Vulnerabilidad en Jazz for Service Management (JazzSM) de IBM
Fecha de publicación: 05/06/2019
Importancia: 4 - Alta
Recursos afectados:
Jazz for Service Management (JazzSM), versiones 1.1.3 - 1.1.3.2
Descripción:
IBM ha publicado una vulnerabilidad que afecta a su producto Jazz for Service Management (JazzSM) que podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-jazz-service-management-jazzsm-ibm
Fecha de publicación: 05/06/2019
Importancia: 4 - Alta
Recursos afectados:
Jazz for Service Management (JazzSM), versiones 1.1.3 - 1.1.3.2
Descripción:
IBM ha publicado una vulnerabilidad que afecta a su producto Jazz for Service Management (JazzSM) que podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-jazz-service-management-jazzsm-ibm
INCIBE-CERT
Vulnerabilidad en Jazz for Service Management (JazzSM) de IBM
IBM ha publicado una vulnerabilidad que afecta a su producto Jazz for Service Management (JazzSM) que podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redireccionamiento abierto.
#Cisco Industrial Network Director Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce
Cisco
Cisco Security Advisory: Cisco Industrial Network Director Remote Code Execution Vulnerability
A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code.
The vulnerability is due to improper validation of files uploaded to the affected application. An…
The vulnerability is due to improper validation of files uploaded to the affected application. An…
Build an easy #RDP #Honeypot with #Raspberry PI 3 and observe the infamous attacks as ( #BlueKeep ) CVE-2019–0708
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or perhaps the bad guys trying to exploit the new attack called (BlueKeep) CVE-2019–0708 ? Inspect the traffic and setup your own honeypot with RP3.
https://medium.com/@alt3kx/build-an-easy-rdp-honeypot-with-raspberry-pi-3-and-observe-the-infamous-attacks-as-bluekeep-29a167f78cc1
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or perhaps the bad guys trying to exploit the new attack called (BlueKeep) CVE-2019–0708 ? Inspect the traffic and setup your own honeypot with RP3.
https://medium.com/@alt3kx/build-an-easy-rdp-honeypot-with-raspberry-pi-3-and-observe-the-infamous-attacks-as-bluekeep-29a167f78cc1
Medium
Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
Last weeks a big activity on networks trying to attack RDP service , maybe a botnets looking an infected “zombies” on RDP services or…
New #RCE vulnerability impacts nearly half of the internet's email servers
#Exim vulnerability lets attackers run commands as #root on remote email servers.
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
#Exim vulnerability lets attackers run commands as #root on remote email servers.
https://www.zdnet.com/article/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers/
ZDNet
New RCE vulnerability impacts nearly half of the internet's email servers
Exim vulnerability lets attackers run commands as root on remote email servers.
DoS y ejecución remota de código en varios productos de Cisco
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
Expressway Series configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
TelePresence VCS configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
Unified Communications Manager IM&P Service, versiones:
10.5(2)
11.5(1)
12.0(1)
Cisco Industrial Network Director, versiones anteriores a 1.6.0
Descripción:
Cisco ha publicado una vulnerabilidad de denegación de servicio y otra de ejecución arbitraria de código que afectan a varios de sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/dos-y-ejecucion-remota-codigo-varios-productos-cisco
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
Expressway Series configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
TelePresence VCS configurado para acceso móvil y remoto con IM&P Service, versiones desde X8.1 hasta X12.5.2
Unified Communications Manager IM&P Service, versiones:
10.5(2)
11.5(1)
12.0(1)
Cisco Industrial Network Director, versiones anteriores a 1.6.0
Descripción:
Cisco ha publicado una vulnerabilidad de denegación de servicio y otra de ejecución arbitraria de código que afectan a varios de sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/dos-y-ejecucion-remota-codigo-varios-productos-cisco
INCIBE-CERT
DoS y ejecución remota de código en varios productos de Cisco
Cisco ha publicado una vulnerabilidad de denegación de servicio y otra de ejecución arbitraria de código que afectan a varios de sus productos.
Múltiples vulnerabilidades en productos VMware
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
VMware Tools en Windows versión 10.x
VMware Workstation Pro / Player en Linux versión 15.x
Descripción:
VMware ha publicado una vulnerabilidad de lectura fuera de límites en VMware Tools y otra de uso de memoria después de liberación en Workstation.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-9
Fecha de publicación: 06/06/2019
Importancia: 4 - Alta
Recursos afectados:
VMware Tools en Windows versión 10.x
VMware Workstation Pro / Player en Linux versión 15.x
Descripción:
VMware ha publicado una vulnerabilidad de lectura fuera de límites en VMware Tools y otra de uso de memoria después de liberación en Workstation.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-9
INCIBE-CERT
Múltiples vulnerabilidades en productos VMware
VMware ha publicado una vulnerabilidad de lectura fuera de límites en VMware Tools y otra de uso de memoria después de liberación en Workstation.
RDPStrip: Cómo atacar Remote Desktop Protocol en Windows. Nota: Activa Network Level Authentication a.s.a.p.!
Sabemos que estamos ante el año del RDP/RDScomo elemento vulnerable y BlueKeep nos lo recuerda cada día, ante la amenaza de un nuevo EternalBlue. Pero BlueKeep no es la única amenaza a la que se enfrenta el RDP/RDS. Recuperando algunos ejemplos del pasado, que siguen siendo válidos hoy en día, vemos la herramienta Seth o el script RDPStrip.
http://www.elladodelmal.com/2019/06/rdpstrip-como-atacar-remote-desktop.html
Sabemos que estamos ante el año del RDP/RDScomo elemento vulnerable y BlueKeep nos lo recuerda cada día, ante la amenaza de un nuevo EternalBlue. Pero BlueKeep no es la única amenaza a la que se enfrenta el RDP/RDS. Recuperando algunos ejemplos del pasado, que siguen siendo válidos hoy en día, vemos la herramienta Seth o el script RDPStrip.
http://www.elladodelmal.com/2019/06/rdpstrip-como-atacar-remote-desktop.html
Elladodelmal
RDPStrip: Cómo atacar Remote Desktop Protocol en Windows. Nota: Activa Network Level Authentication a.s.a.p.!
Blog personal de Chema Alonso (CDO Telefónica, 0xWord, MyPublicInbox, Singularity Hackers) sobre seguridad, hacking, hackers y Cálico Electrónico.
Bug Breaks #IExplorer 11 on Some #Windows10 Versions
https://www.bleepingcomputer.com/news/microsoft/bug-breaks-internet-explorer-11-on-some-windows-10-versions/
https://www.bleepingcomputer.com/news/microsoft/bug-breaks-internet-explorer-11-on-some-windows-10-versions/
BleepingComputer
Bug Breaks Internet Explorer 11 on Some Windows 10 Versions
The latest updates for Windows 10 version 1809 and Windows Server 2019 could prevent Internet Explorer 11 from launching if there is no default search provider or a malformed one is configured for the browser.
#Windows10 zero-day details published on GitHub
SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and #Server2019.
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/
SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and #Server2019.
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/
ZDNet
Windows 10 zero-day details published on GitHub
SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and Server 2019.
New Brute-Force #Botnet Targeting Over 1.5 Million #RDP Servers Worldwide
https://thehackernews.com/2019/06/windows-rdp-brute-force.html
https://thehackernews.com/2019/06/windows-rdp-brute-force.html
Execution Trace Viewer
Execution Trace Viewer is an application for viewing, editing and analyzing execution traces. It was originally made for reverse engineering obfuscated code, but it can be used to analyze any kind of execution trace.
https://github.com/teemu-l/execution-trace-viewer
Execution Trace Viewer is an application for viewing, editing and analyzing execution traces. It was originally made for reverse engineering obfuscated code, but it can be used to analyze any kind of execution trace.
https://github.com/teemu-l/execution-trace-viewer
GitHub
GitHub - teemu-l/execution-trace-viewer: Tool for viewing and analyzing execution traces
Tool for viewing and analyzing execution traces. Contribute to teemu-l/execution-trace-viewer development by creating an account on GitHub.
#Microsoft warns about email #spam campaign abusing #Office vulnerability
Dangerous spam campaign targets European users with backdoor trojan.
https://www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
Dangerous spam campaign targets European users with backdoor trojan.
https://www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
ZDNet
Microsoft warns about email spam campaign abusing Office vulnerability
Dangerous spam campaign targets European users with backdoor trojan.
#VLC 3.0.7 is Biggest Security Release Due to EU #Bounty Program
VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA #bugbounty program.
https://www.bleepingcomputer.com/news/software/vlc-307-is-biggest-security-release-due-to-eu-bounty-program/
VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA #bugbounty program.
https://www.bleepingcomputer.com/news/software/vlc-307-is-biggest-security-release-due-to-eu-bounty-program/
BleepingComputer
VLC 3.0.7 is Biggest Security Release Due to EU Bounty Program
VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA bug bounty program.
#Exim 4.9.1 #RCE Remote Command Execution
Qualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.
https://packetstormsecurity.com/files/153218/QSA-CVE-2019-10149.txt
Qualys discovered a remote command execution vulnerability in Exim versions 4.87 to 4.91.
https://packetstormsecurity.com/files/153218/QSA-CVE-2019-10149.txt
Packetstormsecurity
Exim 4.9.1 Remote Command Execution ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Los canales públicos de Telegram vía web desde el 1 de junio, sin necesidad de aplicación:
https://t.me/s/sysadmin24x7
https://t.me/s/sysadmin24x7
Forwarded from Una al día
Nueva Botnet ataca mediante fuerza bruta servidores RDP
https://unaaldia.hispasec.com/2019/06/nueva-botnet-ataca-mediante-fuerza-bruta-servidores-rdp.html
https://unaaldia.hispasec.com/2019/06/nueva-botnet-ataca-mediante-fuerza-bruta-servidores-rdp.html
Una al Día
Nueva Botnet ataca mediante fuerza bruta servidores RDP — Una al Día
Investigadores de seguridad han descubierto una botnet que está llevando a cabo una campaña de fuerza bruta contra mas de un millón y medio de servidores RDP públicamente accesibles desde Internet.…
#Adobe Issues Critical Patches for ColdFusion, #FlashPlayer, Campaign Software
Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign.
https://thehackernews.com/2019/06/adobe-patch-june.html
Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign.
https://thehackernews.com/2019/06/adobe-patch-june.html
#Microsoft June 2019 Patch Tuesday fixes many of #SandboxEscaper zero-days
Microsoft patches four of five zero-days published by SandboxEscaper.
https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/
Microsoft patches four of five zero-days published by SandboxEscaper.
https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/
ZDNet
Microsoft's June 2019 Patch Tuesday fixes many of SandboxEscaper's zero-days
Microsoft patches four of five zero-days published by SandboxEscaper.
Bad Cert Vulnerability Can Bring Down Any #WindowsServer
A Google security expert today revealed that an unpatched issue in the main cryptographic library of Microsoft's operating system can cause a denial-of-service ( #DoS ) condition in Windows 8 servers and above.
https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-bring-down-any-windows-server/
A Google security expert today revealed that an unpatched issue in the main cryptographic library of Microsoft's operating system can cause a denial-of-service ( #DoS ) condition in Windows 8 servers and above.
https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-bring-down-any-windows-server/
BleepingComputer
Bad Cert Vulnerability Can Bring Down Any Windows Server
A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsoft's operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above.
#Microsoft #NTLM Flaws Expose All Windows Machines to RCE Attacks
Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version.
https://www.bleepingcomputer.com/news/security/microsoft-ntlm-flaws-expose-all-windows-machines-to-rce-attacks/
Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version.
https://www.bleepingcomputer.com/news/security/microsoft-ntlm-flaws-expose-all-windows-machines-to-rce-attacks/
BleepingComputer
Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks
Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version.