🛡▶️ Un ciberataque ruso retrasa el pago a dos millones de parados en España
Una intrusión en los sistemas del SEPE ha bloqueado los ficheros que se envían a los bancos para el abono de las nóminas. El CNI envió una alerta hace un mes y el incidente ha provocado el retraso en el pago del paro de marzo.
https://www.elconfidencialdigital.com/articulo/politica/confirmados-temores-gobierno-ciberataque-ruso-retrasa-pago-millones-parados/20220406172552377670.html
Una intrusión en los sistemas del SEPE ha bloqueado los ficheros que se envían a los bancos para el abono de las nóminas. El CNI envió una alerta hace un mes y el incidente ha provocado el retraso en el pago del paro de marzo.
https://www.elconfidencialdigital.com/articulo/politica/confirmados-temores-gobierno-ciberataque-ruso-retrasa-pago-millones-parados/20220406172552377670.html
Confidencial Digital
Confirmados los temores del Gobierno: un ciberataque ruso retrasa el pago a dos millones de parados
Los temores del Gobierno se han cumplido. Hace un mes, Moncloa recibió una alert...
Metasploitable v3, un entorno para aprender hacking ético
https://blog.segu-info.com.ar/2022/04/metasploitable-v3-un-entorno-para.html
https://blog.segu-info.com.ar/2022/04/metasploitable-v3-un-entorno-para.html
Cisco Web Security Appliance Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-filter-bypass-XXXTU3X?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20Filter%20Bypass%20Vulnerability&vs_k=1
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device.
This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-filter-bypass-XXXTU3X
Security Impact Rating: Medium
CVE: CVE-2022-20784
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-filter-bypass-XXXTU3X?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Web%20Security%20Appliance%20Filter%20Bypass%20Vulnerability&vs_k=1
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device.
This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-filter-bypass-XXXTU3X
Security Impact Rating: Medium
CVE: CVE-2022-20784
Cisco
Cisco Security Advisory: Cisco Web Security Appliance Filter Bypass Vulnerability
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected…
⚙️ "Manual uso htop: monitoriza recursos servidor en tiempo real" https://blog.elhacker.net/2022/01/top-sustituye-htop-y-monitoriza-procesos-recursos-servidores-linux-tiempo-real.html
Blog elhacker.NET
Manual uso htop: monitoriza recursos servidor en tiempo real
Blog sobre informática, tecnología y seguridad con manuales, tutoriales y documentación sobre herramientas y programas
VMSA-2022-0010.4
CVSSv3 Range: 9.8
Issue Date: 2022-04-02
Updated On: 2022-04-08
CVE(s): CVE-2022-22965
Synopsis:
VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)
Impacted Products
VMware Tanzu Application Service for VMs (TAS)
VMware Tanzu Operations Manager (Ops Manager)
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)
https://www.vmware.com/security/advisories/VMSA-2022-0010.html
CVSSv3 Range: 9.8
Issue Date: 2022-04-02
Updated On: 2022-04-08
CVE(s): CVE-2022-22965
Synopsis:
VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)
Impacted Products
VMware Tanzu Application Service for VMs (TAS)
VMware Tanzu Operations Manager (Ops Manager)
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)
https://www.vmware.com/security/advisories/VMSA-2022-0010.html
📃 "5 señales de que su identidad ha sido robada" https://www.welivesecurity.com/la-es/2022/01/25/senales-identidad-ha-sido-robada/
WeLiveSecurity
5 señales de que su identidad ha sido robada
Al detectar tempranamente las señales de advertencia que indican que ha sido víctima de robo de identidad, podrá minimizar el impacto que esto puede tener.
Travel scams – Video 11 – Most Popular Internet Scams https://terrycutler.com/travel-scams-video-11-most-popular-internet-scams/
Terry Cutler - The Ethical Hacker
Travel scams - Video 11 - Most Popular Internet Scams
what about the Travel scams. These scams usually appear in the hot summer months or before the short winter vacations like Christmas or New Year’s Day. The scam goes like this, you receive an email containing an amazing offer for an extraordinary hard to…
Alerta de vulnerabilidad Zero-Day RCE en #Nginx (en desarrollo)
https://blog.segu-info.com.ar/2022/04/alerta-de-vulnerabilidad-rce-de-nginx.html
https://blog.segu-info.com.ar/2022/04/alerta-de-vulnerabilidad-rce-de-nginx.html
Forwarded from HackPlayersNews
Server-Side Request Forgery (SSRF) Explained https://infosecwriteups.com/server-side-request-forgery-ssrf-explained-7d87b67b0e3b?source=rss----7b722bfd1b8d---4
Medium
Server-Side Request Forgery (SSRF) Explained
Server-Side Request Forgery (or SSRF) is an attack that consists of inducing a web application to send back-end requests to an unintended…
Forwarded from HackPlayersNews
TryHackMe: Blaster https://infosecwriteups.com/tryhackme-blaster-2430255a4229?source=rss----7b722bfd1b8d---4
Medium
TryHackMe: Blaster
Walkthrough
Forwarded from HackPlayersNews
THM: Attacktive Directory https://infosecwriteups.com/thm-attacktive-directory-7db6d7e5b0f5?source=rss----7b722bfd1b8d---4
Medium
THM: Attacktive Directory
In this article, I step through the process of exploiting a domain controller by enumerating services running on open ports, abusing…
[webapps] Razer Sila - Local File Inclusion (LFI)
Razer Sila - Local File Inclusion (LFI)
https://www.exploit-db.com/exploits/50864
Razer Sila - Local File Inclusion (LFI)
https://www.exploit-db.com/exploits/50864
Exploit Database
Razer Sila - Local File Inclusion (LFI)
Razer Sila - Local File Inclusion (LFI).. webapps exploit for Hardware platform
Por esto debes utilizar contraseñas de 16 caracteres o más
https://blog.segu-info.com.ar/2022/04/por-esto-debes-utilizar-contrasenas-de.html
https://blog.segu-info.com.ar/2022/04/por-esto-debes-utilizar-contrasenas-de.html