Tageszusammenfassung - 11.02.2021

End-of-Day report

Timeframe: Mittwoch 10-02-2021 18:00 - Donnerstag 11-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl


TrickBots BazarBackdoor malware is now coded in Nim to evade antivirus

TrickBots stealthy BazarBackdoor malware has been rewritten in the Nim programming language, likely to evade detection by security software.


Hybrid, Older Users Most-Targeted by Gmail Attackers

Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasnt a big factor.


Agent Tesla hidden in a historical anti-malware tool, (Thu, Feb 11th)

While going through attachments of e-mails, which were caught in my e-mail quarantine since the beginning of February, I found an ISO file with what turned out to be a sample of the Agent Tesla infostealer. That, by itself, would not be that unusual, but the Agent Tesla sample turned out to be unconventional in more ways than one [...]


Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)

Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant


Zeoticus 2.0: Ransomware With No C2 Required

Zeoticus ransomware first appeared for sale in various underground forums and markets in early 2020. The ransomware is currently Windows-specific and, according to the developers, functions on all -supported versions of Windows-.


FBI warnt vor Windows 7 und TeamViewer

Die US-Bundespolizei FBI hat anlässlich des Giftangriffes auf ein Wasserwerk in Florida eine offizielle Warnung vor dem Einsatz von Windows 7 und TeamViewer ausgesprochen.



SAP Commerce Critical Security Bug Allows RCE

The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses.


DoS- und Schadcode-Attacken gegen McAfee Total Protection möglich

Es gibt ein wichtiges Sicherheitsupdate für McAfee Total Protection unter Windows.


WIndows Print Spooler Keeps Delivering Vulnerabilities, And We Keep Patching Them (CVE-2020-1030)

by Mitja Kolsek, the 0patch Team Security researcher Victor Mata of Accenture published a detailed analysis of a binary planting vulnerability in Windows Print Spooler (CVE-2020-1030), which they had previously reported to Microsoft in May 2020, and a fix for which was included in September 2020 Windows Updates.


Security updates for Thursday

Security updates have been issued by Debian (firejail and netty), Fedora (java-1.8.0-openjdk, java-11-openjdk, rubygem-mechanize, and xpdf), Mageia (gstreamer1.0-plugins-bad, nethack, and perl-Email-MIME and perl-Email-MIME-ContentType), openSUSE (firejail, java-11-openjdk, python, and rclone), Red Hat (dotnet, dotnet3.1, dotnet5.0, and rh-nodejs12-nodejs), SUSE (firefox, kernel, python, python36, and subversion), and Ubuntu (gnome-autoar, junit4, openvswitch, postsrsd, and sqlite3).


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i - July 2020.


Security Bulletin: IBM Security Verify Information Queue does not properly encode error messages sent to web users (CVE-2021-20405)


Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with a cross-site scripting vulnerability (CVE-2020-7676)


Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform


Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Program Management


Security Bulletin: IBM Security Verify Information Queue uses a Node.js package with known vulnerabilities (CVE-2020-11023, CVE-2020-11022)


Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Sourcing


Security Bulletin: Cross Site Scripting may affect IBM Business Automation Workflow and IBM Case Manager (ICM) - CVE-2020-4768


Security Bulletin: IBM Verify Gateway does not sufficiently guard against unauthorized API calls (CVE-2020-4847)


Security Bulletin: Multiple IBM DB2 Server Vulnerabilities Affect IBM Emptoris Contract Management




Squid: Mehrere Schwachstellen


Trend Micro Produkte: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen


F5 BIG-IP: Mehrere Schwachstellen