[CERT-daily] Tageszusammenfassung - 24.04.2024

Daily end-of-shift report team at cert.at
Wed Apr 24 18:08:48 CEST 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 23-04-2024 18:00 − Mittwoch 24-04-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Thomas Pribitzer

=====================
=       News        =
=====================

∗∗∗ Microsoft pulls fix for Outlook bug behind ICS security alerts ∗∗∗
---------------------------------------------
Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-fix-for-outlook-bug-unexpected-ICS-warnings-after-December-security-updates/


∗∗∗ Assessing the Y, and How, of the XZ Utils incident ∗∗∗
---------------------------------------------
In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.
---------------------------------------------
https://securelist.com/xz-backdoor-story-part-2-social-engineering/112476/


∗∗∗ Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike ∗∗∗
---------------------------------------------
Cybersecurity researchers have discovered an ongoing attack campaign thats leveraging phishing emails to deliver malware called SSLoad.
---------------------------------------------
https://thehackernews.com/2024/04/researchers-detail-multistage-attack.html


∗∗∗ Decrypting FortiOS 7.0.x ∗∗∗
---------------------------------------------
Decrypting Fortinet’s FortiGate FortiOS firmware is a topic that has been thoroughly covered, in part because of the many variants and permutations of FortiOS firmware, all differing based on hardware architecture and versioning.
---------------------------------------------
https://www.labs.greynoise.io/grimoire/2024-04-23-decrypting-fortios/


∗∗∗ New Password Cracking Analysis Targets Bcrypt ∗∗∗
---------------------------------------------
Hive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5.
---------------------------------------------
https://www.securityweek.com/new-password-cracking-analysis-targets-bcrypt/


∗∗∗ Musiker:innen aufgepasst: Spam-Mails versprechen wertvolles Piano ∗∗∗
---------------------------------------------
Musiker:innen und insbesondere Pianist:innen müssen sich aktuell vor betrügerischen E-Mails in Acht nehmen, in denen ihnen ein teures Piano versprochen wird. Kriminelle geben sich als Witwe aus und suchen nach Abnehmer:innen für teure Instrumente wie beispielsweise wie das Yamaha Baby Grand Piano ihres verstorbenen Ehemanns.
---------------------------------------------
https://www.watchlist-internet.at/news/musikerinnen-aufgepasst-spam-mails-versprechen-wertvolles-piano/


∗∗∗ Windows-Frage: Wo speichert Bitlocker den Recovery-Key? ∗∗∗
---------------------------------------------
Bitlocker, das "unbekannte Wesen" möchte ich mal den Blog-Beitrag umschreiben. Es geht um die Frage, wo die Windows-Funktion Bitlocker eigentlich den Recovery-Key, der immer mal wieder gebraucht wird, überhaupt speichert.
---------------------------------------------
https://www.borncity.com/blog/2024/04/24/windows-frage-wo-speichert-bitlocker-den-recovery-key/


∗∗∗ Exchange Server April 2024 Hotfix-Updates (24. April 2024) ∗∗∗
---------------------------------------------
Microsoft hat zum 24. April Hotfix-Updates (HU) für Exchange Server 2016 und 2019 veröffentlicht. Diese Hotfix-Updates bieten Unterstützung für neue Funktionen und sollen Probleme, die durch das März 2024 Security Update (SU) hervorgerufen wurden, beheben.
---------------------------------------------
https://www.borncity.com/blog/2024/04/24/exchange-server-april-2024-hotfix-updates-24-april-2024/


∗∗∗ Distribution of Infostealer Made With Electron ∗∗∗
---------------------------------------------
AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron.
---------------------------------------------
https://asec.ahnlab.com/en/64445/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Grafana backend sql injection affected all version ∗∗∗
---------------------------------------------
To exploit this sql injection vulnerability, someone must use a valid account login to the grafana web backend, then send malicious POST request to /api/ds/query “rawSql” entry.
---------------------------------------------
https://fdlucifer.github.io/2024/04/22/grafana-sql-injection/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (abseil-cpp, chromium, filezilla, libfilezilla, and xorg-x11-server-Xwayland), Oracle (firefox, gnutls, golang, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreswan, mod_http2, owO: thunderbird, and thunderbird), Red Hat (container-tools:rhel8, gnutls, grub2, kernel, kernel-rt, less, linux-firmware, opencryptoki, pcs, postgresql-jdbc, and thunderbird), Slackware (ruby), SUSE (kubernetes1.23, kubernetes1.24, [...]
---------------------------------------------
https://lwn.net/Articles/971004/


∗∗∗ Google Patches Critical Chrome Vulnerability ∗∗∗
---------------------------------------------
Google patches CVE-2024-4058, a critical Chrome vulnerability for which researchers earned a $16,000 reward.
---------------------------------------------
https://www.securityweek.com/google-patches-critical-chrome-vulnerability/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list