Múltiples vulnerabilidades en productos #Intel

Fecha de publicación: 12/06/2019
Importancia: 4 - Alta

Recursos afectados: 
Intel® Accelerated Storage Manager en Intel® RSTe, versiones anteriores a 5.5.0.2015
Intel® RAID Web Console 3 para Windows, versión 4.186 y anteriores
Intel® NUC Kit, consultar el apartado referencias para ver las versiones afectadas
Intel® Compute Card, consultar el apartado referencias para ver las versiones afectadas
Intel® Compute Stick, consultar el apartado referencias para ver las versiones afectadas
Open CIT y OpenAttestation, todas las versiones
Intel® Omni-Path Fabric Manager GUI, versiones anteriores a 10.9.2.1.1
Intel® PROSet/Wireless WiFi Software, versiones anteriores a 21.10 para Microsoft Windows 7, 8.1 y 10
Intel® Turbo Boost Max Technology 3.0 driver, versión 1.0.0.1035 y anteriores
Intel® SGX Linux client driver, versiones anteriores a 2.5
Intel® SGX DCAP Linux driver, versiones anteriores a 1.1
ITE Tech* Consumer Infrared Driver para Windows 10, versiones anteriores a 5.4.3.0
Intel® Chipset Device Software (INF Update Utility), versiones anteriores a 10.1.1.45

Descripción: 
Intel ha publicado múltiples vulnerabilidades que afectan a varios de sus productos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-intel-10

Boletín de seguridad de #Microsoft de junio de 2019

Fecha de publicación: 12/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
Adobe Flash Player
Microsoft Windows
Internet Explorer
Microsoft Edge
Microsoft Office y Microsoft Office Services y Web Apps
ChakraCore
Skype para Business y Microsoft Lync
Microsoft Exchange Server
Azure

Descripción: 
La publicación de actualizaciones de seguridad de Microsoft de este mes consta de 87 vulnerabilidades, 21 clasificadas como críticas y 66 como importantes.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-junio-2019

Actualización de seguridad de #SAP de junio de 2019

Fecha de publicación: 12/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
SAP Business Client, versión 6.5
Solution Manager, versión 7.2
SAP E-Commerce (Business-to-Consumer application), versiones: SAP-CRMJAV, SAP-CRMWEB, SAP-SHRWEB, SAP-SHRJAV, SAP-CRMAPP, SAP-SHRAPP 7.30, 7.31, 7.32, 7.33, 7.54
SAP R/3 Enterprise Application, versiones: EA-APPL  600, 602, 603, 604, 605, 606, 616, 617
SAP BusinessObjects Business Intelligence Platform (Administration Console), versiones 4.2, 4.3
SAP NetWeaver Process Integration (PI Integration Builder Web UI), versiones: SAP_XIESR: 7.10 hasta 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; SAP_XITOOL: 7.10 hasta 7.11, 7.30, 7.31, 7.40, 7.50, SAP_XIPCK 7.10 hasta 7.11, 7.20, 7.3
SAP Work Manager and SAP Inventory Manager, versiones SAP Work Manager 6.3.0, 6.4.0, 6.5 
SAP NetWeaver AS ABAP Platform, versiones KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73
SAP NetWeaver Process Integration, versiones SAP_XIESR: 7.10 hasta 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; SAP_XITOOL: 7.10 hasta 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
SAP HANA Extended Application Services (advanced model), versión 1
SAP Enterprise Financial Services, versiones SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20

Descripción: 
SAP ha publicado varias actualizaciones de seguridad de diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-junio-2019

Actualización de seguridad de #Joomla!

Fecha de publicación: 12/06/2019
Importancia: Baja

Recursos afectados
Joomla! CMS, versiones desde 3.6.0 hasta 3.9.6.

Descripción
Joomla! ha publicado dos nuevas versiones, la 3.9.8 y la 3.9.7, incluyendo en esta última la solución de tres vulnerabilidades de criticidad baja en su núcleo.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla

Coding a reliable CVE-2019-084 bypass

https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html

Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication

https://blog.preempt.com/your-session-key-is-my-session-key

#Sysmon 10.0 - New features and changes

Mark Russinovich released a new version of Sysmon, raising it to 10.0, and this is a great upgrade!


https://medium.com/@olafhartong/sysmon-10-0-new-features-and-changes-e82106f2e00

#Cisco Releases Security Update for Cisco IOS XE

Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

https://www.us-cert.gov/ncas/current-activity/2019/06/12/Cisco-Releases-Security-Update-Cisco-IOS-XE

#Exim Mail Server Remote Code Execution (CVE-2019-10149)

Severity:Critical

Who is Vulnerable?
Exim Mail Server versions 4.87 to 4.91 (inclusive)

Vulnerability Description:
A remote code execution vulnerability exists in Exim Mail Server. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation could result in execution of arbitrary code on the affected system.

https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0743.html

#Apple ha lanzado una actualización de seguridad para sus #Airport Base Stations

https://www.seguridadapple.com/2019/06/apple-ha-lanzado-una-actualizacion-de.html

Cross-Site Request Forgery en Cisco IOS XE Software Web

Fecha de publicación: 13/06/2019
Importancia: 4 - Alta

Recursos afectados: 
Productos Cisco IOS XE Software con la característica HTTP Server habilitada.

Descripción: 
Cisco ha publicado una vulnerabilidad que afecta a la interfaz web de usuario por la que un atacante remoto no autenticado podría realizar un ataque Cross-Site Request Forgery (CSRF).

Solución: 
Cisco no ha publicado ninguna solución al respecto. Como medida de mitigación recomienda desactivar la característica HTTP Server mediante los comandos "no ip http server" o "no ip http secure-server".

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-request-forgery-cisco-ios-xe-software-web

Flaw in #Evernote Web Clipper for #Chrome extension allows stealing data

Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users.

https://securityaffairs.co/wordpress/87033/hacking/evernote-web-clipper-chrome-flaw.html

#FIN8 Hacker Group using Highly Sophisticated ShellTea #Malware to Attack Hospitality Sector

FIN8 hacker group is back with a new highly sophisticated variant of the ShellTea malware and carried out attacks against hotel and entertainment industry. This would be the first attack by FIN8 hacker group in 2019, and it is believed that malware was deployed as a result of a phishing attack.

https://gbhackers.com/fin8-hacker-group-malware

Learn how to deploy a #Honeypot and visualise its data step by step

Detailed instructions on how to deploy the Cowrie honeypot monitored by #Splunk.

https://medium.com/@galolbardes/learn-how-to-deploy-a-honeypot-and-visualise-its-data-step-by-step-ea3cd3f25822

Exploit #PoC #Linux command execution on #Vim #Neovim vulnerability (CVE-2019–12735)

https://medium.com/@magrabursofily/exploit-poc-linux-command-execution-on-vim-neovim-vulnerability-cve-2019-12735-4c770d5573cf

#Mozilla Releases Security Update for #Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.

https://www.us-cert.gov/ncas/current-activity/2019/06/13/Mozilla-Releases-Security-Update-Thunderbird

Advisory (ICSA-19-164-02)

#WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.

 https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02

New #Android #Trojan Leads Users to Scam Sites via Notifications

A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.

Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google.

https://www.bleepingcomputer.com/news/security/new-android-trojan-leads-users-to-scam-sites-via-notifications/

New Echobot Botnet targets #Oracle, #VMware Apps and includes 26 Exploits

Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.

https://securityaffairs.co/wordpress/87177/malware/echobot-botnet-26-exploits.html

Monitor for, Investigate, and Respond to Phishing Payloads


https://www.splunk.com/blog/2019/06/12/monitor-for-investigate-and-respond-to-phishing-payloads-with-splunk-enterprise-security-content-update.html

Evading #Sysmon DNS Monitoring

https://blog.xpnsec.com/evading-sysmon-dns-monitoring