National Vulnerability Database
CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

MosaicRegressor, módulos maliciosos en la UEFI para descarga de malware y persistencia.

https://unaaldia.hispasec.com/2020/10/mosaicregressor-modulos-maliciosos-en-la-uefi-para-descarga-de-malware-y-persistencia.html

📃 "Evil-Droid : Cuidado con tu Android" https://c43s4rs.blogspot.com/2017/12/evil-droid-cuidado-con-tu-android.html

National Vulnerability Database
CVE-2020-4660

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. IBM X-Force ID: 186140.

National Vulnerability Database
CVE-2020-9108

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.

Herramienta OSINT para identificar amenazas de ciberocupación a dominios

http://feedproxy.google.com/~r/GuruDeLaInformtica/~3/1Q3ZWItwXmM/herramienta-osint-para-identificar-amenazas-de-ciberocupacion-a-empresas-o-dominios

📃 "D-tect – Pentesting para aplicaciones web modernas" https://noticiasseguridad.com/tutoriales/d-tect-pentesting-para-aplicaciones-web-modernas/

📃 "Estos son los errores frecuentes a la hora de realizar pentesting" https://www.redeszone.net/tutoriales/seguridad/pentesting-errores-frecuentes/

📃 "Recopilatorio de malware para cajeros automáticos" https://blog.segu-info.com.ar/2020/08/recopilatorio-de-malware-para-cajeros.html

Malware comienza a utilizar servicios del estilo de Pastebin para almacenar el payload malicioso

https://unaaldia.hispasec.com/2020/10/malware-comienza-a-utilizar-servicios-del-estilo-de-pastebin-para-almacenar-el-payload-malicioso.html

Nueva variante de Ransomware para Android

https://unaaldia.hispasec.com/2020/10/nueva-variante-de-ransomware-para-android.html

Ejecución de código arbitrario, SQL injection y otras vulnerabilidades encontradas en Magento

https://unaaldia.hispasec.com/2020/10/ejecucion-de-codigo-arbitrario-sql-injection-y-otras-vulnerabilidades-encontradas-en-magento.html

National Vulnerability Database
CVE-2020-9968

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.

Vulnerabilidades en Magento: ejecución de código arbitrario, SQL injection y otras
https://blog.segu-info.com.ar/2020/10/vulnerabilidades-en-magento-ejecucion.html

MaMoCrypt Ransomware Decryption Tool

https://labs.bitdefender.com/2020/10/mamocrypt-ransomware-decryption-tool/

📃 "Documental 'El enemigo anónimo'" https://blog.segu-info.com.ar/2020/09/documental-el-enemigo-anonimo.html

🎥 https://www.youtube.com/channel/UCF5RIDpbs2XgDEDoieRrjTg

CVE-2020-25656:
Linux 3.4 - 5.9 kernel concurrency UAF
in vt_do_kdgkb_ioctl (PoC)
https://seclists.org/oss-sec/2020/q4/63?utm_source=dlvr.it&utm_medium=twitter

Major Vulnerabilities Discovered in Qualcomm QCMAP (Qualcomm Mobile Access Point)
(CVE-2020-25858, CVE-2020-3657, CVE-2020-25859)
https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities

Nuevo método de ataque a certificados TLS, denominado Raccoon attacK
https://t.co/T62CnoTmNR— Fran Andrades (@AndradesFran) September 10, 2020

LINUX ACADEMY

https://mega.nz/folder/3dkjkJSa#BLyY2ufMT25ng2-bPhw7Tw