Tageszusammenfassung - 12.12.2023
End-of-Day report
Timeframe: Montag 11-12-2023 18:00 - Dienstag 12-12-2023 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer
News
Counter-Strike 2 HTML injection bug exposes players- IP addresses
Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players IP addresses.
New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam
A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said.
https://thehackernews.com/2023/12/new-mranon-stealer-targeting-german-it.html
Intercepting MFA. Phishing and Adversary in The Middle attacks
In this post I-ll show you at a high level how attackers carry out such an attack. The main focus here is to understand what artefacts we look for when investigating these types of attacks in a DFIR capacity. I-ll also cover the steps you can take to increase your security to try and stop your team falling foul of them.
https://www.pentestpartners.com/security-blog/intercepting-mfa-phishing-and-attackers-in-the-middle/
MySQL 5.7 reached EOL. Upgrade to MySQL 8.x today
In October 2023, MySQL 5.7 reached its end of life. As such, it will no longer be supported and won-t receive security patches or bug fixes anymore.
https://mattermost.com/blog/mysql-5-7-reached-eol-upgrade-to-mysql-8-x-today/
CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment
Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites.
Vulnerabilities
Patchday: SAP behandelt mehr als 15 Schwachstellen
Am Dezember-Patchday hat SAP 15 neue Sicherheitsmitteilungen herausgegeben. Sie thematisieren teils kritische Lücken.
WordPress Elementor: Halbgarer Sicherheitspatch gefährdete Millionen Websites
Es gibt wichtige Sicherheitsupdates für die WordPress-Plug-ins Backup Migration und Elementor.
Sicherheitslücken: Apple-Patches auch für ältere Betriebssysteme - außer iOS 15
Parallel zu iOS 17.2 und macOS 14.2 beseitigt der Hersteller auch manche Schwachstellen in früheren Versionen. Für ältere iPhones gibt es kein Update.
Xen Security Advisory CVE-2023-46837 / XSA-447
A malicious guest may be able to read sensitive data from memory that previously belonged to another guest.
https://xenbits.xen.org/xsa/advisory-447.html
Security updates for Tuesday
Security updates have been issued by Debian (libreoffice and webkit2gtk), Fedora (java-1.8.0-openjdk and seamonkey), Oracle (apr, edk2, kernel, and squid:4), Red Hat (postgresql:12, tracker-miners, and webkit2gtk3), SUSE (curl, go1.20, go1.21, hplip, openvswitch, opera, squid, and xerces-c), and Ubuntu (binutils, ghostscript, libreoffice, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp, postfixadmin, python3.11, and webkit2gtk).
https://lwn.net/Articles/954706/
Beckhoff Security Advisory 2023-001: Open redirect in TwinCAT/BSD package -authelia-bhf-
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2023-001.pdf
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/
Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732
https://cert.vde.com/de/advisories/VDE-2023-051/
Phoenix Contact: ProConOS prone to Download of Code Without Integrity Check
https://cert.vde.com/de/advisories/VDE-2023-054/
Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource
https://cert.vde.com/de/advisories/VDE-2023-055/
Phoenix Contact: PLCnext prone to Incorrect Permission Assignment for Critical Resource
https://cert.vde.com/de/advisories/VDE-2023-056/
Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC
https://cert.vde.com/de/advisories/VDE-2023-057/
Phoenix Contact: PLCnext Control prone to download of code without integrity check
https://cert.vde.com/de/advisories/VDE-2023-058/
Schneider Electric Easy UPS Online Monitoring Software
https://www.cisa.gov/news-events/ics-advisories/icaa-23-346-01
F5: K000137871 : Linux kernel vulnerability CVE-2023-35001
https://my.f5.com/manage/s/article/K000137871
SSA-999588 V1.0: Multiple Vulnerabilities in User Management Component (UMC) before V2.11.2
https://cert-portal.siemens.com/productcert/html/ssa-999588.html
SSA-892915 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products
https://cert-portal.siemens.com/productcert/html/ssa-892915.html
SSA-887801 V1.0: Information Disclosure Vulnerability in SIMATIC STEP 7 (TIA Portal)
https://cert-portal.siemens.com/productcert/html/ssa-887801.html
SSA-844582 V1.0: Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA
https://cert-portal.siemens.com/productcert/html/ssa-844582.html
SSA-693975 V1.0: Denial-of-Service Vulnerability in the Web Server of Industrial Products
https://cert-portal.siemens.com/productcert/html/ssa-693975.html
SSA-592380 V1.0: Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products
https://cert-portal.siemens.com/productcert/html/ssa-592380.html
SSA-480095 V1.0: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60
https://cert-portal.siemens.com/productcert/html/ssa-480095.html
SSA-398330 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
SSA-280603 V1.0: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC
https://cert-portal.siemens.com/productcert/html/ssa-280603.html
SSA-180704 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V8.0
https://cert-portal.siemens.com/productcert/html/ssa-180704.html
SSA-118850 V1.0: Denial of Service Vulnerability in the OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC
https://cert-portal.siemens.com/productcert/html/ssa-118850.html
SSA-077170 V1.0: Multiple Vulnerabilities in SINEC INS before V1.0 SP2 Update 2
https://cert-portal.siemens.com/productcert/html/ssa-077170.html
SSA-068047 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V7.2.2
https://cert-portal.siemens.com/productcert/html/ssa-068047.html