[CERT-daily] Tageszusammenfassung - 08.02.2024

Daily end-of-shift report team at cert.at
Thu Feb 8 19:50:49 CET 2024


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 07-02-2024 18:00 − Donnerstag 08-02-2024 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks ∗∗∗
---------------------------------------------
One of the exploited vulnerabilities is CVE-2022-42475, which Fortinet patched in December 2022, when it warned that it had been aware of in-the-wild exploitation. [..] The second vulnerability described in Fortinet’s new warning is CVE-2023-27997, which came to light in June 2023, when the cybersecurity firm informed customers that it had been exploited as a zero-day in limited attacks. Fortinet noted on Wednesday that some customers have yet to patch the two FortiOS vulnerabilities and the company has seen several attacks and attack clusters, including ones aimed at the government, service provider, manufacturing, consultancy, and critical infrastructure sectors.
---------------------------------------------
https://www.securityweek.com/fortinet-apts-exploiting-fortios-vulnerabilities-in-critical-infrastructure-attacks/


∗∗∗ State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure ∗∗∗
---------------------------------------------
CISA, NSA, FBI and the following partners are releasing this advisory to warn critical infrastructure organizations about this assessment, which is based on observations from the U.S. authoring agencies’ incident response activities at critical infrastructure organizations compromised by the PRC state-sponsored cyber group known as Volt Typhoon (also known as Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious Taurus).
---------------------------------------------
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a


∗∗∗ Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure ∗∗∗
---------------------------------------------
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinets SIEM solution. [..] Earlier today, BleepingComputer published an article that the CVEs were released by mistake after being told by Fortinet that they were duplicates of the original CVE-2023-34992. [..] After contacting Fortinet once again, we were told their previous statement was “misstated” and that the two new CVEs are variants of the original flaw.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortisiem-rce-bugs-in-confusing-disclosure/


∗∗∗ Coyote: A multi-stage banking Trojan abusing the Squirrel installer ∗∗∗
---------------------------------------------
We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil.
---------------------------------------------
https://securelist.com/coyote-multi-stage-banking-trojan/111846/


∗∗∗ Facebook ads push new Ov3r_Stealer password-stealing malware ∗∗∗
---------------------------------------------
A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/facebook-ads-push-new-ov3r-stealer-password-stealing-malware/


∗∗∗ The toothbrush DDoS attack: How misinformation spreads in the cybersecurity world ∗∗∗
---------------------------------------------
No, three million smart toothbrushes didnt launch a DDoS attack against a Swiss company.
---------------------------------------------
https://grahamcluley.com/the-toothbrush-ddos-attack-how-misinformation-spreads-in-the-cybersecurity-world/


∗∗∗ Fake LastPass password manager spotted on Apple’s App Store ∗∗∗
---------------------------------------------
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ FortiGate / FortiOS 7.4.3 FortiOS Release Notes ∗∗∗
---------------------------------------------
2024-02-07 Initial release
---------------------------------------------
https://docs.fortinet.com/document/fortigate/7.4.3/fortios-release-notes/553516


∗∗∗ SonicOS SSL-VPN Improper Authentication ∗∗∗
---------------------------------------------
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.This issue affects only firmware version SonicOS 7.1.1-7040. CVE: CVE-2024-22394 Last updated: Feb. 6, 2024, 4:44 p.m.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003


∗∗∗ SSD Advisory – TOTOLINK LR1200GB Auth Bypass ∗∗∗
---------------------------------------------
A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface. [..] Multiple emails to the vendor went unanswered, we are releasing this information without being able to get from the vendor a patch or response.
---------------------------------------------
https://ssd-disclosure.com/ssd-advisory-totolink-lr1200gb-auth-bypass/


∗∗∗ Sicherheitslücken: Codeschmuggel und Leistungsverweigerung bei ClamAV ∗∗∗
---------------------------------------------
Der Parser für das OLE2-Dateiformat enthält einen Pufferüberlauf und mit speziell präparierten Dateinamen lassen sich offenbar eigene Befehlszeilen ausführen.
---------------------------------------------
https://www.heise.de/-9622674


∗∗∗ Samsung Magician: Update stopft Sicherheitsleck im SSD-Tool ∗∗∗
---------------------------------------------
Samsung bietet mit Magician eine Software zum Verwalten von SSDs, Speichersticks und -Karten des Herstellers. Ein Update schließt eine Lücke darin.
---------------------------------------------
https://www.heise.de/-9622729


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium), Red Hat (gimp, kernel, kernel-rt, and runc), Slackware (expat), SUSE (libavif), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive).
---------------------------------------------
https://lwn.net/Articles/961330/


∗∗∗ Drupal: Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2024-008


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024) ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2024/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-january-29-2024-to-february-4-2024/


∗∗∗ Qolsys IQ Panel 4, IQ4 HUB ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list