CyberScotland Bulletin

Technical Bulletin – May 2021

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures. 

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Microsoft Patch Tuesday

Microsoft released its monthly security update Tuesday 11th May 2021, disclosing 55 vulnerabilities across its suite of products.

A new update for Windows 10 known as “Version 21H1” was released on the 18th of May 2021. This update comes from Microsoft’s Semi-Annual update program which aims to release a new stable build every 6 months. Following this, as reported by Lansweeper.com, two previous Windows 10 updates have now reached end of life for security updates. These updates are “Version 1803”, “Version 1809” and “Version 1909”.

In all, there are 4 critical vulnerabilities as part of this release, and one considered of “moderate” severity. The remainder are all “important.”

As reported by dshield.org, the most notable critical vulnerability from this month’s Patch Tuesday is CVE-2021-31166 which allows for remote code execution to occur. This vulnerability can be found in HTTP.sys and is achieved by sending a purpose-built HTTP request to the infected Windows machine. Unfortunately, this vulnerability is found across several versions of Windows so is rated as critical.

This month’s security update provides patches for several other pieces of software, including Microsoft Office SharePoint, Microsoft Excel and Visual Studio.

SNORT rules are available for CVE-2021-26419, CVE-2021-31166, CVE-2021-31170, CVE-2021-31181, CVE-2021-31188. The GID’s for which can be found here.

A full list of Microsoft’s May 2021 Patches, their CVE’s Severities, scores, exploits, and disclosures can be found here: SANS Internet Storm Centre.

Adobe Patches

As reported by zerodayinitative.com, Adobe has issued 12 patches addressing 44 CVE’s in:

  • Experience Manager
  • InDesign, Illustrator
  • InCopy
  • Adobe Genuine Service
  • Acrobat and Reader
  • Magento
  • Creative Cloud Desktop
  • Media Encoder
  • After Effects
  • Medium
  • Animate.

In the same report, it’s noted that updating Acrobat and Reader should be your highest priority as one of its 14 reported CVE’s is currently being used in the wild. This vulnerability and the other vulnerabilities reported could lead to code execution if a modified PDF were to be opened by an unsuspecting user. The other notable update is for InDesign. The vulnerabilities reported for this product can result in an attacker executing code under the guise of the current process, due to the lack of proper validation of inputted data.

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks

It has been discovered that the scripting language known as AutoHotkey(AHK) has been used by malicious actors to spread remote access trojans (RAT). For context, the AHK scripting language is a free package that allows for users to automate repetitive and mundane tasks on Microsoft Windows.

Thehackernews.com reports that at least four different versions of the campaign have been spotted as early as February 2021. One version of the campaign involved the RAT being encapsulated in an AHK executable that was downloaded to the machine by the user. This version also disables Microsoft Defender through the use of a batch script. The second version discovered, aims to block connections to widely used antivirus products by manipulating the host file to resolve the localhost IP address instead of the desired address. The third RAT was delivered to the system by an obfuscated VBScript. This script then executes itself as a PowerShell command which receives the final C# payload through a service known as “stikked.ch”. The fourth and last version discovered uses an AutoHotKey script to run a legitimate application, before executing a VBScript that runs an in-memory PowerShell script to download and install the RAT.

Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild

Google has updated their May 2021 Android Security Bulletin to announce that four of their previously patched CVE’s have been used in the wild. As reported by bleepingcomputer.com, the exploits used were targeted and impacted a limited number of users. This information comes from the Android Security Bulletin May – 2021.

The list of CVE’s are:

  • CVE-2021-1905
  • CVE-2021-1906
  • CVE-2021-28663
  • CVE-2021-28664

The CVE’s mentioned appear to impact GPU driver components from Qualcomm and Arm Mali GPU’s. It was noted if CVE-2021-28663 and CVE-2021-28664 are exploited correctly then there is the potential that an attacker could gain root level privilege, and/or disclose personal information on the device.

Thehackernews.com reports that it’s not clear how the attacks were carried out, the victims who were targeted, or the threat actors that may be exploiting the CVE’s. It is recommended that Android users update their devices as soon as possible.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more
Scottish Business Resilience Centre

Related content

Technical Bulletin – August 2021

The CyberScotland Technical Bulletin will provide you with information about the latest cyber threats, scams, news and updates.
This month’s topics include:
• Microsoft Patch Tuesday
• Cisco Patches Critical Vulnerabilities
• Realtek Warns of Vulnerabilities
• Diavol Ransomware Linked to TrickBot Gang

Technical Bulletin September 2021

The CyberScotland Technical Bulletin will provide you with information about the latest cyber threats, scams, news and updates.

This month’s topics include:
• Microsoft Patch Tuesday
• REvil/Sodinokibi Ransomware Decryptor
• Google Patches Zero-Days
• Apple Patches Zero-Days

Technical Bulletin – June 2021

The CyberScotland Technical Bulletin will provide you with information about the latest cyber threats, scams, news and updates.

This month’s topics include:

• Microsoft Patch Tuesday
• Apple Zero-Day Urgent Patches
• Google Chrome Urgent Update for Exploited Zero-Day
• Linux Users Urged To Update After Root Level Security Flaw Found

Technical Bulletin – July 2021

The CyberScotland Technical Bulletin will provide you with information about the latest cyber threats, scams, news and updates.

This month’s topics include:

• Microsoft Patch Tuesday
• NSO Group’s Pegasus Spyware
• Oracle Issues Patch for Critical Vulnerabilities
• Microsoft Advises On Vulnerability Affecting Windows 10 And The Upcoming Windows 11

Back to top of the page