Nueva campaña de espionaje a usuarios de iOS a traves de certificados de empresa
https://www.seguridadapple.com/2019/04/nueva-campana-de-espionaje-usuarios-de.html
https://www.seguridadapple.com/2019/04/nueva-campana-de-espionaje-usuarios-de.html
Seguridadapple
Nueva campaña de espionaje a usuarios de iOS a traves de certificados de empresa
En anteriores ocasiones ya os hemos hablado de los certificados de empresa de Apple y de cómo estos son fácilmente utilizados con fines poc...
Múltiples vulnerabilidades de lectura fuera de límites en productos VMware
Fecha de publicación: 12/04/2019
Importancia: 4 - Alta
Recursos afectados:
VMware vSphere ESXi (ESXi) versiones:
6.5
6.7
VMware Workstation Pro / Player (Workstation) versiones:
15.X
14.X
VMware Fusion Pro / Fusion (Fusion) versiones:
11.x
10.x
Descripción:
VMware ha detectado 3 vulnerabilidades de criticidad alta del tipo lectura fuera de límites que afectan a varios de sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lectura-fuera-limites-productos-vmware
Fecha de publicación: 12/04/2019
Importancia: 4 - Alta
Recursos afectados:
VMware vSphere ESXi (ESXi) versiones:
6.5
6.7
VMware Workstation Pro / Player (Workstation) versiones:
15.X
14.X
VMware Fusion Pro / Fusion (Fusion) versiones:
11.x
10.x
Descripción:
VMware ha detectado 3 vulnerabilidades de criticidad alta del tipo lectura fuera de límites que afectan a varios de sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lectura-fuera-limites-productos-vmware
INCIBE-CERT
Múltiples vulnerabilidades de lectura fuera de límites en productos VMware
VMware ha detectado 3 vulnerabilidades de criticidad alta del tipo lectura fuera de límites que afectan a varios de sus productos.
Múltiples vulnerabilidades en API Connect de IBM
Fecha de publicación: 12/04/2019
Importancia: 5 - Crítica
Recursos afectados:
IBM API Connect, versiones desde 5.0.0.0 hasta 5.0.8.6
Descripción:
Se han publicado dos vulnerabilidades de tipo inyección de comandos e inclusión de archivos locales (LFI, Local File Inclusion) en API Connect.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-api-connect-ibm
Fecha de publicación: 12/04/2019
Importancia: 5 - Crítica
Recursos afectados:
IBM API Connect, versiones desde 5.0.0.0 hasta 5.0.8.6
Descripción:
Se han publicado dos vulnerabilidades de tipo inyección de comandos e inclusión de archivos locales (LFI, Local File Inclusion) en API Connect.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-api-connect-ibm
INCIBE-CERT
Múltiples vulnerabilidades en API Connect de IBM
Se han publicado dos vulnerabilidades de tipo inyección de comandos e inclusión de archivos locales (LFI, Local File Inclusion) en API Connect.
CVE-2018-20685 OpenSSH Vulnerability in NetApp Products
Impact
Successful exploitation of this vulnerability could lead to could lead to unauthorized addition or modification of data.
https://security.netapp.com/advisory/ntap-20190215-0001/
Impact
Successful exploitation of this vulnerability could lead to could lead to unauthorized addition or modification of data.
https://security.netapp.com/advisory/ntap-20190215-0001/
Netapp
CVE-2018-20685 OpenSSH Vulnerability in NetApp Products | NetApp Product Security
Multiple NetApp products incorporate OpenSSH software libraries. OpenSSH versions through 7.9 are susceptible to a vulnerability which when exploited could lead to unauthorized addition or modification of data.
Intel SA-00185 CSME-SPS-TXE-AMT Vulnerabilities in NetApp Products
Impact
Successful exploitation of these vulnerabilities could lead to information disclosure, Denial of Service (DoS) or arbitrary code execution.
For virtualized deployments, NetApp recommends working with your hypervisor and cloud platform vendors to ensure that your NetApp product is running on a secure and patched platform. For Docker-based deployments, NetApp recommends working with your operating system and hardware vendors to ensure that your NetApp product is running on a secure and patched platform.
https://security.netapp.com/advisory/ntap-20190318-0001/
Impact
Successful exploitation of these vulnerabilities could lead to information disclosure, Denial of Service (DoS) or arbitrary code execution.
For virtualized deployments, NetApp recommends working with your hypervisor and cloud platform vendors to ensure that your NetApp product is running on a secure and patched platform. For Docker-based deployments, NetApp recommends working with your operating system and hardware vendors to ensure that your NetApp product is running on a secure and patched platform.
https://security.netapp.com/advisory/ntap-20190318-0001/
Netapp
Intel SA-00185 CSME-SPS-TXE-AMT Vulnerabilities in NetApp Products | NetApp Product Security
Multiple NetApp products incorporate Intel technology. Certain versions of Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology are susceptible to vulnerabilities which when exploited could lead to information…
Oracle April 2019 Critical Patch Update Multiple Vulnerabilities
Solution:
The vendor planned to release updates to address these issues on April 16, 2019. Please see the references for more information.
https://www.securityfocus.com/bid/107875
Solution:
The vendor planned to release updates to address these issues on April 16, 2019. Please see the references for more information.
https://www.securityfocus.com/bid/107875
Securityfocus
Oracle April 2019 Critical Patch Update Multiple Vulnerabilities
SecurityFocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet's largest and most comprehensive database of computer security knowledge and resources to the public. It…
Forwarded from 🔒Seguridad Informática
🎓 Taller de comunicaciones seguras en PCs con Tails/TOR para periodistas, profesionales de la comunicación y activistas en Barcelona. 24 de Abril de 2019
https://www.noconname.org/producto/ncn-labs-anti-surveillance-workshop-3/
#Curso #SeguridadInformática #Privacidad
https://www.noconname.org/producto/ncn-labs-anti-surveillance-workshop-3/
#Curso #SeguridadInformática #Privacidad
VPN applications insecurely store session cookies
Vulnerability Note VU#192371
https://www.kb.cert.org/vuls/id/192371/
Vulnerability Note VU#192371
https://www.kb.cert.org/vuls/id/192371/
kb.cert.org
CERT/CC Vulnerability Note VU#192371
VPN applications insecurely store session cookies
US-Cert alert! Thanks to a massive bug, VPN now stands for "Vigorously Pwned Nodes"
Multiple providers leaving storage cookies up for grabs
https://www.theregister.co.uk/2019/04/12/uscert_vpn_alert/
Multiple providers leaving storage cookies up for grabs
https://www.theregister.co.uk/2019/04/12/uscert_vpn_alert/
www.theregister.co.uk
US-Cert alert! Thanks to a massive bug, VPN now stands for 'Vigorously Pwned Nodes'
Multiple providers leaving storage cookies up for grabs
RedHunt Linux Distribution (VM)
RedHunt Linux Distribution (VM) es máquina virtual para la emulación de adversarios y la caza de amenazas. Pretende ser una "ventanilla única" para todas las necesidades de emulación de amenazas y búsqueda de amenazas al integrar el arsenal del atacante y el conjunto de herramientas del defensor para identificar activamente las amenazas en el entorno.
https://www.hackplayers.com/2019/04/redhunt-linux-distribution-vm.html
RedHunt Linux Distribution (VM) es máquina virtual para la emulación de adversarios y la caza de amenazas. Pretende ser una "ventanilla única" para todas las necesidades de emulación de amenazas y búsqueda de amenazas al integrar el arsenal del atacante y el conjunto de herramientas del defensor para identificar activamente las amenazas en el entorno.
https://www.hackplayers.com/2019/04/redhunt-linux-distribution-vm.html
Hackplayers
RedHunt Linux Distribution (VM)
RedHunt Linux Distribution (VM) es máquina virtual para la emulación de adversarios y la caza de amenazas. Pretende ser una "ventanilla úni...
Bypassing AD account lockout for a compromised account
https://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
https://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
Medium
Bypassing AD account lockout for a compromised account
This is for educational purposes only. Never do security testing on a machine you do not own or have permission to test on. If you don’t…
Malware sin archivo ataca a usuarios de instituciones financieras en América Latina
https://noticiasseguridad.com/malware-virus/malware-sin-archivo-ataca-a-usuarios-de-instituciones-financieras-en-america-latina/
https://noticiasseguridad.com/malware-virus/malware-sin-archivo-ataca-a-usuarios-de-instituciones-financieras-en-america-latina/
Noticias de seguridad informática
Malware sin archivo ataca a bancos latinoamericanos
Malware sin archivo ataca a usuarios de instituciones financieras en América Latina : curso de ethical hacking IICS CDMX
smbdoor
The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler.
https://github.com/zerosum0x0/smbdoor
The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler.
https://github.com/zerosum0x0/smbdoor
Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43
Apache Tomcat Patches Important Remote Code Execution Flaw
Affected Tomcat Versions
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
Affected Tomcat Versions
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems
https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/
https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/
BleepingComputer
Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems
A Windows zero-day vulnerability which got patched by Microsoft as part of the company's April 2019 Patch Tuesday together with 73 other flaws could allow potential attackers to take full control of vulnerable systems.
Herramienta para implementar y detectar el uso de honeytokens en Active Directory.
https://www.gurudelainformatica.es/2019/03/herramienta-para-implementar-y-detectar.html
https://www.gurudelainformatica.es/2019/03/herramienta-para-implementar-y-detectar.html
DCEPT
DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory.
https://github.com/secureworks/dcept
DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory.
https://github.com/secureworks/dcept
GitHub
GitHub - secureworks/dcept: A tool for deploying and detecting use of Active Directory honeytokens
A tool for deploying and detecting use of Active Directory honeytokens - secureworks/dcept
New Details Emerge on Windows Zero Day
https://www.darkreading.com/vulnerabilities---threats/new-details-emerge-on-windows-zero-day/d/d-id/1334422
https://www.darkreading.com/vulnerabilities---threats/new-details-emerge-on-windows-zero-day/d/d-id/1334422
Dark Reading
New Details Emerge on Windows Zero Day
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
European Commission: No Evidence of Issues With Kaspersky Products
https://www.securityweek.com/european-commission-no-evidence-issues-kaspersky-products
https://www.securityweek.com/european-commission-no-evidence-issues-kaspersky-products
Securityweek
European Commission: No Evidence of Issues With Kaspersky Products | SecurityWeek.Com
The European Commission has no evidence of issues associated with using Kaspersky Lab’s products, a document published this week reveals.
Actualizaciones críticas en Oracle (abril 2019)
Fecha de publicación: 17/04/2019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2019
Fecha de publicación: 17/04/2019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2019
INCIBE-CERT
Actualizaciones críticas en Oracle (abril 2019)
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.