Tageszusammenfassung - 27.04.2021

End-of-Day report

Timeframe: Montag 26-04-2021 18:00 - Dienstag 27-04-2021 18:00 Handler: Stephan Richter Co-Handler: Thomas Pribitzer


15 open source GitHub projects for security pros

Whether you are a sysadmin, a threat intel analyst, a malware researcher, forensics expert, or even a software developer looking to build secure software, these 15 free tools from GitHub or GitLab can easily fit into your day-to-day work activities and provide added advantages.


CAD: .DGN and .MVBA Files, (Mon, Apr 26th)

Regularly I receive questions about MicroStation files, since I wrote a diary entry about AutoCAD drawings containing VBA code.


Aggrokatz: pypykatz trifft Cobalt Strike

Das Tool "aggrokatz", welches von SEC Consult intern zum Parsen von LSASS-Dump-Dateien in Cobalt Strike eingesetzt wird, wurde soeben als Open Source Tool veröffentlicht!


The March/April 2021 issue of our SWITCH Security Report is available!

A new issue of our bi-monthly SWITCH Security Report is available! The topics covered in this report are: Exploit on Exchange


Vulnerability Spotlight: Information disclosure vulnerability in the Linux Kernel

Cisco Talos recently discovered an information disclosure vulnerability in the Linux Kernel.


Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Earlier this year, the FBI in partnership with the Dutch National High Technical Crimes Unit (NHTCU), German Federal Criminal Police Office (BKA) and other international law enforcement agencies brought down what Europol rereferred to as the worlds most dangerous malware: Emotet.


WhatsApp-NutzerInnen aufgepasst: Kriminelle versuchen Ihr WhatsApp-Konto zu stehlen

Sie wurden auf WhatsApp gebeten, einen 6-stelligen-Code weiterzuleiten? Tun Sie das auf gar keinen Fall, dieser Code ist der Schlüssel zu Ihrem WhatsApp-Account. Kriminelle versuchen Sie mit unterschiedlichsten Begründungen zu überzeugen, diesen weiterzuleiten.


CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks

A software supply chain attack-such as the recent SolarWinds Orion attack-occurs when a cyber threat actor infiltrates a software vendor-s network and employs malicious code to compromise the software before the vendor sends it to their customers.



All Your Macs Are Belong To Us

Here, we detail a bug that trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk!


Citrix ShareFile storage zones controller security update

A security issue has been identified in the Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller.


Severe Unpatched Vulnerabilities Leads to Closure of Store Locator Plus Plugin

On March 5, 2021, the Wordfence Threat Intelligence team wrapped up an investigation that led to the discovery of a privilege escalation vulnerability along with several additional vulnerabilities in Store Locator Plus, a WordPress plugin installed on over 9,000 sites.


Security updates for Tuesday

Security updates have been issued by Debian (gst-libav1.0, gst-plugins-bad1.0, gst-plugins-base1.0, and gst-plugins-ugly1.0), Fedora (kernel, kernel-headers, kernel-tools, and rust), openSUSE (firefox), Oracle (firefox, mariadb:10.3 and mariadb-devel:10.3, thunderbird, and xstream), Red Hat (kernel, kernel-alt, kpatch-patch, nss, and openldap), Scientific Linux (firefox, thunderbird, and xstream), SUSE (firefox), and Ubuntu (file-roller, firefox, and ruby2.7).


NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability

A newly identified NTLM (New Technology LAN Manager) relay attack abuses a remote procedure call (RPC) vulnerability to enable elevation of privilege, researchers from cybersecurity firm SentinelOne reveal.


Apple Security Updates 2021-04-26


Security Bulletin: IBM® Db2® db2fm is vulnerable to a buffer overflow (CVE-2020-5025)


Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting.


Security Bulletin: Vulnerability in Apache MyFaces affects Liberty for Java for IBM Cloud (CVE-2021-26296)


Security Bulletin: Buffer Overflow Vulnerability in IBM SDK Affects IBM Transformation Extender


Security Bulletin: IBM® Db2® is vulnerable to a denial of service (CVE-2020-5024)


Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2020-27221)


Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting


Security Bulletin: Multiple vulnerabilities affect the IBM Spectrum Scale GUI


Security Bulletin: IBM® Db2® is vulnerable to weak file permissions allowing access to specific files (CVE-2020-4976)


Nvidia Treiber: Mehrere Schwachstellen


Red Hat OpenShift: Mehrere Schwachstellen


TYPO3 Extension: Mehrere Schwachstellen


Google Releases Security Updates for Chrome