DHS Email Phishing Scam

Original release date: June 18, 2019

The Cybersecurity and Infrastructure Security Agency (#CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (#DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (#NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.

https://www.us-cert.gov/ncas/current-activity/2019/06/18/DHS-Email-Phishing-Scam

#Mozilla Releases Security Updates for #Firefox and Firefox ESR

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.


https://www.us-cert.gov/ncas/current-activity/2019/06/18/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR

#Docker Desktop for #Windows10 Will Soon Switch to #WSL 2

Docker announced that its native Docker Desktop Windows application will soon switch to the Windows Subsystem for Linux 2 (WSL 2) from the Windows-native Hyper-V virtualization it currently uses.

WSL is a Microsoft-designed compatibility layer that made it possible for users of Windows 10 and Windows Server 2019 to run Linux binaries in ELF format natively on their computers.

https://www.bleepingcomputer.com/news/security/docker-desktop-for-windows-10-will-soon-switch-to-wsl-2/

Vulnerabilidad de ejecución remota de código en Oracle WebLogic Server

Fecha de publicación: 19/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
Oracle WebLogic Server, versiones 10.3.6.0.0, 12.1.3.0.0 y 12.2.1.3.0.

Descripción: 
Oracle ha publicado una vulnerabilidad de severidad crítica que permite la ejecución remota de código en su producto Oracle WebLogic Server.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-oracle-weblogic-server-0

Múltiples vulnerabilidades en productos Cisco

Fecha de publicación: 20/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
Los siguientes productos de Cisco que ejecuten una versión de Cisco SD-WAN Solution anterior a la 18.3.6, 18.4.1 y 19.1.0:
vBond Orchestrator Software,
vEdge 100 Series Routers,
vEdge 1000 Series Routers,
vEdge 2000 Series Routers,
vEdge 5000 Series Routers,
vEdge Cloud Router Platform,
vManage Network Management Software,
vSmart Controller Software.
Cisco DNA Center Software, versiones anteriores a la 1.3.
Los siguientes productos de Cisco que ejecuten una versión vulnerable de Cisco TelePresence TC o Cisco TelePresence CE software:
Cisco TelePresence Integrator C Series,
Cisco TelePresence EX Series,
Cisco TelePresence MX Series,
Cisco TelePresence SX Series,
Cisco Webex Room Series.
Los siguiente productos de Cisco que ejecuten una versión vulnerable de Cisco StarOS operating system:
Cisco Virtualized Packet Core-Single Instance (VPC-SI),
Cisco Virtualized Packet Core-Distributed Instance (VPC-DI).
Cisco vManage Network Management Software ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.4.0.
RV110W Wireless-N VPN Firewall, versiones anteriores a la 1.2.2.4.
RV130W Wireless-N Multifunction VPN Router, versiones anteriores a la 1.0.3.51.
RV215W Wireless-N VPN Router, versiones anteriores a la 1.3.1.4.
Cisco Prime Service Catalog Software, versiones anteriores a la 12.1 Cumulative patch versión 10.
Cisco Meeting Server deployments que ejecute versiones anteriores a la 2.2.14 y la 2.3.8.

Descripción: 
Cisco ha publicado múltiples vulnerabilidades que podrían permitir a un atacante escalar privilegios, evadir la autenticación, ejecutar código remoto, denegar el servicio o llevar a cabo ataques cross-site request forgery (CSRF) en los productos afectados.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-49

#Google open-sources #cryptographic tool to keep data sets private

Poorly secured databases are a top privacy and security concern — and Google now wants to plug that leak.

The internet giant has said it’s open sourcing Private Join and Compute, a new secure multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.

https://thenextweb.com/security/2019/06/20/google-open-sources-cryptographic-tool-to-keep-data-sets-private/

Turla Espionage Group Hacks OilRig #APT Infrastructure

Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in.

https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/

The #FreeBSD Project Topic:

Resource exhaustion in non-default RACK TCP stack
Category: core
Module: inet Announced: 2019-06-19
Credits: Jonathan Looney (Netflix) Peter Lei (Netflix)
Affects: FreeBSD 12.0 and later
Corrected: 2019-06-19 16:25:39 UTC (stable/12, 12.0-STABLE) 2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6)

CVE Name: CVE-2019-5599

...
III. Impact

An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.

https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc

#Microsoft fixed CVE-2019-1105 flaw in #Outlook for #Android

Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.

https://securityaffairs.co/wordpress/87398/hacking/outlook-android-flaw.html

Vulnerabilidad de denegación de servicio en Apache Tomcat

Fecha de publicación: 21/06/2019
Importancia: 4 - Alta

Recursos afectados: 
Apache Tomcat®, versiones:
Desde la 8.5.0 hasta 8.5.40;
Desde la 9.0.0.M1 hasta 9.0.19.

Descripción: 
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-apache-tomcat-0

Dell Releases Security Advisory for Dell SupportAssist

Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.

https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist

#OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks

https://thehackernews.com/2019/06/openssh-side-channel-vulnerability.html

#Windows Terminal Is Here in Its Multi-Tabbed Console Glory

The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future builds.

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-is-here-in-its-multi-tabbed-console-glory/

A #BlueTeam guide to #Azure & #Office365 monitoring

https://0x00sec.org/t/a-blue-team-guide-to-azure-office-365-monitoring/14411

“What I have learn in my first month of Hacking and Bug Bounty”

https://medium.com/@unknownuser1806/what-i-have-learn-in-my-first-month-of-hacking-and-bug-bounty-dc1a4be58294

Un 0-day en Firefox ha revelado un backdoor en #macOS

Hace unos días un usuario alertó a los investigadores de que a través de un 0-day ya conocido en Firefoxhabían logrado ejecutar código en su Mac (corriendo macOS 10.14.5).

https://www.seguridadapple.com/2019/06/un-0-day-en-firefox-ha-revelado-un.html

The #RaspberryPi 4 brings faster CPU, up to 4GB of RAM

Today, Raspberry Pi is introducing a new version of its popular line of single-board computer. The Raspberry Pi 4 Model B is the fastest Raspberry Pi ever, with the company promising "desktop performance comparable to entry-level x86 PC systems."

https://arstechnica.com/gadgets/2019/06/faster-raspberry-pi-4-promises-desktop-class-performance/

Introducing the #AWS Security Incident Response Whitepaper

AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment. 

https://aws.amazon.com/es/blogs/security/introducing-the-aws-security-incident-response-whitepaper/

New #Mac Malware Exploits GateKeeper Bypass Bug that #Apple Left Unpatched

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.

https://thehackernews.com/2019/06/macos-malware-gatekeeper.html

#Nagios XI Magpie_debug.php Root Remote Code Execution

https://cxsecurity.com/issue/WLB-2019060174

#Cisco Releases Security Updates for Data Center Network Manager

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager