End-of-Day report
Timeframe: Montag 08-04-2024 18:00 - Dienstag 09-04-2024 18:00
Handler: Thomas Pribitzer
Co-Handler: Michael Schlagenhaufer
News
New SharePoint flaws help hackers evade detection when stealing files
Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. [..] Varonis disclosed these bugs in November 2023, and Microsoft added the flaws to a patch backlog for future fixing. However, the issues were rated as moderate severity, so they won't receive immediate fixes. Therefore, SharePoint admins should be aware of these risks and learn to identify and mitigate them until patches become available.
https://www.bleepingcomputer.com/news/security/new-sharepoint-flaws-help-hackers-evade-detection-when-stealing-files/
Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. [..] The issues were fixed by LG as part of updates released on March 22, 2024. [..] "Although the vulnerable service is intended for LAN access only, Shodan, the search engine for Internet-connected devices, identified over 91,000 devices that expose this service to the Internet," Bitdefender said.
https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html
Vorsicht vor falschen Nachrichten vom Finanzamt
Sie erwarten eine Nachricht vom Finanzamt? Wir raten zur Vorsicht: Derzeit sind zahlreiche gefälschte SMS- und E-Mail-Benachrichtigungen von FinanzOnline bzw. vom Finanzamt im Umlauf. Klicken Sie nicht voreilig auf Links und fragen Sie im Zweifelsfall bei der jeweiligen Behörde nach!
https://www.watchlist-internet.at/news/vorsicht-vor-falschen-nachrichten-vom-finanzamt/
It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise
We describe the characteristics of malware-initiated scanning attacks. These attacks differ from direct scanning and are increasing according to our data.
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
Notepad++: Entwickler warnt vor Parasiten-Webseite und bittet um Mithilfe
Die unautorisierte Webseite bezeichnet sich als "Fan-Projekt", der Notepad++-Entwickler fürchtet jedoch schädliche Auswirkungen. Die Community soll helfen.
https://heise.de/-9678725
Vulnerabilities
Fortinet Security Advisories 2024-04-09
Fortinet has released 12 security advisories: FortiOS, FortiManager, FortiClientLinux, FortiClientMac, FortiProxy, FortiMai, FortiSandbox, FortiNAC-F (1x critical, 4x high, 7x medium)
https://www.fortiguard.com/psirt?product=FortiOS-6K7K%2CFortiOS&product=FortiManager&product=FortiClientLinux&product=FortiClientMac&product=FortiProxy&product=FortiMail&product=FortiSandbox&product=FortiNAC-F&version=&date=2024
Fortinet: SMTP Smuggling
FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks [..]
https://fortiguard.fortinet.com/psirt/FG-IR-24-009
OpenSSL 3.3 Series Release Notes
Fixed unbounded memory growth with session handling in TLSv1.3 ([CVE-2024-2511])
https://www.openssl.org/news/openssl-3.3-notes.html
Technical Advisory - Ollama DNS Rebinding Attack (CVE-2024-28224)
Ollama is an open-source system for running and managing large language models (LLMs). [..] Ollama fixed this issue in release v0.1.29.
https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/
Security updates for Tuesday
Security updates have been issued by Debian (expat), Oracle (less and nodejs:20), Slackware (libarchive), SUSE (kubernetes1.23, nghttp2, qt6-base, and util-linux), and Ubuntu (python-django).
https://lwn.net/Articles/969141/
ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities
Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities.
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-palo-alto-networks-product-vulnerabilities/
SSA-885980 V1.0: Multiple Vulnerabilities in Scalance W1750D
https://cert-portal.siemens.com/productcert/html/ssa-885980.html
SSA-822518 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW before V11.0.1 on RUGGEDCOM APE1808 devices
https://cert-portal.siemens.com/productcert/html/ssa-822518.html
SSA-730482 V1.0: Denial of Service Vulnerability in SIMATIC WinCC
https://cert-portal.siemens.com/productcert/html/ssa-730482.html
SSA-556635 V1.0: Multiple Vulnerabilities in Telecontrol Server Basic before V3.1.2.0
https://cert-portal.siemens.com/productcert/html/ssa-556635.html
SSA-455250 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices
https://cert-portal.siemens.com/productcert/html/ssa-455250.html
SSA-265688 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
SSA-222019 V1.0: X_T File Parsing Vulnerabilities in Parasolid
https://cert-portal.siemens.com/productcert/html/ssa-222019.html
SSA-128433 V1.0: Multiple Vulnerabilities in SINEC NMS before V2.0 SP2
https://cert-portal.siemens.com/productcert/html/ssa-128433.html
Xen: XSA-454
https://xenbits.xen.org/xsa/advisory-454.html
Welotec: Two vulnerabilities in TK500v1 router series
https://cert.vde.com/de/advisories/VDE-2024-009/
SUBNET PowerSYSTEM Server and Substation Server
https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01
Multiple vulnerabilities in WordPress Plugin "Ninja Forms"
https://jvn.jp/en/jp/JVN50361500/
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
SAP-Patchday: Zehn Sicherheitsmitteilungen im April
https://heise.de/-9678796
HP Poly CCX IP-Telefone erlauben unbefugten Zugriff
https://heise.de/-9679027
Robot Operating System: Zahlreiche Schwachstellen gefunden und geschlossen
https://heise.de/-9679260