#auth

Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements.

Emerging RaaS operation uses Rhysida ransomware paired with a wicked infostealer called Lumar, researchers warn.

### Impact An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the host system. ### Details Through the WEB CLI interface provided by koko, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. ``` admin> const { execSync } = require("child_process") admin> console.log(execSync("id; hostname;").toString()) uid=0(root) gid=0(root) groups=0(root) jms_koko admin> ``` ### Patches Safe versions: - v2.28.20 - v3.7.1 ### Workarounds It is recommended to upgrade the safe versions. After upgrade, you can use the same method to check whether the vulnerability is fixed. ``` admin> console.log(execSync("id; hostname;").toString()) /bin/sh: line 1: /bin/hostname: Permission denied ``` ### References Thanks for **Oskar Zeino-Mahmalat** of [Sonar](https://sonarsource.com/) found an...

By Owais Sultan Dive into Manchester’s vibrant influencer marketing scene. Discover key strategies, leading influencer marketing agencies, and how brands are… This is a post from HackRead.com Read the original post: The Evolution of Influencer Marketing in Manchester, UK

### Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. > The passwords are *not* exposed in plaintext. > Nautobot 1.x is *not* affected by this vulnerability. Example: ``` GET /api/users/permissions/?depth=1 HTTP 200 OK API-Version: 2.0 Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS Content-Type: application/json Vary: Accept ``` ```json { "count": 1, "next": null, "previous": null, "results": [ { "id": "28ea85e4-5039-4389-94f1-9a3e1c787149", "object_type": "users.objectpermission", "display": "Run Job", "url": "http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/", "natural_slug": "run-job_28ea", "object_types": [ "extras.job" ], "name": ...

### Summary The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. It is possible to use this for "Blind SSRF" on the WMS endpoint to steal NetNTLMv2 hashes via file requests to malicious servers. ### Details This vulnerability requires: * WMS Settings dynamic styling being enabled * Security URL checks to be disabled, or to be enabled and allowing ``file:\\*`` access ### Impact This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. ### Mitigation The ability to reference an external URL location is defined by the WMS standard GetMap, GetFeatureInfo and GetLegendGraphic operations. These operations are defined by an Industry and International standard and cannot be redefined...

By Deeba Ahmed The critical API security flaws in the social sign-in and OAuth (Open Authentication) implementations affected high-profile companies like… This is a post from HackRead.com Read the original post: Social Login Flaws in Popular Websites Risked Billions of User Accounts

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: hong kong Tags: malware Tags: whatsapp Tags: telegram Ads on Google for popular communication apps are used as a lure to compromise the devices of people from Hong Kong. (Read more...) The post Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram appeared first on Malwarebytes Labs.

WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.

National response team attributes reduction to a cyber workforce with better training.