#Microsoft fixed CVE-2019-1105 flaw in #Outlook for #Android
Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.
https://securityaffairs.co/wordpress/87398/hacking/outlook-android-flaw.html
Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.
https://securityaffairs.co/wordpress/87398/hacking/outlook-android-flaw.html
Security Affairs
Microsoft fixed CVE-2019-1105 flaw in Outlook for Android
Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users.
Vulnerabilidad de denegación de servicio en Apache Tomcat
Fecha de publicación: 21/06/2019
Importancia: 4 - Alta
Recursos afectados:
Apache Tomcat®, versiones:
Desde la 8.5.0 hasta 8.5.40;
Desde la 9.0.0.M1 hasta 9.0.19.
Descripción:
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-apache-tomcat-0
Fecha de publicación: 21/06/2019
Importancia: 4 - Alta
Recursos afectados:
Apache Tomcat®, versiones:
Desde la 8.5.0 hasta 8.5.40;
Desde la 9.0.0.M1 hasta 9.0.19.
Descripción:
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-apache-tomcat-0
INCIBE-CERT
Vulnerabilidad de denegación de servicio en Apache Tomcat
Apache ha publicado una corrección para una actualización anterior, incompleta, de la vulnerabilidad con identificador CVE-2019-0199 que podría permitir a un atacante el agotamiento de los hilos y la denegación del servicio (DoS).
Dell Releases Security Advisory for Dell SupportAssist
Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist
Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.
https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist
www.us-cert.gov
Dell Releases Security Advisory for Dell SupportAssist | US-CERT
Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and…
#OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
https://thehackernews.com/2019/06/openssh-side-channel-vulnerability.html
https://thehackernews.com/2019/06/openssh-side-channel-vulnerability.html
#Windows Terminal Is Here in Its Multi-Tabbed Console Glory
The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future builds.
https://www.bleepingcomputer.com/news/microsoft/windows-terminal-is-here-in-its-multi-tabbed-console-glory/
The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future builds.
https://www.bleepingcomputer.com/news/microsoft/windows-terminal-is-here-in-its-multi-tabbed-console-glory/
BleepingComputer
Windows Terminal Is Here in Its Multi-Tabbed Console Glory
The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future…
A #BlueTeam guide to #Azure & #Office365 monitoring
https://0x00sec.org/t/a-blue-team-guide-to-azure-office-365-monitoring/14411
https://0x00sec.org/t/a-blue-team-guide-to-azure-office-365-monitoring/14411
“What I have learn in my first month of Hacking and Bug Bounty”
https://medium.com/@unknownuser1806/what-i-have-learn-in-my-first-month-of-hacking-and-bug-bounty-dc1a4be58294
https://medium.com/@unknownuser1806/what-i-have-learn-in-my-first-month-of-hacking-and-bug-bounty-dc1a4be58294
Medium
What I have learn in my first month of Hacking and Bug Bounty?
Hi , In this post I will share everything about hacking , programming and bug bounty , CIFs etc available resources in come across. If you…
Un 0-day en Firefox ha revelado un backdoor en #macOS
Hace unos días un usuario alertó a los investigadores de que a través de un 0-day ya conocido en Firefoxhabían logrado ejecutar código en su Mac (corriendo macOS 10.14.5).
https://www.seguridadapple.com/2019/06/un-0-day-en-firefox-ha-revelado-un.html
Hace unos días un usuario alertó a los investigadores de que a través de un 0-day ya conocido en Firefoxhabían logrado ejecutar código en su Mac (corriendo macOS 10.14.5).
https://www.seguridadapple.com/2019/06/un-0-day-en-firefox-ha-revelado-un.html
Seguridadapple
Un 0-day en Firefox ha revelado un backdoor en macOS
Hace unos días un usuario alertó a los investigadores de que a través de un 0-day ya conocido en Firefox habían logrado ejecutar código ...
The #RaspberryPi 4 brings faster CPU, up to 4GB of RAM
Today, Raspberry Pi is introducing a new version of its popular line of single-board computer. The Raspberry Pi 4 Model B is the fastest Raspberry Pi ever, with the company promising "desktop performance comparable to entry-level x86 PC systems."
https://arstechnica.com/gadgets/2019/06/faster-raspberry-pi-4-promises-desktop-class-performance/
Today, Raspberry Pi is introducing a new version of its popular line of single-board computer. The Raspberry Pi 4 Model B is the fastest Raspberry Pi ever, with the company promising "desktop performance comparable to entry-level x86 PC systems."
https://arstechnica.com/gadgets/2019/06/faster-raspberry-pi-4-promises-desktop-class-performance/
Ars Technica
The Raspberry Pi 4 brings faster CPU, up to 4GB of RAM
More CPU power, more RAM, and more... displays?
Introducing the #AWS Security Incident Response Whitepaper
AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment.
https://aws.amazon.com/es/blogs/security/introducing-the-aws-security-incident-response-whitepaper/
AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment.
https://aws.amazon.com/es/blogs/security/introducing-the-aws-security-incident-response-whitepaper/
Amazon
Introducing the AWS Security Incident Response Whitepaper | Amazon Web Services
April 25, 2023: We’ve updated this blog post to include more security learning resources. AWS recently released the AWS Security Incident Response whitepaper, to help you understand the fundamentals of responding to security incidents within your cloud environment.…
New #Mac Malware Exploits GateKeeper Bypass Bug that #Apple Left Unpatched
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.
https://thehackernews.com/2019/06/macos-malware-gatekeeper.html
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.
https://thehackernews.com/2019/06/macos-malware-gatekeeper.html
#Cisco Releases Security Updates for Data Center Network Manager
Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager
Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/06/26/cisco-releases-security-updates-data-center-network-manager
www.us-cert.gov
Cisco Releases Security Updates for Data Center Network Manager | CISA
Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security…
The Cybersecurity and Infrastructure Security…
Google Warns of Microsoft #SwiftKey Losing Access to Gmail on July 15
Google is sending out warnings to Microsoft SwiftKey users that the keyboard will no longer be able to access the data in Google Accounts, including Gmail content, starting on July 15th.
https://www.bleepingcomputer.com/news/security/google-warns-of-microsoft-swiftkey-losing-access-to-gmail-on-july-15/
Google is sending out warnings to Microsoft SwiftKey users that the keyboard will no longer be able to access the data in Google Accounts, including Gmail content, starting on July 15th.
https://www.bleepingcomputer.com/news/security/google-warns-of-microsoft-swiftkey-losing-access-to-gmail-on-july-15/
BleepingComputer
Google Warns of Microsoft SwiftKey Losing Access to Gmail on July 15
Google is sending out warnings to Microsoft SwiftKey users that the keyboard will no longer be able to access the data in Google Accounts, including Gmail content, starting on July 15th.
Múltiples vulnerabilidades en Data Center Network Manager de Cisco
Fecha de publicación: 27/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Cisco Data Center Network Manager (DCNM) versiones de software anteriores a 11.1(1).
Descripción:
El investigador independiente de seguridad, Pedro Ribeiro, a través del programa de reporte de vulnerabilidades iDefense, ha detectado dos vulnerabilidades de severidad crítica y una de severidad alta. Un atacante remoto sin autenticación podría subir archivos arbitrarios, omitir la autenticación, realizar acciones arbitrarias con privilegios de administración u obtener acceso a información sensible en el dispositivo afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-data-center-network-manager-cisco
Fecha de publicación: 27/06/2019
Importancia: 5 - Crítica
Recursos afectados:
Cisco Data Center Network Manager (DCNM) versiones de software anteriores a 11.1(1).
Descripción:
El investigador independiente de seguridad, Pedro Ribeiro, a través del programa de reporte de vulnerabilidades iDefense, ha detectado dos vulnerabilidades de severidad crítica y una de severidad alta. Un atacante remoto sin autenticación podría subir archivos arbitrarios, omitir la autenticación, realizar acciones arbitrarias con privilegios de administración u obtener acceso a información sensible en el dispositivo afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-data-center-network-manager-cisco
INCIBE-CERT
Múltiples vulnerabilidades en Data Center Network Manager de Cisco
El investigador independiente de seguridad, Pedro Ribeiro, a través del programa de reporte de vulnerabilidades iDefense, ha detectado dos vulnerabilidades de severidad crítica y una de severidad alta. Un atacante remoto sin autenticación podría subir archivos…
EA Origin had a vulnerability that left 300 million players potentially exposed
The security flaw would have let hackers take over people’s account without needing to steal a login and password.
https://www.cnet.com/news/ea-origin-had-a-vulnerability-that-left-300-million-players-potentially-exposed/
The security flaw would have let hackers take over people’s account without needing to steal a login and password.
https://www.cnet.com/news/ea-origin-had-a-vulnerability-that-left-300-million-players-potentially-exposed/
CNET
EA Origin had a vulnerability that left 300 million players potentially exposed
The security flaw would have let hackers take over people’s account without needing to steal a login and password.
Escalada de privilegios en múltiples productos F5
Fecha de publicación: 28/06/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versiones:
15.0.0
Desde la versión 14.0.0 hasta la versión 14.1.0
Desde la versión 13.0.0 hasta la versión 13.1.1
Desde la versión 12.1.0 hasta la versión 12.1.4
Desde la versión 11.5.2 hasta la versión 11.6.4
Enterprise Manager versión 3.1.1
BIG-IQ Centralized Management versiones:
Desde la versión 6.0.0 hasta la versión 6.1.0
Desde la versión 5.1.0 hasta la versión 5.4.0
F5 iWorkflow versión 2.3.0
Descripción:
Investigadores de ING Tech Poland, Łukasz Juszczyk y Robert Podsiadło, han descubierto una vulnerabilidad de criticidad alta en múltiples productos de F5. Un atacante, sin autenticación, podría realizar una escalada de privilegios.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/escalada-privilegios-multiples-productos-f5
Fecha de publicación: 28/06/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versiones:
15.0.0
Desde la versión 14.0.0 hasta la versión 14.1.0
Desde la versión 13.0.0 hasta la versión 13.1.1
Desde la versión 12.1.0 hasta la versión 12.1.4
Desde la versión 11.5.2 hasta la versión 11.6.4
Enterprise Manager versión 3.1.1
BIG-IQ Centralized Management versiones:
Desde la versión 6.0.0 hasta la versión 6.1.0
Desde la versión 5.1.0 hasta la versión 5.4.0
F5 iWorkflow versión 2.3.0
Descripción:
Investigadores de ING Tech Poland, Łukasz Juszczyk y Robert Podsiadło, han descubierto una vulnerabilidad de criticidad alta en múltiples productos de F5. Un atacante, sin autenticación, podría realizar una escalada de privilegios.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/escalada-privilegios-multiples-productos-f5
INCIBE-CERT
Escalada de privilegios en múltiples productos F5
Investigadores de ING Tech Poland, Łukasz Juszczyk y Robert Podsiadło, han descubierto una vulnerabilidad de criticidad alta en múltiples productos de F5. Un atacante, sin autenticación, podría realizar una escalada de privilegios.
Múltiples vulnerabilidades en la familia Unity de Dell EMC
Fecha de publicación: 28/06/2019
Importancia: 4 - Alta
Recursos afectados:
Dell EMC Unity Operating Environment (OE) versiones anteriores a la 5.0.0.0.5.116;
Dell EMC UnityVSA Operating Environment (OE) versiones anteriores a la 5.0.0.0.5.116.
Descripción:
Dell EMC Unity ha publicado múltiples vulnerabilidades que pueden poner en peligro el sistema afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-familia-unity-dell-emc
Fecha de publicación: 28/06/2019
Importancia: 4 - Alta
Recursos afectados:
Dell EMC Unity Operating Environment (OE) versiones anteriores a la 5.0.0.0.5.116;
Dell EMC UnityVSA Operating Environment (OE) versiones anteriores a la 5.0.0.0.5.116.
Descripción:
Dell EMC Unity ha publicado múltiples vulnerabilidades que pueden poner en peligro el sistema afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-familia-unity-dell-emc
INCIBE-CERT
Múltiples vulnerabilidades en la familia Unity de Dell EMC
Dell EMC Unity ha publicado múltiples vulnerabilidades que pueden poner en peligro el sistema afectado.
Los #Mac se podrán localizar sin conexión a través de los #iPhone cercanos de cualquier persona
La conferencia de desarrolladores de Apple, que tuvo lugar el lunes 3 de junio, nos deja muchas novedades, entre ellas, podemos destacar la muerte de iTunes, el nuevo sistema operativo para iPad, macOS Catalina, el nuevo Mac Pro, pantallas espectaculares, etc. Si bien de entre todas las novedades, tenemos mucha curiosidad sobre la localización de nuestro Mac si está perdido o robado y carece de conexión gracias a los iPhone que se encuentren alrededor y a través de 'beacons Bluetooth'.
https://www.seguridadapple.com/2019/06/los-mac-se-podran-localizar-sin.html
La conferencia de desarrolladores de Apple, que tuvo lugar el lunes 3 de junio, nos deja muchas novedades, entre ellas, podemos destacar la muerte de iTunes, el nuevo sistema operativo para iPad, macOS Catalina, el nuevo Mac Pro, pantallas espectaculares, etc. Si bien de entre todas las novedades, tenemos mucha curiosidad sobre la localización de nuestro Mac si está perdido o robado y carece de conexión gracias a los iPhone que se encuentren alrededor y a través de 'beacons Bluetooth'.
https://www.seguridadapple.com/2019/06/los-mac-se-podran-localizar-sin.html
Seguridadapple
Los Mac se podrán localizar sin conexión a través de los iPhone cercanos de cualquier persona
La conferencia de desarrolladores de Apple , que tuvo lugar el lunes 3 de junio, nos deja muchas novedades, entre ellas, podemos destacar l...
#Google Releases Security Updates for #ChromeOS
Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/06/27/google-releases-security-updates-chrome-os
Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/06/27/google-releases-security-updates-chrome-os
www.us-cert.gov
Google Releases Security Updates for Chrome OS | CISA
Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information.
#ActiveDirectory Kill Chain Attack & Defense
This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
https://github.com/infosecn1nja/AD-Attack-Defense
This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
https://github.com/infosecn1nja/AD-Attack-Defense
GitHub
GitHub - infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft…
Attack and defend active directory using modern post exploitation adversary tradecraft activity - infosecn1nja/AD-Attack-Defense