#Windows 0-day is exploited to install creepy #Finspy malware (again)
https://arstechnica.com/?p=1164963
https://arstechnica.com/?p=1164963
Ars Technica
Windows 0-day is exploited to install creepy Finspy malware (again)
Microsoft patches flaw after researchers report it was used by undisclosed country.
US-CERT Current Activity
Cisco Releases Security Update
https://www.us-cert.gov/ncas/current-activity/2017/09/11/Cisco-Releases-Security-Update
Original release date: September 11, 2017
Cisco has released an update to address an Apache Struts 2 vulnerability affecting multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system.
US-CERT encourages users and administrators to review the #Cisco Security Advisory and apply the necessary update.
Cisco Releases Security Update
https://www.us-cert.gov/ncas/current-activity/2017/09/11/Cisco-Releases-Security-Update
Original release date: September 11, 2017
Cisco has released an update to address an Apache Struts 2 vulnerability affecting multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system.
US-CERT encourages users and administrators to review the #Cisco Security Advisory and apply the necessary update.
www.us-cert.gov
Cisco Releases Security Update | US-CERT
Cisco has released an update to address an Apache Struts 2 vulnerability affecting multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review the…
http://e-r00t.net/test-de-penetracion-de-pasarelas-que-realizan-nat-basado-en-connection-tracking/
Test de penetración de pasarelas que realizan NAT basado en “Connection Tracking”.
Connection Tracking, es un método para que las pasarelas realicen automáticamente el reenvío de puertos basado en la inspección de paquetes. Como algunos protocolos (IRC, FTP, SIP, …) requieren que se establezca un canal de comunicación secundario, los dispositivos que realizan NATting requieren un mecanismo que detecte las instrucciones de este protocolo y reenvíe los […]
Test de penetración de pasarelas que realizan NAT basado en “Connection Tracking”.
Connection Tracking, es un método para que las pasarelas realicen automáticamente el reenvío de puertos basado en la inspección de paquetes. Como algunos protocolos (IRC, FTP, SIP, …) requieren que se establezca un canal de comunicación secundario, los dispositivos que realizan NATting requieren un mecanismo que detecte las instrucciones de este protocolo y reenvíe los […]
e-r00t.net
Test de penetración de pasarelas que realizan NAT basado en “Connection Tracking”. – e-r00t
Noticias Informáticas y Hacking
Bashware Attack Undetectable by All Anti-Virus & Security Solutions
According to CheckPoint researchers, the Bashware attack technique could be abused even by a known Linux malware family, because security solutions for Windows are not designed to detect such threats.
http://thehackernews.com/2017/09/windows-10-linux-evade-malware.html?m=1
According to CheckPoint researchers, the Bashware attack technique could be abused even by a known Linux malware family, because security solutions for Windows are not designed to detect such threats.
http://thehackernews.com/2017/09/windows-10-linux-evade-malware.html?m=1
SysAdmin 24x7:
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
https://t.co/uBpXREJrtE
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
https://t.co/uBpXREJrtE
BleepingComputer
RouteX Malware Uses Netgear Routers for Credential Stuffing Attacks
A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks.
Actualización de seguridad de #SAP de septiembre de 2017 https://t.co/6v6PWKVK3Q
CERTSI
Actualización de seguridad de SAP de septiembre de 2017
SAP ha corregido problemas de seguridad en diferentes productos.
Vulnerabilidad de acceso no autorizado en #Cisco Meeting Server https://t.co/KTej4u5FOI
Recursos afectados:
Cisco Meeting Server (CMS) en sus versiones anteriores a la 2.0.16, 2.1.11 o 2.2.6 y que además este desplegado con estos criterios:
- El despliegue usa TURN (Transversal Using Relay NAT)
- El servidor TURN usa conexiones TLS
- TURN está siendo ejecutado en la misma máquina virtual que algunos servicios del CMS
- TURN está siendo ejecutado en la misma máquina virtual que “Call Bridge”, “Web Bridge” o algún nodo de la base de datos que sea parte del cluster del CMS desplegado.
Recursos afectados:
Cisco Meeting Server (CMS) en sus versiones anteriores a la 2.0.16, 2.1.11 o 2.2.6 y que además este desplegado con estos criterios:
- El despliegue usa TURN (Transversal Using Relay NAT)
- El servidor TURN usa conexiones TLS
- TURN está siendo ejecutado en la misma máquina virtual que algunos servicios del CMS
- TURN está siendo ejecutado en la misma máquina virtual que “Call Bridge”, “Web Bridge” o algún nodo de la base de datos que sea parte del cluster del CMS desplegado.
CERTSI
Vulnerabilidad de acceso no autorizado en Cisco Meeting Server
Una vulnerabilidad en el servidor TURN (Transversal Using Relay NAT), incluido en el dispositivo Cisco Meeting Server (CMS) puede permitir a un atacante remoto autenticado ganar acceso no autorizado a información sensible o a algunos componentes del sistema…
This is why I don't like autofill in web forms. #phishing #security #infosec
https://t.co/mVIZD2RpJ3
https://t.co/mVIZD2RpJ3
Twitter
Viljami Kuosmanen ⭐
This is why I don't like autofill in web forms. #phishing #security #infosec https://t.co/mVIZD2RpJ3
#BankBot found on #GooglePlay and targets ten new UAE banking apps.
https://t.co/F9eMlx5lf6
#malware #cybercrime
https://t.co/F9eMlx5lf6
#malware #cybercrime
TrendLabs Security Intelligence Blog
BankBot Found on Google Play and Targets Ten New UAE Banking Apps - TrendLabs Security Intelligence Blog
The Android-targeting BankBot malware (all variants detected by Trend Micro as ANDROIDOS_BANKBOT) first surfaced January of this year and is reportedly the improved version of an unnamed open source banking malware that was leaked in an underground hacking…
#Microsoft .NET Framework Remote Code Execution #PacketStorm
https://packetstormsecurity.com/files/144148/cve-2017-8759_toolkit.py.txt
https://packetstormsecurity.com/files/144148/cve-2017-8759_toolkit.py.txt
Packetstormsecurity
Microsoft .NET Framework Remote Code Execution ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
#CIA head declares #WikiLeaks "an enemy of the United States." after WikiLeaks' #Vault7 series on CIA hacking attacks.
https://t.co/25BZHiJ61j
https://t.co/25BZHiJ61j
Twitter
CIA
CIA Director Withdraws from Harvard Kennedy School Forum
Detecting Mimikatz & other Suspicious LSASS Access - Part 1
https://www.eideon.com/2017-09-09-THL01-Mimikatz/
https://www.eideon.com/2017-09-09-THL01-Mimikatz/
#Mozilla le pone refuerzos a #firefox Implementará un nuevo algoritmo para aumentar su #seguridad
https://t.co/tcKFNwPiOW
https://t.co/tcKFNwPiOW
Securityweek
Mozilla Implements Faster Diffie-Hellman Function in Firefox | SecurityWeek.Com
The implementation of Curve25519 into Firefox could make Mozilla the first major web browser to have the formally verified cryptographic primitives.