Persistent cross-site noscripting vulnerabilities in Liferay Portal

In 2023 we found multiple vulnerabilities in Liferay Portal, a digital experience platform for enterprise websites. It is a free and open-source software project. A few thousand installations on the Internet not suppressing the Liferay-Portal HTTP response header can be found via special purpose search engines.

The Liferay Portal in the Community Version is the foundation for the web interface of Liechtenstein's electronic health portal. That's the reason we got involved with the portal software – not as a customer pentest project, but out of interest. We wrote a blog post about the Liechtenstein's electronic health portal (blog post is in German). We reported our findings regarding the Liferay Portal to Liferay in order to get them addressed. Now we are releasing technical details about the vulnerabilities.

Another vulnerability we mentioned in the health portal is a Denial of Service attack, where a nested Graph QL query is not restricted by the portal and which consumes available resources leading to a Denial of Service. This vulnerability is known to Liferay.

Just so there are no misunderstandings: We did not try to use these vulnerabilities against Liechtenstein's electronic health portal.

https://www.pentagrid.ch/en/blog/stored-cross-site-noscripting-vulnerabilities-in-liferay-portal/

#vulnerabilities #liferay
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

💡 So, ad blockers violate YouTube ToS? Good, because user agent spoofers don't.
Change your user agent to Windows Phone to disable ads. 💡

https://files.enderman.ch/noscripts/yt-antiadblocker.mp4

#antiadblocker #youtube #adblocker
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

A step-by-step Android penetration testing guide for beginners

Greetings fellow hackers, my name is Sandy, Security Analyst and Bug bounty hunter.

As I’m presently engaged in Android penetration testing, I’d like to relay my experiences with you, as they may prove beneficial in addressing some of the inquiries, I had difficulty resolving answers too, without more introductions let’s get started.

https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3

#android #pentest
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads

A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional. Called “Active Listening,” CMG claims the capability can identify potential customers “based on casual conversations in real time.”

https://www.404media.co/cmg-cox-media-actually-listening-to-phones-smartspeakers-for-ads-marketing/

👉🏼 https://webcache.googleusercontent.com/search?q=cache:G8IWWik_R1YJ:https://www.cmglocalsolutions.com/blog/active-listening-an-overview&hl

👉🏼 https://webcache.googleusercontent.com/search?q=cache:ZA57uuvQNT8J:https://www.cmglocalsolutions.com/blog/how-voice-data-works-and-how-you-can-use-it-in-your-business&hl

#advertising #targeted #privacy
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Operation Triangulation: The last (hardware) mystery

Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, noscriptd, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of our long-term research into Operation Triangulation, conducted with our colleagues, Igor Kuznetsov, Valentin Pashkov, and Mikhail Vinogradov.

This presentation was also the first time we had publicly disclosed the details of all exploits and vulnerabilities that were used in the attack. We discover and analyze new exploits and attacks using these on a daily basis, and we have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is definitely the most sophisticated attack chain we have ever seen.

https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/

#operationtriangulation #attack #iphone
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The Battle for Biometric Privacy

The pushback against ubiquitous surveillance and targeted deepfaking has begun—but regulation may fail to keep up with AI advances.

In 2024, increased adoption of biometric surveillance systems, such as the use of AI-powered facial recognition in public places and access to government services, will spur biometric identity theft and anti-surveillance innovations. Individuals aiming to steal biometric identities to commit fraud or gain access to unauthorized data will be bolstered by generative AI tools and the abundance of face and voice data posted online.

https://www.wired.com/story/the-battle-for-biometric-privacy/

#biometric #privacy #deepfake
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Mullvad VPN – an interview with the Swedish mole

The company was founded in March 2009 and we recently spoke to the Managing Director Jan Jonsson.

https://tarnkappe.info/artikel/interviews/mullvad-vpn-an-interview-with-the-swedish-mole-289150.html

#mullvad #vpn #interview
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

To celebrate Conversations being back on the Play Store and to deny Google their 15% cut I made the app free for the next ~48 hours.

https://gultsch.social/@daniel/111933922710829462

#conversations #jabber #xmpp #app #free
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

You can not simply publicly access private secure links, can you?

turns out, you can even search for them with powerful search engines!

Popular malware/url analysis tools such as urlscan.io, Hybrid Analysis, and Cloudflare radar url scanner store a large number of links for intelligence gathering and sharing. However, it is not as widely known that these services also store a large amount of private and sensitive links, thanks to:

- Sensitive links accidentally submitted for scanning by users unaware that they are public information

- Misconfigured scanners and extensions that submit private links scanned from emails as public data

https://vin01.github.io/piptagole/security-tools/soar/urlscan/hybrid-analysis/data-leaks/urlscan.io/cloudflare-radar%22/2024/03/07/url-database-leaks-private-urls.html

#securelinks #security #tools #urlscan #analysis
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Docker Security – Step-by-Step Hardening (Docker Hardening)

This article provides practical recommendations for configuring Docker platform aimed at increasing its security. It also suggests tools helpful in automation of some tasks related to securing Docker.

My intention is to guide the reader step by step through the process of preparing a secure configuration. As such, this guide may prove to be more extensive than other similar publications. However, this is a conscious choice. My goal is not merely to present a dry list of parameters and ready-made configuration snippets, but to provide the reader with a fuller context. I want the reader to understand why certain modifications are necessary and what benefits their implementation will bring.

https://reynardsec.com/en/docker-platform-security-step-by-step-hardening/

#docker #hardening #guide
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Ransomware Diaries Volume 5: Unmasking LockBit

Before you read this volume of the Ransomware Diaries, please understand that LockBitSupp’s identity only became known earlier today. Therefore, please make your own assessment and validate my findings before using this research for real-world actions. I have been chasing LockBit for a long time and when I found out the DoJ planned to release this information, I decided to publish my research quicker than I intended.

https://analyst1.com/ransomware-diaries-volume-5-unmasking-lockbit/

#lockbit
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Wireshark RDP resources

Looking for a way to capture and inspect RDP traffic in Wireshark? You've come to the right place!

https://github.com/awakecoding/wireshark-rdp

#wireshark #pentesting
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

7 Deadly Sins of Distrohopping

What are you doing wrong with distro-hopping? Can you do it better? Yes, you can. Here, we tell you how.

https://itsfoss.com/distrohopping-issues/

#linux #foss #distrohopping
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Dell admits to data breach: sensitive user data in peril

The American technology giant has notified some of its customers about a data breach that involved sensitive data, including users’ physical addresses.

Dell Technologies says that it’s currently investigating an incident “involving a Dell portal,” which contains a database with customer information related to purchases.

https://cybernews.com/news/dell-data-breach/

#dell #breach
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Lethal Injection: How We Hacked Microsoft's Healthcare Chat Bot

We have discovered multiple security vulnerabilities in the Azure Health Bot service, a patient-facing chatbot that handles medical information. The vulnerabilities, if exploited, could allow access to sensitive infrastructure and confidential medical data.

All vulnerabilities have been fixed quickly following our report to Microsoft. Microsoft has not detected any sign of abuse of these vulnerabilities. We want to thank the people from Microsoft for their cooperation in remediating these issues: Dhawal, Kirupa, Gaurav, Madeline, and the engineering team behind the service.

The first vulnerability allowed access to authentication credentials belonging to the customers. With continued research, we’ve found vulnerabilities allowing us to take control of a backend server of the service. That server is shared across multiple customers and has access to several databases that contain information belonging to multiple tenants.

https://www.breachproof.net/blog/lethal-injection-how-we-hacked-microsoft-ai-chat-bot

#microsoft #healthcare #ai #chatbot #hacked
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Telegram has launched a pretty intense campaign to malign Signal as insecure, with assistance from Elon Musk. The goal seems to be to get activists to switch away from encrypted Signal to mostly-unencrypted Telegram. I want to talk about this a bit....

https://twitter.com/matthew_d_green/status/1789687898863792453

#signal #telegram #durov #elonmusk
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

ShodanX

ShodanX is a versatile information gathering tool that harnesses the power of Shodan's extensive database. it offers multiple modes and flexible queries to extract valuable insights for security assessments, reconnaissance, and threat intelligence. With colorful output and intuitive commands, ShodanX empowers users to efficiently gather and analyze data from Shodan's facets, enhancing their cybersecurity efforts.

https://github.com/RevoltSecurities/ShodanX/tree/main

#shodan #shodanx #pentesting #cybersecurity #infosec
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

A Threat Actor Claims Sale of Outlook RCE Exploit 0-Day for $1,700,000

In a concerning development, a threat actor known as “Cvsp” has announced the sale of an alleged Outlook Remote Code Execution (RCE) exploit 0-day. This alleged exploit, designed to target various versions of Microsoft Office across both x86 and x64 architectures, poses a significant security threat to users worldwide.

https://dailydarkweb.net/a-threat-actor-claims-sale-of-outlook-rce-exploit-0-day-for-1700000/

#outlook #zeroday #exploit
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Firefox now collects data about search queries

https://blog.mozilla.org/en/products/firefox/firefox-search-update/

#firefox #privacy
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv