Nytro

WhatsApp for Windows lets Python, PHP scripts execute with no warning By Bill Toulas A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. For the attack to be successful, Python needs to be installed, a prerequisite that may limit the targets to software developers, researchers, and power users. The problem is similar to the one affecting Telegram for Windows in April, which was initially rejected but fixed later, where attackers could bypass security warnings and perform remote code execution when sending a Python .pyzw file through the messaging client. WhatsApp blocks multiple file types considered to carry a risk to users but the company tells BleepingComputer that it does not plan to add Python scripts to the list. Further testing by BleepingComputer shows that PHP files (.php) are also not included in WhatsApp's blocklist. Python, PHP scripts not blocked Security researcher Saumyajeet Das found the vulnerability while experimenting with file types that could be attached to WhatsApp conversations to see if the application allows any of the risky ones. When sending a potentially dangerous file, such as .EXE, WhatsApp shows it and gives the recipient two options: Open or Save As. WhatsApp options for executable files source: BleepingComputer.com However, when trying to open the file, WhatsApp for Windows generates an error, leaving users only the option to save the file to disk and launch it from there. In BleepingComputer tests, this behavior was consistent with .EXE, .COM, .SCR, .BAT, and Perl file types using the WhatsApp client for Windows. Das found that WhatsApp also blocks the execution of .DLL, .HTA, and VBS. For all of them, an error occurred when trying to launch them directly from the app by clicking "Open." Executing them was possible only after saving to disk first. Launching .EXE from WhatsApp client fails source: BleepingComputer Talking to BleepingComputer, Das said that he found three file types that the WhatsApp client does not block from launching: .PYZ (Python ZIP app), .PYZW (PyInstaller program), and .EVTX (Windows event Log file). BleepingComputer's tests confirmed that WhatsApp does not block the execution of Python files and discovered that the same happens with PHP scripts. If all the resources are present, all the recipient needs to do is to click the "Open" button on the received file, and the script executes. Das reported the problem to Meta on June 3 and the company replied on July 15 saying that the issue had already been reported by another researcher and should have already been fixed. When the researcher contacted BleepingComputer, the bug was still present in the latest WhatsApp release for Windows, and we could reproduce it on Windows 11, v2.2428.10.0. "I have reported this issue to Meta through their bug bounty program, but unfortunately, they closed it as N/A. It's disappointing, as this is a straightforward flaw that could be easily mitigated," explained the researcher. BleepingComputer reached out to WhatsApp for clarification about the reason for dismissing the researcher's report, and a spokesperson explained that they didn't see it as a problem on their side, so there were no plans for a fix: "We've read what the researcher has proposed and appreciate their submission. Malware can take many different forms, including through downloadable files meant to trick a user." "It's why we warn users to never click on or open a file from somebody they don't know, regardless of how they received it — whether over WhatsApp or any other app." The company representative also explained that WhatsApp has a system in place to warn users when they're messaged by users not in their contact lists, or whom have phone numbers registered in a different country. Nevertheless, if a user's account is hijacked, the attacker can send to everyone in the contact list malicious scripts that are easier to execute straight from the messaging app. Furthermore, these types of attachments could be posted to public and private chat groups, which could be abused by threat actors to spread malicious files. Responding to WhatsApp rejecting the report, Das expressed disappointment with how the project handled the situation. "By simply adding the .pyz and .pyzw extensions to their blocklist, Meta can prevent potential exploitation through these Pythonic zip files," the researcher said. He added that by addressing the issue WhatsApp "would not only enhance the security of their users but also demonstrate their commitment to promptly resolving security concerns. BleepingComputer contacted WhatsApp to alert them that the PHP extension is also not blocked but has not received a response at this time. Sursa: https://www.bleepingcomputer.com/news/security/whatsapp-for-windows-lets-python-php-scripts-execute-with-no-warning/

Am inteles nivelul tau. Succes in ceea ce faci, o sa ai nevoie.

Vrei sa zici IMSI?

Legenda criminalitatii cibernetice, IMEI-u nu e ciclu la femei.

Sa ma bata mama, nici drogurile nu mai sunt ce au fost, nu mai bagati toate mizeriile.

Search: https://bf.based.re/

Serverul se zbate sub usage, m-au sunat de la OVH ca e DDOS 8696 www-data 20 0 343584 80060 55552 S 3.7 0.2 3:52.19 apache2 19910 mysql 20 0 4759768 1.1g 10920 S 3.0 3.7 96899:03 mysqld

The entire database for the notorious #BreachForums v1 #hacking #forum was released on #Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. Tweet: https://x.com/sky31337/status/1816105295396880658

O zi productiva pentru forum, una cu multe conturi noi inregistrate

I missed this shit ❤️

Opera rullez! Glumesc, foloseam cand eram mic pe telefon, se chema mini opera. A, si cand descarcam torrrente cu el ❤️

Nu vreau sa te sperii, dar sunt camere pe elicoptere cu care se pot da amenzi pentru trafic (am vazut asta pe un forum underground de hackeri: Digi24 ii zice). Dar nu inteleg de ce iti e frica, banuiesc ca la Urus ai numere de inmatriculare false. Si ca nu arunci cojile de seminte pe geam. Lasand caterinca la o parte, am cunoscut multi participanti la RoCSC si sunt in top in Romania in materie de technical skills. De hacking. Nu de scamatorii gen alba-neagra.

Cel putin noi nu stam zi de zi cu grija ca ne salta cineva. Ca sa nu mai zic de aplicatia Lidl, e top!

Unii baieti plecati de acolo au ajuns sa castige bani foarte frumosi. Legal. Conteaza asta, cat timp oricum legile nu se respecta?

Saptamana aceasta se desfasoara bootcamp-ul de pregatire si de desemnare al echipei Romaniei pentru participarea la ECSC: https://ecsc.eu/ Pe scurt, pentru cei care nu stiu despre ce e vorba: tineri cu varsta de pana la 25 de ani participa la concursuri de tip CTF in tara si la final se desemneaza o echipa a tarii care o v reprezenta la etapa finala: ECSC, un concurs pe tari la "security". E un fel de campionat european la fotbal, doar ca pe "security". Pentru cei cu varsta de pana in 25 de ani, dar nu numai, va recomand sa aruncati un ochi. E frumos sa fii un "Hagi" al Romaniei si sa reprezinti tara. Detalii: https://www.rocsc.ro/

Join the largest cybersecurity conference from CEE November 28th-29th Palace of the Parliament | Bucharest, Romania https://def.camp/

Pe vremea cand eram activi eram tineri si fara responsabilitati. Azi avem job-uri, familii si alte griji. Asteptarile noastre sunt de la cei tineri, sa se faca remarcati. Normal, nu sa se faca remarcati ca fiind arstati ci prezentand la o conferinta precum Defcon sau Blackhat, sau cel putin la Defcamp, la noi acasa. E interesanta povestea, ti-am zis punctul meu de vedere, ceea ce face acel prieten al tau e business si nu are nicio legatura cu hacking-ul. Are legatura cu anumite infractiuni care se fac cu acele cartele, da, dar nu e nimic "hacking" acolo. In schimb povestea e interesanta si se pot invata lucruri din ea: iei ceva ieftin, faci ceva cu el, vinzi mai scump = profit. Un fel de dropshipping. Referitor la forum, nu ne dorim sa atragem astfel de persoane. Sau sa le indrumam sa faca astfel de mizerii. Poate sunt cativa care au scapat, dar multi au ajuns prin puscarii. Poate nu stau toata viata in puscarii, dar nu cred ca merita nici macar un an de puscarie pentru niste bani. Cu cateva mii de euro salariu la o multinationala poti fi foarte fericit. Hacking pentru mine inseamna ceva cu totul diferit, si fata de ce intelegi tu, si fata de ce inteleg multi altii. Pentru mine "hacking" se refera la partea de "research". Sa descoperi ceva nou. Sa aduci ceva in lumea asta de care sa poata profita toata lumea. Sau care sa fie doar fun. Exemplu: Nu totul se rezuma la bani. Daca ar fi aici doar oameni ca tine, ca doar asteapta ceva la schimb, informatii sau tool-uri pe care sa le poata folosi (ceea ce noi numeam "leecheri") forumul ar fi pustiu. Oamenii pe care ii mentionezi tu nu au nimic de oferit. Ei vor doar sa faca bani, poate chiar sa profite de membrii forumului pentru asta. Asadar, noi asteptam in continuare aici oameni dornici sa invete ceva dar si sa contribuie. Acel "offer something back to the community", lucru demult uitat...

Suna mai mult a business decat a hackereala. Da, de acord, acele servicii sunt folosite pentru cine stie ce lucruri, dar la baza astea sunt niste afaceri. Nu e tocmai "furt", sau ceva care sa fie descris din start drept ilegal. Dar cred ca si in aceste cazuri e ca la startup-uri: foarte putini au succes. Multi incearca, dar putini reusesc. Existau si in trecut metode sa te poti ascunde, dar cunstiintele tuturor erau limitate. Era vremea la care se descopereau lucruri. In prezent exista multa informatie disponibila, dar, inca o data - ca si in business, ai nevoie de O IDEE ca sa faci bani. Asta poate functiona si legal. Normal, nu incurajez pe nimeni sa faca ceva ilegal, indiferent ce inseamna asta. Din punctul meu de vedere in ziua de azi o poti duce foarte bine pe calea legala. Nu cred ca "ai nevoie" de milioane de dolari ca sa o duci bine. Dar daca chiar ai nevoie si esti destept, o poti face si legal.

Din cate am vazut eu nu prea bubuie. Adica se fac aceleasi mizerii care se faceau acum X ani. Furt de carduri din diverse surse, instalat ransomware si cerut bani sau tot felul de alte porcarii. Mie mi se pare ca "lumea" intelege mai bine lucrurile astea si nu se mai arunca toti cu "Da bro, iti trimit avans 5000 de USD pentru Lamborghini ala de zici ca mi-l vinzi cu 25000", cum se facea in tineretea mea, fiind din Valcea. Eu nu mai urmaresc nimic, doar ce apare public, nu mai stiu de alte forumuri sau de grupuri, vad ce apare in presa. Si nu vad nimic impresionant. Bine, exista si cazurile speciale, cu baetii care descopera 0days si le vand pe bani frumosi. Acestia sunt hackeri. Nu cei care le folosesc. Tot pe vremea mea li se zicea script kiddies, tocmai pentru ca nu posedau cine stie ce cunostiinte tehnice. @sefu9581 - Sa inteleg ca ai facut milioane? Din partea mea, felicitari celor care se descurca, cat timp: 1. Nu fac lucruri nasoale, in sensul ia banii corporatiilor, dar nu ai oamenilor de rand. Si lucruri care sa afecteze vietile oamenilor simple (gen ransomware la spitale...) 2. Nu dau in romanii nostri, care oricum in general sunt mai amarati Problema pe partea asta blackhat, indiferent de cum o vede lumea, e partea de "liniste". Din moment ce Escobar a fost prins, ma astept sa poata fi prins oricine. Indiferent de ce metode foloseste. Eu sunt genul care prefera linistea in locul unor sume mai mari de bani, si nici nu pot sa ma plang de lipsa banilor, desi nu sunt ei milioane.

Genial! Toate datele sunt aflate pe baza multiplelor incercari? Daca o persoana nu reactioneaza in vreun fel (e.g. comment-uri), sunt sanse sa i se blocheze contul pe baza postarilor existente? Nu se ia in considerare faptul ca niste useri trimite sute de reporturi?

Nu stiu despre ce e vorba, dar acest "dark web", mi s-a parut o mizerie. Intrasem si eu acum ani de zile, sperand sa invat lucruri despre security, dar e plin de copii copaci.

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server Bharat Jogi, Senior Director, Threat Research Unit, Qualys July 1, 2024 - 5 min read Table of Contents About OpenSSH: Securing Enterprise Communications and Infrastructure Affected OpenSSH versions: Potential Impact of regreSSHion Immediate Steps to Mitigate Risk Technical Details Qualys QID Coverage Discover Vulnerable Assets Using Qualys CyberSecurity Asset Management (CSAM) Enhance Your Security Posture with Qualys Vulnerability Management, Detection, and Response (VMDR) Gain exposure visibility and remediation tracking with the regreSSHion Unified Dashboard Automatically Patch regreSSHion vulnerability With Qualys Patch Management Frequently Asked Questions (FAQs) The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base. Interestingly, over 0.14% of vulnerable internet-facing instances with OpenSSH service have an End-Of-Life/End-Of-Support version of OpenSSH running. In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1). Articol complet: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

Nu ma asteptam sa fie american, ci dintr-o tara unde nu prea isi fac griji cu legile (cel putin cu astea referitoare la tastaturi si mousi).

Pagina de Facebook a unei cunoscute mănăstiri din județul Suceava a fost spartă de hackeri. Infractorii cibernetici au înlocuit postările cu rugăciuni cu poze și filme pentru adulți. https://www.digi24.ro/stiri/actualitate/social/hackerii-au-atacat-pana-si-pagina-de-facebook-a-unei-manastiri-din-suceava-au-pus-filme-pentru-adulti-in-loc-de-rugaciuni-2839469

Nice, au gasit ceva si in HuggingFace https://www.wiz.io/blog/wiz-and-hugging-face-address-risks-to-ai-infrastructure