RedHunt Linux Distribution (VM)
RedHunt Linux Distribution (VM) es máquina virtual para la emulación de adversarios y la caza de amenazas. Pretende ser una "ventanilla única" para todas las necesidades de emulación de amenazas y búsqueda de amenazas al integrar el arsenal del atacante y el conjunto de herramientas del defensor para identificar activamente las amenazas en el entorno.
https://www.hackplayers.com/2019/04/redhunt-linux-distribution-vm.html
RedHunt Linux Distribution (VM) es máquina virtual para la emulación de adversarios y la caza de amenazas. Pretende ser una "ventanilla única" para todas las necesidades de emulación de amenazas y búsqueda de amenazas al integrar el arsenal del atacante y el conjunto de herramientas del defensor para identificar activamente las amenazas en el entorno.
https://www.hackplayers.com/2019/04/redhunt-linux-distribution-vm.html
Hackplayers
RedHunt Linux Distribution (VM)
RedHunt Linux Distribution (VM) es máquina virtual para la emulación de adversarios y la caza de amenazas. Pretende ser una "ventanilla úni...
Bypassing AD account lockout for a compromised account
https://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
https://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
Medium
Bypassing AD account lockout for a compromised account
This is for educational purposes only. Never do security testing on a machine you do not own or have permission to test on. If you don’t…
Malware sin archivo ataca a usuarios de instituciones financieras en América Latina
https://noticiasseguridad.com/malware-virus/malware-sin-archivo-ataca-a-usuarios-de-instituciones-financieras-en-america-latina/
https://noticiasseguridad.com/malware-virus/malware-sin-archivo-ataca-a-usuarios-de-instituciones-financieras-en-america-latina/
Noticias de seguridad informática
Malware sin archivo ataca a bancos latinoamericanos
Malware sin archivo ataca a usuarios de instituciones financieras en América Latina : curso de ethical hacking IICS CDMX
smbdoor
The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler.
https://github.com/zerosum0x0/smbdoor
The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler.
https://github.com/zerosum0x0/smbdoor
Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43
Apache Tomcat Patches Important Remote Code Execution Flaw
Affected Tomcat Versions
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
Affected Tomcat Versions
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems
https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/
https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/
BleepingComputer
Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems
A Windows zero-day vulnerability which got patched by Microsoft as part of the company's April 2019 Patch Tuesday together with 73 other flaws could allow potential attackers to take full control of vulnerable systems.
Herramienta para implementar y detectar el uso de honeytokens en Active Directory.
https://www.gurudelainformatica.es/2019/03/herramienta-para-implementar-y-detectar.html
https://www.gurudelainformatica.es/2019/03/herramienta-para-implementar-y-detectar.html
DCEPT
DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory.
https://github.com/secureworks/dcept
DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory.
https://github.com/secureworks/dcept
GitHub
GitHub - secureworks/dcept: A tool for deploying and detecting use of Active Directory honeytokens
A tool for deploying and detecting use of Active Directory honeytokens - secureworks/dcept
New Details Emerge on Windows Zero Day
https://www.darkreading.com/vulnerabilities---threats/new-details-emerge-on-windows-zero-day/d/d-id/1334422
https://www.darkreading.com/vulnerabilities---threats/new-details-emerge-on-windows-zero-day/d/d-id/1334422
Dark Reading
New Details Emerge on Windows Zero Day
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
European Commission: No Evidence of Issues With Kaspersky Products
https://www.securityweek.com/european-commission-no-evidence-issues-kaspersky-products
https://www.securityweek.com/european-commission-no-evidence-issues-kaspersky-products
Securityweek
European Commission: No Evidence of Issues With Kaspersky Products | SecurityWeek.Com
The European Commission has no evidence of issues associated with using Kaspersky Lab’s products, a document published this week reveals.
Actualizaciones críticas en Oracle (abril 2019)
Fecha de publicación: 17/04/2019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2019
Fecha de publicación: 17/04/2019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2019
INCIBE-CERT
Actualizaciones críticas en Oracle (abril 2019)
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
Malvertising Campaign Abused Chrome to Hijack 500 Million iOS User Sessions
https://www.bleepingcomputer.com/news/security/malvertising-campaign-abused-chrome-to-hijack-500-million-ios-user-sessions/
https://www.bleepingcomputer.com/news/security/malvertising-campaign-abused-chrome-to-hijack-500-million-ios-user-sessions/
BleepingComputer
Malvertising Campaign Abused Chrome to Hijack 500 Million iOS User Sessions
Multiple massive malvertising attacks which targeted iOS users from the U.S. and multiple European Union countries for almost a week used a Chrome for iOS vulnerability to bypass the browser's built-in pop-up blocker.
DNS Hijacking Abuses Trust In Core Internet Service
https://blog.talosintelligence.com/2019/04/seaturtle.html
https://blog.talosintelligence.com/2019/04/seaturtle.html
Cisco Talos Blog
DNS Hijacking Abuses Trust In Core Internet Service
By Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres.
Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance
Preface
This blog post discusses…
Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance
Preface
This blog post discusses…
Facebook uploaded 1.5 million people’s email contacts without permission
https://thenextweb.com/facebook/2019/04/18/facebook-uploaded-1-5-million-peoples-email-contacts-without-permission/amp/
https://thenextweb.com/facebook/2019/04/18/facebook-uploaded-1-5-million-peoples-email-contacts-without-permission/amp/
The Next Web
Facebook uploaded 1.5 million people’s email contacts without permission
Welcome to the newest episode of "Facebook screws up daily." it uploaded contact lists of over 1.5 million people since 2016, without their permission
New Variant of HawkEye Sold on Hacking Forums and Distributed via Excel and DOC Files
https://gbhackers.com/hawkeye-distributed-excel
https://gbhackers.com/hawkeye-distributed-excel
GBHackers On Security
New Variant of HawkEye Sold on Hacking Forums Delivered via Excel
Threat actors advertised a new version of the information stealer malware kit HawkEye Reborn v9 that exfiltrates various information
Drupal Releases Security Updates
Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/04/17/Drupal-Releases-Security-Updates
Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/04/17/Drupal-Releases-Security-Updates
www.us-cert.gov
Drupal Releases Security Updates | US-CERT
Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability
Vulnerable Products
This vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers that are running an affected version of Cisco IOS XR 64-bit Software and have the secondary management interface (physically MGT LAN 1 on the route switch processor (RSP)) connected and configured.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
Vulnerable Products
This vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers that are running an affected version of Cisco IOS XR 64-bit Software and have the secondary management interface (physically MGT LAN 1 on the route switch processor (RSP)) connected and configured.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
Cisco
Cisco Security Advisory: Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation…
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.
The…
The…
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
Cisco devices running a vulnerable Cisco IOS XE release are affected by this vulnerability when the following conditions are met:
The CMP subsystem is present on the Cisco IOS XE software image running on the device, and
The device is configured to accept incoming Telnet connections.
Details
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Cisco devices running a vulnerable Cisco IOS XE release are affected by this vulnerability when the following conditions are met:
The CMP subsystem is present on the Cisco IOS XE software image running on the device, and
The device is configured to accept incoming Telnet connections.
Details
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Cisco
Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.…
SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system.
To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system.
To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Cisco
Cisco Security Advisory: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.…