The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Strolling through Cyberspace and Hunting for Phishing Sites

Published: 2023-04-26

Last Updated: 2023-04-26 04:06:30 UTC

by Yee Ching Tok (Version: 1)

From time to time and as much as my limited time permits, I often explore the Internet and my DShield logs to see if I can uncover any interesting artifacts that suggest nefarious behaviour. Time-driven events such as tax filing are also considered when I perform such hunting activities. I recently discovered one such site masquerading as the Inland Revenue Authority of Singapore (IRAS) and observed some interesting points.

Read the full entry:

https://isc.sans.edu/diary/Strolling+through+Cyberspace+and+Hunting+for+Phishing+Sites/29780/

Calculating CVSS Scores with ChatGPT

Published: 2023-04-25

Last Updated: 2023-04-25 13:58:35 UTC

by Johannes Ullrich (Version: 1)

Everybody appears to be set to use ChatGPT for evil. After all, what is the fun in making the world a better place if, instead, you can make fun of a poor large large-scale language model whose developers only hinted at what it could mean to be good?

Having not given up on machines finally taking over to beat the "humane" into "humanity," I recently looked at some ways to use ChatGPT more defensively.

An issue I have been struggling with is vendors like Apple providing very terse and unstructured vulnerability summaries. You may have seen my attempt to create a more structured version of them and to assign severities to these vulnerabilities. Given that there are often dozens of vulnerabilities and limitations of my human form, the severity I assign is more of a "best guess." So I figured I would try to automate this with ChatGPT, and the initial results are not bad.

Read the full entry:

https://isc.sans.edu/diary/Calculating+CVSS+Scores+with+ChatGPT/29774/

Management of DMARC control for email impersonation of domains in the .co TLD - part 1 (2023.04.23)

https://isc.sans.edu/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/

YARA v4.3.1 Release (2023.04.23)

https://isc.sans.edu/diary/YARA+v431+Release/29766/

Taking a Bite Out of Password Expiry Helpdesk Calls (2023.04.20)

https://isc.sans.edu/diary/Taking+a+Bite+Out+of+Password+Expiry+Helpdesk+Calls/29758

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.CVE-2023-27350 - PaperCut NG 22.0.5 allows remote attackers to execute arbitrary code as SYSTEM by exploiting a flaw that bypasses authentication due to improper access control within the SetupCompleted class.Product: PaperCut NG PaperCut NG 22.0.5 (Build 63914)CVSS Score: 0** KEV since 2023-04-21 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-27350ISC Podcast: https://isc.sans.edu/podcastdetail.html?podcastid=8468NVD References: - http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219- https://www.zerodayinitiative.com/advisories/ZDI-23-233/CVE-2023-2136 - Chromium: CVE-2023-2136 Integer overflow in SkiaProduct: Google ChromeCVSS Score: 0** KEV since 2023-04-21 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2136MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2136NVD References: - https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html- https://crbug.com/1432603- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/- https://www.debian.org/security/2023/dsa-5393CVE-2023-2033 - Chromium: CVE-2023-2033 Type Confusion in V8Product: Google ChromeCVSS Score: 0** KEV since 2023-04-17 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2033MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033CVE-2023-2144 - Campcodes Online Thesis Archiving System 1.0 is vulnerable to remote SQL injection through the manipulation of the argument id in /admin/departments/view_department.php (VDB-226265).Product: Online Thesis Archiving System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2144NVD References: - https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%206.pdf- https://vuldb.com/?ctiid.226265- https://vuldb.com/?id.226265CVE-2023-2145 - Campcodes Online Thesis Archiving System 1.0 is vulnerable to remote SQL injection via manipulation of the id argument in projects_per_curriculum.php (VDB-226266).Product: Online Thesis Archiving System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2145NVD References: - https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%201.pdf- https://vuldb.com/?ctiid.226266- https://vuldb.com/?id.226266CVE-2023-2148 - Campcodes Online Thesis Archiving System 1.0 is susceptible to SQL injection through remote initiation via a manipulated id argument in /admin/curriculum/view_curriculum.php, posing a critical threat (VDB-226269).Product: Online Thesis Archiving System Project CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2148NVD References: - https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%205.pdf- https://vuldb.com/?ctiid.226269- https://vuldb.com/?id.226269CVE-2023-2149 - Campcodes Online Thesis Archiving System 1.0 is vulnerable to remote SQL injection via manipulation of the "id" argument in /admin/user/manage_user.php (VDB-226270).Product: Online Thesis Archiving System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-2149NVD References: - https://github.com/E1CHO/cve_hub/blob/main/Online%20Thesis%20Archiving%20System/Online%20Thesis%20Archiving%20System%20-%20vuln%207.pdf- https://vuldb.com/?ctiid.226270- https://vuldb.com/?id.226270CVE-2023-30839 - PrestaShop prior to 8.0.4 and 1.7.8.9 has a SQL filtering vulnerability allowing BO users to write, update, and delete in the database without specific rights.Product: PrestaShop e-commerce web applicationCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-30839NVD References: - https://github.com/PrestaShop/PrestaShop/commit/0f2a9b7fdd42d1dd3b21d4fad586a849642f3c30- https://github.com/PrestaShop/PrestaShop/commit/d1d27dc371599713c912b71bc2a455cacd7f2149- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-p379-cxqh-q822CVE-2023-28839 -  Shoppingfeed PrestaShop add-on (versions 1.4.0 to 1.8.2) is vulnerable to SQL injection due to lac…