End-of-Day report
Timeframe: Dienstag 10-10-2023 18:00 - Mittwoch 11-10-2023 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Microsoft to kill off VBScript in Windows to block malware delivery
Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed.
https://www.bleepingcomputer.com/news/security/microsoft-to-kill-off-vbscript-in-windows-to-block-malware-delivery/
Microsoft warns of incorrect BitLocker encryption errors
Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments.
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-incorrect-bitlocker-encryption-errors/
LinkedIn Smart Links attacks return to target Microsoft accounts
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.
https://www.bleepingcomputer.com/news/security/linkedin-smart-links-attacks-return-to-target-microsoft-accounts/
Support-Ende für Windows Server 2012 R2: Warum Sie das nicht ignorieren dürfen
Ab sofort steht der Windows Server 2012 R2 komplett ohne Support dar. Doch aufgrund seiner Beliebtheit kommt er noch immer zum Einsatz - das muss sich ändern.
https://www.heise.de/news/Support-Ende-fuer-Windows-Server-2012-R2-Warum-Sie-das-nicht-ignorieren-duerfen-9330134.html
Wireshark Tutorial: Identifying Hosts and Users
When a host is infected or otherwise compromised, security professionals need to quickly review packet captures of suspicious network traffic to identify affected hosts and users.
https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/
Distribution of Magniber Ransomware Stops (Since August 25th)
Through a continuous monitoring process, AhnLab Security Emergency response Center (ASEC) is swiftly responding to Magniber, the main malware that is actively being distributed using the typosquatting method which abuses typos in domain addresses.
https://asec.ahnlab.com/en/57592/
The Risks of Exposing DICOM Data to the Internet
DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.
https://www.rapid7.com/blog/post/2023/10/11/the-risks-of-exposing-dicom-data-to-the-internet/
Vulnerabilities
CVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?, (Wed, Oct 11th)
Today, we got the promised fix for CVE-2023-38545. So here is a quick overview of how severe it is.
https://isc.sans.edu/diary/rss/30304
Patchday Microsoft: Attacken auf Skype for Business und WordPad
Microsoft hat wichtige Sicherheitsupdates für etwa Azure, Office und Windows veröffentlicht.
https://www.heise.de/news/Patchday-Microsoft-Attacken-auf-Skype-for-Business-und-WordPad-9330685.html
Patchday Adobe: Schadcode-Attacken auf Magento-Shops und Photoshop möglich
Die Entwickler von Adobe haben in Bridge, Commerce, Magento Open Source und Photoshop mehrere Sicherheitslücken geschlossen.
https://www.heise.de/news/Patchday-Adobe-Schadcode-Attacken-auf-Magento-Shops-und-Photoshop-moeglich-9330710.html
Webbrowser: Google-Chrome-Update schließt kritische Sicherheitslücke
Google hat das wöchentliche Chrome-Update herausgegeben. Es schließt 20 Sicherheitslücken, von denen mindestens eine als kritisch gilt.
https://www.heise.de/news/Webbrowser-Google-Chrome-Update-schliesst-kritische-Sicherheitsluecke-9330733.html
Security updates for Wednesday
Security updates have been issued by Debian (curl, mediawiki, tomcat10, and tomcat9), Fedora (libcaca, oneVPL, oneVPL-intel-gpu, and tracker-miners), Gentoo (curl), Mageia (cups and firefox, thunderbird), Red Hat (curl, kernel, kernel-rt, kpatch-patch, libqb, libssh2, linux-firmware, python-reportlab, tar, and the virt:rhel module), Slackware (curl, libcue, libnotify, nghttp2, and samba), SUSE (conmon, curl, glibc, kernel, php-composer2, python-reportlab, samba, and shadow), [...]
https://lwn.net/Articles/947409/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Sicherheitsupdates Fortinet: Angreifer können Passwörter im Klartext einsehen
https://www.heise.de/news/Sicherheitsupdates-Fortinet-Angreifer-koennen-Passwoerter-im-Klartext-einsehen-9331076.html
K000137202 : Intel BIOS vulnerability CVE-2022-38083
https://my.f5.com/manage/s/article/K000137202
Lenovo System Update Vulnerability
http://support.lenovo.com/product_security/PS500581-LENOVO-SYSTEM-UPDATE-VULNERABILITY
Lenovo View Denial of Service Vulnerability
http://support.lenovo.com/product_security/PS500580-LENOVO-VIEW-DENIAL-OF-SERVICE-VULNERABILITY
Multi-vendor BIOS Security Vulnerabilities (October 2023)
http://support.lenovo.com/product_security/PS500582-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-OCTOBER-2023
Lenovo Preload Directory Vulnerability
http://support.lenovo.com/product_security/PS500579-LENOVO-PRELOAD-DIRECTORY-VULNERABILITY
[R1] Security Center Version 6.2.0 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2023-32