SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions.

CVE-2023-39582: Security issues - Chamilo LMS

Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld.
Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed.
“Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software

Database Security / Ransomware

Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld.

Cybersecurity firm Securonix, which has dubbed the campaign **DB#JAMMER**, said it stands out for the way the toolset and infrastructure is employed.

"Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software, and finally ransomware payloads," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical breakdown of the activity.

"The ransomware payload of choice appears to be a newer variant of Mimic ransomware called FreeWorld."

Initial access to the victim host is achieved by brute-forcing the MS SQL server, using it to enumerate the database and leveraging the xp\_cmdshell configuration option to run shell commands and conduct reconnaissance.

The next stage entails taking steps to impair system firewall and establish persistence by connecting to a remote SMB share to transfer files to and from the victim system as well as install malicious tools such as Cobalt Strike.

This, in turn, paves the way for the distribution of AnyDesk software to ultimately push FreeWorld ransomware, but not before carrying out a lateral movement step. The unknown attackers are also said to have unsuccessfully attempted to establish RDP persistence through Ngrok.

"The attack initially succeeded as a result of a brute force attack against a MS SQL server," the researchers said. "It's important to emphasize the importance of strong passwords, especially on publicly exposed services."

The disclosure comes as the operators of the Rhysida ransomware have claimed 41 victims, with more than half of them located in Europe.

Rhysida is one of the nascent ransomware strains that emerged in May 2023, adopting the increasingly popular tactic of encrypting and exfiltrating sensitive data from organizations and threatening to leak the information if the victims refuse to pay.

It also follows the release of a free decryptor for a ransomware called Key Group owing to multiple cryptographic errors in the program. The Python script, however, only works on samples compiled after August 3, 2023.

"Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims' data," Dutch cybersecurity company EclecticIQ said in a report released Thursday.

"The threat actor tried to increase the randomness of the encrypted data by using a cryptographic technique called salting. The salt was static and used for every encryption process which poses a significant flaw in the encryption routine."

UPCOMING WEBINAR

Detect, Respond, Protect: ITDR and SSPM for Complete SaaS Security

Discover how Identity Threat Detection & Response (ITDR) identifies and mitigates threats with the help of SSPM. Learn how to secure your corporate SaaS applications and protect your data, even after a breach.

Supercharge Your Skills

2023 has witnessed a record surge in ransomware attacks following a lull in 2022, even as the percentage of incidents that resulted in the victim paying have fallen to a record low of 34%, according to statistics shared by Coveware in July 2023.

The average ransom amount paid, on the other hand, has hit $740,144, up 126% from Q1 2023.

The fluctuations in monetization rates have been accompanied by ransomware threat actors continuing to evolve their extortion tradecraft, including sharing details of its attack techniques to show why its victims aren't eligible for a cyber insurance payout.

  
"Snatch claims they will release details of how attacks against non-paying victims succeeded in the hope that insurers will decide that the incidents should not be covered by insurance ransomware," Emsisoft security researcher Brett Callow said in a post shared on X (formerly Twitter) last month.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware

An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.


CVE-2023-23763: Release notes - GitHub Enterprise Server 3.6 Docs

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter.

CASE 2 Vers. 3.0 unterstützt in Katastrophenfällen das Krisenmanagement dabei, innerhalb kürzester Zeit eine Vielzahl an Informationen digital zu erfassen, zu bündeln und zu filtern. Je nach Erfordernissen können diese Daten abgerufen, mit zusätzlichen Informationen ergänzt und für berechtigte Personengruppen und beispielsweise die Öffentlichkeit aufbereitet werden.

Die Benutzeroberfläche ermöglicht darüber hinaus die Kommunikation innerhalb des Krisenstabes und den dazugehörigen Abteilungen wie beispielsweise dem Call Center Team. Gleichzeitig können Tasks und Arbeitsanweisungen mithilfe des Task Managements zugewiesen und Arbeitsschritte und Vorkommnisse im Logbuch dokumentiert werden.

Mit der Callcenter-Funktionalität erfassen und katalogisieren die Mitarbeiter alle Anrufe und ordnen diese den betroffenen Passagieren zu. Im Mittelpunkt steht dabei die Betreuung der Angehörigen: Von der Organisation der Anreise und Unterkunft bis hin zur Betreuung vor Ort werden sämtliche Daten erfasst und entsprechend aufbereitet.

**Einfache Kommunikation**

Das umfassende System bietet den Einsatzorganisationen und Einsatzleitern eine hoch entwickelte Plattform für die gesamte interne und externe Kommunikation. Einfach in der Anwendung und Administration ist die Software-Lösung ein All-in-one-Tool einerseits für den lückenlosen Austausch mit Mitarbeitern und andererseits, um die Presse, Öffentlichkeit und Angehörige zeitnah zu informieren.

**Visualisierung und Dokumentation**

Sämtliche Daten sind für Berechtigte laufend abrufbar und editierbar, die Visualisierung der Einsatzlage erfolgt somit in Echtzeit. In der wichtigen Aufbereitungsphase greifen die Systembenutzer auf eine umfangreiche Dokumentation zurück, die auch einer rechtlichen Prüfung standhält.

**Digitales Krisenmanagement**

Bei Großereignissen fallen innerhalb kurzer Zeit eine Vielzahl von Informationen an, die digital erfasst, gebündelt und gefiltert werden. Mit CASE 2 erfolgt die Datenerfassung am Ort des Geschehens mit einer webfähigen und plattformunabhängigen Lösung.

**Schnittstellen**

CASE2 Airline bietet einen integrierten Satz von standardisierten Schnittstellen. Datenaustausch ist per XML oder CSV Dateien möglich.

**Reportingfunktionalität**

Aus der Fülle von Daten lassen sich aussagekräftige Reports generieren, die als Entscheidungsgrundlage für den Einsatzleiter dienen können. So erhält der Leiter beispielsweise eine Übersicht aller Anrufer aus einem Bundesland, die einen Angehörigen vermissen und noch auf einen Rückruf warten.

**Echtzeit Lageübersicht**

Die betroffenen Organisationen haben den großen Vorteil, dass die Informationen aller Mitarbeiter automatisch und in Echtzeit erfolgt. Durch die gezielte Bündelung von Daten aus den verschiedensten Quellen ist Contwise CASE2 Airline auch im Bereich der Opferidentifizierung ein enorm wichtiges Hilfsmittel.

**Dublettenschablone**

Dadurch, dass Personendaten oftmals simultan eintreffen, kann es vorkommen, dass Opfer oder Angehörige in Listen doppelt geführt werden. Deshalb wurde in CASE2 Airline ein leistungsfähiger Algorithmus zur Dublettensuche integriert, mit dem es möglich ist, Namen anhand ihrer phonetischen Ähnlichkeit zu erkennen.

**Flexibilität & Erweiterbarkeit**

Da jeder Einsatz anders verläuft und andere Kriterien ausschlaggebend sind, wurde in CASE2 Airline ein flexibler Erweiterungsmechanismus eingebaut. Während des Einsatzfalles können Felder ergänzt und Formulare angepasst werden.

**Zeitzonen optimiert**

Systemzeit ist die UTC. Jeder Mitarbeiter kann jedoch für seinen Zugang seine eigene Zeitzone festlegen. Sämtliche Eingaben des Mitarbeiters werden im Hintergrund in die UTC umgewandelt. So müssen Zeitzonen beim Arbeiten mit CASE2 Airline nicht weiter beachtet werden.

CVE-2023-37826: Contwise Case2 - Startseite

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-37829: CVEs/CVE-2023-37829 at main · Popeye-ITSec/CVEs

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

CVE-2023-37830: CVEs/CVE-2023-37830 at main · Popeye-ITSec/CVEs

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions.

**Solution**

 No fix

No patched version is available. No reply from the vendor.

LEE SE HYOUNG (hackintoanetwork) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Post List With Featured Image Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-37997: WordPress Post List With Featured Image plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions.

**Solution**

 No fix

No patched version is available. No reply from the vendor.

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Art Decoration Shortcode Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-37994: WordPress Art Decoration Shortcode plugin <= 1.5.6 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions.

**Solution**

 Fixed

Update the WordPress YourMembership Single Sign On plugin to the latest available version (at least 1.1.4).

Aman Rawat discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress YourMembership Single Sign On Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.1.4.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-37986: WordPress YourMembership Single Sign On plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions.

**Solution**

 No fix

No patched version is available.

Abu Hurayra discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress ShopConstruct – Product Catalog, Shopping Cart and eCommerce solution for Store Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

Tag

#web