Múltiples vulnerabilidades en productos Cisco

Fecha de publicación: 20/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
Los siguientes productos de Cisco que ejecuten una versión de Cisco SD-WAN Solution anterior a la 18.3.6, 18.4.1 y 19.1.0:
vBond Orchestrator Software,
vEdge 100 Series Routers,
vEdge 1000 Series Routers,
vEdge 2000 Series Routers,
vEdge 5000 Series Routers,
vEdge Cloud Router Platform,
vManage Network Management Software,
vSmart Controller Software.
Cisco DNA Center Software, versiones anteriores a la 1.3.
Los siguientes productos de Cisco que ejecuten una versión vulnerable de Cisco TelePresence TC o Cisco TelePresence CE software:
Cisco TelePresence Integrator C Series,
Cisco TelePresence EX Series,
Cisco TelePresence MX Series,
Cisco TelePresence SX Series,
Cisco Webex Room Series.
Los siguiente productos de Cisco que ejecuten una versión vulnerable de Cisco StarOS operating system:
Cisco Virtualized Packet Core-Single Instance (VPC-SI),
Cisco Virtualized Packet Core-Distributed Instance (VPC-DI).
Cisco vManage Network Management Software ejecutando una versión de Cisco SD-WAN Solution anterior a la 18.4.0.
RV110W Wireless-N VPN Firewall, versiones anteriores a la 1.2.2.4.
RV130W Wireless-N Multifunction VPN Router, versiones anteriores a la 1.0.3.51.
RV215W Wireless-N VPN Router, versiones anteriores a la 1.3.1.4.
Cisco Prime Service Catalog Software, versiones anteriores a la 12.1 Cumulative patch versión 10.
Cisco Meeting Server deployments que ejecute versiones anteriores a la 2.2.14 y la 2.3.8.

Descripción: 
Cisco ha publicado múltiples vulnerabilidades que podrían permitir a un atacante escalar privilegios, evadir la autenticación, ejecutar código remoto, denegar el servicio o llevar a cabo ataques cross-site request forgery (CSRF) en los productos afectados.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-49

#Google open-sources #cryptographic tool to keep data sets private

Poorly secured databases are a top privacy and security concern — and Google now wants to plug that leak.

The internet giant has said it’s open sourcing Private Join and Compute, a new secure multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.

https://thenextweb.com/security/2019/06/20/google-open-sources-cryptographic-tool-to-keep-data-sets-private/

Turla Espionage Group Hacks OilRig #APT Infrastructure

Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in.

https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/

The #FreeBSD Project Topic:

Resource exhaustion in non-default RACK TCP stack
Category: core
Module: inet Announced: 2019-06-19
Credits: Jonathan Looney (Netflix) Peter Lei (Netflix)
Affects: FreeBSD 12.0 and later
Corrected: 2019-06-19 16:25:39 UTC (stable/12, 12.0-STABLE) 2019-06-19 16:43:05 UTC (releng/12.0, 12.0-RELEASE-p6)

CVE Name: CVE-2019-5599

...
III. Impact

An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.

https://www.freebsd.org/security/advisories/FreeBSD-SA-19:08.rack.asc

#Microsoft fixed CVE-2019-1105 flaw in #Outlook for #Android

Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.

https://securityaffairs.co/wordpress/87398/hacking/outlook-android-flaw.html

Vulnerabilidad de denegación de servicio en Apache Tomcat

Fecha de publicación: 21/06/2019
Importancia: 4 - Alta

Recursos afectados: 
Apache Tomcat®, versiones:
Desde la 8.5.0 hasta 8.5.40;
Desde la 9.0.0.M1 hasta 9.0.19.

Descripción: 
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-apache-tomcat-0

Dell Releases Security Advisory for Dell SupportAssist

Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.

https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist

#OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks

https://thehackernews.com/2019/06/openssh-side-channel-vulnerability.html

#Windows Terminal Is Here in Its Multi-Tabbed Console Glory

The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future builds.

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-is-here-in-its-multi-tabbed-console-glory/

A #BlueTeam guide to #Azure & #Office365 monitoring

https://0x00sec.org/t/a-blue-team-guide-to-azure-office-365-monitoring/14411

“What I have learn in my first month of Hacking and Bug Bounty”

https://medium.com/@unknownuser1806/what-i-have-learn-in-my-first-month-of-hacking-and-bug-bounty-dc1a4be58294

Un 0-day en Firefox ha revelado un backdoor en #macOS

Hace unos días un usuario alertó a los investigadores de que a través de un 0-day ya conocido en Firefoxhabían logrado ejecutar código en su Mac (corriendo macOS 10.14.5).

https://www.seguridadapple.com/2019/06/un-0-day-en-firefox-ha-revelado-un.html

The #RaspberryPi 4 brings faster CPU, up to 4GB of RAM

Today, Raspberry Pi is introducing a new version of its popular line of single-board computer. The Raspberry Pi 4 Model B is the fastest Raspberry Pi ever, with the company promising "desktop performance comparable to entry-level x86 PC systems."

https://arstechnica.com/gadgets/2019/06/faster-raspberry-pi-4-promises-desktop-class-performance/

Introducing the #AWS Security Incident Response Whitepaper

AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment. 

https://aws.amazon.com/es/blogs/security/introducing-the-aws-security-incident-response-whitepaper/

New #Mac Malware Exploits GateKeeper Bypass Bug that #Apple Left Unpatched

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.

https://thehackernews.com/2019/06/macos-malware-gatekeeper.html

#Nagios XI Magpie_debug.php Root Remote Code Execution

https://cxsecurity.com/issue/WLB-2019060174

#Cisco Releases Security Updates for Data Center Network Manager

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager

Google Warns of Microsoft #SwiftKey Losing Access to Gmail on July 15

Google is sending out warnings to Microsoft SwiftKey users that the keyboard will no longer be able to access the data in Google Accounts, including Gmail content, starting on July 15th.

https://www.bleepingcomputer.com/news/security/google-warns-of-microsoft-swiftkey-losing-access-to-gmail-on-july-15/

Múltiples vulnerabilidades en Data Center Network Manager de Cisco

Fecha de publicación: 27/06/2019
Importancia: 5 - Crítica

Recursos afectados: 
Cisco Data Center Network Manager (DCNM) versiones de software anteriores a 11.1(1).

Descripción: 
El investigador independiente de seguridad, Pedro Ribeiro, a través del programa de reporte de vulnerabilidades iDefense, ha detectado dos vulnerabilidades de severidad crítica y una de severidad alta. Un atacante remoto sin autenticación podría subir archivos arbitrarios, omitir la autenticación, realizar acciones arbitrarias con privilegios de administración u obtener acceso a información sensible en el dispositivo afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-data-center-network-manager-cisco

EA Origin had a vulnerability that left 300 million players potentially exposed

The security flaw would have let hackers take over people’s account without needing to steal a login and password.

https://www.cnet.com/news/ea-origin-had-a-vulnerability-that-left-300-million-players-potentially-exposed/

Escalada de privilegios en múltiples productos F5

Fecha de publicación: 28/06/2019
Importancia: 4 - Alta

Recursos afectados: 
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versiones:
15.0.0
Desde la versión 14.0.0 hasta la versión 14.1.0
Desde la versión 13.0.0 hasta la versión 13.1.1
Desde la versión 12.1.0 hasta la versión 12.1.4
Desde la versión 11.5.2 hasta la versión 11.6.4
Enterprise Manager versión 3.1.1
BIG-IQ Centralized Management versiones:
Desde la versión 6.0.0 hasta la versión 6.1.0
Desde la versión 5.1.0 hasta la versión 5.4.0
F5 iWorkflow versión 2.3.0

Descripción: 
Investigadores de ING Tech Poland, Łukasz Juszczyk y Robert Podsiadło, han descubierto una vulnerabilidad de criticidad alta en múltiples productos de F5. Un atacante, sin autenticación, podría realizar una escalada de privilegios.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/escalada-privilegios-multiples-productos-f5