Even the NSA is urging #Windows users to patch #BlueKeep (CVE-2019-0708)
NSA issues ominous security advisory after Microsoft published two similar warnings last month.
https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/
NSA issues ominous security advisory after Microsoft published two similar warnings last month.
https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/
ZDNet
Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)
NSA issues ominous security advisory after Microsoft published two similar warnings last month.
#Microsoft #Windows #RDP Network Level Authentication can bypass the Windows lock screen
Vulnerability Note VU#576688
https://kb.cert.org/vuls/id/576688/
Vulnerability Note VU#576688
https://kb.cert.org/vuls/id/576688/
kb.cert.org
CERT/CC Vulnerability Note VU#576688
Microsoft Windows RDP can bypass the Windows lock screen
#MetaSploit Module Created for #BlueKeep Flaw, Private for Now
A researcher has created a module for the Metasploit penetration testing framework that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution.
https://www.bleepingcomputer.com/news/security/metasploit-module-created-for-bluekeep-flaw-private-for-now/
A researcher has created a module for the Metasploit penetration testing framework that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution.
https://www.bleepingcomputer.com/news/security/metasploit-module-created-for-bluekeep-flaw-private-for-now/
BleepingComputer
MetaSploit Module Created for BlueKeep Flaw, Private for Now
A researcher has created a module for the Metasploit Framework for penetration testing that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution.
#Google Releases Security Update for #Chrome
Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/06/04/Google-Releases-Security-Update-Chrome
Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/06/04/Google-Releases-Security-Update-Chrome
www.us-cert.gov
Google Releases Security Update for Chrome | US-CERT
Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of #Windows
https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865726/nsa-cybersecurity-advisory-patch-remote-desktop-services-on-legacy-versions-of/
https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1865726/nsa-cybersecurity-advisory-patch-remote-desktop-services-on-legacy-versions-of/
www.nsa.gov
News & Features
NSA News and Features
Remote Desktop #ZeroDay Bug Allows Attackers to Hijack Sessions
A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
The flaw can be exploited to bypass the lock screen of a #Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.
https://www.bleepingcomputer.com/news/security/remote-desktop-zero-day-bug-allows-attackers-to-hijack-sessions/
A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
The flaw can be exploited to bypass the lock screen of a #Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.
https://www.bleepingcomputer.com/news/security/remote-desktop-zero-day-bug-allows-attackers-to-hijack-sessions/
BleepingComputer
Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions
A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
Export corrupts #Windows Event Log files
Exported .evtx files may contain corrupted data – Check interpretation of #forensic tools.
https://blog.fox-it.com/2019/06/04/export-corrupts-windows-event-log-files/
Exported .evtx files may contain corrupted data – Check interpretation of #forensic tools.
https://blog.fox-it.com/2019/06/04/export-corrupts-windows-event-log-files/
Fox-IT International blog
Export corrupts Windows Event Log files
Exported .evtx files may contain corrupted data – Check interpretation of forensic tools. Author: Jeffrey Wassenaar Introduction As forensic investigators, we truly love log files. During the…
Vulnerabilidades SQLi y CSRF en phpMyAdmin
Fecha de publicación: 05/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Las versiones de phpMyAdmin anteriores a 4.8.6 (CVE-2019-11768)
Todas las versiones de phpMyAdmin anteriores a 4.9.0, al menos desde la versión 4.0 (CVE-2019-12616)
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-sqli-y-csrf-phpmyadmin
Fecha de publicación: 05/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Las versiones de phpMyAdmin anteriores a 4.8.6 (CVE-2019-11768)
Todas las versiones de phpMyAdmin anteriores a 4.9.0, al menos desde la versión 4.0 (CVE-2019-12616)
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-sqli-y-csrf-phpmyadmin
INCIBE-CERT
Vulnerabilidades SQLi y CSRF en phpMyAdmin
Se han encontrado dos vulnerabilidades una de ellas crítica en phpMyAdmin: William Desportes, miembro del equipo de phpMyAdmin, ha reportado una vulnerabilidad del tipo Inyección de SQL en la función Designer. Mauro Tempesta encontró una vulnerabilidad calificada…
Vulnerabilidad en Jazz for Service Management (JazzSM) de IBM
Fecha de publicación: 05/06/2019
Importancia: 4 - Alta
Recursos afectados:
Jazz for Service Management (JazzSM), versiones 1.1.3 - 1.1.3.2
Descripción:
IBM ha publicado una vulnerabilidad que afecta a su producto Jazz for Service Management (JazzSM) que podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-jazz-service-management-jazzsm-ibm
Fecha de publicación: 05/06/2019
Importancia: 4 - Alta
Recursos afectados:
Jazz for Service Management (JazzSM), versiones 1.1.3 - 1.1.3.2
Descripción:
IBM ha publicado una vulnerabilidad que afecta a su producto Jazz for Service Management (JazzSM) que podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-jazz-service-management-jazzsm-ibm
INCIBE-CERT
Vulnerabilidad en Jazz for Service Management (JazzSM) de IBM
IBM ha publicado una vulnerabilidad que afecta a su producto Jazz for Service Management (JazzSM) que podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto.
#Cisco Industrial Network Director Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce
Cisco
Cisco Security Advisory: Cisco Industrial Network Director Remote Code Execution Vulnerability
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code.
The vulnerability is due to improper validation of files uploaded to the affected application. An…
The vulnerability is due to improper validation of files uploaded to the affected application. An…
Build an easy #RDP #Honeypot with #Raspberry PI 3 and observe the infamous attacks as ( #BlueKeep ) CVE-2019–0708
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or perhaps the bad guys trying to exploit the new attack called (BlueKeep) CVE-2019–0708 ? Inspect the traffic and setup your own honeypot with RP3.
https://medium.com/@alt3kx/build-an-easy-rdp-honeypot-with-raspberry-pi-3-and-observe-the-infamous-attacks-as-bluekeep-29a167f78cc1
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or perhaps the bad guys trying to exploit the new attack called (BlueKeep) CVE-2019–0708 ? Inspect the traffic and setup your own honeypot with RP3.
https://medium.com/@alt3kx/build-an-easy-rdp-honeypot-with-raspberry-pi-3-and-observe-the-infamous-attacks-as-bluekeep-29a167f78cc1
Medium
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or…
New #RCE vulnerability impacts nearly half of the internet's email servers
#Exim vulnerability lets attackers run commands as #root on remote email servers.
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
#Exim vulnerability lets attackers run commands as #root on remote email servers.
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
ZDNet
New RCE vulnerability impacts nearly half of the internet's email servers
Exim vulnerability lets attackers run commands as root on remote email servers.
DoS y ejecución remota de código en varios productos de Cisco
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
Expressway Series configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
TelePresence VCS configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
Unified Communications Manager IM&P Service, versiones:
10.5(2)
11.5(1)
12.0(1)
Cisco Industrial Network Director, versiones anteriores a 1.6.0
Descripción:
Cisco ha publicado una vulnerabilidad de denegación de servicio y otra de ejecución arbitraria de código que afectan a varios de sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/dos-y-ejecucion-remota-codigo-varios-productos-cisco
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
Expressway Series configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
TelePresence VCS configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
Unified Communications Manager IM&P Service, versiones:
10.5(2)
11.5(1)
12.0(1)
Cisco Industrial Network Director, versiones anteriores a 1.6.0
Descripción:
Cisco ha publicado una vulnerabilidad de denegación de servicio y otra de ejecución arbitraria de código que afectan a varios de sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/dos-y-ejecucion-remota-codigo-varios-productos-cisco
INCIBE-CERT
DoS y ejecución remota de código en varios productos de Cisco
Cisco ha publicado una vulnerabilidad de denegación de servicio y otra de ejecución arbitraria de código que afectan a varios de sus productos.
Múltiples vulnerabilidades en productos VMware
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
VMware Tools en Windows versión 10.x
VMware Workstation Pro / Player en Linux versión 15.x
Descripción:
VMware ha publicado una vulnerabilidad de lectura fuera de límites en VMware Tools y otra de uso de memoria después de liberación en Workstation.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-9
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
VMware Tools en Windows versión 10.x
VMware Workstation Pro / Player en Linux versión 15.x
Descripción:
VMware ha publicado una vulnerabilidad de lectura fuera de límites en VMware Tools y otra de uso de memoria después de liberación en Workstation.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-9
INCIBE-CERT
Múltiples vulnerabilidades en productos VMware
VMware ha publicado una vulnerabilidad de lectura fuera de límites en VMware Tools y otra de uso de memoria después de liberación en Workstation.
RDPStrip: Cómo atacar Remote Desktop Protocol en Windows. Nota: Activa Network Level Authentication a.s.a.p.!
Sabemos que estamos ante el año del RDP/RDScomo elemento vulnerable y BlueKeep nos lo recuerda cada día, ante la amenaza de un nuevo EternalBlue. Pero BlueKeep no es la única amenaza a la que se enfrenta el RDP/RDS. Recuperando algunos ejemplos del pasado, que siguen siendo válidos hoy en día, vemos la herramienta Seth o el script RDPStrip.
http://www.elladodelmal.com/2019/06/rdpstrip-como-atacar-remote-desktop.html
Sabemos que estamos ante el año del RDP/RDScomo elemento vulnerable y BlueKeep nos lo recuerda cada día, ante la amenaza de un nuevo EternalBlue. Pero BlueKeep no es la única amenaza a la que se enfrenta el RDP/RDS. Recuperando algunos ejemplos del pasado, que siguen siendo válidos hoy en día, vemos la herramienta Seth o el script RDPStrip.
http://www.elladodelmal.com/2019/06/rdpstrip-como-atacar-remote-desktop.html
Elladodelmal
RDPStrip: Cómo atacar Remote Desktop Protocol en Windows. Nota: Activa Network Level Authentication a.s.a.p.!
Blog personal de Chema Alonso (CDO Telefónica, 0xWord, MyPublicInbox, Singularity Hackers) sobre seguridad, hacking, hackers y Cálico Electrónico.
Bug Breaks #IExplorer 11 on Some #Windows10 Versions
https://www.bleepingcomputer.com/news/microsoft/bug-breaks-internet-explorer-11-on-some-windows-10-versions/
https://www.bleepingcomputer.com/news/microsoft/bug-breaks-internet-explorer-11-on-some-windows-10-versions/
BleepingComputer
Bug Breaks Internet Explorer 11 on Some Windows 10 Versions
The latest updates for Windows 10 version 1809 and Windows Server 2019 could prevent Internet Explorer 11 from launching if there is no default search provider or a malformed one is configured for the browser.
#Windows10 zero-day details published on GitHub
SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and #Server2019.
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/
SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and #Server2019.
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/
ZDNet
Windows 10 zero-day details published on GitHub
SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and Server 2019.
New Brute-Force #Botnet Targeting Over 1.5 Million #RDP Servers Worldwide
https://thehackernews.com/2019/06/windows-rdp-brute-force.html
https://thehackernews.com/2019/06/windows-rdp-brute-force.html
Execution Trace Viewer
Execution Trace Viewer is an application for viewing, editing and analyzing execution traces. It was originally made for reverse engineering obfuscated code, but it can be used to analyze any kind of execution trace.
https://github.com/teemu-l/execution-trace-viewer
Execution Trace Viewer is an application for viewing, editing and analyzing execution traces. It was originally made for reverse engineering obfuscated code, but it can be used to analyze any kind of execution trace.
https://github.com/teemu-l/execution-trace-viewer
GitHub
GitHub - teemu-l/execution-trace-viewer: Tool for viewing and analyzing execution traces
Tool for viewing and analyzing execution traces. Contribute to teemu-l/execution-trace-viewer development by creating an account on GitHub.