Cybersecurity

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks.

The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, has been credited with discovering and reporting the issue.

The plugin is "vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter," Wordfence said in a report this week.

This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).

...

Slack AI is a feature built on top of Slack that allows users to query Slack messages in natural language. Prior to August 14th, Slack only ingested messages. After August 14th, Slack also ingests uploaded documents, Google Drive files, etc which increases the risk surface area as we’ll address in section 3.

...

Slack responds that they have reviewed this and deemed the evidence insufficient, and states that “In your first video the information you are querying Slack AI for has been posted to the public channel #slackaitesting2 as shown in the reference. Messages posted to public channels can be searched for and viewed by all Members of the Workspace, regardless if they are joined to the channel or not. This is intended behavior.”

--[ Table of Contents

  0x01  Introduction ........................................ Phrack Staff

  0x02  Phrack Prophile ..................................... Phrack Staff

  0x03  Linenoise ........................................... Phrack Staff

  0x04  Loopback ............................................ Phrack Staff

  0x05  Phrack World News ................................... Phrack Staff

  0x06  MPEG-CENC: Defective by Specification .................... retr0id

  0x07  Bypassing CET & BTI With Functional Oriented 
        Programming .................................................. LMS

  0x08  World of SELECT-only PostgreSQL Injections: 
        (Ab)using the filesystem ........................... Maksym Vatsyk

  0x09  Broodsac: A VX Adventure in Build Systems and 
        Oldschool Techniques ........................... Amethyst Basilisk

  0x0A  Allocating new exploits, Pwning browsers like a kernel, 
        Digging into PartitionAlloc and Blink engine ............. r3tr074

  0x0B  Reversing Dart AOT snapshots ............................. cryptax

  0x0C  Finding hidden kernel modules (extrem way reborn):
        20 years later ............................................ g1inko 

  0x0D  A novel page-UAF exploit strategy to       Jinmeng Zhou, Jiayi Hu,
        privilege escalation in Linux systems .... Wenbo Shen, Zhiyun Qian

  0x0E  Stealth Shell: A Fully Virtualized Attack 
        Toolchain ........................................... Ryan Petrich 

  0x0F  Evasion by De-optimization ............................. Ege BALCI

  0x10  Long Live Format Strings ......................... Mark Remarkable 

  0x11  Calling All Hackers .......................................... cts

cross-posted from: https://links.hackliberty.org/post/2459180

When a user downloads a file from an untrusted source such as the web, Windows adds the Mark-of-the-Web to the local copy of the file.

The presence of the Mark-of-the-Web triggers additional security checks and prompts when opening the file. This helps reduce the risk of executing untrusted content.

Unfortunately, threat actors have discovered that Windows does not always handle or properly apply the Mark-of-the-Web to files served over WebDAV.

Before the release of the Microsoft June security patch, files copied and pasted from WebDAV shares did not receive the Mark-of-the-Web designations. This meant that users might copy and paste files from a WebDAV share to their desktop, and those files could subsequently be opened without the protections of Windows Defender SmartScreen or Microsoft Office Protected View. In particular, this means that there would be no reputation or signature checks on executables.

cross-posted from: https://reddthat.com/post/24242195

cross-posted from: https://lemmy.ndlug.org/post/1002763

A critical vulnerability has been identified in the Windows TCP/IP Stack that allows for unauthenticated RCE. No user interaction is required, making this a zero-click vulnerability. This vulnerability affects all supported versions of Windows and Windows Servers.

This remote code vulnerability enables an unauthenticated attacker to repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution. Microsoft has released urgent security patches and recommends to install these asap.

It has been assigned a CVSS score of 9.8. With a low complexity to exploit, can be performed unauthenticated and exploited remotely. Successful exploitation leads to SYSTEM level execution on the target endpoint.

From CVE 2024 38063

The following mitigating factors might be helpful in your situation: Systems are not affected if IPv6 is disabled on the target machine.

Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications.

Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them.

Companies are increasingly migrating to Cyberark products. However I'm concerned about this company being an Israeli company and being closely tied to the Israeli government and army. I think using their products raises ethical concerns.

But there's a more important issue. That of using services where sensitive data is stored in data centers in Israël and the potential use of this information by the government or the army.

Am I being paranoid? Or are my concerns valid?

https://github.com/positive-intentions/chat

im working on a decentralized chat app similar to Simplex with the additional detail that it's mainly presented as a webapp. Simplex recently posted on their subreddit about "somone else" having registered and hosted a copy of thier website/app.

this could be for something like phishing and they correctly notified people and reccommend to not download from there.

https://www.reddit.com/r/SimpleXChat/comments/1epuf5w/please_note_we_do_not_own_the_domain/

im now thinking i should point people to my github repository. (the links to the webapp and builds for ios/andoid/ desktop can be found directly there from the readme)... similar to a "domain", im sure its easy enough to create a new github organization and repo that looks similar to the one i already have.

i added a section in the readme about improving the security of the app by using a selfhosted version for those that want/need hightened security/privacy.

Simplex also mention they submitted a complaint to the domain registrar. id like help to learn about what other things i could do if somthing similar happens to my app. this is something that id like to know more about because its seems inevitable to happen (if it becomes popular) given my app is open source and easy to selfhost.

RansomHub ransomware operators are now deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks.

Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode.

The vulnerability was given a high -severity CVSS score, indicating that customers should act swiftly to mitigate the flaw.