Tageszusammenfassung - 28.12.2021

End-of-Day report

Timeframe: Montag 27-12-2021 18:00 - Dienstag 28-12-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Robert Waldner


Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature thats dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group.


V8 Heap pwn and /dev/memes - WebOS Root LPE

This is a writeup for my latest WebOS local root exploit chain, which Im calling WAMpage. ... This exploit is mainly of interest to other researchers - if you just want to root your TV, you probably want RootMyTV, which offers a reliable 1-click persistent root.


Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution

Recently observed malicious campaigns have abused Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. [...] The threat actors typically gain access to the target environment using a valid remote desktop protocol (RDP) account, leverage remote Windows Services (SCM) for lateral movement, and abuse MSBuild to execute the Cobalt Strike Beacon payload.



An update on the Apache Log4j 2.x vulnerabilities

Update December 28, 10:01am The list of products that are confirmed not impacted by Log4j 2.x CVE-2021-44228 and the list of products that have been remediated for Log4j 2.x CVE-2021-44228 has been updated.


Security updates for Tuesday

Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions).


Security Bulletin:IBM SPSS Modeler is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)


Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Operations Center (CVE-2021-45105, CVE-2021-45046)


Security Bulletin: IBM Navigator for i is affected by security vulnerability (CVE-2021-38876)


Security Bulletin: Multiple vulnerabilities in Apache Log4j affects some features of IBM® Db2® (CVE-2021-45046, CVE-2021-45105)


SSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products