Múltiples vulnerabilidades en routers Netgear
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
Wireless AC Router Nighthawk, modelos:
R7900, ejecutando una versión de firmwareanterior a la versión 1.0.3.14_10.0.40_BETA.
R8000, ejecutando una versión de firmwareanterior a la versión 1.0.4.38_10.1.59_BETA.
Descripción:
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routers-netgear-0
Fecha de publicación: 17/06/2019
Importancia: 4 - Alta
Recursos afectados:
Wireless AC Router Nighthawk, modelos:
R7900, ejecutando una versión de firmwareanterior a la versión 1.0.3.14_10.0.40_BETA.
R8000, ejecutando una versión de firmwareanterior a la versión 1.0.4.38_10.1.59_BETA.
Descripción:
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routers-netgear-0
INCIBE-CERT
Múltiples vulnerabilidades en routers Netgear
Cisco Talos ha descubierto dos vulnerabilidades de criticidad alta en el firmware para KCodes NetUSB de NETGEAR.
#Linux worm spreading via #Exim servers hit #Azure customers
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers.
https://securityaffairs.co/wordpress/87168/hacking/linux-worm-exim-servers.html
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Bad actors continue to target cloud services in the attempt of abusing them for several malicious purposes, like storing malware or implementing command and control servers.
https://securityaffairs.co/wordpress/87168/hacking/linux-worm-exim-servers.html
Security Affairs
Linux worm spreading via Exim servers hit Azure customers
On Friday, security experts at Microsoft warned of a new Linux worm, spreading via Exim email servers, that already compromised some Azure installs.
Alert (AA19-168A)
Microsoft Operating Systems BlueKeep Vulnerability
https://www.us-cert.gov/ncas/alerts/AA19-168A
Microsoft Operating Systems BlueKeep Vulnerability
https://www.us-cert.gov/ncas/alerts/AA19-168A
GoldBrute #Botnet Brute Forcing 1.5 Million #RDP Servers
RDP, the remote desktop protocol, made the news recently after #Microsoft patched a critical remote code execution vulnerability (CVE-2019–0708).
https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d
RDP, the remote desktop protocol, made the news recently after #Microsoft patched a critical remote code execution vulnerability (CVE-2019–0708).
https://morphuslabs.com/goldbrute-botnet-brute-forcing-1-5-million-rdp-servers-371f219ec37d
Medium
GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
RDP, the remote desktop protocol, made the news recently after Microsoft patched a critical remote code execution vulnerability…
#GandCrab #Ransomware #Decryption Tool [All Versions] — Recover Files for Free
Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.
https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html
Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals.
https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html
Multiple #DoS vulnerabilities affect #Linux and #FreeBSD
Netflix researcher has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels that could trigger a DoS condition.
https://securityaffairs.co/wordpress/87244/security/dos-flaws-linux-freebsd.html
Netflix researcher has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels that could trigger a DoS condition.
https://securityaffairs.co/wordpress/87244/security/dos-flaws-linux-freebsd.html
Security Affairs
Multiple DoS vulnerabilities affect Linux and FreeBSD
Netflix researcher has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels that could trigger a DoS condition.
Endpoint Detection and Response ( #EDR ): What You Need to Know
https://dzone.com/articles/10-ways-to-identify-and-fix-open-source-vulnerabil
https://dzone.com/articles/10-ways-to-identify-and-fix-open-source-vulnerabil
Vulnerabilidad de control de acceso inadecuado en AppDNA de Citrix
Fecha de publicación: 18/06/2019
Importancia: 4 - Alta
Recursos afectados:
AppDNA, versión 7.18 y anteriores.
Descripción:
Citrix ha identificado una vulnerabilidad de control de acceso inadecuado en su producto AppDNA.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-control-acceso-inadecuado-appdna-citrix
Fecha de publicación: 18/06/2019
Importancia: 4 - Alta
Recursos afectados:
AppDNA, versión 7.18 y anteriores.
Descripción:
Citrix ha identificado una vulnerabilidad de control de acceso inadecuado en su producto AppDNA.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-control-acceso-inadecuado-appdna-citrix
INCIBE-CERT
Vulnerabilidad de control de acceso inadecuado en AppDNA de Citrix
Citrix ha identificado una vulnerabilidad de control de acceso inadecuado en su producto AppDNA.
Emergency!! Zero-day Flaw in FireFox Let Hackers Take Full Control of Your Computer – Update Your #FireFox Now
Mozilla released a security update for Critical Zero-day vulnerability that fixed in a new version of Firefox 67.0.3 and Firefox ESR 60.7.
Critical vulnerabilities can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
https://gbhackers.com/firefox-67-0-3/amp/
Mozilla released a security update for Critical Zero-day vulnerability that fixed in a new version of Firefox 67.0.3 and Firefox ESR 60.7.
Critical vulnerabilities can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
https://gbhackers.com/firefox-67-0-3/amp/
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Emergency!! Zero-day Flaw in FireFox Let Hackers Take Full Control of Your Computer - Update Your FireFox Now
Mozilla released a security update for Critical Zero-day vulnerability that fixed in a new version of Firefox 67.0.3 and Firefox ESR 60.7.
#Microsoft delivers public preview of #Azure #Bastion service for remotely accessing VMs more securely
Microsoft's newest Azure service, Bastion, is now in public preview and is meant to bring another level of security to remotely accessing virtual machines.
https://www.zdnet.com/article/microsoft-delivers-public-preview-of-azure-bastion-service-for-remotely-accessing-vms-more-securely/
Microsoft's newest Azure service, Bastion, is now in public preview and is meant to bring another level of security to remotely accessing virtual machines.
https://www.zdnet.com/article/microsoft-delivers-public-preview-of-azure-bastion-service-for-remotely-accessing-vms-more-securely/
ZDNet
Microsoft delivers public preview of Azure Bastion service for remotely accessing VMs more securely
Microsoft's newest Azure service, Bastion, is now in public preview and is meant to bring another level of security to remotely accessing virtual machines.
msticpy - #Python Defender Tools
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most of the tools originated from code written in Jupyter notebooks which was tidied up and re-packaged into python modules. I’ve added some references to other blogs in the References section, where I describe some of these notebooks in more detail.
https://techcommunity.microsoft.com/t5/Azure-Sentinel/msticpy-Python-Defender-Tools/ba-p/648929
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most of the tools originated from code written in Jupyter notebooks which was tidied up and re-packaged into python modules. I’ve added some references to other blogs in the References section, where I describe some of these notebooks in more detail.
https://techcommunity.microsoft.com/t5/Azure-Sentinel/msticpy-Python-Defender-Tools/ba-p/648929
TECHCOMMUNITY.MICROSOFT.COM
msticpy - Python Defender Tools | Microsoft Community Hub
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). The article gives an...
DHS Email Phishing Scam
Original release date: June 18, 2019
The Cybersecurity and Infrastructure Security Agency (#CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (#DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (#NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/DHS-Email-Phishing-Scam
Original release date: June 18, 2019
The Cybersecurity and Infrastructure Security Agency (#CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (#DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (#NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/DHS-Email-Phishing-Scam
www.us-cert.gov
DHS Email Phishing Scam | US-CERT
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses…
#Mozilla Releases Security Updates for #Firefox and Firefox ESR
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/06/18/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
www.us-cert.gov
Mozilla Releases Security Updates for Firefox and Firefox ESR | CISA
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.The Cybersecurity and…
#Docker Desktop for #Windows10 Will Soon Switch to #WSL 2
Docker announced that its native Docker Desktop Windows application will soon switch to the Windows Subsystem for Linux 2 (WSL 2) from the Windows-native Hyper-V virtualization it currently uses.
WSL is a Microsoft-designed compatibility layer that made it possible for users of Windows 10 and Windows Server 2019 to run Linux binaries in ELF format natively on their computers.
https://www.bleepingcomputer.com/news/security/docker-desktop-for-windows-10-will-soon-switch-to-wsl-2/
Docker announced that its native Docker Desktop Windows application will soon switch to the Windows Subsystem for Linux 2 (WSL 2) from the Windows-native Hyper-V virtualization it currently uses.
WSL is a Microsoft-designed compatibility layer that made it possible for users of Windows 10 and Windows Server 2019 to run Linux binaries in ELF format natively on their computers.
https://www.bleepingcomputer.com/news/security/docker-desktop-for-windows-10-will-soon-switch-to-wsl-2/
BleepingComputer
Docker Desktop for Windows 10 Will Soon Switch to WSL 2
Docker announced that its native Docker Desktop Windows application will soon switch to the Windows Subsystem for Linux 2 (WSL 2) from the Windows-native Hyper-V virtualization it currently uses.
Vulnerabilidad de ejecución remota de código en Oracle WebLogic Server
Fecha de publicación: 19/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Oracle WebLogic Server, versiones 10.3.6.0.0, 12.1.3.0.0 y 12.2.1.3.0.
Descripción:
Oracle ha publicado una vulnerabilidad de severidad crítica que permite la ejecución remota de código en su producto Oracle WebLogic Server.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-oracle-weblogic-server-0
Fecha de publicación: 19/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Oracle WebLogic Server, versiones 10.3.6.0.0, 12.1.3.0.0 y 12.2.1.3.0.
Descripción:
Oracle ha publicado una vulnerabilidad de severidad crítica que permite la ejecución remota de código en su producto Oracle WebLogic Server.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-oracle-weblogic-server-0
INCIBE-CERT
Vulnerabilidad de ejecución remota de código en Oracle WebLogic Server
Oracle ha publicado una vulnerabilidad de severidad crítica que permite la ejecución remota de código en su producto Oracle WebLogic Server.
Múltiples vulnerabilidades en productos Cisco
Fecha de publicación: 20/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Los siguientes productos de Cisco que ejecuten una versión de Cisco SD-WAN Solution anterior a la 18.3.6, 18.4.1 y 19.1.0:
vBond Orchestrator Software,
vEdge 100 Series Routers,
vEdge 1000 Series Routers,
vEdge 2000 Series Routers,
vEdge 5000 Series Routers,
vEdge Cloud Router Platform,
vManage Network Management Software,
vSmart Controller Software.
Cisco DNA Center Software, versiones anteriores a la 1.3.
Los siguientes productos de Cisco que ejecuten una versión vulnerable de Cisco TelePresence TC o Cisco TelePresence CE software:
Cisco TelePresence Integrator C Series,
Cisco TelePresence EX Series,
Cisco TelePresence MX Series,
Cisco TelePresence SX Series,
Cisco Webex Room Series.
Los siguiente productos de Cisco que ejecuten una versión vulnerable de Cisco StarOS operating system:
Cisco Virtualized Packet Core-Single Instance (VPC-SI),
Cisco Virtualized Packet Core-Distributed Instance (VPC-DI).
Cisco vManage Network Management Software ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.4.0.
RV110W Wireless-N VPN Firewall, versiones anteriores a la 1.2.2.4.
RV130W Wireless-N Multifunction VPN Router, versiones anteriores a la 1.0.3.51.
RV215W Wireless-N VPN Router, versiones anteriores a la 1.3.1.4.
Cisco Prime Service Catalog Software, versiones anteriores a la 12.1 Cumulative patch versión 10.
Cisco Meeting Server deployments que ejecute versiones anteriores a la 2.2.14 y la 2.3.8.
Descripción:
Cisco ha publicado múltiples vulnerabilidades que podrían permitir a un atacante escalar privilegios, evadir la autenticación, ejecutar código remoto, denegar el servicio o llevar a cabo ataques cross-site request forgery (CSRF) en los productos afectados.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-49
Fecha de publicación: 20/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Los siguientes productos de Cisco que ejecuten una versión de Cisco SD-WAN Solution anterior a la 18.3.6, 18.4.1 y 19.1.0:
vBond Orchestrator Software,
vEdge 100 Series Routers,
vEdge 1000 Series Routers,
vEdge 2000 Series Routers,
vEdge 5000 Series Routers,
vEdge Cloud Router Platform,
vManage Network Management Software,
vSmart Controller Software.
Cisco DNA Center Software, versiones anteriores a la 1.3.
Los siguientes productos de Cisco que ejecuten una versión vulnerable de Cisco TelePresence TC o Cisco TelePresence CE software:
Cisco TelePresence Integrator C Series,
Cisco TelePresence EX Series,
Cisco TelePresence MX Series,
Cisco TelePresence SX Series,
Cisco Webex Room Series.
Los siguiente productos de Cisco que ejecuten una versión vulnerable de Cisco StarOS operating system:
Cisco Virtualized Packet Core-Single Instance (VPC-SI),
Cisco Virtualized Packet Core-Distributed Instance (VPC-DI).
Cisco vManage Network Management Software ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.4.0.
RV110W Wireless-N VPN Firewall, versiones anteriores a la 1.2.2.4.
RV130W Wireless-N Multifunction VPN Router, versiones anteriores a la 1.0.3.51.
RV215W Wireless-N VPN Router, versiones anteriores a la 1.3.1.4.
Cisco Prime Service Catalog Software, versiones anteriores a la 12.1 Cumulative patch versión 10.
Cisco Meeting Server deployments que ejecute versiones anteriores a la 2.2.14 y la 2.3.8.
Descripción:
Cisco ha publicado múltiples vulnerabilidades que podrían permitir a un atacante escalar privilegios, evadir la autenticación, ejecutar código remoto, denegar el servicio o llevar a cabo ataques cross-site request forgery (CSRF) en los productos afectados.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-49
INCIBE-CERT
Múltiples vulnerabilidades en productos Cisco
Cisco ha publicado múltiples vulnerabilidades que podrían permitir a un atacante escalar privilegios, evadir la autenticación, ejecutar código remoto, denegar el servicio o llevar a cabo ataques cross-site request forgery (CSRF) en los productos afectados.
#Google open-sources #cryptographic tool to keep data sets private
Poorly secured databases are a top privacy and security concern — and Google now wants to plug that leak.
The internet giant has said it’s open sourcing Private Join and Compute, a new secure multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.
https://thenextweb.com/security/2019/06/20/google-open-sources-cryptographic-tool-to-keep-data-sets-private/
Poorly secured databases are a top privacy and security concern — and Google now wants to plug that leak.
The internet giant has said it’s open sourcing Private Join and Compute, a new secure multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.
https://thenextweb.com/security/2019/06/20/google-open-sources-cryptographic-tool-to-keep-data-sets-private/
TNW
Google open-sources cryptographic tool to keep data sets private
Google open-sources Private Join and Compute, a new secure multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.
Turla Espionage Group Hacks OilRig #APT Infrastructure
Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in.
https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/
Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in.
https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/
BleepingComputer
Turla Espionage Group Hacks OilRig APT Infrastructure
Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in.
The #FreeBSD Project Topic:
Resource exhaustion in non-default RACK TCP stack
Category: core
Module: inet Announced: 2019-06-19
Credits: Jonathan Looney (Netflix) Peter Lei (Netflix)
Affects: FreeBSD 12.0 and later
Corrected: 2019-06-19 16:25:39 UTC (stable/12, 12.0-STABLE) 2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6)
CVE Name: CVE-2019-5599
...
III. Impact
An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc
Resource exhaustion in non-default RACK TCP stack
Category: core
Module: inet Announced: 2019-06-19
Credits: Jonathan Looney (Netflix) Peter Lei (Netflix)
Affects: FreeBSD 12.0 and later
Corrected: 2019-06-19 16:25:39 UTC (stable/12, 12.0-STABLE) 2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6)
CVE Name: CVE-2019-5599
...
III. Impact
An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc
#Microsoft fixed CVE-2019-1105 flaw in #Outlook for #Android
Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.
https://securityaffairs.co/wordpress/87398/hacking/outlook-android-flaw.html
Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.
https://securityaffairs.co/wordpress/87398/hacking/outlook-android-flaw.html
Security Affairs
Microsoft fixed CVE-2019-1105 flaw in Outlook for Android
Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.
Vulnerabilidad de denegación de servicio en Apache Tomcat
Fecha de publicación: 21/06/2019
Importancia: 4 - Alta
Recursos afectados:
Apache Tomcat®, versiones:
Desde la 8.5.0 hasta 8.5.40;
Desde la 9.0.0.M1 hasta 9.0.19.
Descripción:
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-apache-tomcat-0
Fecha de publicación: 21/06/2019
Importancia: 4 - Alta
Recursos afectados:
Apache Tomcat®, versiones:
Desde la 8.5.0 hasta 8.5.40;
Desde la 9.0.0.M1 hasta 9.0.19.
Descripción:
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-apache-tomcat-0
INCIBE-CERT
Vulnerabilidad de denegación de servicio en Apache Tomcat
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).