Un traidor de la banda de Ransomware Conti filtra sus manuales técnicos https://escudodigital.com/ciberseguridad/desertor-de-la-banda-de-ransomware-conti-filtra-manuales-wizard-spider/

SharpC2 - Command and Control Framework

https://reconshell.com/sharpc2-command-and-control-framework/

Citrix Releases Security Update for ShareFile Storage Zones Controller

https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/citrix-releases-security-update-sharefile-storage-zones-controller

📃 "Stuxnet: historia del primer arma de la ciberguerra" https://www.genbeta.com/seguridad/stuxnet-historia-del-primer-arma-de-la-ciberguerra

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Stored%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user.
These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL


Security Impact Rating: Medium



CVE: CVE-2021-1603,CVE-2021-1604,CVE-2021-1605,CVE-2021-1606,CVE-2021-1607

OTP bypass and Account takeover using response manipulation
https://infosecwriteups.com/otp-bypass-and-account-takeover-using-response-manipulation-685ad4e1ea76

NicheStack embedded TCP/IP has vulnerabilities
Vulnerability Note VU#608209

HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT"

CVE IDs:
CVE-2020-25767 CVE-2020-25926 CVE-2020-25927 CVE-2020-25928 CVE-2020-35683 CVE-2020-35684 CVE-2020-35685 CVE-2021-27565 CVE-2021-31226 CVE-2021-31227 CVE-2021-31228 CVE-2021-31400 CVE-2021-31401 CVE-2021-36762

https://kb.cert.org/vuls/id/608209

ADCSPwn - A tool to escalate privileges in active directory network

https://reconshell.com/adcspwn-a-tool-to-escalate-privileges-in-active-directory-network/

Congreso de Seguridad Informática https://www.dragonjar.org/congreso-de-seguridad-informatica.xhtml

Microsoft confirms another Windows print spooler zero-day bug

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/

Windows Print Spooler Remote Code Execution Vulnerability

Security Vulnerability
Released: Aug 11, 2021

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958

La Universidad de Kentucky descubre una brecha gracias a un pentest

https://unaaldia.hispasec.com/2021/08/la-universidad-de-kentucky-descubre-una-brecha-gracias-a-un-pentest.html

Black Tool - Install the tools and start Attacking

https://reconshell.com/black-tool-install-the-tools-and-start-attacking/

Manuales y scripts del ransomware

https://blog.segu-info.com.ar/2021/08/manuales-y-scripts-del-ransomware-conti.html

Sudáfrica acepta el registro de una patente por una IA

Se trata de la primera vez que se concede una licencia de propiedad intelectual a una inteligencia artificial. Australia también se ha pronunciado a favor, EEUU y Europa se niegan y argumentan que un inventor sólo puede ser humano

https://www.usinenouvelle.com/editorial/quand-une-intelligence-artificielle-devient-l-inventrice-d-un-brevet.N1132204

+Skill - Geek latino
- Bienvenido a +Skill -
- Leer mensaje fijado -
- respetar los demas miembros -
- enriquesete con la experiencia -
https://t.me/mazskill