[CERT-daily] Tageszusammenfassung - 28.12.2021

Daily end-of-shift report team at cert.at
Tue Dec 28 18:05:23 CET 2021 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 27-12-2021 18:00 − Dienstag 28-12-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers ∗∗∗
---------------------------------------------
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature thats dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.
---------------------------------------------
https://thehackernews.com/2021/12/experts-detail-logging-tool-of.html


∗∗∗ V8 Heap pwn and /dev/memes - WebOS Root LPE ∗∗∗
---------------------------------------------
This is a writeup for my latest WebOS local root exploit chain, which Im calling WAMpage. ... This exploit is mainly of interest to other researchers - if you just want to root your TV, you probably want RootMyTV, which offers a reliable 1-click persistent root.
---------------------------------------------
https://www.da.vidbuchanan.co.uk/blog/webos-wampage.html


∗∗∗ Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution ∗∗∗
---------------------------------------------
Recently observed malicious campaigns have abused Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. [...] The threat actors typically gain access to the target environment using a valid remote desktop protocol (RDP) account, leverage remote Windows Services (SCM) for lateral movement, and abuse MSBuild to execute the Cobalt Strike Beacon payload.
---------------------------------------------
https://www.securityweek.com/threat-actors-abuse-msbuild-cobalt-strike-beacon-execution



=====================
=  Vulnerabilities  =
=====================

∗∗∗ An update on the Apache Log4j 2.x vulnerabilities ∗∗∗
---------------------------------------------
Update December 28, 10:01am
The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j 2.x CVE-2021-44228 has been updated.
---------------------------------------------
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions).
---------------------------------------------
https://lwn.net/Articles/879952/


∗∗∗ Security Bulletin:IBM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletinibm-spss-modeler-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046/


∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Operations Center (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-operations-center-cve-2021-45105-cve-2021-45046/


∗∗∗ Security Bulletin: IBM Navigator for i is affected by security vulnerability (CVE-2021-38876) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-affected-by-security-vulnerability-cve-2021-38876/


∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-45046-cve-2021-45105-3/


∗∗∗ SSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list