HGXP-X8G2-543X-X53E-NXHH
VSBA-XMHV-NNMS-FJX8-F29N
EVF6-X26J-HDTN-UENA-J7KR
NR8V-XU87-6EPV-XDWP-M7AM
7578-XJ8K-6J4J-WMD3-N99H
4W36-XN6R-82SC-TSNS-J29K
EDNP-XTDR-N58N-PR9R-5CHE
K94W-X5VD-99WB-5556-W3GR
3GHU-XG27-TPA7-8CK5-8GX6
A88N-XGH6-AM9V-7K2P-5TWM
MCTN-X95R-56MG-S625-XDBS
PT2F-XS3C-XF3C-KJWR-32FJ
C2WM-XGVD-286M-S2P5-4TRX
852W-XGJN-W6KW-GJMV-FMF2
C6XR-XM8W-VU3J-AAGS-KF24

Cibercriminales están amplificando ataques DoS hasta 65 veces  explotando los middleboxes de red como firewalls, NAT, etc

https://noticiasseguridad.com/tecnologia/cibercriminales-estan-amplificando-ataques-dos-hasta-65-veces-explotando-los-middleboxes-de-red-como-firewalls-nat-etc/

📃 "Un grupo de hackers están explotando las vulnerabilidades de Apache Log4j" https://www.linuxadictos.com/un-grupo-de-hackers-estan-explotando-las-vulnerabilidades-de-apache-log4j.html
📃 "Jen Easterly, directora de CISA dice que Log4j es la peor que ha visto y que se extenderán durante años" https://www.linuxadictos.com/jen-easterly-directora-de-cisa-dice-que-log4j-es-la-peor-que-ha-visto-y-que-se-extenderan-durante-anos.html
📃 "Un nuevo ransomware explota vulnerabilidades en Log4j para cifrar servidores de VMware" https://noticiasseguridad.com/vulnerabilidades/un-nuevo-ransomware-explota-vulnerabilidades-en-log4j-para-cifrar-servidores-de-vmware/

CVE-2022-25064 TP-LINK RCE

https://reconshell.com/cve-2022-25064-tp-link-rce/

Cisco StarOS Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20StarOS%20Command%20Injection%20Vulnerability&vs_k=1

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n



Security Impact Rating: Medium



CVE: CVE-2022-20665

[webapps] Xerte 3.10.3 - Directory Traversal (Authenticated)
Xerte 3.10.3 - Directory Traversal (Authenticated)
https://www.exploit-db.com/exploits/50794

El diccionario de extenciones viene incluido en Kali pero en parrot OS no, así que por aquí lo dejo.

https://github.com/Anonimo501/raft-small-extensions-lowercase

Remote code execution vulnerability uncovered in Hashnode blogging platform.

A local file coding error could be exploited to trigger RCE

https://portswigger.net/daily-swig/remote-code-execution-vulnerability-uncovered-in-hashnode-blogging-platform

Microsoft toma medidas frente a los ciberataques de Rusia

https://unaaldia.hispasec.com/2022/03/microsoft-toma-medidas-frente-a-los-ciberataques-de-rusia.html

Espero OS guste el vídeo sobre el script de hydra que se realizó semanas atrás, lo comparto por qué lo habían pedido.

Saludos y no olviden compartir para llegar a más personas, gracias. 👌👌


https://youtu.be/PgzBmAEaVHE

Os vuelvo a enviar el PDF ya que he agregado un par de cosas.

Top10 de ataques al Directorio Activo

https://www.hackplayers.com/2022/03/top10-de-ataques-al-directorio-activo.html

No olvidéis que he hecho creo que 4 scripts para este tema de Active Directory, si alguien no los ha visto y OS interesa, díganme y los comparto de nuevo.