Tageszusammenfassung - 22.03.2021

End-of-Day report

Timeframe: Freitag 19-03-2021 18:00 - Montag 22-03-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter


DDoS booters now abuse DTLS servers to amplify attacks

DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security (D/TLS) servers to amplify Distributed Denial of Service (DDoS) attacks.


Microsoft Exchange servers now targeted by BlackKingdom ransomware

Another ransomware operation known as BlackKingdom is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.


Office 365 Phishing Attack Targets Financial Execs

Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials.


Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that surfaced online [...]


Multi-factor Authentication. Reset MFA you say?

MFA is a no brainer. It helps mitigate the risk of password re-use, overly simple passwords and more. Just don-t confuse it with 2SV... Anyway, when we-re red teaming, MFA [...]


Auf Willhaben inseriert? Vorsicht vor mob-willhaben.at SMS!

Zahlreiche Willhaben-UserInnen wenden sich derzeit an die Watchlist Internet, weil sie eine betrügerische SMS zu einer Willhaben-Anzeige erhalten haben. Das Gemeine an der Sache: Die Personen bieten gerade tatsächlich Waren auf Willhaben an. In der SMS wird meist behauptet, jemand habe für die Ware bezahlt. Ein enhaltener Link führt auf eine gefälschte Willhaben-Seite, die Daten abgreifen und einen Trojaner installieren möchte.


Metamorfo/Mekotio Banking Trojan Uses AutoHotKey Scripting

The Cofense Phishing Defense Center (PDC) takes a brief look at Mekotio, also known as Metamorfo, a banking Trojan with Latin American origins that is now expanding its reach to victims across Europe. This trojan is one that makes use of a little known scripting language known as AutoHotKey (AHK).



ZDI-21-342: Samsung Galaxy S20 libimagecodec Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S20. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.


Apache OFBiz: Update beseitigt Remote-Lücke aus Open-Source-ERP-Software

Die quelloffene Enterprise Resource Planning-Software OFBiz war aus der Ferne angreifbar. Eine abgesicherte Version und ein Patch stehen bereit.


Security updates for Monday

Security updates have been issued by Arch Linux (chromium, ffmpeg, flatpak, git, gnutls, minio, openssh, opera, and wireshark-qt), Debian (cloud-init, pygments, and xterm), Fedora (flatpak, glib2, kernel, kernel-headers, kernel-tools, pki-core, and upx), Mageia (glibc, htmlunit, koji, and python-cairosvg), openSUSE (chromium, connman, froxlor, grub2, libmysofa, netty, privoxy, python-markdown2, tor, and velocity), Oracle (ipa), SUSE (evolution-data-server, glib2, openssl, python3, python36, and [...]


Adobe Patches Critical ColdFusion Security Flaw

Adobe has released an urgent patch for a potentially dangerous security vulnerability in Adobe ColdFusion, the platform used for building and deploying mobile and web apps.


TMM vulnerability CVE-2021-23007


Atlassian Jira Software: Mehrere Schwachstellen


UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)


Security updates available in Foxit Reader 10.1.3, Foxit PhantomPDF 10.1.3 and 3D Plugin Beta


Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-23839, CVE-2021-23840 and CVE-2021-23841


Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities


Security Bulletin: Websphere Application Server is vulnerable to a directory traversal vulnerability (CVE-2020-5016)


Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)


Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2020 CPU (CVE-2020-14782)


Security Bulletin: A vulnerability in IBM® SDK, Java- Technology Edition affects IBM Elastic Storage System


Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024)


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional


Security Bulletin: Vulnerability in Apache Struts framework affects IBM Spectrum Symphony