Apple Security Advisory 09-16-2024-9 - macOS Sonoma 14.7 addresses buffer overflow, bypass, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-9 macOS Sonoma 14.7

macOS Sonoma 14.7 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121247.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Accounts  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with improved permissions logic.  
CVE-2024-44153: Mickey Jin (@patch1t)

App Intents  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive data logged when a  
shortcut fails to launch another app  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44182: Kirin (@Pwnrin)

AppleGraphicsControl  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted video file may lead to  
unexpected app termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-40846: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative  
CVE-2024-40845: Pwn2car working with Trend Micro Zero Day Initiative

AppleGraphicsControl  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: A memory initialization issue was addressed with improved  
memory handling.  
CVE-2024-44154: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to access sensitive user data  
Description: The issue was addressed with additional code-signing  
restrictions.  
CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to bypass Privacy preferences  
Description: This issue was addressed with improved checks.  
CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A library injection issue was addressed with additional  
restrictions.  
CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity  
Available for: macOS Sonoma  
Impact: An attacker may be able to read sensitive information  
Description: A downgrade issue was addressed with additional code-  
signing restrictions.  
CVE-2024-40848: Mickey Jin (@patch1t)

AppleVA  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted video file may lead to  
unexpected app termination  
Description: An out-of-bounds write issue was addressed with improved  
bounds checking.  
CVE-2024-40841: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

AppSandbox  
Available for: macOS Sonoma  
Impact: An app may be able to access protected files within an App  
Sandbox container  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44135: Mickey Jin (@patch1t)

Automator  
Available for: macOS Sonoma  
Impact: An Automator Quick Action workflow may be able to bypass  
Gatekeeper  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-44128: Anton Boegler

bless  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44151: Mickey Jin (@patch1t)

Compression  
Available for: macOS Sonoma  
Impact: Unpacking a maliciously crafted archive may allow an attacker to  
write arbitrary files  
Description: A race condition was addressed with improved locking.  
CVE-2024-27876: Snoolie Keffaber (@0xilis)

Dock  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed by removing sensitive data.  
CVE-2024-44177: an anonymous researcher

Game Center  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A file access issue was addressed with improved input  
validation.  
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted file may lead to unexpected app  
termination  
Description: An out-of-bounds read issue was addressed with improved  
input validation.  
CVE-2024-27880: Junsung Lee

ImageIO  
Available for: macOS Sonoma  
Impact: Processing an image may lead to a denial-of-service  
Description: An out-of-bounds access issue was addressed with improved  
bounds checking.  
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero  
Day Initiative, an anonymous researcher

Intel Graphics Driver  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

Intel Graphics Driver  
Available for: macOS Sonoma  
Impact: Processing a maliciously crafted texture may lead to unexpected  
app termination  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day  
Initiative

IOSurfaceAccelerator  
Available for: macOS Sonoma  
Impact: An app may be able to cause unexpected system termination  
Description: The issue was addressed with improved memory handling.  
CVE-2024-44169: Antonio Zekić

Kernel  
Available for: macOS Sonoma  
Impact: Network traffic may leak outside a VPN tunnel  
Description: A logic issue was addressed with improved checks.  
CVE-2024-44165: Andrew Lytvynov

Mail Accounts  
Available for: macOS Sonoma  
Impact: An app may be able to access information about a user's contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps  
Available for: macOS Sonoma  
Impact: An app may be able to read sensitive location information  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder  
Available for: macOS Sonoma  
Impact: An app may be able to cause a denial-of-service  
Description: A logic error was addressed with improved error handling.  
CVE-2024-44183: Olivier Levon

Notes  
Available for: macOS Sonoma  
Impact: An app may be able to overwrite arbitrary files  
Description: This issue was addressed by removing the vulnerable code.  
CVE-2024-44167: ajajfxhj

PackageKit  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: This issue was addressed with improved validation of  
symlinks.  
CVE-2024-44178: Mickey Jin (@patch1t)

Safari  
Available for: macOS Sonoma  
Impact: Visiting a malicious website may lead to user interface spoofing  
Description: This issue was addressed through improved state management.  
CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox  
Available for: macOS Sonoma  
Impact: A malicious application may be able to access private  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44163: Zhongquan Li (@Guluisacat)

Sandbox  
Available for: macOS Sonoma  
Impact: A malicious application may be able to leak sensitive user  
information  
Description: The issue was addressed with improved checks.  
CVE-2024-44125: Zhongquan Li (@Guluisacat)

Security Initialization  
Available for: macOS Sonoma  
Impact: An app may be able to access protected user data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-40801: Zhongquan Li (@Guluisacat), Pedro José Pereira Vieito  
(@pvieito), an anonymous researcher

Shortcuts  
Available for: macOS Sonoma  
Impact: A shortcut may output sensitive user data without consent  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts  
Available for: macOS Sonoma  
Impact: An app may be able to observe data displayed to the user by  
Shortcuts  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

sudo  
Available for: macOS Sonoma  
Impact: An app may be able to modify protected parts of the file system  
Description: A logic issue was addressed with improved checks.  
CVE-2024-40860: Arsenii Kostromin (0x3c3e)

System Settings  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings  
Available for: macOS Sonoma  
Impact: An app may be able to read arbitrary files  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

Transparency  
Available for: macOS Sonoma  
Impact: An app may be able to access user-sensitive data  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport  
We would like to acknowledge David Dudok de Wit for their assistance.

macOS Sonoma 14.7 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboywEACgkQX+5d1TXa  
IvrDjxAA2tgRLOOTvFpZrVW/HEBxwCFUn7UkzXyfgUTuqntjSvmsc/pyVmPDpnOM  
UnLhZ4d3B6v44MSelhxSbomtGkggQfYAvcNmlPDk+yMMS0K5yRBJ3dobEt4e53Wj  
9DQl2cQfHxop3uaLRFRTRy5Wk46xIZcsPS3Obb0kLAZpnzD1K2UQ5tIgEVF2ETqi  
SaRlrjqsgiauG/qZ8pzJjQSB1/iNBJCf4TBMBmHHJ91zAVOiYxvVcIAcBl1cBK4m  
UU6Z0vF1NmNCTAu/8KPP0Y6AD5tM7ZrkotU1yTP8uey4r3Ec8XrZqzhTH05sMI5V  
Xt98UeRNl2EJQAJR2Wjfsa2u255SvJ9VJpOGpTff9npsP5c6a7fup2mcKSVmCJHG  
FxFoU9WC2Lx2fsb7kBZXx5y4+/lwKBh8gQBkqOB4vttUZIYwp/rwXJtBvwkSb3E+  
2MTYly0SAAAbwrGoImKsskbiOxB+Ebry2cZ4Rg8rKKwQIfpjpgCb2U97Ue1zCU/S  
lHCObpyD0HtDD13zYw3NXfbrcWS195WhLdgtVl9XJz90pQQwdcINzubGhILmabpl  
Q+QXoSuKNi0ooy9qO8yEmQdzF0swD/FZMqTmF6FFtFby4NpY6ooapHHyhJOGeqSn  
/Poj2T/Ay/xaX7VL2fUPU9n0KTNtp+HgvgpzMX31HpBNXo/96Eo=  
=YUrh  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-9

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

Source: Aleksia via Alamy Stock Photo

Google has patched a flaw in its Google Cloud Platform (GCP) that attackers could have exploited to execute a supply chain attack on millions of customer cloud servers, simply by deploying a single malicious code package.

Researchers from Tenable discovered the remote code execution (RCE) vulnerability, dubbed "CloudImposer," that attackers could have used to hijack an internal software dependency affecting GCP services, they revealed in analysis published Sept. 16.

Specifically, the flaw was found in GCP's Cloud Composer service for orchestrating software pipelines, but it also affected the Google services App Engine and Cloud Function. The flaw created a scenario called a dependency confusion, a technique discovered several years ago but widely misunderstood even by cloud platform providers, according to Tenable.

A dependency confusion attack, first discovered by security researcher Alex Birsan in 2021, starts when an attacker creates a malicious software package, gives it the same name as a legitimate internal package, and publishes it to a public repository.

"When a developer's system or build process mistakenly pulls the malicious package instead of the intended internal one, the attacker gains access to the system," Tenable senior security researcher Liv Matan explained in the analysis. "This attack exploits the trust developers place in package management systems and can lead to unauthorized code execution or data breaches."

He added: "There’s a surprising and concerning lack of awareness about it and about how to prevent \[dependency confusion\], even among leading tech vendors like Google. And unfortunately, this type of dependency can be exploited to execute supply chain attacks in the cloud that "are exponentially more harmful than on-premises."

"For example, one malicious package in a cloud service can be deployed to — and harm — millions of users," Matan observed. In essence, then, one single faulty command in GCP could potentially have created a ripple affect across myriad cloud deployments, giving attackers access to customers' enterprise cloud environments.

Tenable's findings were first presented in a session by Matan at Black Hat USA in August called "The GCP Jenga Tower: Hacking Millions of Google's Servers With a Single Package (and More)," — one a Dark Reading expert advised not to miss at the conference. However, he published his full analysis on Tenable's blog only this week.

**Risky Documentation Leads to Flaw**

The first sign of the flaw was Google documentation regarding GCP and the Python Software Foundation that introduced the possibility of dependency confusion in cloud deployments, according to Tenable. The researchers dug further and found that Google itself applied the same risky implementation advice to GCP, introducing the flaw.

Specifically, Google advised users who want to use private Python packages in the GCP services App Engine, Cloud Function and Cloud Composer services to use what's called the "--extra-index-url" argument.

"This argument looks for the public registry (PyPI) in addition to the specified private registry from which the application or user intends to install the private dependency," Matan explained. "This behavior opens the door for attackers to carry out a dependency confusion attack."

The researchers inferred that there are "numerous GCP customers" who followed Google's risky guidance, as well as ultimately discovered that Google itself took its own advice when installing private packages in their own internal services.

Specifically, Tenable researchers found that Google used the risky --extra-index-url argument to install a private code package missing from the public registry in a way "that allows attackers to upload a malicious package to the public registry, and take over the pipeline," Matan wrote.

**Google Fix & Other Mitigations**

The researchers responsibly disclosed both the documentation and the CloudImposer RCE vulnerability to Google, which promptly responded and took action, according to Tenable. Specifically, Google fixed the vulnerable script in Google Cloud Composer that was utilizing the --extra-index-url argument when installing a private package from a private registry.

The company also inspected the checksum of vulnerable package instances and notified Tenable that, as far as Google knows, there is no evidence that the CloudImposer was ever exploited, Matan noted.

Google also acknowledged that while the exploit code that Tenable developed ran in Google's internal servers, it's likely that it would not have run in customers' environments because it wouldn't pass the integration tests.

Further, the company fixed the risky documentation, now recommending that GCP customers use the --index-url argument instead of the --extra-index-url argument, and the tech giant has adopted Tenable's suggestion to recommend that GCP customers use the GCP Artifact Registry's virtual repository to safely control the Python package manager search order, Matan noted.

GCP customers should analyze their environments for their package installation process to prevent breaches, specifically searching for the use of the --extra-index-url argument in Python to ensure they are not vulnerable to a dependency confusion attack.

Matan concluded: "A combination of responsible security practices by both cloud providers and cloud customers can mitigate many risks associated with cloud supply chain attacks."

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'CloudImposer' Flaw in Google Cloud Affected Millions of Servers

Genetic testing company 23andMe will pay $30 million over a 2023 data breach which ended in millions of customers having data exposed.

Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed.

In October 2023, we reported on how information belonging to as many as seven million 23andMe customers turned up for sale on criminal forums following a credential stuffing attack against 23andMe.

23andMe said that cybercriminals had stolen profile information that users had shared through its DNA Relatives feature, an optional service that lets customers find and connect with genetic relatives.

In December 2023, 23andMe admitted that some genetic and health data might have been accessed during that breach. To dodge responsibility, the company wrote a letter to legal representatives of those affected by the breach, laying the blame at the feet of victims themselves.

23andMe also neglected to tell customers with Chinese and Ashkenazi Jewish ancestry that the cybercriminal appeared to have specifically targeted them, posting their information for sale on the dark web.

In January 2024, customers filed a class action lawsuit against 23andMe in a San Francisco court, alleging the company failed to protect their privacy. The result of that lawsuit is the settlement.

What immediately jumped out in the settlement is the title of one of the chapters:

> “THE SETTLEMENT IS THE RESULT OF ZEALOUS ADVOCACY AND SKILLFUL NEGOTIATION”

What does that mean? Well, the $30 million is apparently all that 23andMe can afford to pay. And that’s only because the expectation is that cyberinsurance will cover $25 million.

The market value of the company has plummeted, and revenue declined. This decline had already set in prior to the incident, but it definitely didn’t help to improve the situation.

The court has not yet approved the settlement, but it’s expected that 23andMe will pay $30 million into a fund for customers whose data was compromised, as well as provide them with identity and genetic monitoring.

Other countries, like Canada and the UK have announced they will undertake a joint investigation into the data breach.

According to Malwarebytes’ data, over 3 million people were affected by the data breach, so none of the victims should expect to get rich because of this settlement.

On the dark web, the data is offered for sale in three separate data sets. A general set that includes 2,763,569 records, one belonging to Ashkenazi-based users (835,708 records), and one allegedly belonging to China-based users of 23andMe (68,541 records).

If you want to find out if your personal data was exposed through this breach, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you used to register and 23andMe) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 23andMe to pay $30 million in settlement over 2023 data breach 

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

**IFSC Code Finder Portal 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c8714f261d6bcdc7f5ee89b4f1473342ced816a03f174b9a8bc607a329616e0

Download | Favorite | View

**IFSC Code Finder Portal 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : IFSC Code Finder Portal v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/ifsc-code-finder-project-using-php/                                                                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = Test@123[+] http://127.0.0.1/ifscfinder/admin/login.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

IFSC Code Finder Portal 1.0 Insecure Settings

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

**GYM Management System 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 5ee11f413d4f6dbbb71c2d782424145f8284d96790518d7c0e3923c5bd409844

Download | Favorite | View

**GYM Management System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : GYM Management System 1.0 Insecure Settings Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/gym-management-system-using-php-and-mysql/                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin@gmail.com      Password: Test@123[+] http://127.0.0.1/agms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

GYM Management System 1.0 Insecure Settings

PRESS RELEASE

September 11, 2024—Tampa, Fla— Cyber Florida at USF, in partnership with Cisco and WiCyS (Women in Cybersecurity), proudly hosted the premiere of the Do We Belong Here? documentary last night at the historic Tampa Theatre. The cybersecurity community showed strong support, with more than 200 attendees, including Cyber Florida at USF partners and documentary participants who traveled from out of town, gathering in person to watch the production. The event culminated nearly 18 months of planning, interviews, and relationship-building.

The 90-minute documentary, inspired by the popular Do We Belong Here? podcast, highlights the experiences of women and other underrepresented groups in the cybersecurity industry. Attendees were moved by the inspirational stories of perseverance and success shared by leading female cybersecurity practitioners, executives, and CISOs from top companies and organizations who generously contributed to the project.

While women's participation in the cybersecurity industry is growing, women still only representation about 20-25% of the cybersecurity workforce, according to ISC2. 

“This film represents the heart of what we’re striving for in cybersecurity—diversity, inclusion, and the understanding that everyone belongs here,” said Sarina Gandy, co-producer of the documentary and a key voice in its creation.

Following the screening, a lively Q&A panel with the podcast team took place, featuring:

·    Pam Lindemoen, Chief Information Security Officer Advisor, Cisco

·    Tashya Denose, Reality Labs Security Program Manager, Meta

·    Sarina Gandy, Cyber Communications & Marketing Analyst and Do We Belong Here Podcast Producer, Cyber Florida at USF

·    Rex Wilson, Brand Manager, Cyber Florida at USF

The documentary is available to watch on the Cyber Florida at USF YouTube channel.

Interviews with documentary participants and the podcast team can be arranged with Cyber Outreach Manager Jennifer Kleman, APR, CPRC at \[email protected\].

ABOUT CYBER FLORIDA AT UF  
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate both current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

Cybersecurity Community Celebrates Documentary Premiere at Tampa Theatre

As the 104th season of the National Football League kicks off, expect cyberattacks aimed at its customers, players, and arenas.

Source: Illus\_man via Shutterstock

This past weekend, the National Football League kicked off its 2024 season, and while the sport itself has remained the same, mainly — hello, new kicking rules — the technological operations around games and players is constantly evolving, and face increasing cyber threats.

While all companies have a mix of digital and physical assets, sports teams have a unique cocktail of critical assets, especially as data has become increasingly the lifeblood of sports franchises in the NFL. Pervasive Wi-Fi in every stadium and cellular systems that allow, say, concessions to more easily handle demand means there's data to be collected on every aspect of venue operations. Technology also allows connections with fans that extend online, at home, and at stadiums through loyalty programs, biometric checks at venues, and experiences customized by QR codes on every stadium seat.

In addition to information on their fans, NFL teams have real-time data on players, brands that need protecting, and critical infrastructure relied on by arena operations and video broadcasters.

In all, it's a challenging logistical puzzle that requires continuous risk assessment, threat intelligence, and an agile IT team, says Brandon Covert, vice president of IT for the Cleveland Browns (and the area's professional soccer team, the Columbus Crew).

Related:Dark Reading Confidential: Pen Test Arrests, Five Years Later

"I started here 20 years ago, and there wasn't a whole lot of tech in our stadiums — they were all-cash, concrete buildings without a lot of technology," he says. "And now you see there's pervasive Wi-Fi ... and biometric payments and identification. All of these systems are inherently at risk, and we have to manage and mitigate that risk. The challenges \[that come along with\] tech just continue to grow, and get introduced to all areas of our business."

**A Game of Data**

The Cleveland Browns kicked off their game opener at their home stadium, the Huntington Bank Field, on Sept. 8. While the fans were focused on game day, the Browns' information-technology and security groups have been working year-round to ensure that the season remains free of technological glitches and safe from cyberattacks.

One of the thorniest issues is the need to secure increasing volumes of data, be that player data, broadcast feeds, transactional data, or customer information. Every iota of that information has value to cyberattackers, says Covert.

"Our charge being a sports organization — we have a really good bond with our fans and we get a lot of trust from our fans, probably elevated beyond what other industries see with their customers — so we want to be responsible and not be involved in any of those data breaches or loss of fan information, just from a brand and reputation standpoint for us," he says.

And indeed, stolen data on fans and players can appear on the Dark Web; plus, the rapid legalization of sports gambling has added potential monetary losses to the mix, ratcheting up the emotional rollercoaster ride for many fans, says Jake Aurand, counterintelligence lead for Binary Defense, a cyberthreat intelligence firm that counts the Cleveland Browns among its customers.

"Teams have a lot of customer information — whether it's biometric or credit card data from people purchasing game tickets — so we're constantly out there on the darknet looking to see if any of that data has been stolen and is being reposted somewhere on a forum," he says. "But what we're also doing is looking for \[potential threats on the\] physical side."

For instance, among the most major of concerns to operations continues to be ransomware, says Brad Garnett, director and general manager of the Talos Incident Response team at Cisco, which has a partnership with the NFL.

"Ransomware is not going anywhere," he says. "Anything that would impact the integrity of the game — whether that's football, baseball, basketball, or footy — anything that would attack the game's integrity or around infrastructure availability" is a concern for cyber defenders.

Cyberattacks on the operational systems of an arena or stadium could cause a broadcast outage or take an approach as simple as posting a bomb threat on a scoreboard, National Football League CISO Tomás Maldonado said in an interview in June.

"I think a lot of people don't fully appreciate the convergence between cyber physical and the ... ramifications of a cyber event ... they don't usually make that connection right off the bat," said Maldonaldo, who is securing his sixth season with the organization.

**A Game of 1s and 0s**

About half of the threats detected by the company have some cyber-physical component, but the other half are purely about data, Binary Defense's Aurand says. Using the Browns' branding to fool fans into purchasing fake merchandise or just giving up their payment card details are common scams, he says.

Teams should take an active approach to defense, he adds. There are tools for doing just that: CISA and the NFL conduct annual tabletop exercises to workshop incident response, for instance.

"You need a first line of defense put in place, ... looking for those attacks immediately, in real time and throwing them off or identifying them extremely quickly," Aurand says. "And two, you need to stop the attacker from being able to move any further in their attacks."

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

NFL Teams Block &amp; Tackle Cyberattacks in a Digital World

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

Posted Sep 13, 2024

Authored by indoushka

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

tags | exploit

SHA-256 | 4c0788f43b5ea94beac369a15563afe012375eb20121975b115510c93def998e

Download | Favorite | View

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Beauty Parlour & Saloon Management System 1.1 Insecure Cookie Handling Vulnerability                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The default username is admin & The chosen password is user123[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] Refresh the page http://127.0.0.1/studentms/admin/login.php or go to http://127.0.0.1/studentms/admin/dashboard.php Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,753)
*   Arbitrary (17,058)
*   BBS (2,859)
*   Bypass (1,912)
*   CGI (1,047)
*   Code Execution (7,889)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,422)
*   DoS (25,235)
*   Encryption (2,394)
*   Exploit (54,198)
*   File Inclusion (4,273)
*   File Upload (1,011)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,270)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,406)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,853)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,711)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,063)
*   Web (10,135)
*   Whitepaper (3,783)
*   x86 (970)
*   XSS (18,289)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,119)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,136)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,775)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

A cyberattack that shut down some of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023: It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others.

The Dark Nexus Between Harm Groups and ‘The Com’

The dangerous ransomware group is targeting financial and insurance sectors using smishing and vishing against IT service desk administrators, cybersecurity teams, and other employees with top-level privileges.

Source: Photo Spirit via Shutterstock

One of the world's most dangerous ransomware groups has been applying its hallmark savvy social engineering to targeted, sophisticated phishing attacks against financial and insurance companies, aiming to steal high-level permissions to cloud-based environments to ultimately deliver ransomware.

Scattered Spider has been using SMS and voice phishing — or smishing and vishing, respectively — attacks to target target high-privileged accounts, such as those of IT service desk administrators and cybersecurity teams. Attackers use the stolen credentials to compromise cloud-based services and ultimately gain access to victim environments for ransomware attacks, according to researchers at EclecticIQ.

"Scattered Spider frequently uses phone-based social engineering techniques … to deceive and manipulate targets, mainly targeting IT service desks and identity administrators," EclecticIQ Threat Intelligence Analyst Arda Büyükkaya wrote in a recent analysis. "The actor often impersonates employees to gain trust and access, manipulate MFA settings, and direct victims to fake login portals."

The attacks are so well-crafted that they often prompt unsuspecting identity administrators in charge of cloud infrastructures to enter credentials for VMware Workspace ONE, an application management and identity access policy platform, so attackers can gain unauthorized access even to accounts protected by multifactor authentication (MFA), Büyükkaya said.

**Cloud Services, SaaS in the Crosshairs**

Other ways Scattered Spider gains persistent access to cloud enviroments is to purchase stolen credentials, execute SIM swaps, and use cloud-native tools. In fact, the threat group is leveraging legitimate features of cloud infrastructure to carry out its nefarious activities, making their operations increasingly difficult to detect and counter, Büyükkaya noted.

"The cybercriminal group abuses legitimate cloud tools such as Azure’s Special Administration Console and Data Factory to remotely execute commands, transfer data, and maintain persistence while avoiding detection," he wrote.

The attacks observed by EclecticIQ targeted cloud-based services like Microsoft Entra ID and Amazon Web Services Elastic Computer Cloud, as well software as a service (SaaS) platforms such as Okta, ServiceNow, Zendesk, and VMware Workspace ONE "by deploying phishing pages that closely mimic single sign-on (SSO) portals," Büyükkaya wrote. These pages are delivered via socially engineered attacks that appear highly convincing — so much so that they even can fool cloud security engineers.

**Spinning a Complex Attack Web**

Scattered Spider, known also by Octo Tempest, made a significant name for itself in the ransomware game rather quickly. The group arrived on the scene in 2022 armed with sophisticated social-engineering techniques, an aptitude for understanding the psychology of Western business minds, and a command of native English — all of which it used as part of its heavy artillery. The group soon became infamous for the massive ransomware attacks on Caesars Palace and MGM Entertainment about a year later.

Scattered Spider teamed with BlackCat/Alphv ransomware early on but became a ransomware-as-a-service (RaaS) affilitate of RansomHub and Qilin earlier this year, after BlackCat/Alphv unceremoniously went dark in March, leaving affiliates in the lurch.

Of late, Scattered Spider has had global law enforcement, including the FBI, hot on its trail, and UK officials recently arrested a 17-year-old from the town of Walsall, UK, in July for his connection to the group.

The attacks outlined by EclecticIQ are the result of analysis conducted between 2023 and the second quarter of 2024, so it's as yet unclear how active Scattered Spider has been since that arrest. However, the research sheds new light on the complex web of attacks the group is capable of spinning to leverage identity compromise to target cloud environments successfully, the researchers noted.

**Defense and Mitigation**

EclecticIQ developed a specific framework outlining the ransomware deployment life cycle to help defenders thwart attacks by detailing the techniques used by the threat actor to infiltrate, persist, and execute ransomware within cloud environments. The accessibility of the cloud makes it a prime target for financially motivated criminals and has been the secret to success for Scattered Spider and other ransomware actors, according to Büyükkaya.

The company made a sweeping set of recommendations for organizations in terms of prevention, detection, and incident response that relate to but are not limited to: secure authentication; monitoring and alerts; hypervisor cloud resource security; firewall and network security; and other key and varied aspects that comprise an enterprise cloud environment.

Other recommendations made specifically focused on Scattered Spider's tendency to use phishing as its key method for initial access, advising organizations to regularly monitor for typosquatting domains. This includes their own organization’s legitimate domains, especially those targeting their own cloud environments.

"Proactively secure these domains to prevent phishing attacks and social engineering tactics," Büyükkaya advised.

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa and forced to spend the night in jail -- just for doing their pen-testing jobs. Listen now!

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Tag

#cisco