Tageszusammenfassung - 09.04.2024

End-of-Day report

Timeframe: Montag 08-04-2024 18:00 - Dienstag 09-04-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer

News

New SharePoint flaws help hackers evade detection when stealing files

Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. [..] Varonis disclosed these bugs in November 2023, and Microsoft added the flaws to a patch backlog for future fixing. However, the issues were rated as moderate severity, so they won't receive immediate fixes. Therefore, SharePoint admins should be aware of these risks and learn to identify and mitigate them until patches become available.

https://www.bleepingcomputer.com/news/security/new-sharepoint-flaws-help-hackers-evade-detection-when-stealing-files/


Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. [..] The issues were fixed by LG as part of updates released on March 22, 2024. [..] "Although the vulnerable service is intended for LAN access only, Shodan, the search engine for Internet-connected devices, identified over 91,000 devices that expose this service to the Internet," Bitdefender said.

https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html


Vorsicht vor falschen Nachrichten vom Finanzamt

Sie erwarten eine Nachricht vom Finanzamt? Wir raten zur Vorsicht: Derzeit sind zahlreiche gefälschte SMS- und E-Mail-Benachrichtigungen von FinanzOnline bzw. vom Finanzamt im Umlauf. Klicken Sie nicht voreilig auf Links und fragen Sie im Zweifelsfall bei der jeweiligen Behörde nach!

https://www.watchlist-internet.at/news/vorsicht-vor-falschen-nachrichten-vom-finanzamt/


It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise

We describe the characteristics of malware-initiated scanning attacks. These attacks differ from direct scanning and are increasing according to our data.

https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/


Notepad++: Entwickler warnt vor Parasiten-Webseite und bittet um Mithilfe

Die unautorisierte Webseite bezeichnet sich als "Fan-Projekt", der Notepad++-Entwickler fürchtet jedoch schädliche Auswirkungen. Die Community soll helfen.

https://heise.de/-9678725

Vulnerabilities

Fortinet Security Advisories 2024-04-09

Fortinet has released 12 security advisories: FortiOS, FortiManager, FortiClientLinux, FortiClientMac, FortiProxy, FortiMai, FortiSandbox, FortiNAC-F (1x critical, 4x high, 7x medium)

https://www.fortiguard.com/psirt?product=FortiOS-6K7K%2CFortiOS&product=FortiManager&product=FortiClientLinux&product=FortiClientMac&product=FortiProxy&product=FortiMail&product=FortiSandbox&product=FortiNAC-F&version=&date=2024


Fortinet: SMTP Smuggling

FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks [..]

https://fortiguard.fortinet.com/psirt/FG-IR-24-009


OpenSSL 3.3 Series Release Notes

Fixed unbounded memory growth with session handling in TLSv1.3 ([CVE-2024-2511])

https://www.openssl.org/news/openssl-3.3-notes.html


Technical Advisory - Ollama DNS Rebinding Attack (CVE-2024-28224)

Ollama is an open-source system for running and managing large language models (LLMs). [..] Ollama fixed this issue in release v0.1.29.

https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/


Security updates for Tuesday

Security updates have been issued by Debian (expat), Oracle (less and nodejs:20), Slackware (libarchive), SUSE (kubernetes1.23, nghttp2, qt6-base, and util-linux), and Ubuntu (python-django).

https://lwn.net/Articles/969141/


ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities

Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities.

https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-palo-alto-networks-product-vulnerabilities/


SSA-885980 V1.0: Multiple Vulnerabilities in Scalance W1750D

https://cert-portal.siemens.com/productcert/html/ssa-885980.html


SSA-822518 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW before V11.0.1 on RUGGEDCOM APE1808 devices

https://cert-portal.siemens.com/productcert/html/ssa-822518.html


SSA-730482 V1.0: Denial of Service Vulnerability in SIMATIC WinCC

https://cert-portal.siemens.com/productcert/html/ssa-730482.html


SSA-556635 V1.0: Multiple Vulnerabilities in Telecontrol Server Basic before V3.1.2.0

https://cert-portal.siemens.com/productcert/html/ssa-556635.html


SSA-455250 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices

https://cert-portal.siemens.com/productcert/html/ssa-455250.html


SSA-265688 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1

https://cert-portal.siemens.com/productcert/html/ssa-265688.html


SSA-222019 V1.0: X_T File Parsing Vulnerabilities in Parasolid

https://cert-portal.siemens.com/productcert/html/ssa-222019.html


SSA-128433 V1.0: Multiple Vulnerabilities in SINEC NMS before V2.0 SP2

https://cert-portal.siemens.com/productcert/html/ssa-128433.html


Xen: XSA-454

https://xenbits.xen.org/xsa/advisory-454.html


Welotec: Two vulnerabilities in TK500v1 router series

https://cert.vde.com/de/advisories/VDE-2024-009/


SUBNET PowerSYSTEM Server and Substation Server

https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01


Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

https://jvn.jp/en/jp/JVN50361500/


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


SAP-Patchday: Zehn Sicherheitsmitteilungen im April

https://heise.de/-9678796


HP Poly CCX IP-Telefone erlauben unbefugten Zugriff

https://heise.de/-9679027


Robot Operating System: Zahlreiche Schwachstellen gefunden und geschlossen

https://heise.de/-9679260