[CERT-daily] Tageszusammenfassung - 12.12.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 11-12-2023 18:00 − Dienstag 12-12-2023 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Michael Schlagenhaufer

=====================
=       News        =
=====================

∗∗∗ Counter-Strike 2 HTML injection bug exposes players’ IP addresses ∗∗∗
---------------------------------------------
Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players IP addresses.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/counter-strike-2-html-injection-bug-exposes-players-ip-addresses/


∗∗∗ New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam ∗∗∗
---------------------------------------------
A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said.
---------------------------------------------
https://thehackernews.com/2023/12/new-mranon-stealer-targeting-german-it.html


∗∗∗ Intercepting MFA. Phishing and Adversary in The Middle attacks ∗∗∗
---------------------------------------------
In this post I’ll show you at a high level how attackers carry out such an attack. The main focus here is to understand what artefacts we look for when investigating these types of attacks in a DFIR capacity. I’ll also cover the steps you can take to increase your security to try and stop your team falling foul of them.
---------------------------------------------
https://www.pentestpartners.com/security-blog/intercepting-mfa-phishing-and-attackers-in-the-middle/


∗∗∗ MySQL 5.7 reached EOL. Upgrade to MySQL 8.x today ∗∗∗
---------------------------------------------
In October 2023, MySQL 5.7 reached its end of life. As such, it will no longer be supported and won’t receive security patches or bug fixes anymore.
---------------------------------------------
https://mattermost.com/blog/mysql-5-7-reached-eol-upgrade-to-mysql-8-x-today/


∗∗∗ CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment ∗∗∗
---------------------------------------------
Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites.
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/12/12/cisa-releases-scuba-google-workspace-secure-configuration-baselines-public-comment



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: SAP behandelt mehr als 15 Schwachstellen ∗∗∗
---------------------------------------------
Am Dezember-Patchday hat SAP 15 neue Sicherheitsmitteilungen herausgegeben. Sie thematisieren teils kritische Lücken.
---------------------------------------------
https://www.heise.de/-9571722


∗∗∗ WordPress Elementor: Halbgarer Sicherheitspatch gefährdete Millionen Websites ∗∗∗
---------------------------------------------
Es gibt wichtige Sicherheitsupdates für die WordPress-Plug-ins Backup Migration und Elementor.
---------------------------------------------
https://www.heise.de/-9571957


∗∗∗ Sicherheitslücken: Apple-Patches auch für ältere Betriebssysteme – außer iOS 15 ∗∗∗
---------------------------------------------
Parallel zu iOS 17.2 und macOS 14.2 beseitigt der Hersteller auch manche Schwachstellen in früheren Versionen. Für ältere iPhones gibt es kein Update.
---------------------------------------------
https://www.heise.de/news/-9572049


∗∗∗ Xen Security Advisory CVE-2023-46837 / XSA-447 ∗∗∗
---------------------------------------------
A malicious guest may be able to read sensitive data from memory that previously belonged to another guest.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-447.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libreoffice and webkit2gtk), Fedora (java-1.8.0-openjdk and seamonkey), Oracle (apr, edk2, kernel, and squid:4), Red Hat (postgresql:12, tracker-miners, and webkit2gtk3), SUSE (curl, go1.20, go1.21, hplip, openvswitch, opera, squid, and xerces-c), and Ubuntu (binutils, ghostscript, libreoffice, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp, postfixadmin, python3.11, and webkit2gtk).
---------------------------------------------
https://lwn.net/Articles/954706/


∗∗∗ Beckhoff Security Advisory 2023-001: Open redirect in TwinCAT/BSD package “authelia-bhf” ∗∗∗
---------------------------------------------
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2023-001.pdf


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732 ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-051/


∗∗∗ Phoenix Contact: ProConOS prone to Download of Code Without Integrity Check ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-054/


∗∗∗ Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-055/


∗∗∗ Phoenix Contact: PLCnext prone to Incorrect Permission Assignment for Critical Resource ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-056/


∗∗∗ Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-057/


∗∗∗ Phoenix Contact: PLCnext Control prone to download of code without integrity check ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-058/


∗∗∗ Schneider Electric Easy UPS Online Monitoring Software ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icaa-23-346-01


∗∗∗ F5: K000137871 : Linux kernel vulnerability CVE-2023-35001 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000137871


∗∗∗ SSA-999588 V1.0: Multiple Vulnerabilities in User Management Component (UMC) before V2.11.2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-999588.html


∗∗∗ SSA-892915 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-892915.html


∗∗∗ SSA-887801 V1.0: Information Disclosure Vulnerability in SIMATIC STEP 7 (TIA Portal) ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-887801.html


∗∗∗ SSA-844582 V1.0: Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-844582.html


∗∗∗ SSA-693975 V1.0: Denial-of-Service Vulnerability in the Web Server of Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-693975.html


∗∗∗ SSA-592380 V1.0: Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-592380.html


∗∗∗ SSA-480095 V1.0: Vulnerabilities in the Web Interface of SICAM Q100 Devices before V2.60 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-480095.html


∗∗∗ SSA-398330 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-398330.html


∗∗∗ SSA-280603 V1.0: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-280603.html


∗∗∗ SSA-180704 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V8.0 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-180704.html


∗∗∗ SSA-118850 V1.0: Denial of Service Vulnerability in the OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-118850.html


∗∗∗ SSA-077170 V1.0: Multiple Vulnerabilities in SINEC INS before V1.0 SP2 Update 2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-077170.html


∗∗∗ SSA-068047 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V7.2.2 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/html/ssa-068047.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily