===================== = End-of-Day report = =====================
Timeframe: Montag 27-12-2021 18:00 − Dienstag 28-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner
===================== = News = =====================
∗∗∗ Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers ∗∗∗ --------------------------------------------- Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature thats dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. --------------------------------------------- https://thehackernews.com/2021/12/experts-detail-logging-tool-of.html
∗∗∗ V8 Heap pwn and /dev/memes - WebOS Root LPE ∗∗∗ --------------------------------------------- This is a writeup for my latest WebOS local root exploit chain, which Im calling WAMpage. ... This exploit is mainly of interest to other researchers - if you just want to root your TV, you probably want RootMyTV, which offers a reliable 1-click persistent root. --------------------------------------------- https://www.da.vidbuchanan.co.uk/blog/webos-wampage.html
∗∗∗ Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution ∗∗∗ --------------------------------------------- Recently observed malicious campaigns have abused Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. [...] The threat actors typically gain access to the target environment using a valid remote desktop protocol (RDP) account, leverage remote Windows Services (SCM) for lateral movement, and abuse MSBuild to execute the Cobalt Strike Beacon payload. --------------------------------------------- https://www.securityweek.com/threat-actors-abuse-msbuild-cobalt-strike-beaco...
===================== = Vulnerabilities = =====================
∗∗∗ An update on the Apache Log4j 2.x vulnerabilities ∗∗∗ --------------------------------------------- Update December 28, 10:01am The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j 2.x CVE-2021-44228 has been updated. --------------------------------------------- https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228...
∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions). --------------------------------------------- https://lwn.net/Articles/879952/
∗∗∗ Security Bulletin:IBM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletinibm-spss-modeler-is-vulnera...
∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Operations Center (CVE-2021-45105, CVE-2021-45046) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-...
∗∗∗ Security Bulletin: IBM Navigator for i is affected by security vulnerability (CVE-2021-38876) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-aff...
∗∗∗ Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105) ∗∗∗ --------------------------------------------- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-i...
∗∗∗ SSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products ∗∗∗ --------------------------------------------- https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf