As with everything nowadays, politics are sure to come into play.

Thursday, August 8, 2024 14:00

Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. 

That means product announcements, buzzwords and stories about “X smart appliance could burn your house down!” or something like that. Over the next two weeks, I’ll be using this space to catch readers up on the top stories, trends and talking points to come out of Hacker Summer Camp. If you’re on the ground in Vegas, follow along with us on Twitter to keep track of our talks and events.  

To no one’s surprise, AI is likely going to be in the spotlight all week, especially generative AI. Many companies will use these tools to spin up new cybersecurity products and protections, and other researchers are sure to point out the potential security pitfalls of emerging technologies.  

There is a dedicated full-day workshop to discuss holding generative AI accountable, including potential legislation that outlines how generative AI models are trained and using whose content. And AI Village at DEF CON is sure to turn up a slew of vulnerabilities in AI tools while highlighting how researchers can best disclose and help patch these security issues.  

In the vein of “how to hack X” headlines that I mentioned before, Talos’ own Dan Mazzella is presenting research on how an attacker could take over some cars’ Android-based infotainment systems to steal user data.  

Some of the systems used in Ford, Honda and GM cars could be exploited to steal data that is being transferred between the so-called “head unit” and a mobile device connected to the car, including text messages, contacts, photos and other private user information.  

And as with everything nowadays, politics are sure to come into play. With the recent news that Kamala Harris is taking over as the Democratic Party’s likely nominee for the upcoming U.S. presidential election, experts and regulators are trying to figure out what a potential Harris presidency would mean for cybersecurity and AI policy.  

Hackers are also hosting the year’s first cybersecurity-focused fundraiser for a presidential candidate with DEF CON organizers taking the lead on supporting Harris after she was supportive of the election security community in past years.  

Other elections around the globe also have cybersecurity implications, as Black Hat’s keynote will cover with (among others) Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency. Disinformation and fake news are always swirling online about any political candidate, regardless of country, and AI and deepfakes have only worsened the problem.  

And that’s before you get into any actual attempts to change votes or hack voting systems. 

**The one big thing **

Cisco Talos is actively tracking multiple malware campaigns that utilize NetSupport RAT for persistent infections. These campaigns evade detection through obfuscation and updates. Talos researchers identified multiple obfuscation and evasion techniques being used by the campaign and created appropriate detection to keep users protected. By identifying specific weaknesses in the campaign’s obfuscation techniques and identifying indicators of compromise (IOCs), we can create highly accurate detection of this campaign. 

**Why do I care? **

NetSupport Manager has been commercially available for remote device administration since 1989. Like many tools in the IT remote support industry, NetSupport Manager has been weaponized by threat actors who either cannot or do not wish to develop their own RAT. Adversaries first started using NetSuport for malicious purposes in 2017, and at this point, most security vendors widely recognize this software as a RAT. The 2020s' shift to remote work for many office workers marked an increased use of NetSupport RAT in more phishing and drive-by download campaigns, as well as being used alongside other loaders. This campaign is the most notable use of NetSupport RAT in recent years, with hundreds of known stager variants across dozens of domains used in a large-scale malicious advertising campaign. Thankfully, Snort can provide a strong defense before this malware reaches endpoints. 

**So now what? **

Talos’ first entry in our new series, “The Deep Dive with NDRT,” we dive into how our analysts craft protection against NetSupport RAT and the newest Snort rules to keep users safe from this threat.  

**Top security headlines of the week **

**A French Olympic site and cultural institution was targeted with a cyber attack over the weekend, though the effects appear to be limited.** Security experts and Olympics organizers largely expected there to be several efforts to try and disrupt the games. Despite false reports that adversaries had encrypted data belonging to the Grand Palais Réunion des musées nationau, the venue said in a statement that as of Monday morning, “no data extraction has been detected.” The institution most famously oversees the Louvre, one of the most famous art museums in the world. Its venues hosted several Olympics-related exhibitions and events over the past week, including fencing and Taekwondo competitions. The attack appears to be attempted ransomware, though an investigation with the ANSSI, France’s cybersecurity agency, is still underway. "This only concerns our internal network of shops, and not even the other activities of the RMN-Grand Palais. We immediately disconnected everything that was vital and called on the special state unit that deals with this type of problem, the French Computer Security Agency,” the Grand Palais director said in a statement after the attempted attack. (CyberScoop, Dark Reading) 

**A cyber attack knocked out Mobile Guardian, a U.K.-based mobile device management software used in the U.K.** The event largely affected students and schools in Singapore, which the Ministry of Education says led to thousands of students having their devices completely wiped. Mobile Guardian advertises itself as a cross-platform solution for K-12 schools to monitor and manage their devices. “Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator,” the Singaporean education ministry said in a statement. Adversaries seemed to have removed some targeted devices from Mobile Guardian’s network and completely wiped the devices. The company said in a statement this week that the outage affected instances in North America, Europe and Singapore. The incident appears to stem from a misconfiguration that caused an IT outage on July 30. (TechCrunch, Bleeping Computer) 

**A ransomware attack on a blood donation non-profit forced many hospitals to tap into their emergency blood supplies and host last-minute drives.** OneBlood, which provides blood samples to many hosptials in the Southeastern U.S., was hit with a ransomware attack that forced most of its network offline. The non-profit had to switch to manual processes for several days, including printing out its own labels and having donors fill out paper forms to donate blood, which delayed their usual supply chain to hospitals. Some health care facilities had to delay non-emergency procedures until after the blood donor supply had returned to normal. Late last week, OneBlood told its more than 250 hospital partners to activate their critical blood shortage protocols, which included holding last-minute drives and calling for volunteers to donate blood asap. As of Wednesday, OneBlood says its software is returning to normal. The process was made even more difficult by the presence of Hurricane Debby, which moves through Florida and Georgia, dumping inches of rain and causing flooding in states that were heavily affected by OneBlood’s outage. (Axios, CBS News) 

**Can’t get enough Talos? **

**Upcoming events where you can find Talos **

**_Defcon_** **_(Aug. 8 – 11)_** 

_Las Vegas, Nevada_ 

**_BSides Krakow_** **_(Sept. 14)_**  

_Krakow, Poland_ 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0  
**MD5:** 8c69830a50fb85d8a794fa46643493b2  
**Typical Filename:** AAct.exe  
**Claimed Product:** N/A  
**Detection Name:** PUA.Win.Dropper.Generic::1201

**SHA 256:** 161937ed1502c491748d055287898dd37af96405aeff48c2500b834f6739e72d  
**MD5:** fd743b55d530e0468805de0e83758fe9  
**Typical Filename:** KMSAuto Net.exe  
**Claimed Product:** KMSAuto Net  
**Detection Name:** W32.File.MalParent

**SHA 256:** 24283c2eda68c559f85db7bf7ccfe3f81e2c7dfc98a304b2056f1a7c053594fe  
**MD5:** 49ae44d48c8ff0ee1b23a310cb2ecf5a  
**Typical Filename:** nYzVlQyRnQmDcXk  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

**SHA 256:** bea312ccbc8a912d4322b45ea64d69bb3add4d818fd1eb7723260b11d76a138a  
**MD5:** 200206279107f4a2bb1832e3fcd7d64c  
**Typical Filename:** lsgkozfm.bat  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

The top stories coming out of the Black Hat cybersecurity conference

On Surface Pro 3 with the SHA1 and SHA256 PCRs enabled on the TPM, BIOS version 3.11.2550 and earlier, only the SHA1 PCRs are extended by the firmware. This means that an adversary can boot into an unmeasured OS and extend the PCRs with false measurements to obtain false attestations. This is a proof of concept exploit from Google.

Surface Pro 3 BIOS False Health Attestation / TPM Carte Blanche

The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals

Artificial Intelligence / Network Security

**The Immersive Experience Happening This September in Las Vegas!**

In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals with groundbreaking skills, knowledge and insights. Taking place from September 4-9, 2024, at Caesars Palace in Las Vegas and online, this event promises to deliver unparalleled learning experiences and networking opportunities. ensuring accessibility for attendees across the globe.

A transformative highlight of this year's event includes AI-focused keynote led by Daniel Miessler, Founder of Unsupervised Learning and Creator of Fabric AI. In his keynote, "How to Run Your Security Program Using AI Before Someone Else Does," Daniel will explore how AI can be seamlessly integrated into security programs to optimize efficiency, readiness, and reveal actionable strategies to stay ahead in the evolving cybersecurity landscape.

For cybersecurity professionals eager to advance their careers, Network Security 2024 offers a unique opportunity to immerse in a rich learning environment. With 45+ specialized courses and 40+ GIAC certifications, all taught by world-renowned experts, attendees will dive into practical skills and insights that can be applied immediately, ensuring a real impact upon returning to the workplace.

The AI Cybersecurity Summit, scheduled for September 8-9, is yet another cornerstone of Network Security 2024. This summit delves into the latest advancements in AI in cybersecurity and features sessions on social engineering, deep fake development, and much more.

For the first time, SANS Institute will introduce three immersive cyber villages. These dynamic environments are designed for interactive, hands-on learning and collaboration, allowing participants to engage in practical exercises and simulations that mirror real-world scenarios. Attendees will test their skills in dynamic simulations and challenges such as Capture-the-Flag competitions and the Core NetWars Tournament. These events provide a thrilling platform for cybersecurity professionals to demonstrate their expertise and problem-solving abilities in a competitive setting.

In celebration of SANS Institute's 35th anniversary, all in-person attendees will receive an exclusive, complimentary Cyber Bundle. This includes a unique, 3-part add on to your experience: extended OnDemand course, labs, and content access following the event from the course Author, AIS247: AI Security Essentials for Business Leaders course, plus admission to the AI Cybersecurity Summit @Night event, further enriching the on-site learning experience.

Experience options are available both in-person at Caesars Palace, Las Vegas, NV, and live online. Secure your spot at Network Security 2024 today and take the next step in your cybersecurity career.

For more information about the event and to register, visit \[SANS Network Security 2024 Event Page\].

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024

Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots.

Source: Brain Light via Alamy Stock Photo

BLACK HAT USA – Las Vegas – Wednesday, Aug. 7 – Enterprise usage of Copilot Studio, Microsoft's automated chatbot creation tool, has grown considerably since its release less than nine months ago. But despite opening the floodgates for anyone to create so-called "copilots," all bots created or modified with the service aren't secure by default.

So says security researcher Michael Bargury, a former senior security architect in Microsoft's Azure Security CTO office, now a project leader for the OWASP Low-Code/No-Code Top 10 Security Risks project and CTO at Zenity.

On Wednesday at Black Hat USA in Las Vegas, Bargury demonstrated how developers could unwittingly build copilots that inadvertently exfiltrate data or bypass policies and data loss prevention controls.

"It's very, very easy to make a mistake with this no-code tool and introduce a serious security vulnerability into a copilot," Bargury tells Dark Reading. "Actually, it's very difficult to get everything right because there are so many ways to get it wrong."

**Rapid Adoption of Copilot Studio**

The drag-and-drop, wizard-based Copilot Creation tool is available to all users of the Microsoft 365 productivity suite and has quickly introduced an easy way for power users in lines of business to create copilots, or AI assistants, that are designed to automate workflows and enable more efficient meetings, among other capabilities.

The addition of Copilot Studio to the mix further allows customers to extend the capability of these bots and build custom copilots.

During Microsoft's fourth quarter, 2024 fiscal year earnings call on July 30, chairman and CEO Satya Nadella touted that the usage of Copilots grew 60% in the last quarter. And the number of organizations that have used Copilot Studio grew by 70% last quarter, reaching 50,000 shops, including Carnival, Cognizant, Eaton, KPMG, Majesco, and McKinsey.

**Initial Release Was "Way Overpermissioned"**

Among some of the initial problems Bargury spotted were in the default settings in the copilot bots created by Copilot Creator. Specifically, many of the bots were publicly accessible without requiring authentication. Also, they could impersonate a user with ease.

"You could create a copilot that bakes your identity into it," he explains. "Now, I talk to that copilot over the Internet without logging in, and I'm using your identity. It was way overpermissioned."

Bargury says he discovered a variety of other security faults following the release of Copilot Studio. For example, someone trying to create a copilot designed to call on public SharePoint sites could also tap a private SharePoint site on the same network. Because the copilots could easily be discovered outside of an organization, they could become conduits for remote attacks.

"I could search the Web for open Copilot Studio bots, and we found tens of thousands of them," Bargury says. "And then I could fuzz those copilots with AI and find out which copilots I could talk to, and find out whether it's willing to talk to me and what kinds of information and operations it could perform. And then I could grab information from them."

He says that Microsoft has fixed the issues and has introduced new admin controls designed to strip away the ability to inadvertently create insecure actions, such as allowing an administrator to disallow users from creating bots that can be shared publicly. Admins should update their implementations to protect their organizations.

**Low Code & Chatbots: Balancing Productivity & Security**

The appeal of Microsoft Copilot and similar bots is that they enable users to be more productive, and they automate many routine tasks. But as this research shows, they can also be a weak link inside an organization. Bargury says he believes Microsoft is committed to ensuring Copilot Studio has better security from here on out.

"I think they are going to continue investing in giving admins more control," he says. "But they are in a tough spot because they need to balance productivity with security. And we know where the balance ends."

In his Black Hat session, Bargury also demonstrated CopilotHunter, a new module for the Power Pwn security tool set for Microsoft's low-code/no-code Power Platform that scans for open Copilot Studio bots and fuzzes them to access the data behind them. It is available on GitHub.

**15 Ways to Break Copilot Studio**

In his conclusion, Bargury broke down the 15 security issues he discovered with Copilot Security.

1.  Unreliable and untrusted input
    
2.  Multiple data leakage scenarios
    
3.  Oversharing sensitive data
    
4.  Unexpected execution path
    
5.  Unexpected execution path and operations
    
6.  Data flowing outside org's compliance and geo boundaries
    
7.  Sensitive data oversharing and leakage
    
8.  Destructive, unpredictable copilot actions
    

10.  Gain unintended data access
    
11.  Hardcoded credentials might be supplied as part of a copilot answer
    
12.  Oversharing copilot access through channels
    

14.  Oversharing copilot ownership with members
    
15.  Oversharing copilot ownership (and more) with guests
    

**About the Author**

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Creating Insecure AI Assistants With Microsoft Copilot Studio Is Easy

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

Posted Aug 7, 2024

Authored by indoushka

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 8c38f4e680e6513d62d4303a51a4d7e3eaa5a7bb80e3e87ce8e510bba268a0b9

Download | Favorite | View

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,289)
*   Arbitrary (16,852)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,792)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,386)
*   DoS (25,050)
*   Encryption (2,389)
*   Exploit (53,137)
*   File Inclusion (4,259)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,889)
*   Intrusion Detection (915)
*   Java (3,143)
*   JavaScript (896)
*   Kernel (7,191)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,167)
*   Perl (1,435)
*   PHP (5,222)
*   Proof of Concept (2,382)
*   Protocol (3,724)
*   Python (1,635)
*   Remote (31,646)
*   Root (3,635)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,605)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,941)
*   Web (9,960)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,090)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,547)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,646)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,459)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,729)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,670)
*   Other

Covid-19 Directory On Vaccination System 1.0 Insecure Settings

PRESS RELEASE

NEW YORK – Today, Verizon Business released its 2024 Mobile Security Index (MSI) report outlining the top threats to mobile and IoT device security. This year’s report, in its seventh iteration, goes beyond employee-level mobile usage and extends into the usage of IoT devices and sensors and the security concerns the growth of these devices can present especially as remote work continues to be a trend. This expanded view of mobile security concerns for organizations showcases the evolving threat landscape that CIOs and other IT decision makers must contend with.

As dependency on mobile devices grows, so too do the risks, especially in critical infrastructure sectors where the consequences of security breaches can be catastrophic. The 2024 MSI, which surveyed 600 people responsible for security strategy, policy and management, underscores this point.

**Employees are using more mobile and IoT devices, leading to increased cyber risks**

The survey finds that 80% of respondents consider mobile devices critical to their operations, while 95% are actively using IoT devices. However, this heavy reliance comes with significant security concerns. In critical infrastructure sectors, where 96% of respondents report using IoT devices, more than half state that they have experienced severe security incidents that led to data loss or system downtime.

“These findings highlight the continued friction that employers face as more and more work is done on personal mobile devices,” said Phil Hochmuth Research VP, enterprise mobility at IDC. “This is why we are seeing more and more employers move from a pure bring-your-own-device model to employer provided devices where CIO’s can have greater governance to protect critical infrastructure from cyber attacks."

Additionally, Hochmuth says, organizations should adopt robust frameworks such as Zero Trust and the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) 2.0, and comply with mandates like the European Union’s NIS2 Directive.

**Emerging AI cyberthreats meet new AI defenses**

Emerging artificial intelligence (AI) technologies are expected to exacerbate the mobile threat landscape, but it also presents opportunities for defense. A striking 77% of respondents anticipate that AI-assisted attacks, such as deepfakes and SMS phishing, are likely to succeed. At the same time, 88% of critical infrastructure respondents acknowledge the growing importance of AI-assisted cybersecurity solutions.

**Accounting for IoT growth in cybersecurity planning**

With companies increasingly deploying IoT devices, their digital landscapes are evolving, creating a need for cybersecurity strategies to evolve in kind.

“The Industrial Internet of Things (IIoT) is giving rise to a massive expansion in mobile device technology that goes well beyond phones, tablets and laptops. Enterprise networks now include all sorts of sensors and purpose-built devices that monitor, measure, manage and control commercial tasks and data flow,” said TJ Fox, SVP of Industrial IoT and Automotive, Verizon Business. “That IIoT growth brings with it a proportionate need for more knowledge, awareness and IT solutioning to ensure the security of those increasingly sophisticated networks. The growing importance that IoT plays in our customer’s technology ecosystem underscores why it should be a component in any sound cybersecurity program.”

**What business leaders should know**

The 2024 MSI helps inform cybersecurity decisions for leaders of businesses of all sizes and in key sectors. As mobile and IoT threats rise, the need for robust security measures has never been greater. In response to these growing threats, 84% of respondents have increased their mobile device security spending over the past year, with 89% of critical infrastructure respondents planning further increases.

This year’s MSI includes contributions from Verizon’s partners including Ivanti, Lookout, Jamf among others.  Help your organization lower cyber risks by deploying comprehensive security protections, continuous employee education and advanced threat detection capabilities. Read the Verizon Business 2024 Mobile Security Index to learn more about suggested best practices your organization can implement.

Verizon Business 2024 Mobile Security Index Reveals Escalating Risks in Mobile and IoT Security

PRESS RELEASE

ROCKVILLE, Md., Aug. 1, 2024 /PRNewswire/ -\- Dataprise, a distinguished provider of managed services (MSP) and managed security services (MSSP), today announced the acquisition of Phoenix IT, a cybersecurity incident response and managed service provider in Arizona. The acquisition broadens Dataprise's Cybersecurity platform with new Incident Response & Remediation Services and expands the company's managed services regional footprint to Arizona.

Dataprise's mission is to combine powerful, enterprise-grade solutions with local, personalized service delivery for outstanding client experiences. Phoenix IT uniquely adds to both commitments by enabling Dataprise to offer comprehensive incident response and remediation services, and to expand its reach to clients in Phoenix, AZ.

"Phoenix IT has built a prestigious reputation as the go-to for cyber incident response and recovery among clients and partners nationwide while cultivating a strong regional MSP business. This security-minded, client-first culture aligns naturally with Dataprise and will enable accelerated value on both fronts for clients. We look forward to bringing unexpected value to both Dataprise's clients with the new IR capabilities and Phoenix IT's clients with access to an end-to-end portfolio of IT services," said William Flannery, Chief Executive Officer, Dataprise.

"We are experiencing a rapid growth phase at Phoenix IT, driven by the increasing demand for our Incident Response & Recovery Services and the exceptional work of our expert team. Simultaneously, our commitment to supporting local Phoenix businesses enables us to maintain a comprehensive focus on the client experience," said Nathan Phillips, Founder and CEO of Phoenix IT. "Dataprise is a perfectly aligned partner for our business and clients, and we look forward to robust growth together as we continue to ensure our clients' safety and security."

"Phoenix IT has an exceptional leadership team, dedicated cybersecurity professionals, and a significant presence in Phoenix—a region of strong growth and opportunity. This blend makes Phoenix IT an ideal addition as Dataprise advances our strategy to expand our nationwide footprint and deliver the most advanced Cybersecurity portfolio in the market," said Christian Fulmino, SVP of M&A, Dataprise.

Lance Meilech served as the investment banker on the sale of Phoenix IT. 

About Dataprise  
Dataprise is a portfolio company of Trinity Hunt Partners, a growth-oriented private equity firm. Founded in 1995, Dataprise believes that technology should enable our clients to be the absolute best at what they do. This commitment to client success is why Dataprise is recognized as the premier strategic managed service and security partner to strategic CIOs and IT leaders across the United States. Dataprise delivers best-in-class managed cybersecurity, disaster recovery as a service (DRaaS), managed infrastructure, cloud, and managed end-user services that transform business, enhance user experiences, and eliminate risks. Dataprise has offices across the United States, employs 500+ of the industry's best and brightest, and supports more than 2,000 clients.

You May Also Like

Dataprise Acquires Phoenix IT Adding Cyber Incident Response &amp; Remediation Services

Google has issued security updates for 46 vulnerabilities, including a patch for a remote code execution flaw which has been used in limited targeted attacks.

Google has released patches for 46 vulnerabilities in Android, including a remote code execution (RCE) vulnerability that it says has been used in limited, targeted attacks.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.

If your Android phone is at patch level 2024-08-01 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, 12L, 13, and 14. Android partners, such as Samsung, Sony, etc, are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

For most Android devices, you can check for new updates like this: Under **About phone** or **About device** you can tap on **Software updates**, although there may be slight differences based on the brand, type, and Android version.

**Technical details**

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited vulnerability is listed as:

CVE-2024-36971 is a use after free (UAF) vulnerability in the Linux kernel. The vulnerability could lead to remote code execution with System execution privileges needed.

This Linux kernel vulnerability affects the Android OS because the Android kernel is based on an upstream Linux Long Term Supported (LTS) kernel. This kernel is like the engine of the operating system, managing the hardware and basic functions.

The Android kernel is based on a version of the Linux kernel, which is a popular core for many operating systems. Specifically, Android uses a version of the Linux kernel that is designated as “Long Term Supported” (LTS). This means it’s a version that gets updates and fixes for a longer period than regular versions, ensuring it stays secure and stable over time.

UAF is a type of vulnerability that happens when a program incorrectly handles its memory. When a program frees up a piece of memory but still tries to use it afterward, an attacker can exploit this mistake. This can cause the program to crash, behave unpredictably, or even run harmful code. In this case it allows the attacker to remotely execute code on the device if they have enough privileges.

Attackers would need to gain the needed privileges to use this vulnerability by combining it with other vulnerabilities.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android vulnerability used in targeted attacks patched by Google 

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

**Computer Laboratory Management System 1.0 Insecure Settings**

Posted Aug 6, 2024

Authored by indoushka

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 903fb54e0bd8fb8efe43fdddb49a0f5abaa23ea96b8495e4f7c47b36636f9f0d

Download | Favorite | View

**Computer Laboratory Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Computer Laboratory Management System v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,255)
*   Arbitrary (16,849)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,786)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,385)
*   DoS (25,039)
*   Encryption (2,389)
*   Exploit (53,128)
*   File Inclusion (4,258)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,888)
*   Intrusion Detection (915)
*   Java (3,142)
*   JavaScript (896)
*   Kernel (7,188)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,166)
*   Perl (1,435)
*   PHP (5,221)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,632)
*   Remote (31,643)
*   Root (3,633)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,604)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,932)
*   Web (9,955)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,087)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,536)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,612)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,441)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,727)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Computer Laboratory Management System 1.0 Insecure Settings

Men face more pressure—and threats—from significant others to grant access to their personal devices, online accounts, and locations.

Men report facing more pressure than women—and more threats of retaliation—to grant access to their locations and online accounts when in a committed relationship, according to a new analysis of data released this summer by Malwarebytes.

The same analysis also revealed that, while men report more regret in sharing their locations, women report less awareness in how their locations can be accessed, particularly through food delivery apps, ride-hailing services, vacation rental platforms, and other location-based tools.

The data from Malwarebytes paints a nuanced portrait of the struggles that men and women face when deciding how much of their digital lives to share with spouses, boyfriends, girlfriends, and partners. Often, the struggles intersect with parts of modern dating that people have little control over, including how companies track, collect, and share their data, and how easy it is for other people to access that data.

In looking more closely at the research released earlier this year in the report, “What’s mine is yours: How couples share an all-access pass to their digital lives,” Malwarebytes hopes to once again spread awareness and education about secure dating practices in the internet age.

Access our full “Modern Love in the Digital Age” guidance hub below.

Men are going through a loneliness epidemic in America right now.

But even for men in romantic relationships, where companionship should be a salve, other problems emerge. In particular, as Malwarebytes found, these problems include disparate feelings of pressure and regret in sharing their devices, account passwords, and locations.

For example, of partners who shared their location with one another, 36% of men said they’d “felt pressure” to do so, compared with 20% of women who said the same. And a shocking 9% of men who share their account access clarified that such access may be imbalanced, as they agreed: “My partner has threatened me over sharing account access,” compared to 4% of women—a more than two-fold increase. The threats included things like being broken up with, being harmed physically or emotionally, or being shut out and ignored.  

Men were also more likely to report a one-sided consent model for how their partners accessed their devices, accounts, and locations (a model that we’re not entirely ready to call “sharing” because of the clearly communicated lack of consent).

When asked about the way in which they “shared” _any_ type of digital and device access, which included smartphones, tablets, computers, online accounts for multiple apps, and location data, 23% of men said “Yes \[my partner\] has access but I wish they didn’t.” That rate was 12% for women.

Similar disparities arose when men and women answered the same way regarding device access (14% of men compared to 7% of women), social media access (9% of men compared to 4% of women), and access to apps that can share your location (16% of men compared to 9% of women).

But not all location apps are the same, and when asked specifically about apps that are designed to share locations between individuals—such as FindMy on iOS, Find My Device for Google, or third-party tools like Life360—the data revealed the largest discrepancy.

A shocking 400% more men said they only share their locations through those apps “because my partner insists” (8% of men compared with 2% of women).

In the research, men openly shared their feelings on all this, as 14% (compared to 8% of women) agreed: “If I could do it all over again, I wouldn’t share as much personal account information with my partner.”  

In safe and consensual arrangements between couples, a shared location can show up as a little blue dot on a devoted smartphone app.

But for apps that rely on location data to function—like ride-hailing apps, food delivery services, and vacation rental platforms—location “sharing” can feel a lot more like location “leaking.” A shared Airbnb account, for example, could reveal a spouse’s active vacation rental address to another partner logged into the same account. A shared Uber account could reveal ride history, and potentially even a new address, to an ex-boyfriend who never logged out after a breakup. And DoorDash orders could expose when a domestic abuse survivor is at home, so long as their abuser is monitoring the app from the same account.

But these examples, research shows, are not common knowledge, with women showing less awareness than men for every type of account.

Women were less likely to be aware of how their locations could be exposed to another user logged into the same account for vacation rental platforms (68% of women were unaware compared to 49% of men), health and fitness tracking apps like FitBit and Strava (57% of women compared to 43% of men), ride-hailing apps (50% of women compared to 37% of men), and food and grocery delivery apps (49% of women compared to 39% of men).

Women were also more likely to say they were unaware of how the companion apps for many modern vehicles—which can be used to find a car in a large parking lot or to help locate a stolen sedan—can also reveal their location on a shared account (60% of women compared to 41% of men).

This relatively new location-tracking method has caused serious problems for spouses being followed by their exes, and the blame cannot fall on users who are tasked with, as usual, managing even more parts of their lives online.

****Shifting perspectives****

Data alone never presents a full story, and data that compares men and women can be vulnerable to misinterpretation.

The varying issues facing men and women should not be interpreted as problems of their own making—men cannot be said to regret sharing account access because they have “something to hide,” and women cannot be said to be poorer users of technology because of lower reported awareness in location sharing mechanisms.

If anything, the overlap in responses shows the work to be done.

When 68% of women _and_ 49% of men are unaware of how their locations can be accessed through shared accounts on vacation rental platforms, perhaps this isn’t a problem of user awareness. Perhaps it is a problem of unclear communication and lacking transparency from the largest and most popular apps today.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#ios