Tageszusammenfassung - 11.11.2021

End-of-Day report

Timeframe: Mittwoch 10-11-2021 18:00 - Donnerstag 11-11-2021 18:00 Handler: Dimitri Robl Co-Handler: Wolfgang Menezes


Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

The crooks have shown that the'yre willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.


Understanding .htaccess Malware

The .htaccess file is notorious for being targeted by attackers. Whether it-s using the file to hide malware, redirect search engines to other sites with blackhat SEO tactics, hide backdoors, inject content, modify php.ini values; the possibilities are endless. Many site owners are unaware of this file, due to it starting with a -.- making it a hidden file. .htaccess malware can be hard to pinpoint and clean on a server [...]


A Detailed Analysis of Lazarus- RAT Called FALLCHILL

FALLCHILL is a RAT that has been used by Lazarus Group since 2016. It implements a custom algorithm that is used to decode multiple DLL names and export functions, which will be imported at runtime.


The Newest Malicious Actor: -Squirrelwaffle- Malicious Doc.

Authored By Kiran Raj Due to their widespread use, Office Documents are commonly used by Malicious actors as a way...The post The Newest Malicious Actor: -Squirrelwaffle- Malicious Doc. appeared first on McAfee Blogs.


ClusterFuzzLite: Continuous fuzzing for all

Posted by Jonathan Metzman, Google Open Source Security TeamIn recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human effort to replicate. NIST-s guidelines for software verification, recently released in response to the White House Executive Order on


HändlerInnen aufgepasst: BetrügerInnen geben Fake-Bestellungen im Namen von ATOS auf

Kriminelle geben sich derzeit als das Unternehmen ATOS aus und bekunden per Mail Interesse an einer Großbestellung. Für die betroffenen HändlerInnen mag das nach einem schnellen und leichten Geschäft klingen, doch tatsächlich hat die seriöse Firma ATOS nichts mit dieser Bestellung am Hut. Stattdessen würden Sie ihre Produkte an Kriminelle versenden, Geld dafür erhalten Sie nicht.


Capability Abstraction Case Study: Detecting Malicious Boot Configuration Modifications

[...] In simple terms, capability abstraction provides a way to describe how a given attack technique interacts with the internal components of a targeted system. The abstraction map that this process produces helps us to understand the common denominator between distinct implementations of the same technique.


A Peek into Top-Level Domains and Cybercrime

We analyze which top-level domains (TLDs) have the highest rate of malicious domains and why, and suggest strategies for blocking malicious domains.


BazarBackdoor now abuses Windows 10 apps feature in call me back attack

AppInstaller.exe has been twisted in a new form of phishing attack.


October 2021-s Most Wanted Malware: Trickbot Takes Top Spot for Fifth Time

Check Point Research reveals that Trickbot is the most prevalent malware and a new vulnerability in Apache is one of the most exploited vulnerabilities worldwide.



ZDI-21-1303: NETGEAR R6400v2 UPnP uuid Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 routers. Authentication is not required to exploit this vulnerability.


Wordpress-Plug-in WP Reset Pro fixt kritische Sicherheitslücke

In WP Reset Pro klaffte eine Sicherheitslücke, durch die angemeldete Nutzer auch ohne entsprechende Rechte ganze Wordpress-Webauftritte löschen konnten.


Sicherheitsupdate: Kritische Root-Lücke bedroht Firewalls von Palo Alto

Sind bestimmte Einstellungen aktiviert und Voraussetzungen gegeben, könnten Angreifer Palo-Alto-Firewalls attackieren.


Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin

On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is -Starter Templates - Elementor, Gutenberg & Beaver Builder Templates- [...]


Security updates for Thursday

Security updates have been issued by Debian (icinga2, libxstream-java, ruby-kaminari, and salt), Fedora (awscli, cacti, cacti-spine, python-boto3, python-botocore, radeontop, and rust), Mageia (firefox, libesmtp, libzapojit, sssd, and thunderbird), openSUSE (samba and samba and ldb), SUSE (firefox, pcre, qemu, samba, and samba and ldb), and Ubuntu (firejail, linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-oem-5.10, linux-oem-5.14, and python-py).


iCloud for Windows 13


Security Bulletin: Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface


Security Bulletin: IBM Security SiteProtector System is affected by Cross-Site Scripting (CVE-2020-4140)


Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services


Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Oracle MySQL


Security Bulletin: IBM Security SiteProtector System is affected by vulnerability CVE-2020-4146




NGINX Ingress Controller vulnerability CVE-2021-23055


Micropatching Incompletely Patched Local Privilege Escalation in User Profile Service (CVE-2021-34484)


Stack Buffer Overflow Vulnerability in Multimedia Console


Reflected XSS Vulnerability in QmailAgent


TR-64 - Exploited Exchange Servers - Mails with links to malware from known/valid senders