[CERT-daily] Tageszusammenfassung - 14.02.2024

Wed Feb 14 18:24:22 CET 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 13-02-2024 18:00 − Mittwoch 14-02-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Ubuntu command-not-found tool can be abused to spread malware ∗∗∗
---------------------------------------------
A logic flaw between Ubuntus command-not-found package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ubuntu-command-not-found-tool-can-be-abused-to-spread-malware/


∗∗∗ Security review for Microsoft Edge version 121 ∗∗∗
---------------------------------------------
Microsoft Edge version 121 introduced 11 new computer settings and 11 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them.
---------------------------------------------
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-review-for-microsoft-edge-version-121/ba-p/4057135


∗∗∗ Fake-Angebote für Samsungs Galaxy S24, S24+ und S24 Ultra mit Nachnahmezahlung! ∗∗∗
---------------------------------------------
Vor wenigen Wochen hat Samsung das Galaxy S24, das Galaxy S24+ sowie das Galaxy S24 Ultra vorgestellt. Die Preise für die neuen Geräte bewegen sich zum Marktstart zwischen 780 und 1800 Euro für die unterschiedlichen Modelle. Um vieles billiger versprechen Kriminelle das Gerät. Für 269 Euro per Nachnahme gibt es das teuerste Gerät auf shop.mgmmgme.shop. So viel ist sicher: Das versprochene Gerät wird hier nie geliefert und Zahlungen per Nachnahme sind verloren.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-angebote-fuer-samsungs-galaxy-s24-s24-und-s24-ultra-mit-nachnahmezahlung/


∗∗∗ The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture ∗∗∗
---------------------------------------------
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.
---------------------------------------------
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/


∗∗∗ TicTacToe Dropper ∗∗∗
---------------------------------------------
We analyzed multiple samples of this dropper. The executable malware file was usually delivered through an .iso file. From cases directly observed in the wild, these iso files were delivered to the victim via phishing as an attachment (T1566.001). This technique of packing malware inside an iso file is typically employed to avoid detection by antivirus software and as a mark-of-the-web (MOTW) bypass technique (T1553.005).
---------------------------------------------
https://feeds.fortinet.com/~/869921006/0/fortinet/blogs~TicTacToe-Dropper


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: Adobe schließt Schadcode-Lücken in Acrobat & Co. ∗∗∗
---------------------------------------------
Für mehrere Adobe-Produkte sind wichtige Sicherheitsupdates erschienen. Damit haben die Entwickler unter anderem kritische Schwachstellen geschlossen.
---------------------------------------------
https://www.heise.de-9627753


∗∗∗ Webkonferenz-Tool Zoom: Rechteausweitung durch kritische Schwachstelle ∗∗∗
---------------------------------------------
Zoom warnt vor mehreren Schwachstellen in den Produkten des Unternehmens. Eine gilt als kritisches Sicherheitsrisiko.
---------------------------------------------
https://www.heise.de/-9627817


∗∗∗ Microsoft Security Update Summary (13. Februar 2024) ∗∗∗
---------------------------------------------
Am 13. Februar 2024 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office – sowie für weitere Produkte – veröffentlicht. Die Sicherheitsupdates beseitigen 73 Schwachstellen (CVEs), zwei sind 0-day Sicherheitslücken, die bereits ausgenutzt werden.
---------------------------------------------
https://www.borncity.com/blog/2024/02/13/microsoft-security-update-summary-13-februar-2024/


∗∗∗ Released: 2024 H1 Cumulative Update for Exchange Server ∗∗∗
---------------------------------------------
Today we are announcing the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14). CU14 includes fixes for customer reported issues, a security change, and all previously released Security Updates (SUs).
---------------------------------------------
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-2024-h1-cumulative-update-for-exchange-server/ba-p/4047506


∗∗∗ Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities ∗∗∗
---------------------------------------------
AMD and Intel patch dozens of vulnerabilities on February 2024 Patch Tuesday, including multiple high-severity bugs.The post Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities appeared first on SecurityWeek.
---------------------------------------------
https://www.securityweek.com/chipmaker-patch-tuesday-amd-and-intel-patch-over-100-vulnerabilities/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bind9 and unbound), Fedora (clamav, firecracker, libkrun, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, and virtiofsd), Red Hat (.NET 6.0, dotnet6.0, and dotnet7.0), Slackware (bind and dnsmasq), and Ubuntu (dotnet6, dotnet7, dotnet8, linux-lowlatency, linux-raspi, linux-nvidia-6.2, and ujson).
---------------------------------------------
https://lwn.net/Articles/962077/


∗∗∗ F5: K000138353 : Quarterly Security Notification (February 2024) ∗∗∗
---------------------------------------------
On February 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles.
---------------------------------------------
https://my.f5.com/manage/s/article/K000138353


∗∗∗ F5: K98606833 : BIG-IP and BIG-IQ scp vulnerability CVE-2024-21782 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K98606833


∗∗∗ F5: K91054692 : BIG-IP Appliance mode iAppsLX vulnerability CVE-2024-23976 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K91054692


∗∗∗ F5: K000137521 : BIG-IP AFM vulnerability CVE-2024-21763 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137521


∗∗∗ F5: K000137334 : F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability CVE-2024-23805 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137334


∗∗∗ 2024-02-14: Cyber Security Advisory - B&R APROL SSH service vulnerable to Terrapin attack ∗∗∗
---------------------------------------------
https://www.br-automation.com/fileadmin/SA24P004_SSH_Service_Vulnerable_To_Terrapin_Attack-275204bc.pdf


∗∗∗ tenable: [R1] Security Center Version 6.3.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2024-02


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Lenovo Security Advisories ∗∗∗
---------------------------------------------
https://support.lenovo.com/at/en/product_security/home

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily