smbdoor
The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler.
https://github.com/zerosum0x0/smbdoor
The proof-of-concept smbdoor.sys driver is a silent remote backdoor that does not bind new sockets or perform function modification hooking. Instead it abuses undocumented APIs in srvnet.sys to register itself as a valid SMB handler.
https://github.com/zerosum0x0/smbdoor
Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43
https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43
Apache Tomcat Patches Important Remote Code Execution Flaw
Affected Tomcat Versions
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
Affected Tomcat Versions
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93
https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html
Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems
https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/
https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/
BleepingComputer
Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems
A Windows zero-day vulnerability which got patched by Microsoft as part of the company's April 2019 Patch Tuesday together with 73 other flaws could allow potential attackers to take full control of vulnerable systems.
Herramienta para implementar y detectar el uso de honeytokens en Active Directory.
https://www.gurudelainformatica.es/2019/03/herramienta-para-implementar-y-detectar.html
https://www.gurudelainformatica.es/2019/03/herramienta-para-implementar-y-detectar.html
DCEPT
DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory.
https://github.com/secureworks/dcept
DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory.
https://github.com/secureworks/dcept
GitHub
GitHub - secureworks/dcept: A tool for deploying and detecting use of Active Directory honeytokens
A tool for deploying and detecting use of Active Directory honeytokens - secureworks/dcept
New Details Emerge on Windows Zero Day
https://www.darkreading.com/vulnerabilities---threats/new-details-emerge-on-windows-zero-day/d/d-id/1334422
https://www.darkreading.com/vulnerabilities---threats/new-details-emerge-on-windows-zero-day/d/d-id/1334422
Dark Reading
New Details Emerge on Windows Zero Day
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
European Commission: No Evidence of Issues With Kaspersky Products
https://www.securityweek.com/european-commission-no-evidence-issues-kaspersky-products
https://www.securityweek.com/european-commission-no-evidence-issues-kaspersky-products
Securityweek
European Commission: No Evidence of Issues With Kaspersky Products | SecurityWeek.Com
The European Commission has no evidence of issues associated with using Kaspersky Lab’s products, a document published this week reveals.
Actualizaciones críticas en Oracle (abril 2019)
Fecha de publicación: 17/04/2019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2019
Fecha de publicación: 17/04/2019
Importancia: 5 - Crítica
Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-abril-2019
INCIBE-CERT
Actualizaciones críticas en Oracle (abril 2019)
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.
Malvertising Campaign Abused Chrome to Hijack 500 Million iOS User Sessions
https://www.bleepingcomputer.com/news/security/malvertising-campaign-abused-chrome-to-hijack-500-million-ios-user-sessions/
https://www.bleepingcomputer.com/news/security/malvertising-campaign-abused-chrome-to-hijack-500-million-ios-user-sessions/
BleepingComputer
Malvertising Campaign Abused Chrome to Hijack 500 Million iOS User Sessions
Multiple massive malvertising attacks which targeted iOS users from the U.S. and multiple European Union countries for almost a week used a Chrome for iOS vulnerability to bypass the browser's built-in pop-up blocker.
DNS Hijacking Abuses Trust In Core Internet Service
https://blog.talosintelligence.com/2019/04/seaturtle.html
https://blog.talosintelligence.com/2019/04/seaturtle.html
Cisco Talos Blog
DNS Hijacking Abuses Trust In Core Internet Service
By Danny Adamitis, David Maynor, Warren Mercer, Matthew Olney and Paul Rascagneres.
Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance
Preface
This blog post discusses…
Update 4/18: A correction has been made to our research based on feedback from Packet Clearing House, we thank them for their assistance
Preface
This blog post discusses…
Facebook uploaded 1.5 million people’s email contacts without permission
https://thenextweb.com/facebook/2019/04/18/facebook-uploaded-1-5-million-peoples-email-contacts-without-permission/amp/
https://thenextweb.com/facebook/2019/04/18/facebook-uploaded-1-5-million-peoples-email-contacts-without-permission/amp/
The Next Web
Facebook uploaded 1.5 million people’s email contacts without permission
Welcome to the newest episode of "Facebook screws up daily." it uploaded contact lists of over 1.5 million people since 2016, without their permission
New Variant of HawkEye Sold on Hacking Forums and Distributed via Excel and DOC Files
https://gbhackers.com/hawkeye-distributed-excel
https://gbhackers.com/hawkeye-distributed-excel
GBHackers On Security
New Variant of HawkEye Sold on Hacking Forums Delivered via Excel
Threat actors advertised a new version of the information stealer malware kit HawkEye Reborn v9 that exfiltrates various information
Drupal Releases Security Updates
Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/04/17/Drupal-Releases-Security-Updates
Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/04/17/Drupal-Releases-Security-Updates
www.us-cert.gov
Drupal Releases Security Updates | US-CERT
Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability
Vulnerable Products
This vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers that are running an affected version of Cisco IOS XR 64-bit Software and have the secondary management interface (physically MGT LAN 1 on the route switch processor (RSP)) connected and configured.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
Vulnerable Products
This vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers that are running an affected version of Cisco IOS XR 64-bit Software and have the secondary management interface (physically MGT LAN 1 on the route switch processor (RSP)) connected and configured.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
Cisco
Cisco Security Advisory: Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation…
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.
The…
The…
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
Cisco devices running a vulnerable Cisco IOS XE release are affected by this vulnerability when the following conditions are met:
The CMP subsystem is present on the Cisco IOS XE software image running on the device, and
The device is configured to accept incoming Telnet connections.
Details
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Cisco devices running a vulnerable Cisco IOS XE release are affected by this vulnerability when the following conditions are met:
The CMP subsystem is present on the Cisco IOS XE software image running on the device, and
The device is configured to accept incoming Telnet connections.
Details
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Cisco
Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.…
SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system.
To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system.
To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Cisco
Cisco Security Advisory: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.…
Forwarded from Una al día
Scranos: Descubierto nuevo spyware con capacidades de rootkit
https://unaaldia.hispasec.com/2019/04/scranos-descubierto-nuevo-spyware-con-capacidades-de-rootkit.html
https://unaaldia.hispasec.com/2019/04/scranos-descubierto-nuevo-spyware-con-capacidades-de-rootkit.html
Una al Día
Scranos: Descubierto nuevo spyware con capacidades de rootkit
El malware, bautizado como Scranos fue descubierto por primera vez el año pasado, está en constante evolución con continuas mejoras, lo que lo convierte en una amenaza significativa. Scranos se distribuye principalmente en páginas de descargas como software…
Google Bans Embedded Browser Logins In Brutal War Against Phishing Attacks
https://www.hothardware.com/news/google-bans-embedded-browser-logins-war-phishing-attacks
https://www.hothardware.com/news/google-bans-embedded-browser-logins-war-phishing-attacks
HotHardware
Google Bans Embedded Browser Logins In Brutal War Against Phishing Attacks
In an ongoing effort to stay one step ahead of the bad guys (or at least keep pace with them), Google has decided to block sign-ins from embedded browser frameworks, such as the Chromium Embedded Framework (CEF).
Some internet outages predicted for the coming month as '768k Day' approaches
768k Day expected within the month, reminiscent of 512k Day when AT&T, BT, Comcast, Sprint, and Verizon all went down.
https://www.zdnet.com/article/some-internet-outages-predicted-for-the-coming-month-as-768k-day-approaches/
768k Day expected within the month, reminiscent of 512k Day when AT&T, BT, Comcast, Sprint, and Verizon all went down.
https://www.zdnet.com/article/some-internet-outages-predicted-for-the-coming-month-as-768k-day-approaches/
ZDNet
Some internet outages predicted for the coming month as '768k Day' approaches
768k Day expected within the month, reminiscent of 512k Day when AT&T, BT, Comcast, Sprint, and Verizon all went down.