End-of-Day report
Timeframe: Montag 27-12-2021 18:00 - Dienstag 28-12-2021 18:00
Handler: Thomas Pribitzer
Co-Handler: Robert Waldner
News
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature thats dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.
https://thehackernews.com/2021/12/experts-detail-logging-tool-of.html
V8 Heap pwn and /dev/memes - WebOS Root LPE
This is a writeup for my latest WebOS local root exploit chain, which Im calling WAMpage. ... This exploit is mainly of interest to other researchers - if you just want to root your TV, you probably want RootMyTV, which offers a reliable 1-click persistent root.
https://www.da.vidbuchanan.co.uk/blog/webos-wampage.html
Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution
Recently observed malicious campaigns have abused Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. [...] The threat actors typically gain access to the target environment using a valid remote desktop protocol (RDP) account, leverage remote Windows Services (SCM) for lateral movement, and abuse MSBuild to execute the Cobalt Strike Beacon payload.
https://www.securityweek.com/threat-actors-abuse-msbuild-cobalt-strike-beacon-execution
Vulnerabilities
An update on the Apache Log4j 2.x vulnerabilities
Update December 28, 10:01am
The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j 2.x CVE-2021-44228 has been updated.
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
Security updates for Tuesday
Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions).
https://lwn.net/Articles/879952/
Security Bulletin:IBM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletinibm-spss-modeler-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046/
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Operations Center (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-operations-center-cve-2021-45105-cve-2021-45046/
Security Bulletin: IBM Navigator for i is affected by security vulnerability (CVE-2021-38876)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-affected-by-security-vulnerability-cve-2021-38876/
Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-45046-cve-2021-45105-3/
SSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf