Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Members who have registered with the Ichiran official app are called "noodle bars (members)".  
The noodle bar can receive special benefits exclusive to the noodle bar.

1\. 1. Get a great deal on vouchers by earning points!  
You can use the points you earned at the "Points earning spots" in the store to get vouchers for popular products such as soft-boiled eggs and soft-boiled eggs.

2\. Get children's ramen!  
We will provide "Children's Ramen" free of charge to children under elementary school age (up to 5) per adult.

3\. 3. New contents will be released one after another!  
We will update it from time to time.

1\. 1. Easy store search with GPS function!  
We will immediately search for the nearest store information on the spot and guide you to the route to the store.

2\. Check all the latest information!  
You can check all the new product information and the latest campaign information provided at the store with the push notification function.

3\. 3. Deliver your favorite souvenir products to your home!  
You can purchase Ichiran's recommended souvenir products from home. You can easily taste popular products.

\* Some contents are for members only.

CVE-2023-22367: 一蘭公式アプリ - Apps on Google Play

Your devices and apps really, really want to know where you are—whether it's to tell you the weather, recommend some restaurants you might like, or better target advertising at you. Managing what you're sharing and what you're not sharing, and when, can quickly get confusing.

It's also possible that you have inconsistencies in the various location histories logged by your devices: Times when you thought you'd switched off and blocked location sharing but you're still being tracked, or vice versa.

Here we'll cover everything you need to consider when it comes to location tracking, and hopefully simplify it along the way. Whether you want to give out access to your current location or not, you should be in control of these settings, and not be caught unawares by additional options that you missed.

How Location Tracking Gets Confusing

You can turn off Google Location History—but it's just the start.

Google via David Nield

What happens if you distinctly remember turning location tracking off on a device, yet your position is still popping up on a map? Or maybe you thought you'd left the feature on, yet you're seeing gaps in your location history? There are a few explanations, but essentially you need to remember all the different ways your location can be logged: by your devices, by your apps, and by websites you visit.

For example, you might have disabled location tracking on a phone but left it enabled on a tablet. Alternatively, you might have a laptop that's tracking where you are in the background, even though you thought you'd disabled the feature in the apps you use. If you want location tracking completely enabled or disabled, you need to factor in all these different ways of keeping tabs on where you are.

If you have a Google account, this is a good illustration. Head to your account settings on the web, then choose **Data and Privacy** and **Location History**. Select **Devices on This Account**, which may reveal some phones, tablets, and laptops that you'd forgotten about—any device with a check next to it in this list is saving your movements to your Google account for future reference.

You can click **Turn Off** to disable this, but note the caveats that are listed in the confirmation box that appears onscreen: Your location might still be logged by your mobile devices, by the Find My Device service that helps you recover lost hardware, and by Google Maps when you're navigating or searching around the area you're in. This Location History setting is more of an overall toggle switch, affecting features such as the Google Timeline and the ability to quickly look up places you visit regularly.

From the main Google account screen, there are several more places where your location gets logged and shared: Click **Data and Privacy** then **Web & App Activity** to manage location data saved by Google Maps and other apps and websites, and click **People andSharing** then **Manage Location Sharing** to see a list of specific contacts who can see where you are through various Google services.

Managing Location Tracking on Mobile

You can control location tracking for individual apps and devices as a whole.

Android via David Nield

The steps to manage your location on Android vary slightly depending on the manufacturer of your phone, but the menus and instructions involved are broadly similar. On Google Pixel devices, you can open up **Settings** then select **Location**: You'll see the **Use Location** toggle switch, and if you turn this off, none of your apps will be able to know where you are, nor will Google.

If you leave the **Use Location** toggle switch on, you can customize location access for individual apps further down on the same screen. Note that you can choose to allow apps to know where you are at all times, or only when the app in question is running in the foreground—tap on any app in the list to make changes.

Over on iOS, it's a similar setup. If you select **Privacy & Security** from **Settings**, and then tap **Location Services**, you can turn off location tracking for the phone and all the apps on it. If you choose to leave this enabled, you can manage individual app access to your location via the list underneath. As on Android, you can choose to restrict apps to knowing your location only when the particular app itself is running, or allow them to monitor it in the background too.

Erasing the location data that's been collected on you is a complex process, as you need to check the records and the settings of every app that's ever had access to your location. For Google and Google's apps, you can head to your Google account on the web, then choose either **Location History** or **Web & App Activity** under **Data and Privacy** to wipe this data from the record. You'll also find options for automatically deleting this data after 3, 18, or 36 months.

Apple doesn't log your movements in quite the same way, but it does build up a list of places you visit frequently (like your home and perhaps your office) so you can quickly get to them again. To clear this list on your iPhone, open **Settings** then choose **Privacy & Security**, **Location Services**, **System Services**, and **Significant Locations**. You can clear this list and stop it from populating in the future.

Managing Location Tracking on Desktop

You can control location tracking on Windows and its individual programs.

Windows via David Nield

Your laptop or desktop computer is unlikely to be fitted with GPS capabilities, so it won't track your location in quite the same way as your phone, but applications, websites, and the operating system will still have some idea where you are—primarily through the locations that you sign into the web from (via your home Wi-Fi, for example).

On Windows, you can open up **Settings** and then choose **Privacy & Security** and **Location**. As on Android and iOS, you'll see you can turn location tracking off for individual applications (via the toggle switches on the right) or shut it down for the entire computer (the option at the top). The same screen lets you see which apps have been using your location, and enables you to wipe the log of your travels—click **Clear** next to **Location History** to do this.

When it comes to the same process on macOS, you need to click the **Apple** menu and select **System Settings**, **Privacy & Security**, and **Location Services**. The next screen looks very similar to the Windows one, with toggle switches for individual applications as well as for macOS itself—turn off any of the switches where you don't want location access to be given. If you click **Details** next to **System Services** on this screen, you can clear the list of “significant locations” Apple has saved for you, just like on iOS.

If location tracking is on for your computer and your browser of choice, that means individual websites such as Facebook, Amazon, or the Google Search can know where you are as well. Sometimes this is useful, of course (for getting the right weather forecast), but there might be times when you want to turn it off if you're trying to keep your whereabouts private.

Every browser will have settings for managing website access to your location. In Chrome, it's **Privacy and Decurity**, **Site Settings,** and **Location** from the settings pane; if you're using Edge you need to open settings and choose **Cookies and Site Permissions** then **Location**; and on Safari on macOS, pick **Websites** and **Location** once you've got the settings dialog open. Changing these settings won't affect data these sites have collected in the past, though—you'll need to visit the options for the individual sites for that.

How to Make Sure You’re Not Accidentally Sharing Your Location

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

Severity

High

HP Reference

HPSBHF03829 Rev. 1

Release date

December 16, 2022

Last updated

December 16, 2022

Category

PC

Potential Security Impact

Arbitrary Code Execution, Denial of Service, Information Disclosure

**Relevant Common Vulnerabilities and Exposures (CVE) List**

Reported by: Intel iStare researchers Jonathan Lusky and Benny Zeltser

List of CVE IDs    

CVE ID

Base Score

Base Vector

Report ID

CVE-2022-43779

7.8

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

VU#434994

Learn more about CVSS 3.1 base metrics, which range from 0 to 10.

PSR-2021-0190

**Resolution**

AMI has released updates to mitigate the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerability. See the affected platforms listed below.

Newer versions may become available and the minimum versions listed below may become obsolete.  If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.

HP recommends keeping your system up to date with the latest firmware and software.

Note:

This bulletin might be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive:

*   Product support eAlerts
    
*   Driver updates
    
*   Security Bulletin updates
    

**SoftPaqs and affected products**

Find the SoftPaqs that resolve the vulnerabilities of your system.

**SoftPaq Status**

*   Pending: SoftPaq is in progress.
    
*   Under investigation: System under investigation for impact, or the SoftPaq is under investigation for feasibility/availability.
    
*   Not available: SoftPaq not available due to technical or logistical constraints.
    
*   Check Support Page: The listed SoftPaq has been removed from the download site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site.
    

**Business Notebook PCs**

Identify the affected business notebook PCs.

**Business Desktop PCs**

Identify the affected business desktop PCs.

**Retail Point-of-Sale Systems**

Identify the affected Retail Point-of-Sale systems.

**Thin Client PCs**

**Consumer Notebook PCs**

**Consumer Desktop PCs**

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial Release

December 16, 2022

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2022 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2022-43779: AMI UEFI Firmware December 2022 Security Update (TOCTOU)

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

*   Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
    
    Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:  
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
    
    Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
    
    The Cisco Support and Downloads page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool.
    
    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    
    **Customers Without Service Contracts**
    
    Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
    
    Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
    
    **Fixed Releases**
    
    In the following table, the left column lists affected Cisco platforms. The right column indicates whether a release is affected by the vulnerability that is described in this advisory and the first release that includes the fix for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release as indicated in this section.
    
    Cisco Platform
    
    First Fixed Release
    
    800 Series Industrial ISRs
    
    15.9(3)M7
    
    CGR1000 Compute Modules
    
    1.16.0.1
    
    IC3000 Industrial Compute Gateways
    
    1.4.2
    
    IOS XE-based devices configured with IOx
    
    17.6.5  
    17.9.2  
    17.10.1  
    For more information, see the Cisco IOS and IOS XE Software Checker in the next section.
    
    IR510 WPAN Industrial Routers
    
    1.10.0.1
    
    The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.
    
    **Cisco IOS and IOS XE Software**
    
    To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (“Combined First Fixed”).
    
    To use the tool, go to the Cisco Software Checker page and follow the instructions. Alternatively, use the following form to determine whether a release is affected by any Cisco Security Advisory. To use the form, follow these steps:
    
    1.  Choose which advisories the tool will search-only this advisory, only advisories with a Critical or High Security Impact Rating (SIR), or all advisories.
    2.  Enter a release number-for example, **15.9(3)M2** or **17.3.3.**
    3.  Click **Check**.

CVE-2023-20076: Cisco Security Advisory: Cisco IOx Application Hosting Environment Command Injection Vulnerability

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

**Artikkelin sisältö**

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSSBase Score**

**CVSS Vector String**

CVE-2022-34377

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

1.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34376

Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

3.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

CVE-2022-34406

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

**Proprietary Code CVEs**

**Description**

**CVSSBase Score**

**CVSS Vector String**

CVE-2022-34377

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

1.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE-2022-34376

Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

3.9

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

CVE-2022-34406

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions or later**

**Link to Update**

R6515

Before 2.9.3

2.9.3

R6515 Drivers & Downloads

R7515

Before 2.9.3

2.9.3

R7515 Drivers & Downloads

R6525

Before 2.9.3

2.9.3

R6525 Drivers & Downloads

R7525

Before 2.9.3

2.9.3

R7525 Drivers & Downloads

XE8545

Before 2.9.4

2.9.4

XE8545 Drivers & Downloads

C6525

Before 2.9.4

2.9.4

C6525 Drivers & Downloads

R6415

Before 1.19.0

1.19.0

R6415 Drivers & Downloads

R7415

Before 1.19.0

1.19.0

R7415 Drivers & Downloads

R7425

Before 1.19.0

1.19.0

R7425 Drivers & Downloads

R750

Before 1.8.2

1.8.2

R750 Drivers & Downloads

R750XA

Before 1.8.2

1.8.2

R750XA Drivers & Downloads

R650

Before 1.8.2

1.8.2

R650 Drivers & Downloads

C6520

Before 1.8.2

1.8.2

C6520 Drivers & Downloads

MX750c

Before 1.8.2

1.8.2

MX750c Drivers & Downloads

R450

Before 1.8.2

1.8.2

R450 Drivers & Downloads

R550

Before 1.8.2

1.8.2

R550 Drivers & Downloads

R650xs

Before 1.8.2

1.8.2

R650xs Drivers & Downloads

R750xs

Before 1.8.2

1.8.2

R750xs Drivers & Downloads

T550

Before 1.8.2

1.8.2

T550 Drivers & Downloads

XR11

Before 1.8.2

1.8.2

XR11 Drivers & Downloads

XR12

Before 1.8.2

1.8.2

XR12 Drivers & Downloads

R250

Before 1.4.2

1.4.2

R250 Drivers & Downloads

R350

Before 1.4.2

1.4.2

R350 Drivers & Downloads

T150

Before 1.4.2

1.4.2

T150 Drivers & Downloads

T350

Before 1.4.2

1.4.2

T350 Drivers & Downloads

R740

Before 2.16.1

2.16.1

R740 Drivers & Downloads

R740XD

Before 2.16.1

2.16.1

R740XD Drivers & Downloads

R640

Before 2.16.1

2.16.1

R640 Drivers & Downloads

R940

Before 2.16.1

2.16.1

R940 Drivers & Downloads

R540

Before 2.16.1

2.16.1

R540 Drivers & Downloads

R440

Before 2.16.1

2.16.1

R440 Drivers & Downloads

T440

Before 2.16.1

2.16.1

T440 Drivers & Downloads

XR2

Before 2.16.1

2.16.1

XR2 Drivers & Downloads

R740XD2

Before 2.16.1

2.16.1

R740XD2 Drivers & Downloads

R840

Before 2.16.1

2.16.1

R840 Drivers & Downloads

R940XA

Before 2.16.1

2.16.1

R940XA Drivers & Downloads

T640

Before 2.16.1

2.16.1

T640 Drivers & Downloads

C6420

Before 2.16.1

2.16.1

C6420 Drivers & Downloads

FC640

Before 2.16.1

2.16.1

FC640 Drivers & Downloads

M640

Before 2.16.1

2.16.1

M640 Drivers & Downloads

M640P

Before 2.16.1

2.16.1

M640P Drivers & Downloads

MX740C

Before 2.16.1

2.16.1

MX740C Drivers & Downloads

MX840C

Before 2.16.1

2.16.1

MX840C Drivers & Downloads

C4140

Before 2.16.1

2.16.1

C4140 Drivers & Downloads

DSS8440

Before 2.16.1

2.16.1

DSS8440 Drivers & Downloads

T140

Before 2.11.1

2.11.1

T140 Drivers & Downloads

T340

Before 2.11.1

2.11.1

T340 Drivers & Downloads

R240

Before 2.11.1

2.11.1

R240 Drivers & Downloads

R340

Before 2.11.1

2.11.1

R340 Drivers & Downloads

XE2420

Before 2.16.0

2.16.0

XE2420 Drivers & Downloads

XE7420

Before 2.16.1

2.16.1

XE7420 Drivers & Downloads

XE7440

Before 2.16.1

2.16.1

XE7440 Drivers & Downloads

R730

Before 2.16.0

2.16.0

R730 Drivers & Downloads

R730xd

Before 2.16.0

2.16.0

R730XD Drivers & Downloads

R630

Before 2.16.0

2.16.0

R630 Drivers & Downloads

C4130

Before 2.16.0

2.16.0

C4130 Drivers & Downloads  

R930

Before 2.16.0

2.11.0

R930 Drivers & Downloads

M630

Before 2.16.0

2.16.0

M630 Drivers & Downloads

M630p

Before 2.16.0

2.16.0

M630P Drivers & Downloads

FC630

Before 2.16.0

2.16.0

FC630 Drivers & Downloads

FC430

Before 2.16.0

2.16.0

FC430 Drivers & Downloads

M830

Before 2.16.0

2.16.0

M830 Drivers & Downloads

M830p

Before 2.16.0

2.16.0

M830P Drivers & Downloads

FC830

Before 2.16.0

2.16.0

FC830 Drivers & Downloads

T630

Before 2.16.0

2.16.0

T630 Drivers & Downloads

R530

Before 2.16.0

2.16.0

R530 Drivers & Downloads

R430

Before 2.16.0

2.16.0

R430 Drivers & Downloads

T430

Before 2.16.0

2.16.0

T430 Drivers & Downloads

R830

Before 1.16.0

1.16.0

R830 Drivers & Downloads

C6320

Before 2.16.0

2.16.0

C6320 Drivers & Downloads

T130

Before 2.16.0 

2.16.0

T130 Drivers & Downloads

R230

Before 2.16.0 

2.16.0

R230 Drivers & Downloads

T330

Before 2.16.0 

2.16.0

T330 Drivers & Downloads

R330

Before 2.16.0 

2.16.0

R330 Drivers & Downloads

NX430

Before 2.16.0

2.16.0

NX430 Drivers & Downloads

NX3230

Before 2.16.0

2.16.0

NX3230 Drivers & Downloads

NX3330

Before 2.16.0

2.16.0

NX3330 Drivers & Downloads

NX440

Before 2.11.1

2.11.1

NX440 Drivers & Downloads

NX3240

Before 2.16.1

2.16.1

NX3240 Drivers & Downloads

NX3340

Before 2.16.1

2.16.1

NX3340 Drivers & Downloads

**Note:**  
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:

*   From the **BIOS - Systems Utilities** screen, select System **Configuration** \> **BIOS/Platform Configuration (RBSI)** > **System Options** > **Processor Options** > **Intel Software Guard Extensions (SGX)** and press **Enter**.
*   If it is set to **Enabled or software controlled**, then the SGX function is enabled.

**Product**

**Affected Versions**

**Updated Versions or later**

**Link to Update**

R6515

Before 2.9.3

2.9.3

R6515 Drivers & Downloads

R7515

Before 2.9.3

2.9.3

R7515 Drivers & Downloads

R6525

Before 2.9.3

2.9.3

R6525 Drivers & Downloads

R7525

Before 2.9.3

2.9.3

R7525 Drivers & Downloads

XE8545

Before 2.9.4

2.9.4

XE8545 Drivers & Downloads

C6525

Before 2.9.4

2.9.4

C6525 Drivers & Downloads

R6415

Before 1.19.0

1.19.0

R6415 Drivers & Downloads

R7415

Before 1.19.0

1.19.0

R7415 Drivers & Downloads

R7425

Before 1.19.0

1.19.0

R7425 Drivers & Downloads

R750

Before 1.8.2

1.8.2

R750 Drivers & Downloads

R750XA

Before 1.8.2

1.8.2

R750XA Drivers & Downloads

R650

Before 1.8.2

1.8.2

R650 Drivers & Downloads

C6520

Before 1.8.2

1.8.2

C6520 Drivers & Downloads

MX750c

Before 1.8.2

1.8.2

MX750c Drivers & Downloads

R450

Before 1.8.2

1.8.2

R450 Drivers & Downloads

R550

Before 1.8.2

1.8.2

R550 Drivers & Downloads

R650xs

Before 1.8.2

1.8.2

R650xs Drivers & Downloads

R750xs

Before 1.8.2

1.8.2

R750xs Drivers & Downloads

T550

Before 1.8.2

1.8.2

T550 Drivers & Downloads

XR11

Before 1.8.2

1.8.2

XR11 Drivers & Downloads

XR12

Before 1.8.2

1.8.2

XR12 Drivers & Downloads

R250

Before 1.4.2

1.4.2

R250 Drivers & Downloads

R350

Before 1.4.2

1.4.2

R350 Drivers & Downloads

T150

Before 1.4.2

1.4.2

T150 Drivers & Downloads

T350

Before 1.4.2

1.4.2

T350 Drivers & Downloads

R740

Before 2.16.1

2.16.1

R740 Drivers & Downloads

R740XD

Before 2.16.1

2.16.1

R740XD Drivers & Downloads

R640

Before 2.16.1

2.16.1

R640 Drivers & Downloads

R940

Before 2.16.1

2.16.1

R940 Drivers & Downloads

R540

Before 2.16.1

2.16.1

R540 Drivers & Downloads

R440

Before 2.16.1

2.16.1

R440 Drivers & Downloads

T440

Before 2.16.1

2.16.1

T440 Drivers & Downloads

XR2

Before 2.16.1

2.16.1

XR2 Drivers & Downloads

R740XD2

Before 2.16.1

2.16.1

R740XD2 Drivers & Downloads

R840

Before 2.16.1

2.16.1

R840 Drivers & Downloads

R940XA

Before 2.16.1

2.16.1

R940XA Drivers & Downloads

T640

Before 2.16.1

2.16.1

T640 Drivers & Downloads

C6420

Before 2.16.1

2.16.1

C6420 Drivers & Downloads

FC640

Before 2.16.1

2.16.1

FC640 Drivers & Downloads

M640

Before 2.16.1

2.16.1

M640 Drivers & Downloads

M640P

Before 2.16.1

2.16.1

M640P Drivers & Downloads

MX740C

Before 2.16.1

2.16.1

MX740C Drivers & Downloads

MX840C

Before 2.16.1

2.16.1

MX840C Drivers & Downloads

C4140

Before 2.16.1

2.16.1

C4140 Drivers & Downloads

DSS8440

Before 2.16.1

2.16.1

DSS8440 Drivers & Downloads

T140

Before 2.11.1

2.11.1

T140 Drivers & Downloads

T340

Before 2.11.1

2.11.1

T340 Drivers & Downloads

R240

Before 2.11.1

2.11.1

R240 Drivers & Downloads

R340

Before 2.11.1

2.11.1

R340 Drivers & Downloads

XE2420

Before 2.16.0

2.16.0

XE2420 Drivers & Downloads

XE7420

Before 2.16.1

2.16.1

XE7420 Drivers & Downloads

XE7440

Before 2.16.1

2.16.1

XE7440 Drivers & Downloads

R730

Before 2.16.0

2.16.0

R730 Drivers & Downloads

R730xd

Before 2.16.0

2.16.0

R730XD Drivers & Downloads

R630

Before 2.16.0

2.16.0

R630 Drivers & Downloads

C4130

Before 2.16.0

2.16.0

C4130 Drivers & Downloads  

R930

Before 2.16.0

2.11.0

R930 Drivers & Downloads

M630

Before 2.16.0

2.16.0

M630 Drivers & Downloads

M630p

Before 2.16.0

2.16.0

M630P Drivers & Downloads

FC630

Before 2.16.0

2.16.0

FC630 Drivers & Downloads

FC430

Before 2.16.0

2.16.0

FC430 Drivers & Downloads

M830

Before 2.16.0

2.16.0

M830 Drivers & Downloads

M830p

Before 2.16.0

2.16.0

M830P Drivers & Downloads

FC830

Before 2.16.0

2.16.0

FC830 Drivers & Downloads

T630

Before 2.16.0

2.16.0

T630 Drivers & Downloads

R530

Before 2.16.0

2.16.0

R530 Drivers & Downloads

R430

Before 2.16.0

2.16.0

R430 Drivers & Downloads

T430

Before 2.16.0

2.16.0

T430 Drivers & Downloads

R830

Before 1.16.0

1.16.0

R830 Drivers & Downloads

C6320

Before 2.16.0

2.16.0

C6320 Drivers & Downloads

T130

Before 2.16.0 

2.16.0

T130 Drivers & Downloads

R230

Before 2.16.0 

2.16.0

R230 Drivers & Downloads

T330

Before 2.16.0 

2.16.0

T330 Drivers & Downloads

R330

Before 2.16.0 

2.16.0

R330 Drivers & Downloads

NX430

Before 2.16.0

2.16.0

NX430 Drivers & Downloads

NX3230

Before 2.16.0

2.16.0

NX3230 Drivers & Downloads

NX3330

Before 2.16.0

2.16.0

NX3330 Drivers & Downloads

NX440

Before 2.11.1

2.11.1

NX440 Drivers & Downloads

NX3240

Before 2.16.1

2.16.1

NX3240 Drivers & Downloads

NX3340

Before 2.16.1

2.16.1

NX3340 Drivers & Downloads

**Note:**  
For those customers that enable SGX function on R750, R750XA, R650, C6520, MX750c, R450, R550, R650xs, R750xs, T550, XR11, or XR12, do not roll back the BIOS to older versions. An issue that is discovered within Intel microcode may cause TCB recovery failure and result in a system to stop responding. By default, SGX function is disabled. To determine if SGX function is enabled:

*   From the **BIOS - Systems Utilities** screen, select System **Configuration** \> **BIOS/Platform Configuration (RBSI)** > **System Options** > **Processor Options** > **Intel Software Guard Extensions (SGX)** and press **Enter**.
*   If it is set to **Enabled or software controlled**, then the SGX function is enabled.

**Kiitokset**

CVE-2022-34377,CVE-2022-34376: Dell would like to thank Yngwei for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-15

Initial release

1.1

2023-02-10

Add PowerVault NX models.

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Artikkelin ominaisuudet**

**Tuote, johon asia vaikuttaa**

DSS 8440, PowerEdge XR2, PowerEdge C4130, PowerEdge C4140, PowerEdge C6320, PowerEdge C6420, PowerEdge C6520, PowerEdge C6525, PowerEdge FC430, PowerEdge FC630, PowerEdge FC640, PowerEdge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX) , PowerEdge M640, PowerEdge M640 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge MX740c, PowerEdge MX750c, PowerEdge MX840c, PowerEdge R230, PowerEdge R250, PowerEdge R330, PowerEdge R350, PowerEdge R430, PowerEdge R440, PowerEdge R450, PowerEdge R530, PowerEdge R540, PowerEdge R550, PowerEdge R630, PowerEdge R640, PowerEdge R6415, PowerEdge R650, PowerEdge R650xs, PowerEdge R6515, PowerEdge R6525, PowerEdge R730, PowerEdge R730xd, PowerEdge R740, PowerEdge R740xd, PowerEdge R740xd2, PowerEdge R7415, PowerEdge R7425, PowerEdge R750, PowerEdge R750xa, PowerEdge R750xs, PowerEdge R7515, PowerEdge R830, PowerEdge R840, PowerEdge R930, PowerEdge R940, PowerEdge R940xa, PowerEdge T130, PowerEdge T140, PowerEdge T150, PowerEdge T330, PowerEdge T340, PowerEdge T350, PowerEdge T430, PowerEdge T440, PowerEdge T550, PowerEdge T630, PowerEdge T640, PowerEdge XE2420, PowerEdge XE7420, PowerEdge XE7440, PowerEdge XE8545, PowerEdge XR11, PowerEdge XR12, PowerVault NX3000, PowerVault NX3100, PowerVault NX3200, PowerVault NX3300, PowerVault NX3500, PowerVault NX3600, PowerVault NX3610, Powervault NX400, Product Security Information ...

**Edellinen julkaisupäivä**

10 helmik. 2023

**Versio**

2

**Artikkelin tyyppi**

Dell Security Advisory

CVE-2022-34377: DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.

When Super Bowl LVII between the Kansas City Chiefs and Philadelphia Eagles kicks off in Phoenix on Feb. 12, most everyone's eyes will be on the gridiron. But farther afield, malicious actors and cyberattackers may be looking to score their own kind of touchdown — by shutting down systems, perpetuating ransomware, or carrying out hacktivism.

The 2022 FIFA World Cup tournament held in Doha, Qatar, over the winter raised similar operational concerns, and cybersecurity experts note that large-scale events in general offer a very broad attack surface area to threat actors of all stripes, thanks to the sheer number of systems involved in carrying it off.

"The thing that's tricky for security teams is that it’s not just one entity or single network they must look after," says James Campbell, CEO and co-founder of Cado Security. "An event like the Super Bowl involves numerous suppliers, media companies, and so on, all of which are responsible for looking out for their networks, collectively making up how the Super Bowl is run."

Campbell adds that one of the biggest disruptions to the Super Bowl would be preventing it from being televised. With millions of people worldwide watching, and given the advertising and revenue generated from the Super Bowl, if a threat group wanted to get a certain point across, restricting the ability to broadcast it live would do the trick.

"That would probably have the biggest impact, other than physically ensuring the Super Bowl doesn't \[actually take place\] — a harder task," he says.

**Critical Steps for Securing the Super Bowl**

Bud Broomhead, CEO at Viakoo, points out that the large number of third parties involved in the event from a technical perspective means that ensuring that multiple networks are segmented from each other is a crucial first step in protecting the event — so that if one system is breached (Rihanna's microphones), the threat actors can't reach another system (video surveillance, for instance).  
He adds the large number of Internet of Things (IoT) devices and ad hoc networks that third parties will bring to the party — by stakeholders as varied as caterers and sound engineers — means multiple points of failure. Thus, layers of testing for worst-case scenarios will be important leading up to the event.

"There will need to be overall testing of those systems ahead of the event to ensure sufficient redundancy exists," Broomhead says. "Security for a big event like the Super Bowl must also have a focus on resiliency — if bad things happen, is there an already established plan to minimize the impact?"

Darren Guccione, CEO and co-founder at Keeper Security, notes that on the IoT front, many physical control systems are "smart" — i.e., Internet-facing; as such, they should be of particular concern.

He poses a hypothetical: The broadcast network equipment and servers sitting in the data room in the Super Bowl may be hardened with up-to-date patches, firewalls, and other defenses, but what about the building management system? This might be a separately controlled network — and not as well secured.

"Suppose threat actors attack IoT and turn off the air conditioning in the building management system," he says. "In that case, all those computers are useless because you must immediately turn off all your servers, or else they melt within 20 minutes."

The scenario of an attack via the HVAC system is familiar from the infamous Target breach of 2014 — all it takes is one employee falling for a phish.

"Leading up to the big game, IT professionals should be on the lookout for phishing attacks, malware and viruses, and social engineering attacks as threat actors attempt to gain access to the computer systems used to manage the event," Guccione advises.

Despite the what-ifs, the good news is that cybersecurity is firmly on the radar screen for this upcoming weekend: In addition to preparations on the part of the event organizers and all of the third-party stakeholders involved, a variety of government organizations also have thorough cyber-defense plans in place for the event, including the Arizona Cyber Command and the Federal Aviation Administration.

Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks

Single sign-on and request smuggling to the fore in another stellar year for web security research

Adam Bannister 10 February 2023 at 14:56 UTC  
Updated: 10 February 2023 at 16:10 UTC

Single sign-on and request smuggling to the fore in another stellar year for web security research

Detectify founder Frans Rosén has topped PortSwigger’s top 10 web hacking techniques of 2022 with ‘Account hijacking using dirty dancing in sign-in OAuth-flows’.

Published in July, the research was hailed as “a masterclass in chaining OAuth quirks with low-impact URL-leak gadgets including promiscuous postMessages, third-party XSS, and URL storage” by PortSwigger director of research James Kettle in a blog post announcing the results on Wednesday (February 8).

“Many of these bugs would previously have been dismissed as having no significant security impact, so they’ve had years to proliferate,” Kettle added.

DON’T MISS Top 10 web hacking techniques of 2022

The researcher praised Rosén for producing an “outstanding piece of research that we expect to yield fruit for years to come”.

Rosén told The Daily Swig: “I am really thankful and humble ending up on first place among so many great researchers and their awesome posts during the year.

“One thing that I did different this year was to start digging into a subject without even having a single bug to start with. It was only just an idea of a potential concept.

READ MORE ‘Dirty dancing’ in OAuth: Researcher discloses how cyber-attacks can lead to account hijacking

“Thanks again to PortSwigger for highlighting the people in the industry publicly disclosing their findings and methodologies – that’s in my opinion one of the best ways to move the industry forward.”

Rosén was declared the winner by a panel of his peers comprising Nicolas Grégoire, Soroush Dalili, Filedescriptor, and Kettle.

**A new frontier in HTTP request smuggling**

Kettle himself claimed silver medal for the second year in a row, as well as sixth place for separate, HTTP header injection research showcased at Black Hat USA (note: panellists could not vote for their own research).

After claiming second place in the 2021 rankings with ‘HTTP/2: The Sequel is Always Worse’, this time the researcher impressed by leveraging novel HTTP request smuggling vectors to compromise targets including Amazon and Apache “and ultimately taking the attack client-side into victim's browsers”.

RELATED Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Described as “seriously technically challenging” research, ‘Browser-Powered Desync Attacks’ prompted one judge to enthuse: “The creativity from desync worm (reminiscence of XSS worm) to client-side desync is off the chart”.

Kettle envisages request smuggling’s multi-year run of being a rich source of novel threats to continue until “until HTTP/1 has been fully stamped out”.

**Memcache injection and Zimbra**

In third place, Google’s Simon Scannell found a memcached injection vulnerability in business webmail platform Zimbra that allowed attackers to poison an unsuspecting victim’s cache and steal cleartext credentials.

READ MORE Business email platform Zimbra patches memcached injection flaw that imperils user credentials

Kettle said the research, which also deployed request smuggling, demonstrated the value of having “deep knowledge of a target”.

Scannell, then of Swiss outfit Sonar, wrote in his research: “By continuously injecting more responses than there are work items into the shared response streams of Memcached, we can force random Memcached lookups to use injected responses instead of the correct response.”

**‘Pushing at the boundaries’**

The 16th annual edition of PortSwigger’s top 10 web hacking techniques saw a record 46 nominations initially whittled down to 15 final-round candidates based on votes cast by the infosec community.

Kettle noted that “outright novel techniques and class-breaks have gotten rarer” but said more researchers were “pushing at the boundaries and sharing their findings than ever”.

Here’s the rest of the top 10 in brief (read James Kettle’s post for a deeper breakdown):

*   4\. ‘Hacking the Cloud with SAML’ by Felix Wilhelm culminates with an XML document leveraging an integer truncation bug to trigger arbitrary bytecode execution when Java attempts to verify its signature
*   5\. ‘Bypassing .NET Serialization Binders’ by Markus Wulftange resulted in vulnerabilities in DevExpress framework and Microsoft Exchange that opened the door to remote code execution
*   6\. ‘Making HTTP header injection critical via response queue poisoning’ by James Kettle explored “the long-forgotten response-splitting technique with a high-impact, high-payout case study”
*   7\. ‘Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes’ by Jacopo Tediosi leveraged HTTP hop-by-hop headers to earn – with some triaging difficulty along the way – a raft of bug bounties
*   8\. ‘Psychic Signatures in Java’ by Neil Madden used the number 0 to forge ECDSA signatures and upend the cryptographic foundation of core web technologies such as JWT and SAML
*   9\. ‘Practical client-Side Path Traversal Attacks’ by Medi highlights a “visible” but neglected issue that should now be recognized “as a vulnerability in its own right”
*   10\. ‘Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify's Next.js Library’ by Sam Curry compromises various cryptocurrency sites with XSS, SSRF, and cache poisoning originating from Netlify's Next.js library

PREVIOUS EDITION Dependency confusion tops the PortSwigger annual web hacking list for 2021

OAuth ‘masterclass’ crowned top web hacking technique of 2022

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

CVE-2022-24410: DSA-2022-325: Dell Client Security Update for Dell Client BIOS

As evolving cyber threats force security teams to adopt AI to automate workflows, we ask how the relationship between humans and AI will pan out.

The scale of cyberattacks that organizations face today means autonomous systems are becoming a critical component of cybersecurity. This forces us to question the ideal relationship between human security teams and artificial intelligence (AI): What level of trust should be granted to an AI program, and at what point do security teams intervene in its decision-making?

With autonomous systems in cybersecurity, human operators are raising the bar of their decision-making. Instead of making an increasingly unmanageable number of "microdecisions" themselves, they now establish the constraints and guiderails that AI machines should adhere to when making millions of granular microdecisions at scale. As a result, humans no longer manage at a micro level but at a macro level: Their day-to-day tasks become higher-level and more strategic, and they are brought in only for the most essential requests for input or action.

But what will the relationship between humans and AI look like? Below, we dissect four scenarios outlined by the Harvard Business Review that set forth possibilities for varied interaction between humans and machines, and explore what this will look like in the cyber realm.

**Human in the Loop (HitL)**

In this scenario, the human is, in effect, doing the decision-making and the machine is providing only recommendations of actions, as well as the context and supporting evidence behind those decisions to reduce time-to-meaning and time-to-action for that human operator.

Under this configuration, the human security team has complete autonomy over how the machine does and does not act.

For this approach to be effective in the long-term, sufficient human resources are required. Often this would far exceed what is realistic for an organization. Yet for organizations coming to grips with the technology, this stage represents an important steppingstone in building trust in the AI autonomous response engine.

**Human in the Loop for Exceptions (HitLfE)**

Most decisions are made autonomously in this model, and the human only handles exceptions, where the AI requests some judgment or input from the human before it can make the decision.

Humans control the logic to determine which exceptions are flagged for review, and with increasingly diverse and bespoke digital systems, different levels of autonomy can be set for different needs and use cases.

This means that the majority of events will be actioned autonomously and immediately by the AI-powered autonomous response but the organization stays "in the loop" for special cases, with flexibility over when and where those special cases arise. They can intervene, as necessary, but will want to remain cautious in overriding or declining the AI's recommended action without careful review.

**Human on the Loop (HotL)**

In this case, the machine takes all actions, and the human operator can review the outcomes of those actions to understand the context around these actions. In the case of an emerging security incident, this arrangement allows AI to contain an attack, while indicating to a human operator that a device or account needs support, and this is where they are brought in to remediate the incident. Additional forensic work may be required, and if the compromise was in multiple places, the AI may escalate or broaden its response.

For many, this represents the optimal security arrangement. Given the complexity of data and scale of decisions that need to be made, it is simply not practical to have the human in the loop (HitL) for every event and every potential vulnerability.

With this arrangement, humans retain full control over when, where, and to what level the system acts, but when events do occur, these millions of microdecisions are left to the machine.

**Human out of the Loop (HootL)**

In this model, the machine makes every decision, and the process of improvement is _also_ an automated closed loop. This results in a self-healing, self-improving feedback loop where each component of the AI feeds into and improves the next, elevating the optimal security state.

This represents the ultimate hands-off approach to security. It is unlikely human security operators will ever want autonomous systems to be a "black box" – operating entirely independently, without the ability for security teams to even have an overview of the actions it's taking, or why. Even if a human is confident that they will never have to intervene with the system, they will still always want oversight. Consequently, as autonomous systems improve over time, an emphasis on transparency will be important. This has led to a recent drive in explainable artificial intelligence (XAI) that uses natural language processing to explain to a human operator, in basic everyday language, _why_ the machine has taken the action it has.

These four models all have their own unique use cases, so no matter what a company's security maturity is, the CISO and the security team can feel confident leveraging a system's recommendations, knowing it makes these recommendations and decisions based on microanalysis that goes far beyond the scale any single individual or team can expect of a human in the hours they have available. In this way, organizations of any type and size, with any use case or business need, will be able to leverage AI decision-making in a way that suits them, while autonomously detecting and responding to cyberattacks and preventing the disruption they cause.

**About the Author**

    

As VP of Product at Darktrace, Dan Fein has helped customers quickly achieve a complete and granular understanding of Darktrace's product suite. Dan has a particular focus on Darktrace email, ensuring that it is effectively deployed in complex digital environments, and works closely with the development, marketing, sales, and technical teams. Dan holds a bachelor's degree in computer science from New York University.

4 Ways to Handle AI Decision-Making in Cybersecurity

By Habiba Rashid
The stolen Weee! database has been leaked on the infamous BreachForums and Russian-speaking cybercrime forums.
This is a post from HackRead.com Read the original post: Weee! Grocery Service Hacked, 1.1m Accounts Leaked

In total, hackers managed to steal 11.3 million order details, including 1.1 million email addresses belonging to Weee! customers.

A data breach affecting the US-based online grocery delivery platform, Weee!, has resulted in 1.1 million customers’ data being leaked online. On Monday, a threat actor named IntelBroker posted the database on BreachForums.

It is worth noting that BreachForums is a hacker and cybercrime forum that surfaced as an alternative to the popular and **now-seized Raidforums**.

Hacker announcing the breach (Screenshot: Hackread.com)

“Weee!” is particularly popular amongst Asian and Hispanic communities, delivering food across 48 states in the USA via warehouses spread throughout the country. Its delivery app has been downloaded over 2.6M times. 

The breach forum post reads, “In February 2023, a database of 11 million customers belonging to Sayweee was stolen by hackers.”

However, security researcher Troy Hunt of Have I Been Pwned, a data breach notification service, confirmed that the leaked data only includes 1.1 million unique email addresses. The additional entries are likely due to multiple orders placed by the same customer.

The leak contains information such as Weee! customers’ first and last names, email addresses, phone numbers, device type (iOS, PC, Android), order notes, dates, and other data the delivery platform uses.

Sample data as seen by Hackread.com

Some of the logs also included delivery notes that customers of Weee! left for couriers, such as codes to enter residential or office buildings.

The company’s spokesperson stated that “Weee! is aware that a data breach has affected some of its customers.” They also confirmed that the breach did not impact user financial data, as the online grocery delivery platform does not retain any payment details.

“For customers that placed an order between July 12, 2021, and July 12, 2022, information such as name, address, email addresses, phone number, order number, and order comments may have been impacted,” the company’s representative said.

“We have notified all customers of the issue and will be notifying all impacted customers individually if their information was exposed,” Weee!’s spokesperson explained.

“Security is a top priority for us and we are undertaking a thorough review to ensure we continue to deliver on the trust the Weee! Community places in us.”

The personally identifiable information (PII) in the leak can be abused by hackers in numerous ways. Exposed home addresses put users at a heightened risk of targeted scams and spear phishing campaigns, tracking, and unwanted contact.

On the other hand, leaked phone numbers could be used for marketing purposes, phishing, impersonation, and fraud. In extreme cases, PII information could be used by attackers to attempt identity fraud. 

1.  Uber Eats User records leaked on Dark Web
2.  Google-funded delivery service Dunzo hacked
3.  Chowbus food delivery service suffers breach
4.  Instant Checkmate and TruthFinder Data Leaked
5.  Foodora data breach 700k users in 14 countries affected

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Tag

#ios