Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

**Human Resource Management System 2024 1.0 Insecure Settings**

Posted Aug 19, 2024

Authored by indoushka

Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | bf20205d0167adcb0c48749ed7a50372cba24a18938ecfb734926b5099542af1

Download | Favorite | View

**Human Resource Management System 2024 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Human Resource Management System 2024 v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = admin#123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,460)
*   Arbitrary (16,885)
*   BBS (2,859)
*   Bypass (1,867)
*   CGI (1,033)
*   Code Execution (7,823)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,398)
*   DoS (25,094)
*   Encryption (2,389)
*   Exploit (53,232)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (898)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,727)
*   Python (1,646)
*   Remote (31,673)
*   Root (3,638)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,029)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,614)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,004)
*   Web (9,968)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,101)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,815)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,569)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,756)
*   UNIX (9,438)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Human Resource Management System 2024 1.0 Insecure Settings

Bhojon Restaurant Management System version 3.0 suffers from an ignored default credential vulnerability.

**Bhojon Restaurant Management System 3.0 Insecure Settings**

Posted Aug 19, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 5040244ae54e0b0c8ba29ab2d3b854826d64f8640404907653ffda5ea3f38ca6

Download | Favorite | View

**Bhojon Restaurant Management System 3.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 Insecure Settings Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@example.com & pass = 12345[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,460)
*   Arbitrary (16,885)
*   BBS (2,859)
*   Bypass (1,867)
*   CGI (1,033)
*   Code Execution (7,823)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,398)
*   DoS (25,094)
*   Encryption (2,389)
*   Exploit (53,232)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (898)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,727)
*   Python (1,646)
*   Remote (31,673)
*   Root (3,638)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,029)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,614)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,004)
*   Web (9,968)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,101)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,815)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,569)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,756)
*   UNIX (9,438)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Bhojon Restaurant Management System 3.0 Insecure Settings

The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.

**Miniscript allows stack consumption**

Moderate severity GitHub Reviewed Published Aug 19, 2024 to the GitHub Advisory Database • Updated Aug 19, 2024

GHSA-rv9v-r4vm-gj8x: Miniscript allows stack consumption

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

**Home Owners Collection Management System 1.0 Insecure Settings**

Posted Aug 16, 2024

Authored by indoushka

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 94fb8d8c82f8132953cb67c97a9b682c8e63a436a475a575173b89ddf54daa9f

Download | Favorite | View

**Home Owners Collection Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Home Owners Collection Management System v1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Home Owners Collection Management System 1.0 Insecure Settings

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

Posted Aug 16, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 98c12c7a5556d4399b71f053e8f21eaf5c59e49e15d4bf7f6b1980de56fec3c2

Download | Favorite | View

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 IDOR Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

Affected versions of the `alloy-json-abi` crate did not properly handle parsing of malformatted JSON ABI strings. The `JsonAbi::parse` method can be tricked into a stack overflow when processing specially crafted input. 

This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.

The flaw was corrected in commit [4790c47](https://github.com/alloy-rs/core/commit/4790c47518024bd391bbd6815b00f501bad76a15).


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-8327-84cj-8xjm

**Stack overflow when parsing specially crafted JSON ABI strings**

Moderate severity GitHub Reviewed Published Aug 15, 2024 to the GitHub Advisory Database • Updated Aug 15, 2024

**Package**

cargo alloy-json-abi (Rust)

**Affected versions**

<= 0.7.7

Published to the GitHub Advisory Database

Aug 15, 2024

Last updated

Aug 15, 2024

GHSA-8327-84cj-8xjm: Stack overflow when parsing specially crafted JSON ABI strings

In a clever scheme designed to abuse Google in more than one way, scammers are redirecting users to browser locks.

In a previous blog, we saw criminals distribute malware via malicious ads for Google Authenticator. This time, brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page.

Clearly not afraid of poking the bear, they even used and abused yet another Google product, Looker Studio, to lock up the browser of Windows and Mac users alike.

We describe how they were able to achieve this, relying almost exclusively on stolen or free accounts and leveraging Google’s APIs to create rotating malicious URLs for the browser lock.

All malicious activities described in this blog have been reported to Google. Malwarebytes customers were proactively protected against this attack via the Malwarebytes Browser Guard extension.

**Malvertising {keyword:google)**

The following image is a collage of malicious ads that all came from Google searches each consisting of two keywords: **google {product}**. They all tie back to the same advertiser, which we believe may be unaware that their account was compromised. In fact, we previously saw that same advertiser in two other unrelated incidents at the end of June 2024 for Brave (malware download) and Tonkeeper (phishing).

_Figure 1: Google search ads for respective Google products_

While brand impersonation is commonly done via tracking templates, in this instance the fraudsters relied on keyword insertion to do the work for them. This is particularly useful when targeting a single company and its entire portfolio. Notice how all the ads follow the same pattern with a display URL showing _lookerstudio.google.com_ (a Google product also later abused in this scheme).

Shortly after we reported this initial wave of ads, we saw the same scammers (the final URL after clicking on the ad is also going to _lookerstudio.google.com_) register a new advertiser account. In this case, despite their identity not having been verified yet, their ad still showed up for a standard “google maps” search. This time, the ad’s display URL mirrors the product (maps.google.com):

_Figure 2: A malicious ad for Google maps from a yet to be verified advertiser account_

**Fake Google Search page via Looker Studio**

Originally intended as a tool to convert data into dashboards, the scammers are misusing Looker Studio to display a dynamically generated image instead. The image is stretched across the screen to give the illusion that you are at the Google home page, ready to make a new search.

_Figure 3: A fake Google home page, displayed via Looker Studio rendering an image_

Opening Developer Tools in Chrome, we can see that the “Google search page” is indeed just one large image:

_Figure 4: The actual image for the so-called Google home page_

What’s interesting is how this image is used as a lure that requires some user interaction to trigger an action. Leveraging the Looker Studio API, the scammers are embedding a hidden hyperlink that will be launched as a new tab when a victims clicks on the image:

_Figure 5: Looking at network request, we find a hidden URL_

**Tech support scam**

The embedded linkUrl _cddssddds434334\[.\]z13\[.\]web\[.\]core\[.\]windows\[.\]net_ redirects to a fake Microsoft or Apple alert page that will attempt to hijack the browser by going in full screen mode and play a recording. These fake alerts are the most common way innocent people fall victims to tech support scams. In such a situation, many people will assume there is something wrong their computer and will follow the instructions they are given on screen.

Calling the phone number for assistance will kickstart a conversation with a call center often located overseas. Fake Microsoft or Apple representatives will persuade victims to buy gift cards or log into their bank account to pay for the ‘repairs’.

_Figure 6: Tech support browser lock page for Windows users_

_Figure 7: Tech support browser lock page for Mac users_

The scam URL is part of _web\[.\]core\[.\]windows\[.\]net_ which belongs to Microsoft Azure and is commonly abused by scammers. In this particular instance, the Looker Studio API provides a new malicious URL (rotated at regular intervals) to make any blocking via conventional means futile.

**Conclusion**

As we saw in this blog, malicious ads can be combined with a number of tricks to evade detection from Google and defenders in general. Dynamic keyword insertion can be abused to target a larger audience related to the same topic, which in this case was Google’s products.

Finally, it’s worth noting that in this particular scheme, all web resources used from start to finish are provided by cloud providers, often free of charge. That means more flexibility for the criminals while increasing difficulty to block.

As we were investigating this campaign, we checked that Malwarebytes customers were protected. Despite the malicious URLs being hosted on Microsoft Azure and rotating regularly, Malwarebytes Browser Guard was already blocking this attack thanks to its heuristics engine.

**Indicators of Compromise**

Google advertiser accounts

08141293921851408385  
Dhruv  
06037672575822200833

Looker Studio URLs

lookerstudio\[.\]google\[.\]com/embed/reporting/fa7aca93-cabd-47bf-bae3-cb5e299c8884/  
lookerstudio\[.\]google\[.\]com/embed/reporting/42b6f86d-2a06-4b38-9f94-808a75572bb8/  
lookerstudio\[.\]google\[.\]com/embed/reporting/fbd88a24-af73-4c76-94dc-5c55345e291d/

 Dozens of Google products targeted by scammers via malicious search ads 

Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”

Thursday, August 15, 2024 14:00

As promised, I’m back this week to recap some of the top stories coming out of Black Hat and DEF CON.  

Also as promised, AI was the talk of Vegas during Hacker Summer Camp (or at least from what I’ve been reading and hearing, I wasn’t there in person). 

Several exhibitions and talks at both conferences showed how easy it is to create deepfake videos and potentially use them to spread fake news and disinformation. Two security researchers worked to deepfake themselves and even managed to trick people into believing it really was them on one end of a video conference call.  

Others on the show floor had the opportunity to try their hand at creating deepfakes with the help of the Defense Advanced Research Projects Agency (DARPA). One standout example was a fake video of former Royal Family member Meghan Markle being transposed onto the face of a reporter who could then speak in an approximation of Markle’s voice to say whatever she wanted to. 

The good news is that, for now, these types of deepfakes are also incredibly easy for tools and humans alike to detect.  

For example, Adobe’s Content Authenticity Initiative is working to place labels on images to indicate that they were originally human-made, and clicking on the image would allow the user to read more information about that image’s history and where and how it had been created. 

And in the case of the Meghan Markle deepfake, the SemaFor tool on display at the DEF CON village appropriately detected the image as fake using its scoring system (it didn’t help that the deepfake creator couldn’t account for the fact that the “creator” was wearing glasses).  

Security researchers also used DEF CON and Black Hat to show where potential security pitfalls lie with the rise of AI tools and software. 

One talk centered around how Microsoft’s AI Copilot could essentially be turned into an “automated phishing machine” by leaking personal information, and other researchers warned about an over-reliance on learned language models (LLMs) to write software code that often includes vulnerabilities and errors. 

Over in the DEF CON Voting Village, security researchers found their usual swath of vulnerabilities that could be used against popular voting machines and other hardware that will likely be used in the 2024 U.S. presidential election. While we don’t have many details on the specific vulnerabilities found, Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.” 

There are a few issues that came to light for me when I was reading about this research and bug hunting: One is that there isn’t enough time to implement many of these fixes before the November election, and there are just so many different pieces of equipment and manufacturers that it’s impossible to properly inspect all these devices. I may feel compelled to write more about this later, but it’s interesting to me that we as a country have managed to decide on essentially two cell phone manufacturers that we’re willing to buy from: Apple and Google. Yet there is no standard for the types, age and vendors that we rely on for our elections, and when they’re not in use, they just sit in storage.  

**The one big thing **

This month’s Microsoft Patch Tuesday includes updates for security vulnerabilities in Office, Visual Studio, Azure, CoPilot, Teams and more. Of the six zero-day vulnerabilities Microsoft disclosed as part of its regular patching cadence, half are local privilege escalation vulnerabilities, meaning adversaries could combine them with other flaws to make their attack more serious or with higher-level privileges. Cisco Talos’ Vulnerability Research team discovered four of the vulnerabilities Microsoft patched this week: CVE-2024-38184, CVE-2024-38185, CVE-2024-38186 and CVE-2024-38187. These are elevation of privilege vulnerabilities in the Microsoft Windows kernel-mode driver that could allow an attacker to gain SYSTEM-level privileges. Talos researchers also discovered eight vulnerabilities in CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11. 

**Why do I care? **

Talos discovered three issues, TALOS-2024-1971 (CVE-2024-38062) and TALOS-2024-1970 (CVE-2024-38062) and TALOS-2024-1969 (CVE-2024-38187), an adversary could exploit by sending the targeted system a specially crafted license blob, which could lead to a denial of service. TALOS-2024-1964 (CVE-2024-38184) is exploited in the same way, but in this case, could allow the adversary to bypass the usual security checks that take place and allow them to tamper with the license. By tampering with the license, an adversary could change its properties such as when the license expires, or even create a new license that could then be used with other applications downloaded from the Windows store. Two other out-of-bounds write vulnerabilities, TALOS-2024-1966 (CVE-2024-38186) and TALOS-2024-1988 (CVE-2024-38062), could lead to privilege escalation. And in both cases, the vulnerable functions could play into a sandbox escape attack. 

Microsoft also issued a patch for a zero-day vulnerability that was already being exploited in the wild and publicly disclosed. The company warned of CVE-2024-38200 last week, which could lead to the unauthorized disclosure of sensitive information to malicious actors. 

**So now what? **

Talos released a new Snort rule set that detects attempts to exploit some of the vulnerabilities disclosed Tuesday. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. The rules included in this release that protect against the exploitation of many of these vulnerabilities are 63858 – 63861 and 63864 - 63878. There are also Snort 3 rules 300980 – 300988. Talos’ Vulnerability Roundup also has technical details on the eight CLIPSP.SYS vulnerabilities. 

**Top security headlines of the week **

**Secure messaging app Signal is now blocked in Venezuela and Russia, limiting a popular communication channel for activists and protestors in those countries.** In Russia, government officials have said that the app violates the country’s privacy legislation, while in Venezuela, the block comes after weeks of protests over the country’s disputed presidential election results. Signal is a popular option for users looking for encrypted messaging or hoping to avoid government censorship. The app told users that they could circumvent these blocks by turning on the app’s “censorship circumvention” settings or using a VPN to create a new account. Venezuela’s ruling party has also ordered that access to X/Twitter be restricted for 10 days, and YouTube also experienced a widespread outage in Russia that the company said was “not as a result of any technical issues on our side or action taken by us.” (The Verge, Engadget) 

**The FBI has shut down dozens of servers and the main leak site associated with the Radar ransomware group (aka Dispossessor).** Radar started out as a threat actor known for taking data stolen by the LockBit ransomware operators and offering it for sale on dark web forums, but eventually became its own self-sufficient ransomware operation. In a press release announcing the takedown over the weekend, the FBI said that Radar particularly focused on small-to-mid-sized businesses and organizations from the production, education, healthcare, financial services and transportation sectors. They identified 43 victims across the U.S., U.K., Argentina, Australia, Brazil, Canada, Poland, Germany and more. The group’s infrastructure included three servers in the U.S., three servers in the U.K., 18 servers in Germany, and eight U.S.-based domains, all of which were seized and displayed a takedown message from the FBI at the time of the takedown. (Dark Reading, Inc.) 

**The head of the U.S. Cybersecurity and Infrastructure Security Agency used her time at the Black Hat conference to call on software makers to adopt a security-by-design practice.** Jen Easterly, speaking in the keynote section of one of the largest cybersecurity conferences in the world, said that “We don’t have a cybersecurity problem, we have a software quality problem.” Easterly said many technology companies have voluntarily adopted CISA’s secure-by-design standards, which pledges to bake cybersecurity and vulnerability reviews into the design process of all new hardware and software products. “The cybersecurity industry was created to solve a problem created by another set of vendors, the technology companies and software makers. For decades tech vendors have been allowed to create insecure software,” she said. She also called on Congress to establish what she called a “liability regime” to hold companies responsible for designing insecure products and providing support to companies that due adhere to cybersecurity standards. (Inside AI Policy, CyberScoop)  

**Can’t get enough Talos? **

*   A refresher on Talos’ open-source tools and the importance of the open-source community 
*   Current attacks, targets, and other threat landscape trends 
*   As AI transforms cybersecurity, Cisco’s Martin Lee has only one piece of advice for IT managers: expect the unexpected 
*   Cisco Integrated Talos Threat Intelligence for All Splunk Users 

**Upcoming events where you can find Talos **

**_BSides Krakow_** **_(Sept. 14)_**  

_Krakow, Poland_ 

**_LABScon_** **_(Sept. 18 - 21)_** 

_Scottsdale, Arizona_

**_VB2024_** **_(Oct. 2 - 4)_**

_Dublin, Ireland_

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0  
**MD5:** 8c69830a50fb85d8a794fa46643493b2  
**Typical Filename:** AAct.exe  
**Claimed Product:** N/A  
**Detection Name:** PUA.Win.Dropper.Generic::1201

**SHA 256:** 161937ed1502c491748d055287898dd37af96405aeff48c2500b834f6739e72d  
**MD5:** fd743b55d530e0468805de0e83758fe9  
**Typical Filename:** KMSAuto Net.exe  
**Claimed Product:** KMSAuto Net  
**Detection Name:** W32.File.MalParent

**SHA 256:** 24283c2eda68c559f85db7bf7ccfe3f81e2c7dfc98a304b2056f1a7c053594fe  
**MD5:** 49ae44d48c8ff0ee1b23a310cb2ecf5a  
**Typical Filename:** nYzVlQyRnQmDcXk  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

**SHA 256:** bea312ccbc8a912d4322b45ea64d69bb3add4d818fd1eb7723260b11d76a138a  
**MD5:** 200206279107f4a2bb1832e3fcd7d64c  
**Typical Filename:** lsgkozfm.bat  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

AI, election security headline discussions at Black Hat and DEF CON

Ubuntu Security Notice 6961-1 - It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. It was discovered that BusyBox incorrectly managed memory when evaluating certain awk expressions. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6961-1August 14, 2024busybox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in BusyBox.Software Description:- busybox: Tiny utilities for small and embedded systemsDetails:It was discovered that BusyBox did not properly validate user input whenperforming certain arithmetic operations. If a user or automated systemwere tricked into processing a specially crafted file, an attacker couldpossibly use this issue to cause a denial of service, or execute arbitrarycode. (CVE-2022-48174)It was discovered that BusyBox incorrectly managed memory when evaluatingcertain awk expressions. An attacker could possibly use this issue to causea denial of service, or execute arbitrary code. This issue only affectedUbuntu 24.04 LTS. (CVE-2023-42363, CVE-2023-42364, CVE-2023-42365)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   busybox                         1:1.36.1-6ubuntu3.1   busybox-initramfs               1:1.36.1-6ubuntu3.1   busybox-static                  1:1.36.1-6ubuntu3.1Ubuntu 22.04 LTS   busybox                         1:1.30.1-7ubuntu3.1   busybox-initramfs               1:1.30.1-7ubuntu3.1   busybox-static                  1:1.30.1-7ubuntu3.1Ubuntu 20.04 LTS   busybox                         1:1.30.1-4ubuntu6.5   busybox-initramfs               1:1.30.1-4ubuntu6.5   busybox-static                  1:1.30.1-4ubuntu6.5In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6961-1   CVE-2022-48174, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365Package Information:   https://launchpad.net/ubuntu/+source/busybox/1:1.36.1-6ubuntu3.1   https://launchpad.net/ubuntu/+source/busybox/1:1.30.1-7ubuntu3.1   https://launchpad.net/ubuntu/+source/busybox/1:1.30.1-4ubuntu6.5

Ubuntu Security Notice USN-6961-1

Feberr version 13.4 suffers from an ignored default credential vulnerability.

**Feberr 13.4 Insecure Settings**

Posted Aug 15, 2024

Authored by indoushka

Feberr version 13.4 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 2e393c441ce609493774dac1c3e5f681c5ce98d1b3702bb114041fdb03335768

Download | Favorite | View

**Feberr 13.4 Insecure Settings**

    ====================================================================================================================================| # Title     : Feberr v13.4 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user&pass: admin[+] https://www/127.0.0.1/nexuscriptscom/admin/pwa-settingsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Tag

#perl