[CERT-daily] Tageszusammenfassung - 11.10.2023

Daily end-of-shift report team at cert.at
Wed Oct 11 18:13:09 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-10-2023 18:00 − Mittwoch 11-10-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft to kill off VBScript in Windows to block malware delivery ∗∗∗
---------------------------------------------
Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/microsoft-to-kill-off-vbscript-in-windows-to-block-malware-delivery/


∗∗∗ Microsoft warns of incorrect BitLocker encryption errors ∗∗∗
---------------------------------------------
Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments.
---------------------------------------------
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-incorrect-bitlocker-encryption-errors/


∗∗∗ LinkedIn Smart Links attacks return to target Microsoft accounts ∗∗∗
---------------------------------------------
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/linkedin-smart-links-attacks-return-to-target-microsoft-accounts/


∗∗∗ Support-Ende für Windows Server 2012 R2: Warum Sie das nicht ignorieren dürfen ∗∗∗
---------------------------------------------
Ab sofort steht der Windows Server 2012 R2 komplett ohne Support dar. Doch aufgrund seiner Beliebtheit kommt er noch immer zum Einsatz – das muss sich ändern.
---------------------------------------------
https://www.heise.de/news/Support-Ende-fuer-Windows-Server-2012-R2-Warum-Sie-das-nicht-ignorieren-duerfen-9330134.html


∗∗∗ Wireshark Tutorial: Identifying Hosts and Users ∗∗∗
---------------------------------------------
When a host is infected or otherwise compromised, security professionals need to quickly review packet captures of suspicious network traffic to identify affected hosts and users.
---------------------------------------------
https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/


∗∗∗ Distribution of Magniber Ransomware Stops (Since August 25th) ∗∗∗
---------------------------------------------
Through a continuous monitoring process, AhnLab Security Emergency response Center (ASEC) is swiftly responding to Magniber, the main malware that is actively being distributed using the typosquatting method which abuses typos in domain addresses.
---------------------------------------------
https://asec.ahnlab.com/en/57592/


∗∗∗ The Risks of Exposing DICOM Data to the Internet ∗∗∗
---------------------------------------------
DICOM has revolutionized the medical imaging industry. However, it also presents potential vulnerabilities when exposed to the open internet.
---------------------------------------------
https://www.rapid7.com/blog/post/2023/10/11/the-risks-of-exposing-dicom-data-to-the-internet/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ CVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?, (Wed, Oct 11th) ∗∗∗
---------------------------------------------
Today, we got the promised fix for CVE-2023-38545. So here is a quick overview of how severe it is.
---------------------------------------------
https://isc.sans.edu/diary/rss/30304


∗∗∗ Patchday Microsoft: Attacken auf Skype for Business und WordPad ∗∗∗
---------------------------------------------
Microsoft hat wichtige Sicherheitsupdates für etwa Azure, Office und Windows veröffentlicht.
---------------------------------------------
https://www.heise.de/news/Patchday-Microsoft-Attacken-auf-Skype-for-Business-und-WordPad-9330685.html


∗∗∗ Patchday Adobe: Schadcode-Attacken auf Magento-Shops und Photoshop möglich ∗∗∗
---------------------------------------------
Die Entwickler von Adobe haben in Bridge, Commerce, Magento Open Source und Photoshop mehrere Sicherheitslücken geschlossen.
---------------------------------------------
https://www.heise.de/news/Patchday-Adobe-Schadcode-Attacken-auf-Magento-Shops-und-Photoshop-moeglich-9330710.html


∗∗∗ Webbrowser: Google-Chrome-Update schließt kritische Sicherheitslücke ∗∗∗
---------------------------------------------
Google hat das wöchentliche Chrome-Update herausgegeben. Es schließt 20 Sicherheitslücken, von denen mindestens eine als kritisch gilt.
---------------------------------------------
https://www.heise.de/news/Webbrowser-Google-Chrome-Update-schliesst-kritische-Sicherheitsluecke-9330733.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, mediawiki, tomcat10, and tomcat9), Fedora (libcaca, oneVPL, oneVPL-intel-gpu, and tracker-miners), Gentoo (curl), Mageia (cups and firefox, thunderbird), Red Hat (curl, kernel, kernel-rt, kpatch-patch, libqb, libssh2, linux-firmware, python-reportlab, tar, and the virt:rhel module), Slackware (curl, libcue, libnotify, nghttp2, and samba), SUSE (conmon, curl, glibc, kernel, php-composer2, python-reportlab, samba, and shadow), [...]
---------------------------------------------
https://lwn.net/Articles/947409/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Sicherheitsupdates Fortinet: Angreifer können Passwörter im Klartext einsehen ∗∗∗
---------------------------------------------
https://www.heise.de/news/Sicherheitsupdates-Fortinet-Angreifer-koennen-Passwoerter-im-Klartext-einsehen-9331076.html


∗∗∗ K000137202 : Intel BIOS vulnerability CVE-2022-38083 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137202


∗∗∗ Lenovo System Update Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500581-LENOVO-SYSTEM-UPDATE-VULNERABILITY


∗∗∗ Lenovo View Denial of Service Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500580-LENOVO-VIEW-DENIAL-OF-SERVICE-VULNERABILITY


∗∗∗ Multi-vendor BIOS Security Vulnerabilities (October 2023) ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500582-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-OCTOBER-2023


∗∗∗ Lenovo Preload Directory Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500579-LENOVO-PRELOAD-DIRECTORY-VULNERABILITY


∗∗∗ [R1] Security Center Version 6.2.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-32

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list