Tageszusammenfassung - 14.02.2024

End-of-Day report

Timeframe: Dienstag 13-02-2024 18:00 - Mittwoch 14-02-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

Ubuntu command-not-found tool can be abused to spread malware

A logic flaw between Ubuntus command-not-found package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.

https://www.bleepingcomputer.com/news/security/ubuntu-command-not-found-tool-can-be-abused-to-spread-malware/


Security review for Microsoft Edge version 121

Microsoft Edge version 121 introduced 11 new computer settings and 11 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-review-for-microsoft-edge-version-121/ba-p/4057135


Fake-Angebote für Samsungs Galaxy S24, S24+ und S24 Ultra mit Nachnahmezahlung!

Vor wenigen Wochen hat Samsung das Galaxy S24, das Galaxy S24+ sowie das Galaxy S24 Ultra vorgestellt. Die Preise für die neuen Geräte bewegen sich zum Marktstart zwischen 780 und 1800 Euro für die unterschiedlichen Modelle. Um vieles billiger versprechen Kriminelle das Gerät. Für 269 Euro per Nachnahme gibt es das teuerste Gerät auf shop.mgmmgme.shop. So viel ist sicher: Das versprochene Gerät wird hier nie geliefert und Zahlungen per Nachnahme sind verloren.

https://www.watchlist-internet.at/news/fake-angebote-fuer-samsungs-galaxy-s24-s24-und-s24-ultra-mit-nachnahmezahlung/


The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture

Recently, Check Point Research released a white paper titled -The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors-, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.

https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/


TicTacToe Dropper

We analyzed multiple samples of this dropper. The executable malware file was usually delivered through an .iso file. From cases directly observed in the wild, these iso files were delivered to the victim via phishing as an attachment (T1566.001). This technique of packing malware inside an iso file is typically employed to avoid detection by antivirus software and as a mark-of-the-web (MOTW) bypass technique (T1553.005).

https://feeds.fortinet.com/~/869921006/0/fortinet/blogs~TicTacToe-Dropper

Vulnerabilities

Patchday: Adobe schließt Schadcode-Lücken in Acrobat & Co.

Für mehrere Adobe-Produkte sind wichtige Sicherheitsupdates erschienen. Damit haben die Entwickler unter anderem kritische Schwachstellen geschlossen.

https://www.heise.de-9627753


Webkonferenz-Tool Zoom: Rechteausweitung durch kritische Schwachstelle

Zoom warnt vor mehreren Schwachstellen in den Produkten des Unternehmens. Eine gilt als kritisches Sicherheitsrisiko.

https://www.heise.de/-9627817


Microsoft Security Update Summary (13. Februar 2024)

Am 13. Februar 2024 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office - sowie für weitere Produkte - veröffentlicht. Die Sicherheitsupdates beseitigen 73 Schwachstellen (CVEs), zwei sind 0-day Sicherheitslücken, die bereits ausgenutzt werden.

https://www.borncity.com/blog/2024/02/13/microsoft-security-update-summary-13-februar-2024/


Released: 2024 H1 Cumulative Update for Exchange Server

Today we are announcing the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14). CU14 includes fixes for customer reported issues, a security change, and all previously released Security Updates (SUs).

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506


Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities

AMD and Intel patch dozens of vulnerabilities on February 2024 Patch Tuesday, including multiple high-severity bugs.The post Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities appeared first on SecurityWeek.

https://www.securityweek.com/chipmaker-patch-tuesday-amd-and-intel-patch-over-100-vulnerabilities/


Security updates for Wednesday

Security updates have been issued by Debian (bind9 and unbound), Fedora (clamav, firecracker, libkrun, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, and virtiofsd), Red Hat (.NET 6.0, dotnet6.0, and dotnet7.0), Slackware (bind and dnsmasq), and Ubuntu (dotnet6, dotnet7, dotnet8, linux-lowlatency, linux-raspi, linux-nvidia-6.2, and ujson).

https://lwn.net/Articles/962077/


F5: K000138353 : Quarterly Security Notification (February 2024)

On February 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles.

https://my.f5.com/manage/s/article/K000138353


F5: K98606833 : BIG-IP and BIG-IQ scp vulnerability CVE-2024-21782

https://my.f5.com/manage/s/article/K98606833


F5: K91054692 : BIG-IP Appliance mode iAppsLX vulnerability CVE-2024-23976

https://my.f5.com/manage/s/article/K91054692


F5: K000137521 : BIG-IP AFM vulnerability CVE-2024-21763

https://my.f5.com/manage/s/article/K000137521


F5: K000137334 : F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability CVE-2024-23805

https://my.f5.com/manage/s/article/K000137334


2024-02-14: Cyber Security Advisory - B&R APROL SSH service vulnerable to Terrapin attack

https://www.br-automation.com/fileadmin/SA24P004_SSH_Service_Vulnerable_To_Terrapin_Attack-275204bc.pdf


tenable: [R1] Security Center Version 6.3.0 Fixes Multiple Vulnerabilities

https://www.tenable.com/security/tns-2024-02


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


Lenovo Security Advisories

https://support.lenovo.com/at/en/product_security/home