Tageszusammenfassung - 24.04.2024

End-of-Day report

Timeframe: Dienstag 23-04-2024 18:00 - Mittwoch 24-04-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

Microsoft pulls fix for Outlook bug behind ICS security alerts

Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates.

https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-fix-for-outlook-bug-unexpected-ICS-warnings-after-December-security-updates/


Assessing the Y, and How, of the XZ Utils incident

In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.

https://securelist.com/xz-backdoor-story-part-2-social-engineering/112476/


Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Cybersecurity researchers have discovered an ongoing attack campaign thats leveraging phishing emails to deliver malware called SSLoad.

https://thehackernews.com/2024/04/researchers-detail-multistage-attack.html


Decrypting FortiOS 7.0.x

Decrypting Fortinet-s FortiGate FortiOS firmware is a topic that has been thoroughly covered, in part because of the many variants and permutations of FortiOS firmware, all differing based on hardware architecture and versioning.

https://www.labs.greynoise.io/grimoire/2024-04-23-decrypting-fortios/


New Password Cracking Analysis Targets Bcrypt

Hive Systems conducts another study on cracking passwords via brute-force attacks, but it-s no longer targeting MD5.

https://www.securityweek.com/new-password-cracking-analysis-targets-bcrypt/


Musiker:innen aufgepasst: Spam-Mails versprechen wertvolles Piano

Musiker:innen und insbesondere Pianist:innen müssen sich aktuell vor betrügerischen E-Mails in Acht nehmen, in denen ihnen ein teures Piano versprochen wird. Kriminelle geben sich als Witwe aus und suchen nach Abnehmer:innen für teure Instrumente wie beispielsweise wie das Yamaha Baby Grand Piano ihres verstorbenen Ehemanns.

https://www.watchlist-internet.at/news/musikerinnen-aufgepasst-spam-mails-versprechen-wertvolles-piano/


Windows-Frage: Wo speichert Bitlocker den Recovery-Key?

Bitlocker, das "unbekannte Wesen" möchte ich mal den Blog-Beitrag umschreiben. Es geht um die Frage, wo die Windows-Funktion Bitlocker eigentlich den Recovery-Key, der immer mal wieder gebraucht wird, überhaupt speichert.

https://www.borncity.com/blog/2024/04/24/windows-frage-wo-speichert-bitlocker-den-recovery-key/


Exchange Server April 2024 Hotfix-Updates (24. April 2024)

Microsoft hat zum 24. April Hotfix-Updates (HU) für Exchange Server 2016 und 2019 veröffentlicht. Diese Hotfix-Updates bieten Unterstützung für neue Funktionen und sollen Probleme, die durch das März 2024 Security Update (SU) hervorgerufen wurden, beheben.

https://www.borncity.com/blog/2024/04/24/exchange-server-april-2024-hotfix-updates-24-april-2024/


Distribution of Infostealer Made With Electron

AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron.

https://asec.ahnlab.com/en/64445/

Vulnerabilities

Grafana backend sql injection affected all version

To exploit this sql injection vulnerability, someone must use a valid account login to the grafana web backend, then send malicious POST request to /api/ds/query -rawSql- entry.

https://fdlucifer.github.io/2024/04/22/grafana-sql-injection/


Security updates for Wednesday

Security updates have been issued by Fedora (abseil-cpp, chromium, filezilla, libfilezilla, and xorg-x11-server-Xwayland), Oracle (firefox, gnutls, golang, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreswan, mod_http2, owO: thunderbird, and thunderbird), Red Hat (container-tools:rhel8, gnutls, grub2, kernel, kernel-rt, less, linux-firmware, opencryptoki, pcs, postgresql-jdbc, and thunderbird), Slackware (ruby), SUSE (kubernetes1.23, kubernetes1.24, [...]

https://lwn.net/Articles/971004/


Google Patches Critical Chrome Vulnerability

Google patches CVE-2024-4058, a critical Chrome vulnerability for which researchers earned a $16,000 reward.

https://www.securityweek.com/google-patches-critical-chrome-vulnerability/


IBM Security Bulletins

https://www.ibm.com/support/pages/bulletin/


Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers

http://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en