❗️«El investigador de seguridad Jonas Lykkegaard ha descubierto una nueva #vulnerabilidad que afecta a Windows 10 y Windows 11. Se trata de un problema que permite que los archivos del Registro y sus bases de datos sean accesibles al grupo "Usuarios" que tiene no tiene privilegios elevados en un dispositivo».
https://bit.ly/2UxONNv

ExploitDB Just tweeted ****************************************** [webapps] Microsoft SharePoint Server 2019 - Remote Code Execution (2) https://t.co/Vxas2ftaha

RT @javiergemar: Cómo iniciarte en #seguridad informática: https://t.co/fgqgAOX1ws vía @DragonJAR
— DragonJAR - Seguridad Informática (@DragonJAR) Jul 24, 2021

Windows Elevation of Privilege Vulnerability
CVE-2021-36934

Released: Jul 20, 2021
Last updated: Jul 23, 2021

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

📃 "Cifra y descifra textos fácilmente con estas herramientas online gratuitas" https://www.redeszone.net/tutoriales/seguridad/cifrar-descifrar-textos-herramientas-online-gratis/

Top 25 CWE 2021: las debilidades de software más peligrosas
https://blog.segu-info.com.ar/2021/07/top-25-cwe-2021-las-debilidades-de.html

#exploit
PoC for exploiting CVE-2021-28903:
A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem()
https://github.com/AlAIAL90/CVE-2021-28903

ExploitDB Just tweeted ****************************************** [webapps] Microsoft SharePoint Server 2019 - Remote Code Execution (2) https://t.co/Vxas2ftaha

#APT31 #Zirconium

Comprometen routers de oficinas y de casas

Los routers comprometidos permiten a los crackers mantener el anonimato durante ataques a gran escala.

APT31 ha estado atacando un gran número de routers para utilizarlos contra organizaciones y autoridades francesas.

Fuente en inglés:
https://arstechnica.com/gadgets/2021/07/home-and-office-routers-come-under-attack-by-china-state-hackers-france-warns/

Cisco SD-WAN Software Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20Software%20Information%20Disclosure%20Vulnerability&vs_k=1

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory.
This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq



Security Impact Rating: Medium



CVE: CVE-2021-1614

⛲
https://noviello.it/es/como-instalar-y-configurar-wireguard-vpn-en-debian-10/

Documento 👇👀
https://t.me/MegaGrAn1976/7062

Video👇👀
https://t.me/MegaGrAn1976/7063

Video👇👀
Como usar el cliente WireGuard
🔗 https://t.me/MegaGrAn1976/7064

Instalación windows y terminales Linux.
🔗👇👀https://t.me/MegaGrAn1976/7065

ExploitDB Just tweeted ****************************************** [dos] Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC) https://t.co/A5ANdxL2rb

Cositas básicas

📃 "Así es cómo tu CPU y GPU realizan los cálculos matemáticos en tu PC" https://hardzone.es/reportajes/que-es/alu/

📃 "Disco duro: qué es, tipos y cómo funciona" https://www.elgrupoinformatico.com/noticias/disco-duro-que-tipos-como-funciona-t79244.html

📃 "Qué es la memoria RAM y cómo funciona" https://www.profesionalreview.com/2018/11/01/memoria-ram/

📃 "Controla el funcionamiento de tu tarjeta de red con NetworkCountersWatch" https://www.redeszone.net/2017/09/25/networkcounterswatch-informacion-tarjeta-red/

📃 "¿Cómo funciona un router?" https://www.cisco.com/c/es_mx/solutions/small-business/resource-center/networking/how-does-a-router-work.html

📃 "La informática forense en la investigación de delitos" https://protecciondatos-lopd.com/empresas/informatica-forense/

📃 "Cómo proteger tu empresa gracias a una auditoría de ciberseguridad" https://keepcoding.io/blog/auditoria-de-ciberseguridad/

📃 "¿Qué es un pentesting, o prueba de penetración?" https://nordvpn.com/es/blog/que-es-el-pentesting/

🎓 "Curso de Wireless Penetration Testing con Kali linux" https://www.youtube.com/watch?v=2TFnEcJEL10&list=PL-G03HRCQgdFKAaW718J14tKDM63mGirL

📃 "¿Qué es una VPN?" https://nordvpn.com/es/what-is-a-vpn/

Descuento a una VPN para los suscriptores de @seguridadinformatic4 Utiliza el cupón informatica o entra directamente en este enlace: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=45752&url_id=11987

Vulnerabilidades críticas en Oracle WebLogic Server

https://unaaldia.hispasec.com/2021/07/vulnerabilidades-criticas-en-oracle-weblogic-server.html

IoT-PT: entorno virtual de pentesting para dispositivos IoT
https://blog.segu-info.com.ar/2021/07/iot-pt-entorno-virtual-de-pentesting.html

XCSSET, el malware de MacOS vuelve con novedades

https://unaaldia.hispasec.com/2021/07/xcsset-el-malware-de-macos-vuelve-con-novedades.html

# CVE-2017-9841. The exploit targets Drupal sites that currently or
previously used the Mailchimp or Mailchimp commerce module and still have a
vulnerable version of the file
sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php.
See below for details on whether a file is vulnerable or not. The vulnerable
file might be at other paths on your individual site, but an automated attack
exists that is looking for that specific path. This attack can execute PHP on
the server