[CERT-daily] Tageszusammenfassung - 04.01.2022
Daily end-of-shift report
team at cert.at
Tue Jan 4 18:04:16 CET 2022
=====================
= End-of-Day report =
=====================
Timeframe: Montag 03-01-2022 18:00 − Dienstag 04-01-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ A Simple Batch File That Blocks People, (Tue, Jan 4th) ∗∗∗
---------------------------------------------
I found another script that performs malicious actions. Its a simple batch file (.bat) that is not obfuscated but it has a very low VT score (1/53).
---------------------------------------------
https://isc.sans.edu/diary/rss/28212
∗∗∗ Purple Fox rootkit now bundled with Telegram installer ∗∗∗
---------------------------------------------
The Purple Fox malware family has been found to combine its payload with trusted apps in an interesting way.
---------------------------------------------
https://blog.malwarebytes.com/trojans/2022/01/purple-fox-rootkit-now-bundled-with-telegram-installer/
∗∗∗ Mails zu Hacks von einer Telefonnummer? Nicht zurückrufen! ∗∗∗
---------------------------------------------
Kriminelle versenden aktuell E-Mails, bei denen als Absender eine Telefonnummer angezeigt wird. Angeblich wurden die Systeme der EmpfängerInnen gehackt und mit Viren infiziert. Deshalb müsse dringend die Nummer zurückgerufen werden. Achtung: Hier lauert eine Falle und die E-Mail kann ignoriert werden.
---------------------------------------------
https://www.watchlist-internet.at/news/mails-zu-hacks-von-einer-telefonnummer-nicht-zurueckrufen/
∗∗∗ A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain ∗∗∗
---------------------------------------------
A supply chain attack leveraging a cloud video platform to distribute web skimmer campaigns compromised more than 100 real estate sites.
---------------------------------------------
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
∗∗∗ Log4j flaw attack levels remain high, Microsoft warns ∗∗∗
---------------------------------------------
Organizations mights not realize their environments are already compromised.
---------------------------------------------
https://www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-problems-microsoft-warns/
∗∗∗ State-of-the-art EDRs are not perfect, fail to detect common attacks ∗∗∗
---------------------------------------------
A team of Greek academics has tested endpoint detection & response (EDR) software from 11 of todays top cybersecurity firms and found that many fail to detect some of the most common attack techniques used by advanced persistent threat actors, such as state-sponsored espionage groups and ransomware gangs.
---------------------------------------------
https://therecord.media/state-of-the-art-edrs-are-not-perfect-fail-to-detect-common-attacks/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (salt and thunderbird), Red Hat (xorg-x11-server), and Scientific Linux (xorg-x11-server).
---------------------------------------------
https://lwn.net/Articles/880327/
∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Copy Data Management (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-copy-data-management-cve-2021-45105-cve-2021-45046/
∗∗∗ Security Bulletin: Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for UNIX (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-impact-ibm-sterling-connectdirect-for-unix-cve-2021-45105-cve-2021-45046/
∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-a-apache-log4j-vulnerabilitycve-2021-44228-3/
∗∗∗ Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-a-apache-log4j-vulnerabilitiescve-2021-45105-cve-2021-45046-3/
∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Spectrum Protect Plus (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-impact-ibm-spectrum-protect-plus-cve-2021-45105-cve-2021-45046/
∗∗∗ Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-45105, CVE-2021-45046) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift-cve-2021-45105-cve-2021-45046/
∗∗∗ VMSA-2022-0001 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K22-0002
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list