End-of-Day report
Timeframe: Montag 11-03-2024 18:00 - Dienstag 12-03-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
Inception Attack: Neue Angriffstechnik ermöglicht Manipulation von VR-Inhalten
Angreifer können nicht nur sensible Informationen abgreifen, sondern auch dem VR-Nutzer angezeigte Inhalte verändern, ohne dass dieser etwas merkt.
https://www.golem.de/news/inception-attack-neue-angriffstechnik-ermoeglicht-manipulation-von-vr-inhalten-2403-183099.html
Verträge und Abos kündigen: Vorsicht vor kostenpflichtigen Angeboten
Sie möchten Ihren Vertrag kündigen, wissen aber nicht wie? Oft sind die Informationen zur Kündigung und Kontaktadressen des jeweiligen Unternehmens auch unauffindbar. Aus gutem Grund suchen Konsument:innen daher nach Diensten, die den Kündigungsprozess übernehmen. Oft sind diese Dienste kostenpflichtig oder selbst eine Abofalle.
https://www.watchlist-internet.at/news/vertraege-und-abos-kuendigen-vorsicht-vor-kostenpflichtigen-angeboten/
Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption
Available evidence suggests vulnerability exploitation has replaced botnets as a prime infection vector.
https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-exploits
CISA Publishes SCuBA Hybrid Identity Solutions Guidance
CISA has published Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Guidance (HISG) to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions.
https://www.cisa.gov/news-events/alerts/2024/03/12/cisa-publishes-scuba-hybrid-identity-solutions-guidance
VCURMS: A Simple and Functional Weapon
ForitGuard Labs uncovers a rat VCURMS weapon and STRRAT in a phishing campaign
https://feeds.fortinet.com/~/873512375/0/fortinet/blogs~VCURMS-A-Simple-and-Functional-Weapon
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (qemu), Mageia (libtiff and thunderbird), Red Hat (kernel, kpatch-patch, postgresql, and rhc-worker-script), SUSE (compat-openssl098, openssl, openssl1, python-Django, python-Django1, and wpa_supplicant), and Ubuntu (accountsservice, libxml2, linux-bluefield, linux-raspi-5.4, linux-xilinx-zynqmp, linux-oem-6.1, openvswitch, postgresql-9.5, and ruby-rack).
https://lwn.net/Articles/965113/
SAP schließt zehn Sicherheitslücken am März-Patchday
SAP hat zehn neue Sicherheitsmitteilungen zum März-Patchday veröffentlicht. Zwei der geschlossenen Lücken gelten als kritisch.
https://heise.de/-9652057
Synology dichtet Sicherheitslecks in SRM ab
Im Synology Router Manager (SRM) klaffen Sicherheitslecks, durch die Angreifer etwa Scripte einschleusen können. Ein Update steht bereit.
https://heise.de/-9652225
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Fortiguard Security Advisories
https://www.fortiguard.com/psirt
SSA-918992 V1.0: Unused HTTP Service on SENTRON 3KC ATC6 Ethernet Module
https://cert-portal.siemens.com/productcert/html/ssa-918992.html
SSA-832273 V1.0: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 devices
https://cert-portal.siemens.com/productcert/html/ssa-832273.html
SSA-792319 V1.0: Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices
https://cert-portal.siemens.com/productcert/html/ssa-792319.html
SSA-770721 V1.0: Multiple Vulnerabilities in SIMATIC RF160B before V2.2
https://cert-portal.siemens.com/productcert/html/ssa-770721.html
SSA-653855 V1.0: Information Disclosure vulnerability in SINEMA Remote Connect Client before V3.1 SP1
https://cert-portal.siemens.com/productcert/html/ssa-653855.html
SSA-576771 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2
https://cert-portal.siemens.com/productcert/html/ssa-576771.html
SSA-382651 V1.0: File Parsing Vulnerability in Solid Edge before V223.0.11
https://cert-portal.siemens.com/productcert/html/ssa-382651.html
SSA-366067 V1.0: Multiple Vulnerabilities in Fortigate NGFW before V7.4.1 on RUGGEDCOM APE1808 devices
https://cert-portal.siemens.com/productcert/html/ssa-366067.html
SSA-353002 V1.0: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family
https://cert-portal.siemens.com/productcert/html/ssa-353002.html
SSA-225840 V1.0: Vulnerabilities in the Network Communication Stack in Sinteso EN and Cerberus PRO EN Fire Protection Systems
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
SSA-145196 V1.0: Authorization Bypass Vulnerability in Siveillance Control
https://cert-portal.siemens.com/productcert/html/ssa-145196.html
PHOENIX CONTACT: Multiple vulnerabilities in CHARX SEC charge controllers
https://cert.vde.com/de/advisories/VDE-2024-011/
Citrix SDWAN Security Bulletin for CVE-2024-2049
https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049
Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005
Missing PSK secret for IKEv2 connection can cause libreswan to restart
https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt
Schneider Electric EcoStruxure Power Design
https://www.cisa.gov/news-events/ics-advisories/icsa-24-072-01