#Apple ha lanzado una actualización de seguridad para sus #Airport Base Stations
https://www.seguridadapple.com/2019/06/apple-ha-lanzado-una-actualizacion-de.html
https://www.seguridadapple.com/2019/06/apple-ha-lanzado-una-actualizacion-de.html
Seguridadapple
Apple ha lanzado una actualización de seguridad para sus Airport Base Stations
Apple ha lanzado una serie de actualizaciones relativas a varios problemas de seguridad en el firmware de sus AirPort Base Stations. Lanzad...
Cross-Site Request Forgery en Cisco IOS XE Software Web
Fecha de publicación: 13/06/2019
Importancia: 4 - Alta
Recursos afectados:
Productos Cisco IOS XE Software con la característica HTTP Server habilitada.
Descripción:
Cisco ha publicado una vulnerabilidad que afecta a la interfaz web de usuario por la que un atacante remoto no autenticado podría realizar un ataque Cross-Site Request Forgery (CSRF).
Solución:
Cisco no ha publicado ninguna solución al respecto. Como medida de mitigación recomienda desactivar la característica HTTP Server mediante los comandos "no ip http server" o "no ip http secure-server".
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-request-forgery-cisco-ios-xe-software-web
Fecha de publicación: 13/06/2019
Importancia: 4 - Alta
Recursos afectados:
Productos Cisco IOS XE Software con la característica HTTP Server habilitada.
Descripción:
Cisco ha publicado una vulnerabilidad que afecta a la interfaz web de usuario por la que un atacante remoto no autenticado podría realizar un ataque Cross-Site Request Forgery (CSRF).
Solución:
Cisco no ha publicado ninguna solución al respecto. Como medida de mitigación recomienda desactivar la característica HTTP Server mediante los comandos "no ip http server" o "no ip http secure-server".
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-request-forgery-cisco-ios-xe-software-web
INCIBE-CERT
Cross-Site Request Forgery en Cisco IOS XE Software Web
Cisco ha publicado una vulnerabilidad que afecta a la interfaz web de usuario por la que un atacante remoto no autenticado podría realizar un ataque Cross-Site Request Forgery (CSRF).
Flaw in #Evernote Web Clipper for #Chrome extension allows stealing data
Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users.
https://securityaffairs.co/wordpress/87033/hacking/evernote-web-clipper-chrome-flaw.html
Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users.
https://securityaffairs.co/wordpress/87033/hacking/evernote-web-clipper-chrome-flaw.html
Security Affairs
Flaw in Evernote Web Clipper for Chrome extension allows stealing data
Security experts discovered a vulnerability in the popular Evernote extension for Chrome can be exploited to steal sensitive data from sites visited by users.
#FIN8 Hacker Group using Highly Sophisticated ShellTea #Malware to Attack Hospitality Sector
FIN8 hacker group is back with a new highly sophisticated variant of the ShellTea malware and carried out attacks against hotel and entertainment industry. This would be the first attack by FIN8 hacker group in 2019, and it is believed that malware was deployed as a result of a phishing attack.
https://gbhackers.com/fin8-hacker-group-malware
FIN8 hacker group is back with a new highly sophisticated variant of the ShellTea malware and carried out attacks against hotel and entertainment industry. This would be the first attack by FIN8 hacker group in 2019, and it is believed that malware was deployed as a result of a phishing attack.
https://gbhackers.com/fin8-hacker-group-malware
GBHackers On Security
FIN8 Hacker Group using Highly Sophisticated ShellTea Malware
FIN8 hacker group is back with a new highly sophisticated variant of the ShellTea malware and carried out attacks against hotel and entertainment industry.
Learn how to deploy a #Honeypot and visualise its data step by step
Detailed instructions on how to deploy the Cowrie honeypot monitored by #Splunk.
https://medium.com/@galolbardes/learn-how-to-deploy-a-honeypot-and-visualise-its-data-step-by-step-ea3cd3f25822
Detailed instructions on how to deploy the Cowrie honeypot monitored by #Splunk.
https://medium.com/@galolbardes/learn-how-to-deploy-a-honeypot-and-visualise-its-data-step-by-step-ea3cd3f25822
Medium
Learn how to deploy a Honeypot and visualise its data step by step
Detailed instructions on how to deploy Cowrie honeypot monitored by Splunk
Exploit #PoC #Linux command execution on #Vim #Neovim vulnerability (CVE-2019–12735)
https://medium.com/@magrabursofily/exploit-poc-linux-command-execution-on-vim-neovim-vulnerability-cve-2019-12735-4c770d5573cf
https://medium.com/@magrabursofily/exploit-poc-linux-command-execution-on-vim-neovim-vulnerability-cve-2019-12735-4c770d5573cf
Medium
Exploit PoC: Linux command execution on Vim/Neovim vulnerability (CVE-2019–12735)
Category: Remote Code Execution Severity: High Description: The flaw resides in Linux Vim/Neovim editor in the way how those editors…
#Mozilla Releases Security Update for #Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/13/Mozilla-Releases-Security-Update-Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/13/Mozilla-Releases-Security-Update-Thunderbird
www.us-cert.gov
Mozilla Releases Security Update for Thunderbird | US-CERT
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators…
Advisory (ICSA-19-164-02)
#WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505
RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
#WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505
RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a compromise of the managed switch, resulting in disruption of communication, and root access to the operating system.
https://ics-cert.us-cert.gov/advisories/ICSA-19-164-02
ics-cert.us-cert.gov
WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505 | ICS-CERT
1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: WAGOEquipment: Industrial Managed Switches 852-303, 852-1305, and 852-1505Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key…
New #Android #Trojan Leads Users to Scam Sites via Notifications
A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.
Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google.
https://www.bleepingcomputer.com/news/security/new-android-trojan-leads-users-to-scam-sites-via-notifications/
A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.
Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google.
https://www.bleepingcomputer.com/news/security/new-android-trojan-leads-users-to-scam-sites-via-notifications/
BleepingComputer
New Android Trojan Leads Users to Scam Sites via Notifications
A new Android Trojan that uses website notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store.
New Echobot Botnet targets #Oracle, #VMware Apps and includes 26 Exploits
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
https://securityaffairs.co/wordpress/87177/malware/echobot-botnet-26-exploits.html
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
https://securityaffairs.co/wordpress/87177/malware/echobot-botnet-26-exploits.html
Security Affairs
New Echobot bot targets Oracle, VMware Apps and includes 26 Exploits
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
Monitor for, Investigate, and Respond to Phishing Payloads
https://www.splunk.com/blog/2019/06/12/monitor-for-investigate-and-respond-to-phishing-payloads-with-splunk-enterprise-security-content-update.html
https://www.splunk.com/blog/2019/06/12/monitor-for-investigate-and-respond-to-phishing-payloads-with-splunk-enterprise-security-content-update.html
Splunk-Blogs
Monitor for, Investigate, and Respond to Phishing Payloads with Splunk Enterprise Security Content Update
Detect, investigate, and defend signs of phishing payloads in your environment with Splunk Enterprise Security Content Update (ESCU)
Security Advisory: Critical Vulnerabilities in #NTLM Allow Remote Code Execution and Cloud Resources Compromise
https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm
https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm
Disrupting the Empire: Identifying #PowerShell #Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/incident/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
https://www.sans.org/reading-room/whitepapers/incident/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
SysAdmin 24x7
Noticias y alertas de seguridad informática.
Enlace de invitación:
https://t.me/sysadmin24x7
Acceso web: https://t.me/s/sysadmin24x7
Noticias y alertas de seguridad informática.
Enlace de invitación:
https://t.me/sysadmin24x7
Acceso web: https://t.me/s/sysadmin24x7
Telegram
SysAdmin 24x7
Noticias y alertas de seguridad informática.
Chat y contacto:
t.me/sysadmin24x7chat
Chat y contacto:
t.me/sysadmin24x7chat
SysAdmin 24x7 pinned «SysAdmin 24x7 Noticias y alertas de seguridad informática. Enlace de invitación: https://t.me/sysadmin24x7 Acceso web: https://t.me/s/sysadmin24x7»
Múltiples vulnerabilidades en productos de IBM
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
IBM InfoSphere Information:
Server, versiones 11.3, 11.5 y 11.7;
Governance Catalog, versiones 11.3, 11.5 y 11.7;
Server en Cloud, versiones 11.5 y 11.7;
Server Business Glossary, versión 9.1;
Server Metadata Workbench, versión 9.1.
IBM Tivoli Netcool Impact, versiones desde 7.1.0.0 hasta 7.1.0.15.
Descripción:
IBM ha reportado dos vulnerabilidades de tipo inyección XXE (XML External Entity) y ejecución remota de código en sus productos IBM InfoSphere Information Server e IBM Tivoli Netcool Impact, respectivamente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-ibm-6
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
IBM InfoSphere Information:
Server, versiones 11.3, 11.5 y 11.7;
Governance Catalog, versiones 11.3, 11.5 y 11.7;
Server en Cloud, versiones 11.5 y 11.7;
Server Business Glossary, versión 9.1;
Server Metadata Workbench, versión 9.1.
IBM Tivoli Netcool Impact, versiones desde 7.1.0.0 hasta 7.1.0.15.
Descripción:
IBM ha reportado dos vulnerabilidades de tipo inyección XXE (XML External Entity) y ejecución remota de código en sus productos IBM InfoSphere Information Server e IBM Tivoli Netcool Impact, respectivamente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-ibm-6
INCIBE-CERT
Múltiples vulnerabilidades en productos de IBM
IBM ha reportado dos vulnerabilidades de tipo inyección XXE (XML External Entity) y ejecución remota de código en sus productos IBM InfoSphere Information Server e IBM Tivoli Netcool Impact, respectivamente.
Múltiples vulnerabilidades en routers Netgear
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
Wireless AC Router Nighthawk, modelos:
R7900, ejecutando una versión de firmwareanterior a la versión 1.0.3.14_10.0.40_BETA.
R8000, ejecutando una versión de firmwareanterior a la versión 1.0.4.38_10.1.59_BETA.
Descripción:
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routers-netgear-0
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
Wireless AC Router Nighthawk, modelos:
R7900, ejecutando una versión de firmwareanterior a la versión 1.0.3.14_10.0.40_BETA.
R8000, ejecutando una versión de firmwareanterior a la versión 1.0.4.38_10.1.59_BETA.
Descripción:
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routers-netgear-0
INCIBE-CERT
Múltiples vulnerabilidades en routers Netgear
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
#Linux worm spreading via #Exim servers hit #Azure customers
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers.
https://securityaffairs.co/wordpress/87168/hacking/linux-worm-exim-servers.html
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers.
https://securityaffairs.co/wordpress/87168/hacking/linux-worm-exim-servers.html
Security Affairs
Linux worm spreading via Exim servers hit Azure customers
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Alert (AA19-168A)
Microsoft Operating Systems BlueKeep Vulnerability
https://www.us-cert.gov/ncas/alerts/AA19-168A
Microsoft Operating Systems BlueKeep Vulnerability
https://www.us-cert.gov/ncas/alerts/AA19-168A
GoldBrute #Botnet Brute Forcing 1.5 Million #RDP Servers
RDP, the remote desktop protocol, made the news recently after #Microsoft patched a critical remote code execution vulnerability (CVE-2019–0708).
https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d
RDP, the remote desktop protocol, made the news recently after #Microsoft patched a critical remote code execution vulnerability (CVE-2019–0708).
https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d
Medium
GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
RDP, the remote desktop protocol, made the news recently after Microsoft patched a critical remote code execution vulnerability…