Hello, welcome to the Wednesday, December 22nd, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Xavier today looked at more power shell back doors that are not detected by any of the virus scanners in virus total right now.

Now, virus total, of course, only does sort of a static analysis without running any of the code.

But it yet again shows how simple application techniques, like in this case just replacing a couple strings

and then basics for decoding the remainder does result in Malver that antivirus has

difficulties detecting. The Malver itself once unpacked and analyzed turned out to be an information

stealer, it looks at a number of different software packages and then exfiltrates any data

it may find. While not really a crypto miner, the malware does appear to call itself gold miner and does connect to a host

at Mywire.org in order to establish a command and control connection.

And we've got updates from Apache, no not for Log 4J, but for the Apache HTTP server,

and that brings it up to version 2452 which fixes two vulnerabilities.

One is a possible null dereference or server-side request forgery in the forward proxy configuration.

That actually is the one that I would almost rate more importantly, even though it's

really only moderate.

The other one is rated high.

It's a buffer overflow when parsing multi-part content, but it only affects mod

Lua, which I don't really see that terribly often.

That's why I actually would consider the moderate vulnerability more important here than the

high one.

Nevertheless, none of this sort of warrants an emergency update, in my opinion, wait for

your Linux distribution to come up with updated packages.

...