CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial
https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html

Los equipos de seguridad informática de AMD anunciaron la corrección de una vulnerabilidad que habría permitido a los actores de...
The post CVE-2021-26333: Vulnerabilidad crítica en chips de AMD permite fugas de información confidencial (https://www.iicybersecurity.com/cve-2021-26333-vulnerabilidad-critica-en-chips-de-amd-permite-fugas-de-informacion-confidencial.html) appeared first on IICS (https://www.iicybersecurity.com/).

Open Management Infrastructure Remote Code Execution Vulnerability
CVE-2021-38647

Released: Sep 14, 2021 Last updated: Sep 17, 2021

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647

📃 "Ciberataques DrDoS basados en el protocolo CharGEN" https://www.incibe-cert.es/blog/ciberataques-drdos-basado-el-protocolo-chargen

CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive information from the targeted system.

https://securityaffairs.co/wordpress/122330/security/amd-driver-vulnerability.html

MSSQL for Pentester: Hashing https://www.hackingarticles.in/mssql-for-pentester-hashing/

Múltiples vulnerabilidades en Moodle

Fecha de publicación: 21/09/2021
Importancia: 5 - Crítica

Recursos afectados:
Las versiones de Moodle que se ven afectadas son las siguientes:
de la 3.11 a la 3.11.2,
de la 3.10 a la 3.10.6,
de la 3.9 a la 3.9.9 y
versiones anteriores sin soporte.

Descripción:
Se han publicado cuatro vulnerabilidades de severidad crítica y otra de severidad baja que podrían permitir a un atacante realizar un secuestro de sesión o acceder a información confidencial.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-16

Best Collection of Penetration Testing tools

https://reconshell.com/pentest-tools-collection/

Infección de Ransomware a través de un exploit de 11 años en ColdFusion
https://blog.segu-info.com.ar/2021/09/infeccion-de-ransomware-traves-de-un.html

¿Cuál es la diferencia entre VPS y VPN? ¿Qué es un VPS?
https://www.le-vpn.com/es/vps-vs-vpn-cual-es-la-diferencia/

【 DIFERENCIAS entre VPS vs VPN 】¿Qué Hosting es mejor? ▷ 2021
https://internetpasoapaso.com/diferencias-entre-vps-y-vpn/

Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise.

https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise

Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windows-credentials/

Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%20Access%20Points%20WLAN%20Control%20Protocol%20Packet%20Buffer%20Leak%20Denial%20of%20Service%20Vulnerability&vs_k=1

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. 
This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL



Security Impact Rating: High



CVE: CVE-2021-34740

Cisco SD-WAN Software Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20Software%20Command%20Injection%20Vulnerability&vs_k=1

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device.
This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC



Security Impact Rating: Medium



CVE: CVE-2021-34726

⚙️ "Cómo redirigir fácilmente el tráfico web con Tor" https://noticiasseguridad.com/tutoriales/como-redirigir-facilmente-el-trafico-web-con-tor/