EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

EclecticIQ Monthly Vulnerability Trend Report - December 2020

EclecticIQ Threat Research Team January 6, 2021

Monthly Vulnerability Report December 2020

Summary

This report provides an overview of trends in vulnerability disclosures and announcements on a regular basis. Where applicable, the report will provide knowledge of known exploits for trending vulnerabilities and relevant courses of action. This report is not exhaustive in nature and as such, will not include every vulnerability announced that month.

Key Findings:

  • SolarWinds targeted by a supply chain attack affecting 18,000 customers.
  • Apple iPhones running iOS versions prior to iOS 14 vulnerable to iMessage 'Zero-Click' Exploit.
  • Microsoft addressed a total of 58 vulnerabilities as part of their December 2020 Patch Tuesday advisory.

Analysis

Exploitation of Vulnerabilities

Apple iPhones running iOS versions prior to iOS 14 vulnerable to iMessage 'Zero-Click' Exploit

In July and August 2020, suspected state actors utilized a zero-click exploit in Apple's iMessage to gain access to personal phones belonging to journalists.

The attackers used the NSO Group's Pegasus spyware to compromise 36 personal phones of numerous employees of Al Jazeera and an employee at London-based Al Araby TV. The attack chain, dubbed KISMET by Citizen Lab researchers [1], utilized a zero-day present in versions of iOS until at least version 13.5.1 to gain initial access. The exploit, described as a "zero-click", required no user interaction to be successful and could compromise Apple’s then-latest iPhone 11.

With all iPhones having iMessage installed as a default application, and iOS 14 being the most recent iOS version to be released, the potential attack surface is extremely large.

Course of Action: Update Apple Devices to iOS 14 or Later

SolarWinds Supply Chain Attack

SolarWinds Inc, a US based network company [2], was targeted with a supply chain attack that trojanized [3] the SolarWinds Orion business software updates with the backdoor SUNBURST. SolarWinds believes [4] that fewer than 18,000 customers are affected with the trojanized version of the product. Affected customers [5] include FireEye, the US Department of Commerce, the US Department of Homeland Security, and the US treasury Department.

Increased scrutiny of supply chains and technology stacks, especially within government, will certainly continue to occur. The SolarWinds attack highlights that organizations, even those with resources such as FireEye and the US government are only as secure as their weakest link.

Courses of Action:

  • Review the official SolarWinds security advisory page [6].
  • Review the US Cybersecurity and Infrastructure Security Agency's Emergency directive [7] to mitigate SolarWinds Orion code compromise.
  • Review FireEye's technical blog post [8] detailing detection opportunities.
  • Review Microsoft's technical blog post detailing recommended defenses. [3]

Critical Oracle WebLogic flaw CVE-2020-14882 used to Distribute Various Malware

Researchers at Juniper Networks observed [9] various attack vectors and payloads as part of the exploitation of the CVE-2020-14882 vulnerability in Oracle WebLogic Servers.

The payloads distributed as part of the exploitation include:

  • Perlbot
  • Mirai
  • Meterpreter
  • DarkIRC Bot
  • Cobalt Strike

The ease of exploitation of the vulnerability, coupled with multiple proof-of-concept exploits published [10] online, will only increase the number of exploitation attempts and successes.

Course of Action: Review Oracle October Patch Update Advisory October 2020

Patched Vulnerabilities

Microsoft December 2020 Patch Tuesday Advisory

Microsoft addressed a total of 58 vulnerabilities as part of their December 2020 Patch Tuesday advisory. Of the 58 vulnerabilities fixed, nine are classified as Critical, 48 as Important, and two as Moderate. This is a low total number of flaws addressed by Microsoft, considering the average number of patched vulnerabilities exceeded 100 in recent months.

  • The critical vulnerabilities addressed in December 2020 include:
    CVE-2020-17158, CVE-2020-17152 - Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
  • CVE-2020-17131- Chakra Scripting Engine Memory Corruption Vulnerability
  • CVE-2020-17117, CVE-2020-17132, CVE-2020-17142 - Microsoft Exchange Remote Code Execution Vulnerabilities
  • CVE-2020-17121, CVE-2020-17118 - Microsoft SharePoint Remote Code Execution Vulnerability
  • CVE-2020-17095 - Hyper-V Remote Code Execution Vulnerability
    Course of Action: Review December 2020 Microsoft Patch Tuesday Advisory

Recommendations

EclecticIQ Fusion Center recommends applying security updates to affected systems as soon as they become available to mitigate the risks posed by the vulnerabilities mentioned in this report. This report is a summary of the main vulnerabilities EclecticIQ analysts have seen over the course of a month and as such is not reflective of the full list of CVE information published by vendors.

Users should ensure they update their dependent systems even if they are not mentioned in this report.

References

  1. https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
  2. https://www.solarwinds.com/
  3. https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
  4. https://d18rn0p25nwr6d.cloudfront.net/CIK-0001739942/57108215-4458-4dd8-a5bf-55bd5e34d451.pdf
  5. https://www.govtech.com/security/Federal-Agencies-Think-Tank-Targeted-in-Russian-Hacking-Spree.html
  6. https://www.solarwinds.com/securityadvisory
  7. https://cyber.dhs.gov/ed/21-01/
  8. https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
  9. https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
  10. https://github.com/jas502n/CVE-2020-14882

 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (106)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo