Cybersecurity information flow

Welcome to the end of March, and this month’s edition of the RTCSec Newsletter. A lot has accumulated in March on the VoIP and IP Communication security front. In fact, this one is packed! In this edition, we cover: Our news, involving CI/CD automation of VoIP security testing with SIPVicious PRO More news from us, including the OpenSIPS security audit report and a chat about the Cyber Resilience Act 3CX Phone Client turned into a trojan Critical vulnerabilities affecting Samsung and Pixel phones via VoLTE and 5G Silent fix in Kamailio gets a CVE, vulnerable door phones and various other security reports RTCSec newsletter is a free periodic newsletter bringing you commentary and news around VoIP and WebRTC security.

2023年03月31日，360CERT监测发现 `3CX` 发布了 `Mac 3CXDesktop App` 的风险通告，漏洞编号为 `CVE-2023-29059` ，漏洞等级： `严重` ，漏洞评分： `9.6` 。

A curated list of awesome actions to use on GitHub

PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager

浅谈基于深度学习的漏洞检测 https://mp.weixin.qq.com/s/fM5qAnQxWXLfAofgVqcWvw
记一次RCE+heapdump信息泄露引发的血案 https://mp.weixin.qq.com/s/6ZDto8QAUKTur5s_haGFdw
safe-rules: 详细的C/C++编程规范指南 https://github.com/Qihoo360/safe-rules

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips features, thanks to our GSoC contributors:
Add HTTP unencrypted traffic detection by @haleelsada
use termcolor by @haleelsada
Instead of dos detection. slips is now detecting all executables thanks to @Onyx2406
Updated the docs for contributing
Fix Leak detector errors when a different version of YARA is used.
Fix problem with counting the number of flows to be processed in the progress bar
Remove debugging prints printed by the whois python library to stderr

Check Our Slips Demo
Get a quick overview of what Slips is about and all its capabilities in this demo

Bludit version 3-14-1 suffers from a remote shell upload vulnerability.

Textpattern version 4.8.8 suffers from an authenticated remote code execution vulnerability.

Cacti version 1.2.22 suffers from a remote command execution vulnerability.

WordPress WooCommerce plugin version 7.1.0 suffers from a remote code execution vulnerability.

Qubes Mirage Firewall versions 0.8.0 through 0.8.3 suffer from a denial of service vulnerability.

Ubuntu Security Notice 5988-1 - It was discovered that integer overflows vulnerabilities existed in Xcftools. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

CoolerMaster MasterPlus version 1.8.5 suffers from an unquoted service path vulnerability.

rconfig version 3.9.7 suffers from a remote SQL injection vulnerability.

Online Pizza Ordering version 1.0 suffers from a remote SQL injection vulnerability.

EQ Enterprise Management System version 2.2.0 suffers from a remote SQL injection vulnerability.

Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass.

Judging Management System version 1.0 suffers from bypass and remote shell upload vulnerabilities.

Ubuntu Security Notice 5989-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 5990-1 - It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. It was discovered that musl did not handle wide-character conversion properly. A remote attacker could use this vulnerability to cause resource consumption , denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

Ubuntu Security Notice 5991-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

By failing to prepare you are preparing to fail. Make sure you're able to bounce back if, or when, a data disaster strikes.
The post World Backup Day: Avoiding a data disaster is a forever topic  appeared first on WeLiveSecurity
Article Link: https://www.welivesecurity.com/2023/03/31/world-backup-day-avoiding-data-disaster-forever-topic/
1 post - 1 participant
Read full topic

如何预防并及时修复 aCropalypse安全漏洞的方法

Article Link: Visualize Your Open Source Governance With BOM Doctor
1 post - 1 participant
Read full topic

<div> <div> <div> <div><p>There was a time when security awareness training was informal, short, and focused on simple things like using complex passwords. Well, it transpires that keeping these on a post-it note under your keyword or in a text file is in fact not a safe practice.</p>
This was when cyber threats from hackers were the work of people with expert skills, and at worst resulted in your computer getting infected with a virus, causing a brief interruption to your working day. Fast forward to the modern reality of the dark web where you can literally shop around and choose the method in which you want to carry out a targeted attack.
Added to that are the near-constant cyber attacks, where we can see for example in the Hornetsecurity Cyber Security Report 2023, while spam is on the decline, harmful content is rising.
<img alt="Cyber Threat Comparison" height="399" src="https://www.hornetsecurity.com/wp-content/uploads/2023/03/Cyber-Threat-Comparison.png" title="Cyber Threat Comparison" width="739" /> 

Cross-Site Scripting is a web-based attack performed on vulnerable web applications where an attacker can create a malicious link to inject unwanted executable JavaScript into a website.
A Cross-Site Scripting attack involves executing malicious code on a victim’s browser. Code is executed on the client side rather than on the server side.
XSS usually gets inserted through a webpage using a web form or hyperlink. This code can be used with client-side languages such as JavaScript, PHP, HTML, etc.
XSS Attack
For example, below I have a basic webpage that is vulnerable to the XSS attack.
<?php

$name = 'John<script>alert(678)</script>';

?>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Website</title>
</head>
<body>
<p>Welcome to my site <?php echo $name; ?>!</p>
</body>
</html>
If you run the code on a web browser, you’ll see an alert message with the number 678.
This means the website is vulnerable to XSS or Cross-Site Scripting.
Preventing XSS in PHP
For most PHP websites, htmlspecia