En este capítulo de este curso de Hacking orientado a aplicaciones webs veremos una explicación a fondo de cómo explotar un SQL Injection de manera totalmente manual, veremos los nombres de las bases de datos, tablas, columnas y finalmente la información almacenada en las mismas.


https://youtu.be/msDUc4kyDko

ATAQUE RANSOMWARE A UNA PRISIÓN

Ha salido a la luz el primer ataque de este tipo a una prisión, un ataque que inutilizó todo el sistema informático del centro de detención en el condado de Bernalillo, área de Albuquerque, Nuevo México. Las consecuencias podrían haber sido terribles.

https://wwwhatsnew.com/2022/01/12/ataque-ransomware-prision-carcel/

LA AGENCIA ESPACIAL EUROPEA QUIERE QUE EXPERTOS EN CIBERSEGURIDAD HACKEEN SUS SATÉLITES EN BUSCA DE VULNERABILIDADES

https://noticiasseguridad.com/seguridad-informatica/la-agencia-espacial-europea-quiere-que-expertos-en-ciberseguridad-hackeen-sus-satelites-en-busca-de-vulnerabilidades/

Cisco Secure Network Analytics Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Network%20Analytics%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ
Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure (https://www.cisco.com/c/en/us/products/security/secure-names.html).



Security Impact Rating: Medium



CVE: CVE-2022-20663

🍀 Online Password Crackers 🍀


https://hashkiller.io

https://www.cmd5.org/

https://www.onlinehashcrack.com/

https://gpuhash.me/

https://crackstation.net/

https://crack.sh/

https://passwordrecovery.io/

http://cracker.offensive-security.com/

Si quieres aprender de HACKING en redes WiFi, este es el curso indicado para iniciar: https://youtu.be/Q0aed1OhBH8

​​📃 "Configura la política de contraseñas en Debian y protege tu servidor" https://www.redeszone.net/tutoriales/seguridad/configurar-politica-contrasenas-debian/

El antivirus de Norton ahora mina criptomonedas

https://unaaldia.hispasec.com/2022/01/el-antivirus-de-norton-ahora-mina-criptomonedas.html

Todos los puntos verdes en el mapa son estaciones de radio al rededor del mundo, con tan solo dar un clic podremos escuchar la radio de la ciudad que se nos antoje. Solo basta con buscar Radio.garden en nuestro navegador favorito.

http://radio.garden/visit/siglufjoerdjur/pB46jKCc

[webapps] WordPress Core 5.8.2 - 'WP_Query' SQL Injection
WordPress Core 5.8.2 - 'WP_Query' SQL Injection
https://www.exploit-db.com/exploits/50663

Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Contact%20Center%20Management%20Portal%20and%20Unified%20Contact%20Center%20Domain%20Manager%20Privilege%20Escalation%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator.
This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4



Security Impact Rating: Critical



CVE: CVE-2022-20658

K10771536: MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974 http://www.ccn-cert.cni.es/component/vulnerabilidades/view/33008.html

📃 "autenticación segura, ¿qué es y por dónde empiezo?" https://www.incibe.es/protege-tu-empresa/blog/tematicas-autenticacion-segura-y-donde-empiezo

⚠️ https://bit.ly/3GreWAr #ransomware