🎓 Taller de comunicaciones seguras en PCs con Tails/TOR para periodistas, profesionales de la comunicación y activistas en Barcelona. 24 de Abril de 2019

https://www.noconname.org/producto/ncn-labs-anti-surveillance-workshop-3/

#Curso #SeguridadInformática #Privacidad

VPN applications insecurely store session cookies

Vulnerability Note VU#192371

https://www.kb.cert.org/vuls/id/192371/

US-Cert alert! Thanks to a massive bug, VPN now stands for "Vigorously Pwned Nodes"

Multiple providers leaving storage cookies up for grabs

https://www.theregister.co.uk/2019/04/12/uscert_vpn_alert/

RedHunt Linux Distribution (VM)

RedHunt Linux Distribution (VM) es máquina virtual para la emulación de adversarios y la caza de amenazas. Pretende ser una "ventanilla única" para todas las necesidades de emulación de amenazas y búsqueda de amenazas al integrar el arsenal del atacante y el conjunto de herramientas del defensor para identificar activamente las amenazas en el entorno.

https://www.hackplayers.com/2019/04/redhunt-linux-distribution-vm.html

Bypassing AD account lockout for a compromised account

https://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8

Malware sin archivo ataca a usuarios de instituciones financieras en América Latina

https://noticiasseguridad.com/malware-virus/malware-sin-archivo-ataca-a-usuarios-de-instituciones-financieras-en-america-latina/

smbdoor

The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler.

https://github.com/zerosum0x0/smbdoor

Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection

https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43

Apache Tomcat Patches Important Remote Code Execution Flaw

Affected Tomcat Versions
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93


https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html

Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems

https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/

Herramienta para implementar y detectar el uso de honeytokens en Active Directory.

https://www.gurudelainformatica.es/2019/03/herramienta-para-implementar-y-detectar.html

DCEPT

DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory.

https://github.com/secureworks/dcept

New Details Emerge on Windows Zero Day

https://www.darkreading.com/vulnerabilities---threats/new-details-emerge-on-windows-zero-day/d/d-id/1334422

European Commission: No Evidence of Issues With Kaspersky Products

https://www.securityweek.com/european-commission-no-evidence-issues-kaspersky-products

Actualizaciones críticas en Oracle (abril 2019)

Fecha de publicación: 17/04/2019
Importancia: 5 - Crítica

Descripción: 
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2019

Malvertising Campaign Abused Chrome to Hijack 500 Million iOS User Sessions

https://www.bleepingcomputer.com/news/security/malvertising-campaign-abused-chrome-to-hijack-500-million-ios-user-sessions/

DNS Hijacking Abuses Trust In Core Internet Service

https://blog.talosintelligence.com/2019/04/seaturtle.html

Facebook uploaded 1.5 million people’s email contacts without permission

https://thenextweb.com/facebook/2019/04/18/facebook-uploaded-1-5-million-peoples-email-contacts-without-permission/amp/

New Variant of HawkEye Sold on Hacking Forums and Distributed via Excel and DOC Files

https://gbhackers.com/hawkeye-distributed-excel

Drupal Releases Security Updates

Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/04/17/Drupal-Releases-Security-Updates

Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability

Vulnerable Products

This vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers that are running an affected version of Cisco IOS XR 64-bit Software and have the secondary management interface (physically MGT LAN 1 on the route switch processor (RSP)) connected and configured.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr