[CERT-daily] Tageszusammenfassung - 12.03.2024

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-03-2024 18:00 − Dienstag 12-03-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Inception Attack: Neue Angriffstechnik ermöglicht Manipulation von VR-Inhalten ∗∗∗
---------------------------------------------
Angreifer können nicht nur sensible Informationen abgreifen, sondern auch dem VR-Nutzer angezeigte Inhalte verändern, ohne dass dieser etwas merkt.
---------------------------------------------
https://www.golem.de/news/inception-attack-neue-angriffstechnik-ermoeglicht-manipulation-von-vr-inhalten-2403-183099.html


∗∗∗ Verträge und Abos kündigen: Vorsicht vor kostenpflichtigen Angeboten ∗∗∗
---------------------------------------------
Sie möchten Ihren Vertrag kündigen, wissen aber nicht wie? Oft sind die Informationen zur Kündigung und Kontaktadressen des jeweiligen Unternehmens auch unauffindbar. Aus gutem Grund suchen Konsument:innen daher nach Diensten, die den Kündigungsprozess übernehmen. Oft sind diese Dienste kostenpflichtig oder selbst eine Abofalle.
---------------------------------------------
https://www.watchlist-internet.at/news/vertraege-und-abos-kuendigen-vorsicht-vor-kostenpflichtigen-angeboten/


∗∗∗ Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption ∗∗∗
---------------------------------------------
Available evidence suggests vulnerability exploitation has replaced botnets as a prime infection vector.
---------------------------------------------
https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-exploits


∗∗∗ CISA Publishes SCuBA Hybrid Identity Solutions Guidance ∗∗∗
---------------------------------------------
CISA has published Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Guidance (HISG) to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2024/03/12/cisa-publishes-scuba-hybrid-identity-solutions-guidance


∗∗∗ VCURMS: A Simple and Functional Weapon ∗∗∗
---------------------------------------------
ForitGuard Labs uncovers a rat VCURMS weapon and STRRAT in a phishing campaign
---------------------------------------------
https://feeds.fortinet.com/~/873512375/0/fortinet/blogs~VCURMS-A-Simple-and-Functional-Weapon



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (qemu), Mageia (libtiff and thunderbird), Red Hat (kernel, kpatch-patch, postgresql, and rhc-worker-script), SUSE (compat-openssl098, openssl, openssl1, python-Django, python-Django1, and wpa_supplicant), and Ubuntu (accountsservice, libxml2, linux-bluefield, linux-raspi-5.4, linux-xilinx-zynqmp, linux-oem-6.1, openvswitch, postgresql-9.5, and ruby-rack).
---------------------------------------------
https://lwn.net/Articles/965113/


∗∗∗ SAP schließt zehn Sicherheitslücken am März-Patchday ∗∗∗
---------------------------------------------
SAP hat zehn neue Sicherheitsmitteilungen zum März-Patchday veröffentlicht. Zwei der geschlossenen Lücken gelten als kritisch.
---------------------------------------------
https://heise.de/-9652057


∗∗∗ Synology dichtet Sicherheitslecks in SRM ab ∗∗∗
---------------------------------------------
Im Synology Router Manager (SRM) klaffen Sicherheitslecks, durch die Angreifer etwa Scripte einschleusen können. Ein Update steht bereit.
---------------------------------------------
https://heise.de/-9652225


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Fortiguard Security Advisories ∗∗∗
---------------------------------------------
https://www.fortiguard.com/psirt


∗∗∗ SSA-918992 V1.0: Unused HTTP Service on SENTRON 3KC ATC6 Ethernet Module ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-918992.html


∗∗∗ SSA-832273 V1.0: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-832273.html


∗∗∗ SSA-792319 V1.0: Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-792319.html


∗∗∗ SSA-770721 V1.0: Multiple Vulnerabilities in SIMATIC RF160B before V2.2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-770721.html


∗∗∗ SSA-653855 V1.0: Information Disclosure vulnerability in SINEMA Remote Connect Client before V3.1 SP1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-653855.html


∗∗∗ SSA-576771 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-576771.html


∗∗∗ SSA-382651 V1.0: File Parsing Vulnerability in Solid Edge before V223.0.11 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-382651.html


∗∗∗ SSA-366067 V1.0: Multiple Vulnerabilities in Fortigate NGFW before V7.4.1 on RUGGEDCOM APE1808 devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-366067.html


∗∗∗ SSA-353002 V1.0: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-353002.html


∗∗∗ SSA-225840 V1.0: Vulnerabilities in the Network Communication Stack in Sinteso EN and Cerberus PRO EN Fire Protection Systems ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-225840.html


∗∗∗ SSA-145196 V1.0: Authorization Bypass Vulnerability in Siveillance Control ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-145196.html


∗∗∗ PHOENIX CONTACT: Multiple vulnerabilities in CHARX SEC charge controllers ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2024-011/


∗∗∗ Citrix SDWAN Security Bulletin for CVE-2024-2049 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049


∗∗∗ Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software ∗∗∗
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005


∗∗∗ Missing PSK secret for IKEv2 connection can cause libreswan to restart ∗∗∗
---------------------------------------------
https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt


∗∗∗ Schneider Electric EcoStruxure Power Design ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-072-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily