Múltiples vulnerabilidades en productos de Netgear

Fecha de publicación: 31/05/2019
Importancia: 4 - Alta

Descripción: 
Netgear ha publicado 13 avisos de seguridad que afectan a sus productos, uno de ellos de severidad alta.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-6

Microsoft warns users to patch as exploits for ‘wormable’ BlueKeep bug appear

https://techcrunch.com/2019/05/31/microsoft-bluekeep-worm-exploits/

Apple Releases Security Updates for AirPort Extreme, AirPort Time Capsule

https://seclists.org/cert/2019/120

Ya llega BlueKeep... aka ejecución remota de código en RDP

https://www.hackplayers.com/2019/05/ya-llega-bluekeep-rce-en-rdp.html

Las 3 aplicaciones para hacer OSINT a un correo electrónico en España

https://blog.quantika14.com/blog/2019/05/28/las-3-aplicaciones-para-hacer-osint-a-un-correo-electronico-en-espana/

How to Set Up an #SSH Server with #Tor to Hide It from #Shodan & Hackers

The next libSSH or OpenSSH exploit may be just around the corner. Keep your SSH service out of Shodan's database before hackers find new ways to bypass the password protecting the server.

Shodan has been called the “ hacker’s search engine” because it’s literally a searchable database of internet-connected devices and servers. It allows anyone to search for webcams, routers, servers, Raspberry Pis, traffic lights, point of sale systems, industrial control systems, and much more.

https://medium.com/@NullByteWht/how-to-set-up-an-ssh-server-with-tor-to-hide-it-from-shodan-hackers-eda93927a742

How #WhatsApp was Hacked by Exploiting a Buffer Overflow Security Flaw

https://blog.adversary.io/whatsapp-hack/

Múltiples vulnerabilidades en HPE Smart Update Manager

Fecha de publicación: 03/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
HPE Smart Update Manager (SUM) versiones anteriores a la 8.4

Descripción: 
HPE ha publicado dos vulnerabilidades, de tipo escalada de privilegios locales sin autorización y acceso remoto no autorizado en su producto HPE Smart Update Manager (SUM).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-hpe-smart-update-manager

Múltiples vulnerabilidades en Intelligent Operations Center de IBM

Fecha de publicación: 03/06/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM® Intelligent Operations Center, versiones desde 5.1.0 hasta 5.2.0
IBM® Intelligent Operations Center para Emergency Management, versiones desde 5.1.0 hasta 5.1.0.6
IBM® Water Operations para Waternamics, versiones desde 5.1.0 hasta 5.2.1.1

Descripción: 
Se han publicado dos vulnerabilidades de tipo denegación de servicio y validación incorrecta de archivos en Intelligent Operations Center (IOC).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-intelligent-operations-center-ibm

Evasión de autenticación en IBM PureApplication System

Fecha de publicación: 04/06/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM PureApplication System versiones:
2.2.3.0
2.2.3.1
2.2.3.2
2.2.4.0
2.2.5.0
2.2.5.1
2.2.5.2
2.2.5.3

Descripción: 
IBM ha publicado una vulnerabilidad que afecta a su producto PureApplication System y que podría permitir obtener acceso de administrador.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/evasion-autenticacion-ibm-pureapplication-system

Múltiples vulnerabilidades en Dell EMC OpenManage System Administrator (OMSA)

Fecha de publicación: 04/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
Dell EMC OpenManage System Administrator (OMSA):
versiones anteriores a 9.1.0.3
versiones anteriores a 9.2.0.4

Descripción: 
Dell ha publicado dos vulnerabilidades: una de severidad crítica, del tipo manipulación de parámetros web; y otra de severidad alta, que consiste en una inyección XXE (XML External Entity).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-dell-emc-openmanage-system-administrator

UCAM CTF Forense — Like old school

https://www.securityartwork.es/2019/05/31/ucam-ctf-forense-like-old-school/

UCAM CTF Forense — Like old school II

https://www.securityartwork.es/2019/06/04/ucam-ctf-forense-like-old-school-ii/

LibreNMS addhost Command Injection

https://packetstormsecurity.com/files/153188/librenms_addhost_cmd_inject.rb.txt

Even the NSA is urging #Windows users to patch #BlueKeep (CVE-2019-0708)

NSA issues ominous security advisory after Microsoft published two similar warnings last month.

https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/

#Microsoft #Windows #RDP Network Level Authentication can bypass the Windows lock screen

Vulnerability Note VU#576688

https://kb.cert.org/vuls/id/576688/

#MetaSploit Module Created for #BlueKeep Flaw, Private for Now

A researcher has created a module for the Metasploit penetration testing framework that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution.

https://www.bleepingcomputer.com/news/security/metasploit-module-created-for-bluekeep-flaw-private-for-now/

#Google Releases Security Update for #Chrome

Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/06/04/Google-Releases-Security-Update-Chrome

NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of #Windows

https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865726/nsa-cybersecurity-advisory-patch-remote-desktop-services-on-legacy-versions-of/

Remote Desktop #ZeroDay Bug Allows Attackers to Hijack Sessions

A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.

The flaw can be exploited to bypass the lock screen of a #Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.

https://www.bleepingcomputer.com/news/security/remote-desktop-zero-day-bug-allows-attackers-to-hijack-sessions/

Export corrupts #Windows Event Log files

Exported .evtx files may contain corrupted data – Check interpretation of #forensic tools.

https://blog.fox-it.com/2019/06/04/export-corrupts-windows-event-log-files/

Vulnerabilidades SQLi y CSRF en phpMyAdmin

Fecha de publicación: 05/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
Las versiones de phpMyAdmin anteriores a 4.8.6 (CVE-2019-11768)
Todas las versiones de phpMyAdmin anteriores a 4.9.0, al menos desde la versión 4.0 (CVE-2019-12616)

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-sqli-y-csrf-phpmyadmin