Tageszusammenfassung - 22.02.2021

End-of-Day report

Timeframe: Freitag 19-02-2021 18:00 - Montag 22-02-2021 18:00 Handler: Dimitri Robl Co-Handler: Thomas Pribitzer


Trojaner-Alarm bei 3D-Drucker-Software von Creality

Das auf den Download-Seiten Crealitys für den 3D-Drucker Ender 5 angebotene Software-Paket führt auf Windows-PCs zu einer Alarmmeldung.


Silver Sparrow: Mysteriöse Malware auf über 29.000 Macs entdeckt

Die für Intel- und ARM-Macs ausgelegte Software hat eine Selbstzerstörungsfunktion und kontaktiert regelmäßig Befehlsserver, tut aber bislang nichts.


Powerhouse VPN products can be abused for large-scale DDoS attacks

Around 1,500 Powerhouse VPN servers are exposed online and ready to be abused by DDoS groups.


Recently fixed Windows zero-day actively exploited since mid-2020

Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.


Quickie: Extracting HTTP URLs With tshark, (Sat, Feb 20th)

After I posted diary entry "Quickie: tshark & Malware Analysis", someone asked me how to extract HTTP URLs from capture files with tshark.


DDE and oledump, (Sun, Feb 21st)

I was asked if the DDE YARA rules I created work with oledump.py on the sample that Xavier wrote about in his diary entry "Dynamic Data Exchange (DDE) is Back in the Wild?".


New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victims Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a study detailed last September that delved into a PIN bypass attack, permitting bad actors to leverage a [...]


Genetics of a Modern IoT Attack

When it comes to IoT attacks and malware, there is a perceptible pattern in which all intrusions manifest. It is good practice to study such patterns and draw conclusions so that we may extrapolate to future attacks.



Jetzt patchen! SonicWall optimiert Sicherheitsupdates für SMA 100

Der Netzwerkausrüster hat neue Patches für sein Fernzugriffsystem SMA 100 veröffentlicht und rät zur zügigen Installation.


Security updates for Monday

Security updates have been issued by Debian (chromium, libzstd, openldap, openvswitch, screen, and wpa), Fedora (dotnet5.0, subversion, and wpa_supplicant), openSUSE (mumble, python-djangorestframework, and tor), Oracle (container-tools:ol8, kernel, nodejs:10, nodejs:12, nodejs:14, subversion:1.10, and xterm), Red Hat (stunnel and xterm), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, krb5-appl, python3, tomcat, and webkit2gtk3).


Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen


Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management.


Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Pak for Multicloud Management.


Security Bulletin: A vulnerability in Bouncy Castle affects IBM Rational Performance Tester (CVE-2020-26939)


Security Bulletin: A security vulnerability in Node.js ini module affects IBM Cloud Pak for Multicloud Management.


Security Bulletin: A vulnerability have been identified in FasterXML Jackson Databind shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-25649)


Security Bulletin: App Connect Professional & IBM WebSphere Cast Iron Solution are affected by Apache Tomcat vulnerabilities.


Security Bulletin: A security vulnerability in GO affects IBM Cloud Pak for Multicloud Management.


Security Bulletin: A security vulnerability in PostgreSQL affects IBM Cloud Pak for Multicloud Management.


Security Bulletin: A security vulnerability in Node.js y18n module affects IBM Cloud Pak for Multicloud Management.


Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights


Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1


Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0