Tageszusammenfassung - 17.05.2021

End-of-Day report

Timeframe: Freitag 14-05-2021 18:00 - Montag 17-05-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter


Exploit released for wormable Windows HTTP vulnerability

Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.


Bizarro banking Trojan expands its attacks to Europe

Bizarro is yet another banking Trojan family originating from Brazil that steals credentials from customers of 70 banks from different European and South American countries.


Ransomware Defenses, (Mon, May 17th)

Ransomware attacks continue to be in the headlines everywhere, and are also an almost weekly reoccurring subject in the SANS Newsbites. As useful as many of the reports are that security firms and researchers publish on the subject, they often focus heavily on one particular incident or type of ransomware, and the associated "indicators of compromise" (IOCs). We already covered before how IOCs can turn into IOOI's (Indicators of Outdated Intelligence), and how to try to [...]


AHK RAT Loader Used in Unique Delivery Campaigns

The Morphisec Labs team has tracked a unique and ongoing RAT delivery campaign that started in February of this year. This campaign is unique in that it heavily uses the AutoHotKey scripting language - a fork of the AutoIt language that is frequently used for testing purposes.


Take action now - FluBot malware may be on its way

Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised


Two attacks disclosed against AMD-s SEV virtual machine protection system

Chipmaker AMD has issued guidance this week for two attacks against its SEV (Secure Encrypted Virtualization) technology that protects virtual machines from rogue operating systems. The two attacks, documented in two academic papers, can allow a threat actor to inject malicious code inside SEV-encrypted virtual machines, giving them full control over the VMs operating system.



Beckhoff Security Advisory 2021-002: Stack Overflow and XXE vulnerability in various OPC UA products

The affected products can act as OPC UA client or server and are vulnerable to two different kind of attacks via the OPC UA protocol.


SSA-695540: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.2

Siemens has released version V13.1.0.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in ASM and PAR file formats.


Security updates for Monday

Security updates have been issued by Debian (libimage-exiftool-perl and postgresql-9.6), Fedora (chromium, exiv2, firefox, kernel, kernel-headers, kernel-tools, mariadb, and python-impacket), Mageia (avahi), openSUSE (chromium, drbd-utils, dtc, ipvsadm, jhead, nagios, netdata, openvpn, opera, prosody, and virtualbox), Slackware (libxml2), SUSE (kernel and lz4), and Ubuntu (intel-microcode, python-eventlet, and rust-pleaser).


Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream


Security Bulletin: Guava Google Core Libraries Vulnerability Affects IBM Control Center (CVE-2020-8908)


Security Bulletin: IBM InfoSphere DataStage is affected by an Information disclosure vulnerability


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-dataformat


Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)


Security Bulletin: Multiple CKEditor Vulnerabilities Affect IBM Control Center


Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2020-15801)


Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - OpenSSL


Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335)