New Echobot Botnet targets #Oracle, #VMware Apps and includes 26 Exploits
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
https://securityaffairs.co/wordpress/87177/malware/echobot-botnet-26-exploits.html
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
https://securityaffairs.co/wordpress/87177/malware/echobot-botnet-26-exploits.html
Security Affairs
New Echobot bot targets Oracle, VMware Apps and includes 26 Exploits
Operators behind the Echobot botnet added new exploits to infect IoT devices, and also enterprise apps Oracle WebLogic and VMware SD-Wan.
Monitor for, Investigate, and Respond to Phishing Payloads
https://www.splunk.com/blog/2019/06/12/monitor-for-investigate-and-respond-to-phishing-payloads-with-splunk-enterprise-security-content-update.html
https://www.splunk.com/blog/2019/06/12/monitor-for-investigate-and-respond-to-phishing-payloads-with-splunk-enterprise-security-content-update.html
Splunk-Blogs
Monitor for, Investigate, and Respond to Phishing Payloads with Splunk Enterprise Security Content Update
Detect, investigate, and defend signs of phishing payloads in your environment with Splunk Enterprise Security Content Update (ESCU)
Security Advisory: Critical Vulnerabilities in #NTLM Allow Remote Code Execution and Cloud Resources Compromise
https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm
https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm
Disrupting the Empire: Identifying #PowerShell #Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/incident/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
https://www.sans.org/reading-room/whitepapers/incident/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
SysAdmin 24x7
Noticias y alertas de seguridad informática.
Enlace de invitación:
https://t.me/sysadmin24x7
Acceso web: https://t.me/s/sysadmin24x7
Noticias y alertas de seguridad informática.
Enlace de invitación:
https://t.me/sysadmin24x7
Acceso web: https://t.me/s/sysadmin24x7
Telegram
SysAdmin 24x7
Noticias y alertas de seguridad informática.
Chat y contacto:
t.me/sysadmin24x7chat
Chat y contacto:
t.me/sysadmin24x7chat
SysAdmin 24x7 pinned «SysAdmin 24x7 Noticias y alertas de seguridad informática. Enlace de invitación: https://t.me/sysadmin24x7 Acceso web: https://t.me/s/sysadmin24x7»
Múltiples vulnerabilidades en productos de IBM
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
IBM InfoSphere Information:
Server, versiones 11.3, 11.5 y 11.7;
Governance Catalog, versiones 11.3, 11.5 y 11.7;
Server en Cloud, versiones 11.5 y 11.7;
Server Business Glossary, versión 9.1;
Server Metadata Workbench, versión 9.1.
IBM Tivoli Netcool Impact, versiones desde 7.1.0.0 hasta 7.1.0.15.
Descripción:
IBM ha reportado dos vulnerabilidades de tipo inyección XXE (XML External Entity) y ejecución remota de código en sus productos IBM InfoSphere Information Server e IBM Tivoli Netcool Impact, respectivamente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-ibm-6
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
IBM InfoSphere Information:
Server, versiones 11.3, 11.5 y 11.7;
Governance Catalog, versiones 11.3, 11.5 y 11.7;
Server en Cloud, versiones 11.5 y 11.7;
Server Business Glossary, versión 9.1;
Server Metadata Workbench, versión 9.1.
IBM Tivoli Netcool Impact, versiones desde 7.1.0.0 hasta 7.1.0.15.
Descripción:
IBM ha reportado dos vulnerabilidades de tipo inyección XXE (XML External Entity) y ejecución remota de código en sus productos IBM InfoSphere Information Server e IBM Tivoli Netcool Impact, respectivamente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-ibm-6
INCIBE-CERT
Múltiples vulnerabilidades en productos de IBM
IBM ha reportado dos vulnerabilidades de tipo inyección XXE (XML External Entity) y ejecución remota de código en sus productos IBM InfoSphere Information Server e IBM Tivoli Netcool Impact, respectivamente.
Múltiples vulnerabilidades en routers Netgear
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
Wireless AC Router Nighthawk, modelos:
R7900, ejecutando una versión de firmwareanterior a la versión 1.0.3.14_10.0.40_BETA.
R8000, ejecutando una versión de firmwareanterior a la versión 1.0.4.38_10.1.59_BETA.
Descripción:
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routers-netgear-0
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
Wireless AC Router Nighthawk, modelos:
R7900, ejecutando una versión de firmwareanterior a la versión 1.0.3.14_10.0.40_BETA.
R8000, ejecutando una versión de firmwareanterior a la versión 1.0.4.38_10.1.59_BETA.
Descripción:
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routers-netgear-0
INCIBE-CERT
Múltiples vulnerabilidades en routers Netgear
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
#Linux worm spreading via #Exim servers hit #Azure customers
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers.
https://securityaffairs.co/wordpress/87168/hacking/linux-worm-exim-servers.html
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers.
https://securityaffairs.co/wordpress/87168/hacking/linux-worm-exim-servers.html
Security Affairs
Linux worm spreading via Exim servers hit Azure customers
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Alert (AA19-168A)
Microsoft Operating Systems BlueKeep Vulnerability
https://www.us-cert.gov/ncas/alerts/AA19-168A
Microsoft Operating Systems BlueKeep Vulnerability
https://www.us-cert.gov/ncas/alerts/AA19-168A
GoldBrute #Botnet Brute Forcing 1.5 Million #RDP Servers
RDP, the remote desktop protocol, made the news recently after #Microsoft patched a critical remote code execution vulnerability (CVE-2019–0708).
https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d
RDP, the remote desktop protocol, made the news recently after #Microsoft patched a critical remote code execution vulnerability (CVE-2019–0708).
https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d
Medium
GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
RDP, the remote desktop protocol, made the news recently after Microsoft patched a critical remote code execution vulnerability…
#GandCrab #Ransomware #Decryption Tool [All Versions] — Recover Files for Free
Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.
https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html
Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.
https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html
Multiple #DoS vulnerabilities affect #Linux and #FreeBSD
Netflix researcher has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels that could trigger a DoS condition.
https://securityaffairs.co/wordpress/87244/security/dos-flaws-linux-freebsd.html
Netflix researcher has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels that could trigger a DoS condition.
https://securityaffairs.co/wordpress/87244/security/dos-flaws-linux-freebsd.html
Security Affairs
Multiple DoS vulnerabilities affect Linux and FreeBSD
Netflix researcher has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels that could trigger a DoS condition.
Endpoint Detection and Response ( #EDR ): What You Need to Know
https://dzone.com/articles/10-ways-to-identify-and-fix-open-source-vulnerabil
https://dzone.com/articles/10-ways-to-identify-and-fix-open-source-vulnerabil
Vulnerabilidad de control de acceso inadecuado en AppDNA de Citrix
Fecha de publicación: 18/06/2019
Importancia: 4 - Alta
Recursos afectados:
AppDNA, versión 7.18 y anteriores.
Descripción:
Citrix ha identificado una vulnerabilidad de control de acceso inadecuado en su producto AppDNA.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-control-acceso-inadecuado-appdna-citrix
Fecha de publicación: 18/06/2019
Importancia: 4 - Alta
Recursos afectados:
AppDNA, versión 7.18 y anteriores.
Descripción:
Citrix ha identificado una vulnerabilidad de control de acceso inadecuado en su producto AppDNA.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-control-acceso-inadecuado-appdna-citrix
INCIBE-CERT
Vulnerabilidad de control de acceso inadecuado en AppDNA de Citrix
Citrix ha identificado una vulnerabilidad de control de acceso inadecuado en su producto AppDNA.
Emergency!! Zero-day Flaw in FireFox Let Hackers Take Full Control of Your Computer – Update Your #FireFox Now
Mozilla released a security update for Critical Zero-day vulnerability that fixed in a new version of Firefox 67.0.3 and Firefox ESR 60.7.
Critical vulnerabilities can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
https://gbhackers.com/firefox-67-0-3/amp/
Mozilla released a security update for Critical Zero-day vulnerability that fixed in a new version of Firefox 67.0.3 and Firefox ESR 60.7.
Critical vulnerabilities can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
https://gbhackers.com/firefox-67-0-3/amp/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Emergency!! Zero-day Flaw in FireFox Let Hackers Take Full Control of Your Computer - Update Your FireFox Now
Mozilla released a security update for Critical Zero-day vulnerability that fixed in a new version of Firefox 67.0.3 and Firefox ESR 60.7.
#Microsoft delivers public preview of #Azure #Bastion service for remotely accessing VMs more securely
Microsoft's newest Azure service, Bastion, is now in public preview and is meant to bring another level of security to remotely accessing virtual machines.
https://www.zdnet.com/article/microsoft-delivers-public-preview-of-azure-bastion-service-for-remotely-accessing-vms-more-securely/
Microsoft's newest Azure service, Bastion, is now in public preview and is meant to bring another level of security to remotely accessing virtual machines.
https://www.zdnet.com/article/microsoft-delivers-public-preview-of-azure-bastion-service-for-remotely-accessing-vms-more-securely/
ZDNet
Microsoft delivers public preview of Azure Bastion service for remotely accessing VMs more securely
Microsoft's newest Azure service, Bastion, is now in public preview and is meant to bring another level of security to remotely accessing virtual machines.
msticpy - #Python Defender Tools
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most of the tools originated from code written in Jupyter notebooks which was tidied up and re-packaged into python modules. I’ve added some references to other blogs in the References section, where I describe some of these notebooks in more detail.
https://techcommunity.microsoft.com/t5/Azure-Sentinel/msticpy-Python-Defender-Tools/ba-p/648929
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most of the tools originated from code written in Jupyter notebooks which was tidied up and re-packaged into python modules. I’ve added some references to other blogs in the References section, where I describe some of these notebooks in more detail.
https://techcommunity.microsoft.com/t5/Azure-Sentinel/msticpy-Python-Defender-Tools/ba-p/648929
TECHCOMMUNITY.MICROSOFT.COM
msticpy - Python Defender Tools | Microsoft Community Hub
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). The article gives an...
DHS Email Phishing Scam
Original release date: June 18, 2019
The Cybersecurity and Infrastructure Security Agency (#CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (#DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (#NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/DHS-Email-Phishing-Scam
Original release date: June 18, 2019
The Cybersecurity and Infrastructure Security Agency (#CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (#DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (#NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/DHS-Email-Phishing-Scam
www.us-cert.gov
DHS Email Phishing Scam | US-CERT
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses…
#Mozilla Releases Security Updates for #Firefox and Firefox ESR
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
www.us-cert.gov
Mozilla Releases Security Updates for Firefox and Firefox ESR | CISA
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.The Cybersecurity and…