[CERT-daily] Tageszusammenfassung - 09.04.2024

Tue Apr 9 18:23:20 CEST 2024

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 08-04-2024 18:00 − Dienstag 09-04-2024 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ New SharePoint flaws help hackers evade detection when stealing files ∗∗∗
---------------------------------------------
Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. [..] Varonis disclosed these bugs in November 2023, and Microsoft added the flaws to a patch backlog for future fixing. However, the issues were rated as moderate severity, so they won't receive immediate fixes. Therefore, SharePoint admins should be aware of these risks and learn to identify and mitigate them until patches become available.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-sharepoint-flaws-help-hackers-evade-detection-when-stealing-files/


∗∗∗ Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access ∗∗∗
---------------------------------------------
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. [..] The issues were fixed by LG as part of updates released on March 22, 2024. [..] "Although the vulnerable service is intended for LAN access only, Shodan, the search engine for Internet-connected devices, identified over 91,000 devices that expose this service to the Internet," Bitdefender said.
---------------------------------------------
https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html


∗∗∗ Vorsicht vor falschen Nachrichten vom Finanzamt ∗∗∗
---------------------------------------------
Sie erwarten eine Nachricht vom Finanzamt? Wir raten zur Vorsicht: Derzeit sind zahlreiche gefälschte SMS- und E-Mail-Benachrichtigungen von FinanzOnline bzw. vom Finanzamt im Umlauf. Klicken Sie nicht voreilig auf Links und fragen Sie im Zweifelsfall bei der jeweiligen Behörde nach!
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-falschen-nachrichten-vom-finanzamt/


∗∗∗ It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise ∗∗∗
---------------------------------------------
We describe the characteristics of malware-initiated scanning attacks. These attacks differ from direct scanning and are increasing according to our data.  
---------------------------------------------
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/


∗∗∗ Notepad++: Entwickler warnt vor Parasiten-Webseite und bittet um Mithilfe ∗∗∗
---------------------------------------------
Die unautorisierte Webseite bezeichnet sich als "Fan-Projekt", der Notepad++-Entwickler fürchtet jedoch schädliche Auswirkungen. Die Community soll helfen.
---------------------------------------------
https://heise.de/-9678725


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Fortinet Security Advisories 2024-04-09 ∗∗∗
---------------------------------------------
Fortinet has released 12 security advisories: FortiOS, FortiManager, FortiClientLinux, FortiClientMac, FortiProxy, FortiMai, FortiSandbox, FortiNAC-F (1x critical, 4x high, 7x medium)
---------------------------------------------
https://www.fortiguard.com/psirt?product=FortiOS-6K7K%2CFortiOS&product=FortiManager&product=FortiClientLinux&product=FortiClientMac&product=FortiProxy&product=FortiMail&product=FortiSandbox&product=FortiNAC-F&version=&date=2024


∗∗∗ Fortinet: SMTP Smuggling ∗∗∗
---------------------------------------------
FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks [..]
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-24-009


∗∗∗ OpenSSL 3.3 Series Release Notes ∗∗∗
---------------------------------------------
Fixed unbounded memory growth with session handling in TLSv1.3 ([CVE-2024-2511])
---------------------------------------------
https://www.openssl.org/news/openssl-3.3-notes.html


∗∗∗ Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224) ∗∗∗
---------------------------------------------
Ollama is an open-source system for running and managing large language models (LLMs). [..] Ollama fixed this issue in release v0.1.29.
---------------------------------------------
https://research.nccgroup.com/2024/04/08/technical-advisory-ollama-dns-rebinding-attack-cve-2024-28224/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (expat), Oracle (less and nodejs:20), Slackware (libarchive), SUSE (kubernetes1.23, nghttp2, qt6-base, and util-linux), and Ubuntu (python-django).
---------------------------------------------
https://lwn.net/Articles/969141/


∗∗∗ ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities ∗∗∗
---------------------------------------------
Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities.
---------------------------------------------
https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-palo-alto-networks-product-vulnerabilities/


∗∗∗ SSA-885980 V1.0: Multiple Vulnerabilities in Scalance W1750D ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-885980.html


∗∗∗ SSA-822518 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW before V11.0.1 on RUGGEDCOM APE1808 devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-822518.html


∗∗∗ SSA-730482 V1.0: Denial of Service Vulnerability in SIMATIC WinCC ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-730482.html


∗∗∗ SSA-556635 V1.0: Multiple Vulnerabilities in Telecontrol Server Basic before V3.1.2.0 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-556635.html


∗∗∗ SSA-455250 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-455250.html


∗∗∗ SSA-265688 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-265688.html


∗∗∗ SSA-222019 V1.0: X_T File Parsing Vulnerabilities in Parasolid ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-222019.html


∗∗∗ SSA-128433 V1.0: Multiple Vulnerabilities in SINEC NMS before V2.0 SP2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-128433.html


∗∗∗ Xen: XSA-454 ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-454.html


∗∗∗ Welotec: Two vulnerabilities in TK500v1 router series ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2024-009/


∗∗∗ SUBNET PowerSYSTEM Server and Substation Server ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01


∗∗∗ Multiple vulnerabilities in WordPress Plugin "Ninja Forms" ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN50361500/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ SAP-Patchday: Zehn Sicherheitsmitteilungen im April ∗∗∗
---------------------------------------------
https://heise.de/-9678796


∗∗∗ HP Poly CCX IP-Telefone erlauben unbefugten Zugriff ∗∗∗
---------------------------------------------
https://heise.de/-9679027


∗∗∗ Robot Operating System: Zahlreiche Schwachstellen gefunden und geschlossen ∗∗∗
---------------------------------------------
https://heise.de/-9679260

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily