies on password hashing, Kerberos leverages encryption.

Besides NTLM's inherent security weaknesses, the technology has been rendered vulnerable to relay attacks, potentially allowing bad actors to intercept authentication attempts and gain unauthorized access to network resources.

Microsoft said it's also working on addressing hard-coded NTLM instances in its components in preparation for the shift to ultimately disable NTLM in Windows 11, adding it's making improvements that encourage the use of Kerberos instead of NTLM.

"All these changes will be enabled by default and will not require configuration for most scenarios," Matthew Palko, Microsoft's senior product management lead in Enterprise and Security, said. "NTLM will continue to be available as a fallback to maintain existing compatibility."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.

In its recent Security and Exchange Commission (SEC) filing, Progress Software, the company behind the MOVEit file transfer software that's been used to breach dozens of major organizations, says it plans to try and fully collect on its $15 million cyber insurance policy. But how is that fat $15 million payout likely to effect how insurers approach their own businesses?

Faced with class action lawsuits, fines, and a battered business brand, there's little question the company will need millions to cover its losses. And to boot, Progress Software was already collecting on a claim related to a previous incident in November 2022, unrelated to the MOVEit ransomware campaign, according to its most recent 10-Q filing with the SEC.

"As of August 31, 2023, we have recorded approximately $4.9 million in insurance recoveries, of which $3 million was related to the November 2022 cyber incident and $1.9 million was related to the MOVEit vulnerability, providing us with $10.1 million of additional cybersecurity insurance coverage (which is subject to a $0.5 million retention per claim). We will pursue recoveries to the maximum extent available under our insurance policies."

**Higher Premiums, Less Coverage**

Cyber insurers don't have the historical data or developed risk models that others do, like car or home insurers, which means they are constantly adjusting their "risk appetite," according to Mark Millender, senior advisor for global executive engagement at Tanium. He thinks payouts like the one Progress Software is seeking will both drive up premiums and ratchet up requirements for coverage across the cyber insurance ecosystem.

"As loss ratios increase and drive down profitability, risk tolerance recedes and the need to drive up revenues is reflected in premium charges," Millender says.

And, getting policies renewed in the wake of this Progress Software claim, and others, is going to get trickier, he predicts.

"At the same time, the insured submitting the claim will be under increased scrutiny at the time of renewal," according to Millender. "The insured's ability to renew with the same or another carrier will depend on many factors, including this claim experience, but also general cybersecurity defense posture and how the incident was addressed."

Cyber insurance policies are undoubtedly already getting more expensive and providing less coverage than before: Two-thirds of companies surveyed for a report from Delinea on the current state of the cyber insurance industry said they saw a 50% increase in cyber insurance premiums, with more narrow coverage over the past year. And, a full 80% of companies reported they submitted at least one claim in the past year.

"Three key factors are driving the growth of the cyber insurance market," Bud Broomhead, CEO at Viakoo says. "This includes the expanding liabilities from cyber breaches, boards and senior management holding more responsibility for breaches, and the 'forcing function' that cyber insurance provides to maintain their cyber security posture."

Broomhead adds that as the cyber insurance market matures, these factors will change, but the bottom-line result is likely to be a continuing trend towards more expensive policies with less coverage. But as cyber insurers refine their risk evaluations, premiums should stabilize, he adds.

**Cyber Insurers Communicating With Security Teams**

Cyber insurers are taking a closer look at the risk profiles of their clients, a trend that will be driven to new heights by the Progress situation. One of the outcomes of this increased scrutiny has been greater cooperation between cyber insurers and their policy holders, Dara Gibson, cyber insurance services leader with Optiv, explains.

"Cyber insurers are now communicating with cybersecurity teams," Gibson says. "It's going to become more of a collaborative effort between the insurers, cybersecurity and the insured because a greater understanding of what 'good' looks like is taking shape."

It's up to enterprise teams to do the same kinds of assessments, Broomhead advises.

"Risk assessment and cyber insurance will always be evolving in the same way that threat vectors themselves evolve," Broomhead says. "The most important thing is for an organization to do its own risk assessment and ensure that their internal policies address their entire attack surface."

How MOVEit Is Likely to Shift Cyber Insurance Calculus

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.

Severity

High

HP Reference

HPSBHF03873 Rev. 1

Release date

October 13, 2023

Last updated

October 13, 2023

Category

PC

Potential Security Impact

Escalation of Privilege, Arbitrary Code Execution, and Denial of Service

**Summary**

For HP t430 and t638 Thin Clients PCs manufactured before July 2023, a private firmware key has been disclosed, potentially allowing an untrusted source to tamper with system firmware. HP has not identified any active exploits related to this vulnerability, which requires physical access to the system.

HP t430 and t638 Thin Client BIOS images are signed with undisclosed HP-unique keys protected by a Hardware Security Module. This BIOS image key provides additional protections that maintain integrity for BIOS updates and normal system usage.

**Relevant Common Vulnerabilities and Exposures (CVE) List**

Reported by Binarly REsearch Team

List of CVE IDs   

CVE ID

CVS 3.0

Vector

CVE-2023-5409

7.3

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Learn more about CVSS 3.0 base metrics, which range from 0 to 10.

PSR-2023-0087

**Resolution**

HP recommends that customers implement these recommendations to mitigate their exposure to the identified vulnerability.

*   **Limit Physical Access to Devices**: Customers should limit physical access to their devices as a precautionary measure.
    
*   **Update BIOS Using Firmware from HP**: Customers should only update devices with firmware provided directly from HP or its website.
    
*   **Enable BIOS Admin/Setup Password**: As a standard practice, HP recommends that all customers create a primary Admin account and password for each affected device. This will help protect against unintended access to the BIOS.
    
*   **Disable USB Ports During Boot Process**: Customers should disable the USB Storage Boot BIOS setting to prevent unauthorized users from booting to and installing malicious software. This can be disabled manually in the BIOS startup menu; via running a script in HP Device Manager or another endpoint management software; or via custom BIOS firmware updates.
    

Newer versions may become available, and the minimum versions listed below may become obsolete.  If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.

HP recommends keeping your system up to date with the latest firmware and software.

Note:

This bulletin may be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive:

*   Product support eAlerts
    
*   Driver updates
    
*   Security Bulletin updates
    

**Affected products**

Identify the affected products.

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial Release

October 13, 2023

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2023 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2023-5409: HP t430 and t638 Thin Clients - Firmware Tampering Vulnerability

Apple, Google, and Microsoft are promoting passkeys as a solution for accounts recovery, but enterprises are slow-walking their adoption.

The growing support for passkeys means consumers and small businesses finally have an easy-to-use technology for passwordless access to websites and cloud applications, but enterprises will likely not see a usable form of the technology for some time yet.

The passwordless authentication approach, based on the FIDO Alliance's WebAuthn standard, allows developers to leverage the user device's authentication technology — such as FaceID and fingerprint sensors — to log into cloud services and Web applications. While WebAuthn resulted in many implementations, which added significant complexity for consumers, passkeys are supported by major Internet firms — including Apple, Google, and Microsoft — which dramatically simplifies their use for consumers.

Yet that usability, which could extend to cloud-native small businesses, does not allow for the control and attestation necessary for passkeys in large corporations, says Jasson Casey, CEO of Beyond Identity. Instead, passkeys will likely develop into a optional factor in their current public key infrastructure (PKI) or credential-based system.

"I honestly think it's going to be a love child of passkeys and PKI that ultimately businesses need," Casey says. "The really cool thing about passkeys is the idea that there's a well-defined interface between a browser or user agent and an actual authenticator that manages credentials and keys."

Major companies have pushed passkeys as a more secure way to sign into online accounts. In June, Google began allowing companies to switch their Workspace users over to passkeys rather than using passwords. On Oct. 10, the company began giving users the ability to make passkeys the default option across their personal accounts, prompting them to make the switch when they sign in.

Apple and Microsoft have both added support for passkeys in their hardware and software, with iOS, Mac OS, and Windows 11 all supporting the technology.

For companies, passkeys could eliminate some of the cost of improving managing identity and improving authentication, says Steve Won, chief product officer at 1Password, an identity and password management firm.

"I'm really optimistic that enterprise adoption will be totally tenable within the next decade," Won says. "I've talked to so many businesses that are like, holy crap, \[passkeys are\] basically usable certificates or ... usable Yubikeys. Certificates are such a nightmare to be able to handle, and on the Yubikey side, nobody wants to be in the business of managing hardware."

**The End of Phishing?**

Done right, passkeys could eliminate phishing attacks aimed at harvesting credentials because there are no passwords to steal. The specification, which aims for interoperability among the largest identify providers, allow a user's device to attest to their identity, using private and public keys to then log the user into a service.

A major sticking point was the issue of recovering the keys when a device is lost, says Beyond Identity's Casey.

"A passkey is actually anchored in an enclave on my device, so if I throw that device in the ocean because — I don't even need a reason — and I go buy a new device, how do I log back in? That was viewed as a major stumbling block for the B2C \[business-to-consumer\] community," he says.

Apple, Google, and Microsoft fix this problem by tying the keys to their services. A user who logs back into one of the services can then recover by being issued a new set of keys.

Despite the promise of phishing resistance and doing away with shared secrets, businesses are still hesitant to commit to passkeys, says Andras Cser, vice president and principal analyst at Forrester Research.

"We still see zero to minimal adoption in the market," he says. "Service providers — \[such as\] retailers, healthcare orgs, \[and financial services\] companies — are concerned about device attestation and presence of the person authenticating."

**Companies Need More Than Passkeys**

The problems faced by enterprises are different. For companies, passkeys hold the promise of providing a standardized PKI as a way of interacting with online resources, as long as four requirements are met, says Casey. The system has to guarantee that keys cannot move; it solves the recovery problem for lost devices; it works across all sorts of devices, browsers, and online services; and it provides companies with centralized policy management for devices.

"An effective passkey system is going to have a distributed, automated PKI system under the hood that is providing similar security guarantees but without requiring you to actively manage the service ... regardless of whether the device is managed or BYOD devices," Casey says. "Classical PKI systems don't do any of that for you, not without a huge administrative burden."

While some small businesses may mandate the use of passkey, companies will more likely offer the technology as an authentication option for their customers.

**Another Zero-Trust Possibility**

If passkey providers and identity and access management (IAM) companies solve the enterprise-use problems of passkeys, they could take off in business. While consumers need easy-to-use services, companies can mandate that their employees use a specific technology, even if that technology has a learning curve or adds some steps to daily workflows, says Ian Hassard, senior director of product management at Okta, a single sign-on provider.

"If you look at customer identity being focused around balancing security and friction, because if you have too much friction, people don't buy your products," he says. "But in workforce identity, if you're managing your workforce, you have a bit more of a captive audience in the sense of, you can apply more friction to ensure a higher level of assurance and security."

Okta, for example, focuses on the management of identities, access privileges, and ensuring the user's device has the proper security controls in place and does not show signs of compromise, says Hassard. These are all foundational for a zero-trust approach to security.

"You want that assurance that the device is not compromised," he says. "Because obviously a lot of this technology is great until the client device is completely owned, and that's not a good thing."

Passkeys Are Cool, but They Aren't Enterprise-Ready

The writers' strike shows that balancing artificial intelligence and human ingenuity is the best possible outcome for creative as well as cybersecurity professionals.

In the wake of the Writers Guild of America's (WGA) momentous five-month strike, one thing is abundantly clear: The creative industry stands at a crossroads where technology and human creativity must learn to coexist harmoniously. The strike, one of Hollywood's longest labor disputes, has finally drawn to a close, and its implications extend far beyond the glitzy confines of Tinseltown. At its core, this dispute revolved around the role of artificial intelligence (AI) in creative processes, a topic that demands thoughtful consideration as we navigate the uncharted territory of AI's vast potential in many sectors, including cybersecurity.

The crux of the matter lay in writers' concerns that studios could leverage AI to diminish writers' role in the creative process, and thus, their earnings and artistic recognition. The approved agreement, which bans the independent or exclusive use of AI for writing, rewriting, or crafting source material for scripts, marks a significant victory for writers' rights. It ensures that writers will be duly credited for their creative contributions, irrespective of whether they choose to leverage AI for the creative process. This provision sets a vital precedent for industries worldwide, reinforcing the principle that AI should be a tool that enhances, rather than replaces, human creativity.

**Putting AI's Power to Work, From Art to Cybersecurity**

It is important to acknowledge the undeniable power of AI across a wide variety of domains, especially as it relates to its unparalleled ability to automate routine tasks and increase efficiency. While the WGA and Screen Actors Guild — American Federation of Television and Radio Artists (SAG-AFTRA) strikes are among the first formal, organized forms of backlash against AI's potential for disruption, the possibility for rapid and transformational change is by no means limited to Hollywood.

Take, for instance, the realm of cybersecurity — and more specifically, phishing detection and remediation — where AI algorithms are already being used to swiftly and effectively identify malicious activities and intercept potential threats. These AI-driven systems analyze vast datasets and identify patterns that are often too complex for human operators to process alone. Armed with this information, the AI-driven systems are then able to reliably and efficiently prevent attacks that may otherwise have slipped through traditional defenses unnoticed.

This technology has undoubtedly elevated our ability to combat cyber threats efficiently. However, just as the WGA argued in its collective bargaining efforts, we must also acknowledge AI's inherent limitations. While AI can excel in pattern recognition and automation of repetitive tasks, it lacks the nuanced understanding, intuition, and emotional intelligence that human beings possess. AI's greatest value in the fight against cybercrime will be its ability to automate away routine tasks, making existing security professionals more efficient, and assist humans in the fight against cybercrime. It will also help make those who aren't security professionals become assets, rather than liabilities.

However, it lacks the higher-level executive capabilities required to judge things like context, intent, and significance. And, as a result, AI tools can be prone to false positives and negatives, which can have serious consequences, particularly in fields where human lives, creativity, or reputation are at stake. This is precisely why human backup is essential whenever AI is in use.

**Striking a Balance Between AI and Human Ingenuity**

The Hollywood writers' strike exemplifies the delicate balance that must be struck between AI and human creativity. The new contract wisely allows writers to use AI tools, provided they are agreeable and informed, without forcing them into AI's embrace. It mandates transparency, ensuring that writers are aware when AI-generated materials are used in their projects. This approach respects the capabilities of AI while safeguarding the irreplaceable essence of human creativity and judgment.

In essence, AI should be viewed as a powerful ally, augmenting our abilities and amplifying our potential. But it should never be allowed to undermine the spirit of human creativity and the irreplaceable role it plays in our cultural, artistic, and business landscapes. The Hollywood Writers Guild has set an important precedent that other unions and industries should heed, securing the rights of workers and preventing them from being supplanted by AI.

The future undoubtedly belongs, in part, to AI, but it also belongs to those who recognize the irreplaceable value of human ingenuity. The most powerful stories, the most profound works of art, and the most impactful technological innovations will always emerge from the singular minds of human beings. While AI represents a very powerful, very exciting addition to humanity's ever-expanding arsenal of creative enablers, it should never be confused for a replacement for the primary source, human ingenuity. With this understanding, we can create a brighter future for all.

Artificial intelligence has the awesome potential for augmenting human creativity and decision making, but never replacing it. Its greatest potential lies in empowering humanity and democratizing our ability to express ourselves in new and unimagined ways. The sooner we, as a society, embrace this role for AI, the sooner we can get over our fears and begin reaping the immense opportunities it has to offer.

What the Hollywood Writers Strike Resolution Means for Cybersecurity

Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.

@@ -1,11 +1,10 @@ import { appRouter, errors, publicPlugin, trpcPlugin } from "@vrite/backend"; import { errors, publicPlugin, trpcPlugin, processAuth } from "@vrite/backend"; import staticPlugin from "@fastify/static"; import websocketPlugin from "@fastify/websocket"; import axios from "axios"; import viewPlugin from "@fastify/view"; import handlebars from "handlebars"; import { FastifyReply } from "fastify"; import { processAuth } from "@vrite/backend/src/lib/auth"; import { nanoid } from "nanoid"; import multipartPlugin from "@fastify/multipart"; import mime from "mime-types"; Expand All @@ -15,7 +14,7 @@ import path from "path";  
const appService \= publicPlugin(async (fastify) \=> { const renderPage \= async (reply: FastifyReply): Promise<void\> \=> { return reply.view("index.html", { return reply.header("X-Frame-Options", "SAMEORIGIN").view("index.html", { PUBLIC\_APP\_URL: fastify.config.PUBLIC\_APP\_URL, PUBLIC\_API\_URL: fastify.config.PUBLIC\_API\_URL, PUBLIC\_COLLAB\_URL: fastify.config.PUBLIC\_COLLAB\_URL, Expand Down Expand Up @@ -51,57 +50,6 @@ const appService = publicPlugin(async (fastify) => { fastify.setNotFoundHandler(async (\_request, reply) \=> { return renderPage(reply); }); fastify.get<{ Querystring: { url: string } }\>("/proxy\*", async (request, reply) \=> { const filterOutRegex \= /(localhost|\\b(?:(?:25\[0-5\]|2\[0-4\]\\d|\[01\]?\\d\\d?)\\.){3}(?:25\[0-5\]|2\[0-4\]\\d|\[01\]?\\d\\d?)(?::\\d{0,4})?\\b)/;  
if (request.headers.origin) { reply.header("Access-Control-Allow-Origin", fastify.config.PUBLIC\_APP\_URL); reply.header("Access-Control-Allow-Methods", "GET"); reply.header( "Access-Control-Allow-Headers", request.headers\["access-control-request-headers"\] ); } else if ( fastify.config.NODE\_ENV !== "development" && !fastify.config.PUBLIC\_APP\_URL.includes("localhost") ) { // Prevent proxy abuse in production return reply.status(400).send("Invalid Origin"); }  
if ( filterOutRegex.test(request.query.url) && !request.query.url.includes(fastify.config.PUBLIC\_ASSETS\_URL) ) { return reply.status(400).send("Invalid URL"); }  
if (request.method \=== "OPTIONS") { // CORS Preflight reply.send(); } else { const targetURL \= request.query.url;  
try { const response \= await axios.get(targetURL, { responseType: "arraybuffer" });  
if (!\`${response.headers\["content-type"\]}\`.includes("image")) { return reply.status(400).send("Invalid Content-Type"); }  
reply.header("content-type", response.headers\["content-type"\]); reply.send(Buffer.from(response.data, "binary")); } catch (error) { // eslint-disable-next-line no-console console.error(error);  
return reply.status(500).send("Could not fetch"); } } }); fastify.post<{ Body: Buffer; }\>("/upload", async (req, res) \=> { Expand Down

Tag

#ios