News

OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities. Salt Security is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address this growing challenge. These innovations empower organizations to identify and mitigate malicious attempts to exploit OAuth flows, ultimately safeguarding sensitive data and user accounts. The OAuth Attack Landscape Let's take a closer look at the types of OAuth attacks these new capabilities will address: Access Token and Authorization Code Theft: Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate legitimate users and gain unauthorized access to sensitive resources and applications. Increasing OAuth Attacks: OAuth has been in widespread use for over a decade but we have seen attacks on the rise. This is caused by organizations' increased usage of APIs and microservices making OAuth even more popular while increasing the complexity of securing it. Attackers have taken advantage of this by crafting specific OAuth-based attacks with continuing attempts to find additional OAuth vulnerabilities to exploit. Real-World Consequences: Lessons from ChatGPT Salt Security's recent investigation exposed several critical security flaws within the OAuth implementations of popular ChatGPT plug-ins highlighted in a blog post by Salt Labs. The blog above provides specific details of these security flaws. Firstly, ChatGPT's plugin installation process was vulnerable. An attacker could exploit this to inject malicious plugins, potentially accessing any messages sent within ChatGPT. Secondly, the plugin development framework, PluginLab, needed proper authentication. This allowed attackers to masquerade as victims and take over their plugin accounts. This vulnerability could have been exploited in plugins like "AskTheCode" to compromise connected GitHub accounts with 0-click attacks. Finally, several plugins had OAuth redirection vulnerabilities. Attackers could exploit this by sending malicious links to victims and stealing their plugin credentials, enabling account takeovers. Beyond this most recent example of OAuth threats with ChatGPT, the Salt Labs team has found several other OAuth-specific exploitable vulnerabilities, indicating the critical need for tools to help find and mitigate these types of risks before attackers can take advantage. The Salt Labs team found these vulnerabilities that used a variety of OAuth attack methodologies with Booking.com, Grammarly, Vidio.com, and Expo/CodeCademy. These real-world examples underscore the importance of robust security measures to thwart sophisticated OAuth attack tactics before they can inflict significant damage. By implementing strong OAuth security controls, organizations can safeguard their users' data, prevent unauthorized access to critical resources, and maintain user trust. Salt Security's Solution: Multi-Layered OAuth Defense Salt Security's upcoming enhancements offer a comprehensive approach to OAuth security: New OAuth Threat Detections: Enhancing Salt’s industry-leading behavior threat analysis system, we will carefully examine specific parameters and configurations used in API requests and responses related to OAuth. Utilizing AI/ML techniques will create a standard pattern for "normal" requests. Alerts will be generated for requests that deviate from established patterns, indicating possible OAuth attacks or other exploits. We are introducing new attack type detections in this release including OAuth hijacking attacks, OAuth CSRF attacks, and OAuth leaked secrets. This advanced behavioral analysis enables the identification of sophisticated OAuth attacks which threat actors are using in the wild today. OAuth Posture Rules: To enhance the capabilities of Salt’s API Posture Governance engine, there will be customized OAuth posture rules which will enable organizations to define and enforce their own specific security standards for OAuth implementations. This will guarantee that APIs adhere to the best practices in security and greatly reduce the risk of vulnerabilities that attackers could exploit. To illustrate, organizations can use pre-defined rules to help prevent leaked client secrets and prevent authorization code injection attacks. This level of control allows businesses to customize their OAuth security posture according to their specific risk tolerance and compliance requirements. The Business Case for Enhanced OAuth Protection This enhanced functionality from Salt Security provides robust OAuth defenses that help organizations achieve several critical security objectives. Firstly, it proactively shields customer accounts, intellectual property, and authorization tokens from malicious actors who continuously seek to exploit vulnerabilities in OAuth implementations. Secondly, organizations that demonstrate a commitment to robust security practices foster user confidence and enhance brand reputation, leading to stronger customer relationships and a competitive edge in the marketplace. Thirdly, the potential for severe financial and reputational damage stemming from a successful OAuth attack is significantly reduced. OAuth exploits can cause data breaches that are incredibly costly, and reputational damage can take years to repair. Finally, Salt Security's unwavering commitment to research and development ensures that its solutions remain effective against emerging OAuth attack techniques. Salt’s proactive approach keeps businesses a step ahead of evolving threats, allowing them to operate with greater confidence and agility. See the OAuth Posture Rules in Action. The post Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/salt-security-addresses-critical-oauth-vulnerabilities-enhancing-api-security-with-oauth-protection-package/

How a YouTube Content Filter Can Give Your District More Control

ITDR vs ISPM: Which Identity-first Product Should You Explore?

“You Can’t Protect What You Can’t See” Still Rings True. Why Observability Now.

Transforming Customer Experience: Enhancing CX through CIAM and Insights

What is Penetration Testing: A comprehensive business guide

CXSecurity.com

Thu, 25 Apr 2024 03:54:58 +0000

FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution

Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Hikvision Camera - Remote command execution

Apache Solr Backup/Restore API Remote Code Execution

Nginx 1.25.5 Host Header Validation

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

LRMS-PHP-by-oretnom23-v1.0 hat-trick

WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated)

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference

North Wales - Sql Injection

Relate Learning And Teaching system Version before 2024.1 Stored XSS

Solar-Log Base 2000- Broken Access Control

Relate Learning And Teaching system Version before 2024.1 SSTI(Page Sandbox function) lead to RCE

Flowise 1.6.5 Authentication Bypass

Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS)

BMC Compuware iStrobe Web 20.13 Pre-auth RCE

Centreon 23.10-1.el8 SQL Injection

CrushFTP Remote Code Execution

kruxton-1.0-FileUpload-RCE

Backdoor.Win32.Dumador.c / Remote Stack Buffer Overflow (SEH)

Amazon AWS Glue Database Password Disclosure

OpenClinic GA 5.247.01 Path Traversal (Authenticated)

PrusaSlicer 2.6.1 Arbitrary Code Execution

AMPLE BILLS 0.1 SQL injection

kruxton-1.0-Multiple-SQLi

Django REST Framework SimpleJWT 5.3.1 Information Disclosure

Jenkins 2.441 Local File Inclusion

Moodle 3.10.1 SQL Injection

Bigem Teknoloji - Sql Injection

Ray OS 2.6.3 Command Injection

Casdoor < v1.331.0 /api/set-password CSRF

MinIO < 2024-01-31T20-20-33Z Privilege Escalation

Wordpress Plugin Playlist for Youtube 1.32 Stored Cross-Site Scripting (XSS)

Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path

Blood Bank v1.0 Stored Cross Site Scripting (XSS)

AMPLE BILLS 0.1 Multiple-SQLi

Bleepingcomputer.com

Thu, 25 Apr 2024 10:27:41 -0400

WP Automatic WordPress plugin hit by millions of SQL injection attacks

New Brokewell malware takes over Android devices, steals data

US charges Samourai cryptomixer founders for laundering $100 million

Maximum severity Flowmon bug has a public exploit, patch now

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks

Google Meet opens client-side encrypted calls to non Google users

Windows 11 KB5036980 update goes live with Start Menu ads

Ring customers get $5.6 million in privacy breach settlement

Microsoft pulls fix for Outlook bug behind ICS security alerts

CoralRaider attacks use CDN cache to push info-stealer malware

Microsoft releases Exchange hotfixes for security update issues

US govt sanctions Iranians linked to government cyberattacks

reddit.com/r/blueteamsec

2024-04-20T07:31:36+00:00

CTO at NCSC Summary: week ending April 21st

Nation-State Threat Actors Renew Publications to npm

Guidance for Incident Responders

Poll Vaulting: Cyber Threats to Global Elections

Quantum of Malice - During our investigation of actual 5G network nodes we have also noticed that even if IPSec is recommended, it’s often neglected, poorly implemented and more importantly not always a viable way of mitigating these attacks.

[Series] AppArmor Basics for Sysadmins

JA4T: TCP Fingerprinting - And How to Use It to Block Over 60% of Internet Scan Traffic

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

i-SOON Toolkit: What is “TZ”?

The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers - The Citizen Lab

Spain reopens a probe into a Pegasus spyware case after a French request to work together

Justice Department Announces Charges Against Four Iranian Nationals For Multi-Year Cyber Campaign Targeting U.S. Companies

Identify North Korea's K-defense company hacking attack and implement protective measures through a joint special inspection by related organizations such as the National Police Agency and the Defense Acquisition Program Administration

Justice Department Charges Four Iranian Nationals for Multi-Year Cyber Campaign Targeting U.S. Companies

Promoting Accountability for the Misuse of Commercial Spyware - "the Department is taking steps to impose visa restrictions on 13 individuals who have been involved in the development and sale of commercial spyware or who are immediate family members of those involved. "

ATT&CK v15 Brings the Action

2023 Country Reports on Human Rights Practices: Greece - "(PEGA) found the country did not use spyware “as part of an integral authoritarian strategy,” but applied spyware against “journalists, politicians and businesspersons,” and exported spyware to countries with poor human rights records"

Decrypting Synology Patchfiles

Technical analysis of the Rust loader for the digital weapon organization OceanLotus (APT-Q-31)

Suspected CoralRaider continues to expand victimology using three information stealers

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs

MuddyWater campaign abusing Atera Agents

China's Military Cyber Operations

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Markets Matter: A Glance into the Spyware Industry

GitHub - trailofbits/cargo-unmaintained: Find unmaintained packages in Rust projects

reddit.com/r/hacking

2018-12-06T14:44:57+00:00

How to start hacking? The ultimate two path guide to information security.

https://www.reddit.com/r/hacki »

Before I begin - everything about this should be totally and completely ethical at it's core. I'm not saying this as any sort of legal coverage, or to not get somehow sued if any of you screw up, this is genuinely how it should be. The idea here is information security. I'll say it again. information security. The whole point is to make the world a better place. This isn't for your reckless amusement and shot at recognition with your friends. This is for the betterment of human civilisation. Use your knowledge to solve real-world issues. There's no singular all-determining path to 'hacking', as it comes from knowledge from all areas that eventually coalesce into a general intuition. Although this is true, there are still two common rapid learning paths to 'hacking'. I'll try not to use too many technical terms. The first is the simple, effortless and result-instant path. This involves watching youtube videos with green and black thumbnails with an occasional anonymous mask on top teaching you how to download well-known tools used by thousands daily - or in other words the 'Kali Linux Copy Pasterino Skidder'. You might do something slightly amusing and gain bit of recognition and self-esteem from your friends. Your hacks will be 'real', but anybody that knows anything would dislike you as they all know all you ever did was use a few premade tools. The communities for this sort of shallow result-oriented field include r/HowToHack and probably r/hacking as of now. The second option, however, is much more intensive, rewarding, and mentally demanding. It is also much more fun, if you find the right people to do it with. It involves learning everything from memory interaction with machine code to high level networking - all while you're trying to break into something. This is where Capture the Flag, or 'CTF' hacking comes into play, where you compete with other individuals/teams with the goal of exploiting a service for a string of text (the flag), which is then submitted for a set amount of points. It is essentially competitive hacking. Through CTF you learn literally everything there is about the digital world, in a rather intense but exciting way. Almost all the creators/finders of major exploits have dabbled in CTF in some way/form, and almost all of them have helped solve real-world issues. However, it does take a lot of work though, as CTF becomes much more difficult as you progress through harder challenges. Some require mathematics to break encryption, and others require you to think like no one has before. If you are able to do well in a CTF competition, there is no doubt that you should be able to find exploits and create tools for yourself with relative ease. The CTF community is filled with smart people who can't give two shits about elitist mask wearing twitter hackers, instead they are genuine nerds that love screwing with machines. There's too much to explain, so I will post a few links below where you can begin your journey. Remember - this stuff is not easy if you don't know much, so google everything, question everything, and sooner or later you'll be down the rabbit hole far enough to be enjoying yourself. CTF is real life and online, you will meet people, make new friends, and potentially find your future. What is CTF? (this channel is gold, use it) - https://www.youtube.com/watch?v=8ev9ZX9J45A More on /u/liveoverflow, http://www.liveoverflow.com is hands down one of the best places to learn, along with r/liveoverflow CTF compact guide - https://ctf101.org/ Upcoming CTF events online/irl, live team scores - https://ctftime.org/ What is CTF? - https://ctftime.org/ctf-wtf/ Full list of all CTF challenge websites - http://captf.com/practice-ctf/ > be careful of the tool oriented offensivesec oscp ctf's, they teach you hardly anything compared to these ones and almost always require the use of metasploit or some other program which does all the work for you. http://pwnable.tw/ (a newer set of high quality pwnable challenges) http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges) https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression) https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430) http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges) http://reversing.kr/ http://hax.tor.hu/ https://w3challs.com/ https://pwn0.com/ https://io.netgarage.org/ http://ringzer0team.com/ http://www.hellboundhackers.org/ http://www.overthewire.org/wargames/ http://counterhack.net/Counter_Hack/Challenges.html http://www.hackthissite.org/ http://vulnhub.com/ http://ctf.komodosec.com https://maxkersten.nl/binary-analysis-course/ (suggested by /u/ThisIsLibra, a practical binary analysis course) https://pwnadventure.com (suggested by /u/startnowstop) http://picoctf.com is very good if you are just touching the water. and finally, r/netsec - where real world vulnerabilities are shared. submitted by /u/SlickLibro [link] [comments]
https://www.reddit.com/r/hacking/comments/a3oicn/how_to_start_hacking_the_ultimate_two_path_guide/

Sub banner contest 2024

I wish this was a joke.

North Korean Hackers Lazarus Use LinkedIn to Steal Crypto

Get admin rights with notepad?

Best hacking movies?

Best Database viewer/analyzer?

RAZ TN9000 HD screen vapes hacked, re-themed with windows 95

What do I do after bluesnarf attack?

Can I duplicate a USB key that unlocks a software?

XZ Utils Rundown: What We Learned and What To Do Next

Docker vs VM

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

WiFi Content

Looking to find a book from the 90s; had a manhole cover on it and was about assembly language

How to use the tool "seeker" in Kali Linux anonymously?

How to locally prove that a digital data is from the past, not from the future?

How to host BeEF site publicly?

VPN on cloud VMs

Bypassing method

How do you keep yourself updated?

Not able to crack .cap file

RFID Hacking

Reverse engineering a server

Are Zip Bombs legal?

uimage header, wyze cam v3

https://www.reddit.com/r/hacki »

So i recently found this video https://www.youtube.com/watch?v=hV8W4o-Mu2o seemed interesting, im new to the whole hacker space so i thought this might be a fun project, went a bought a v3, about the same price figured i could get some better features, and preform similar exploits. i extracted the different parts of the firmware and used mkimage with the correct flags original uimage : 0 0x0 uImage header, header size: 64 bytes, header CRC: 0x35D07B10, created: 2024-01-05 00:39:44, image size: 9420800 bytes, Data Address: 0x0, Entry Point: 0x0, data CRC: 0x85E1A3CC, OS: Linux, CPU: MIPS, image type: Firmware Image, compression type: none, image name: "jz_fw" flags used : -A MIPS -O linux -T firmware -C none -a 0 -e 0 -n jz_fw the created output even using all original files and just my own uheader image, claims to be 64 bytes bigger then the original uimage header.... interesting, but seeing as the files are the same size, a bit of hex editing seemed to fix the issue, now i can't get the camera to read my custom firmware unless i use EXACTLY the original uimage header, now i know theres no way to allow dynamic firmware upgrades if you are locked into specific hex headers, so im doing something wrong. the CRC won't match any updates i add to the fs meaning im SOL to try and just use the original without any updates, so im wondering if anyone has the wyze cam v3, or has worked with similar and sees a clear issue what could be going on? binwalk -t on my uheader image is 0 0x0 uImage header, header size: 64 bytes, header CRC: 0x39AFB197, created: 2024-04-23 04:53:17, image size: 9420864 bytes, Data Address: 0x0, Entry Point: 0x0, data CRC: 0xD4573CBC, OS: Linux, CPU: MIPS, image type: Firmware Image, compression type: none, image name: "jz_fw" so far nothing i've tried has gotten the camera to recognize anything but the absolute original firmware, i've seen on github people getting custom firmwares working, but the scripts they use are so all over the place its a bit tricky to follow them for this one error. submitted by /u/vsadygv [link] [comments]
https://www.reddit.com/r/hacking/comments/1cawwnm/uimage_header_wyze_cam_v3/

FBI Director Says China's Hacking Aimed at U.S. Infrastructure to 'Induce Panic'

reddit.com/r/cybersecurity

2024-04-22T00:00:19+00:00

Mentorship Monday - Post All Career, Education and Job questions here!

Anyone with ADHD/ADD who's thriving in the field of cybersecurity?

Russian hackers attack Texas water facility

How will the US ban Tiktok on a technical level?

FTC bans non competes. F yeah.

Are ISO 42001 and NIST AI RMF on Your Radar This Year?

Qualys vs Nexpose vs Nessus

Being used??

Amazon Senior Security Intel Engineer

PAM for RDP, Vault and Kubernetes

Ring customers get $5.6 million in privacy breach settlement

Looking for cybersecurity training tools

Staying up to date with programming skills

Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer)

Experienced fullstack dev + general "hacking nerd" looking to switch fields - I have some questions...

https://www.reddit.com/r/cyber »

I posted this in the weekly job advice thread but it got no responses, so maybe this can give a bit of extra visibility. I am a fullstack web developer team lead with 5+ years experience and recently I have been curious about careers focused in cyber security. I am exploring options in this space that might be suited to my experience, skills and interests. I have an educational background in computer engineering (at the technologist level) with a focus in x86/x64, c/c++, c#. My current interest is in application programming, compilers, reverse engineering, and creating software to interact with the code I am reversing. This niche type of interest is outside much of my day job as a web developer which I would like to branch away from and I am trying to understand what related jobs are in this space. What kind of jobs are suitable for someone with my interests and experience level here? From what I understand "malware analysis" and "pen testing" appear to be the most related subject matter areas to my interests, is this accurate or is there a better way to categorize it and what kind of jobs fall into this category? Are there broader, more rewarding types of related careers I should focus on instead? I have skill in managing people, but also want to focus on programming and code if its possible. My current job is a hybrid. What kind of salaries can I expect from someone in these types of roles and subject matter? I am in N/A. I have been considering taking enrolled in Google's Cybersecurity Professional Certificate and plan to do Security+ to gain a better understanding of the broader space while I continue to work my day job. Is this a good idea or is there a more optimal use of my time here given my specific interests in this field? As a few notes: Ideally I not want to be an analyst who supports/manages a corporate security solution. This style of work is not appealing to me (although maybe some aspects of it might, such as forensics?). My interests are more focused on code and appear to align closer to specific niche areas in this field. If I have to do lower level analyst work to just break into the field (and take a MASSIVE pay cut) I would consider it, but the most ideal situation I could move laterally both in pay and position as much as possible. Is this a realistic mindset? Thanks! submitted by /u/Deeznutzzzz_z [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cct5mi/experienced_fullstack_dev_general_hacking_nerd/

Canadian military for cyber

Can my employer see what I and/or other personal WiFi users do on the internet via personal devices?

Are We Ready for a Cyber Attack on Food and Farming? : Authorities are working to prepare for one by, for the first time, conducting a massive federal tabletop exercise focused on food and agriculture cybersecurity resilience

Red teaming and pentesting

Skill Measurements & KPI

Is experience more valuable than a degree ?

Threat hunting resources

InsightIDR Threat Hunting

2x Actively Exploited Cisco CVEs in Adaptive Security Compliance (ASA) & Firepower Threat Defense (FTD)

https://www.reddit.com/r/cyber »

(That would be Adaptive Security Appliance*,* of course...) What's Going On? This afternoon, Cisco released 2 new CVEs impacting their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), both of which are actively exploited by UAT4356. More on CVE-2024-20353 Vendor CVSS Score 8.6 Allows an unauthenticated, remote attacker to force a compromised device to reload unexpectedly, resulting in a denial of service (DoS) condition. More on CVE-2024-20359 Vendor CVSS Score 6.0 Allows an unauthenticated, local attacker to execute arbitrary code with root-level privileges. (Note: Administrator privileges are required to exploit this vulnerability.) Potential Risk? The APG and Cisco have confirmed that these two vulnerabilities are currently actively exploited in the wild! Specifically, Cisco's Talos Intelligence reported an ongoing campaign ("ArcaneDoor"), in which threat actors from UAT4356 deployed two backdoors (“Line Runner” and “Line Dancer”). These threat actors conducted multiple malicious activities, including: Configuration modification, Reconnaissance, Network traffic capture and exfiltration, and Potential lateral movement. How to Mitigate Today, Cisco recommends: Applying software updates with patches for the impacted Cisco ASA and FTD software. Using their provided Cisco Software Checker to help users identify vulnerability exposure to these and other CVEs. Note: Cisco has not identified other workarounds for either CVE-2024-20353 or CVE-2024-20359! For more information ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability submitted by /u/blackpoint_APG [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cc6e35/2x_actively_exploited_cisco_cves_in_adaptive/

Anyone heard of service offered by Cribl ?

My IT Department knows all our passwords