Actualización de seguridad de #Joomla!
Fecha de publicación: 12/06/2019
Importancia: Baja
Recursos afectados
Joomla! CMS, versiones desde 3.6.0 hasta 3.9.6.
Descripción
Joomla! ha publicado dos nuevas versiones, la 3.9.8 y la 3.9.7, incluyendo en esta última la solución de tres vulnerabilidades de criticidad baja en su núcleo.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla
Fecha de publicación: 12/06/2019
Importancia: Baja
Recursos afectados
Joomla! CMS, versiones desde 3.6.0 hasta 3.9.6.
Descripción
Joomla! ha publicado dos nuevas versiones, la 3.9.8 y la 3.9.7, incluyendo en esta última la solución de tres vulnerabilidades de criticidad baja en su núcleo.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla
INCIBE-CERT
Actualización de seguridad de Joomla!
Joomla! ha publicado dos nuevas versiones, la 3.9.8 y la 3.9.7, incluyendo en esta última la solución de tres vulnerabilidades de criticidad baja en su núcleo.
Coding a reliable CVE-2019-084 bypass
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
https://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html
zc00l blog
Coding a reliable CVE-2019-084 bypass
Hi all. It’s been some time. I apologize for my absence, but I need to carry on with life and work and, sometimes, there’s no time for this blog.
Your Session Key is My Session Key: How to Retrieve the Session Key for Any Authentication
https://blog.preempt.com/your-session-key-is-my-session-key
https://blog.preempt.com/your-session-key-is-my-session-key
#Sysmon 10.0 - New features and changes
Mark Russinovich released a new version of Sysmon, raising it to 10.0, and this is a great upgrade!
https://medium.com/@olafhartong/sysmon-10-0-new-features-and-changes-e82106f2e00
Mark Russinovich released a new version of Sysmon, raising it to 10.0, and this is a great upgrade!
https://medium.com/@olafhartong/sysmon-10-0-new-features-and-changes-e82106f2e00
Medium
Sysmon 10.0 - New features and changes
Last night (June 11th 2019) Mark Russinovich released a new version of Sysmon, raising it to 10.0, and this is a great upgrade!
#Cisco Releases Security Update for Cisco IOS XE
Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/12/Cisco-Releases-Security-Update-Cisco-IOS-XE
Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/12/Cisco-Releases-Security-Update-Cisco-IOS-XE
www.us-cert.gov
Cisco Releases Security Update for Cisco IOS XE | US-CERT
Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system.
#Exim Mail Server Remote Code Execution (CVE-2019-10149)
Severity:Critical
Who is Vulnerable?
Exim Mail Server versions 4.87 to 4.91 (inclusive)
Vulnerability Description:
A remote code execution vulnerability exists in Exim Mail Server. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation could result in execution of arbitrary code on the affected system.
https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0743.html
Severity:Critical
Who is Vulnerable?
Exim Mail Server versions 4.87 to 4.91 (inclusive)
Vulnerability Description:
A remote code execution vulnerability exists in Exim Mail Server. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation could result in execution of arbitrary code on the affected system.
https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0743.html
Check Point Software
CPAI-2019-0743 | Check Point Software
Exim Mail Server Remote Code Execution (CVE-2019-10149) - CPAI-2019-0743
#Apple ha lanzado una actualización de seguridad para sus #Airport Base Stations
https://www.seguridadapple.com/2019/06/apple-ha-lanzado-una-actualizacion-de.html
https://www.seguridadapple.com/2019/06/apple-ha-lanzado-una-actualizacion-de.html
Seguridadapple
Apple ha lanzado una actualización de seguridad para sus Airport Base Stations
Apple ha lanzado una serie de actualizaciones relativas a varios problemas de seguridad en el firmware de sus AirPort Base Stations. Lanzad...
Cross-Site Request Forgery en Cisco IOS XE Software Web
Fecha de publicación: 13/06/2019
Importancia: 4 - Alta
Recursos afectados:
Productos Cisco IOS XE Software con la característica HTTP Server habilitada.
Descripción:
Cisco ha publicado una vulnerabilidad que afecta a la interfaz web de usuario por la que un atacante remoto no autenticado podría realizar un ataque Cross-Site Request Forgery (CSRF).
Solución:
Cisco no ha publicado ninguna solución al respecto. Como medida de mitigación recomienda desactivar la característica HTTP Server mediante los comandos "no ip http server" o "no ip http secure-server".
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-request-forgery-cisco-ios-xe-software-web
Fecha de publicación: 13/06/2019
Importancia: 4 - Alta
Recursos afectados:
Productos Cisco IOS XE Software con la característica HTTP Server habilitada.
Descripción:
Cisco ha publicado una vulnerabilidad que afecta a la interfaz web de usuario por la que un atacante remoto no autenticado podría realizar un ataque Cross-Site Request Forgery (CSRF).
Solución:
Cisco no ha publicado ninguna solución al respecto. Como medida de mitigación recomienda desactivar la característica HTTP Server mediante los comandos "no ip http server" o "no ip http secure-server".
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-request-forgery-cisco-ios-xe-software-web
INCIBE-CERT
Cross-Site Request Forgery en Cisco IOS XE Software Web
Cisco ha publicado una vulnerabilidad que afecta a la interfaz web de usuario por la que un atacante remoto no autenticado podría realizar un ataque Cross-Site Request Forgery (CSRF).
Flaw in #Evernote Web Clipper for #Chrome extension allows stealing data
Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users.
https://securityaffairs.co/wordpress/87033/hacking/evernote-web-clipper-chrome-flaw.html
Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users.
https://securityaffairs.co/wordpress/87033/hacking/evernote-web-clipper-chrome-flaw.html
Security Affairs
Flaw in Evernote Web Clipper for Chrome extension allows stealing data
Security experts discovered a vulnerability in the popular Evernote extension for Chrome can be exploited to steal sensitive data from sites visited by users.
#FIN8 Hacker Group using Highly Sophisticated ShellTea #Malware to Attack Hospitality Sector
FIN8 hacker group is back with a new highly sophisticated variant of the ShellTea malware and carried out attacks against hotel and entertainment industry. This would be the first attack by FIN8 hacker group in 2019, and it is believed that malware was deployed as a result of a phishing attack.
https://gbhackers.com/fin8-hacker-group-malware
FIN8 hacker group is back with a new highly sophisticated variant of the ShellTea malware and carried out attacks against hotel and entertainment industry. This would be the first attack by FIN8 hacker group in 2019, and it is believed that malware was deployed as a result of a phishing attack.
https://gbhackers.com/fin8-hacker-group-malware
GBHackers On Security
FIN8 Hacker Group using Highly Sophisticated ShellTea Malware
FIN8 hacker group is back with a new highly sophisticated variant of the ShellTea malware and carried out attacks against hotel and entertainment industry.
Learn how to deploy a #Honeypot and visualise its data step by step
Detailed instructions on how to deploy the Cowrie honeypot monitored by #Splunk.
https://medium.com/@galolbardes/learn-how-to-deploy-a-honeypot-and-visualise-its-data-step-by-step-ea3cd3f25822
Detailed instructions on how to deploy the Cowrie honeypot monitored by #Splunk.
https://medium.com/@galolbardes/learn-how-to-deploy-a-honeypot-and-visualise-its-data-step-by-step-ea3cd3f25822
Medium
Learn how to deploy a Honeypot and visualise its data step by step
Detailed instructions on how to deploy Cowrie honeypot monitored by Splunk
Exploit #PoC #Linux command execution on #Vim #Neovim vulnerability (CVE-2019–12735)
https://medium.com/@magrabursofily/exploit-poc-linux-command-execution-on-vim-neovim-vulnerability-cve-2019-12735-4c770d5573cf
https://medium.com/@magrabursofily/exploit-poc-linux-command-execution-on-vim-neovim-vulnerability-cve-2019-12735-4c770d5573cf
Medium
Exploit PoC: Linux command execution on Vim/Neovim vulnerability (CVE-2019–12735)
Category: Remote Code Execution Severity: High Description: The flaw resides in Linux Vim/Neovim editor in the way how those editors…
#Mozilla Releases Security Update for #Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/13/Mozilla-Releases-Security-Update-Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/13/Mozilla-Releases-Security-Update-Thunderbird
www.us-cert.gov
Mozilla Releases Security Update for Thunderbird | US-CERT
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators…
Advisory (ICSA-19-164-02)
#WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505
RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
#WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505
RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
ics-cert.us-cert.gov
WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505 | ICS-CERT
1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: WAGOEquipment: Industrial Managed Switches 852-303, 852-1305, and 852-1505Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key…
New #Android #Trojan Leads Users to Scam Sites via Notifications
A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.
Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google.
https://www.bleepingcomputer.com/news/security/new-android-trojan-leads-users-to-scam-sites-via-notifications/
A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.
Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google.
https://www.bleepingcomputer.com/news/security/new-android-trojan-leads-users-to-scam-sites-via-notifications/
BleepingComputer
New Android Trojan Leads Users to Scam Sites via Notifications
A new Android Trojan that uses website notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.
New Echobot Botnet targets #Oracle, #VMware Apps and includes 26 Exploits
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
https://securityaffairs.co/wordpress/87177/malware/echobot-botnet-26-exploits.html
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
https://securityaffairs.co/wordpress/87177/malware/echobot-botnet-26-exploits.html
Security Affairs
New Echobot bot targets Oracle, VMware Apps and includes 26 Exploits
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
Monitor for, Investigate, and Respond to Phishing Payloads
https://www.splunk.com/blog/2019/06/12/monitor-for-investigate-and-respond-to-phishing-payloads-with-splunk-enterprise-security-content-update.html
https://www.splunk.com/blog/2019/06/12/monitor-for-investigate-and-respond-to-phishing-payloads-with-splunk-enterprise-security-content-update.html
Splunk-Blogs
Monitor for, Investigate, and Respond to Phishing Payloads with Splunk Enterprise Security Content Update
Detect, investigate, and defend signs of phishing payloads in your environment with Splunk Enterprise Security Content Update (ESCU)
Security Advisory: Critical Vulnerabilities in #NTLM Allow Remote Code Execution and Cloud Resources Compromise
https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm
https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm
Disrupting the Empire: Identifying #PowerShell #Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/incident/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
https://www.sans.org/reading-room/whitepapers/incident/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
SysAdmin 24x7
Noticias y alertas de seguridad informática.
Enlace de invitación:
https://t.me/sysadmin24x7
Acceso web: https://t.me/s/sysadmin24x7
Noticias y alertas de seguridad informática.
Enlace de invitación:
https://t.me/sysadmin24x7
Acceso web: https://t.me/s/sysadmin24x7
Telegram
SysAdmin 24x7
Noticias y alertas de seguridad informática.
Chat y contacto:
t.me/sysadmin24x7chat
Chat y contacto:
t.me/sysadmin24x7chat