Awesome #Sysadmin
A curated list of amazingly awesome open source sysadmin #resources.
https://github.com/kahun/awesome-sysadmin
A curated list of amazingly awesome open source sysadmin #resources.
https://github.com/kahun/awesome-sysadmin
GitHub
GitHub - kahun/awesome-sysadmin: A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.
A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP. - kahun/awesome-sysadmin
Hackers breach FSB contractor, expose Tor deanonymization project and more
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/
ZDNET
Hackers breach FSB contractor, expose Tor deanonymization project and more
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
#Skadi v2019.4 releases: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
Skadi is a free, open-source collection of tools that enable the collection, processing and advanced analysis of #forensic artifacts and images. It scales to work effectively on laptops, desktops, servers, the cloud and can be installed on top of #hardened / gold disk images.
https://securityonline.info/skadi/
Skadi is a free, open-source collection of tools that enable the collection, processing and advanced analysis of #forensic artifacts and images. It scales to work effectively on laptops, desktops, servers, the cloud and can be installed on top of #hardened / gold disk images.
https://securityonline.info/skadi/
Penetration Testing
Skadi: Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
Skadi is a free, open-source collection of tools that enable the collection, processing and advanced analysis of forensic artifacts and images.
Attacking Private Networks from the Internet with #DNS Rebinding
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
Medium
Attacking Private Networks from the Internet with DNS Rebinding
TL;DR Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home…
#Linux #Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability
https://www.securityfocus.com/bid/108410/info
https://www.securityfocus.com/bid/108410/info
Securityfocus
Linux Kernel CVE-2019-11811 Local Arbitrary Code Execution Vulnerability
SecurityFocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet's largest and most comprehensive database of computer security knowledge and resources to the public. It…
#ProFTPD Remote Code Execution Bug Exposes Over 1 Million Servers
#RCE
More than one million ProFTPD servers are vulnerable to remote code execution and information disclosure attacks that could be triggered after successful exploitation of an arbitrary file copy vulnerability.
https://www.bleepingcomputer.com/news/security/proftpd-remote-code-execution-bug-exposes-over-1-million-servers/
#RCE
More than one million ProFTPD servers are vulnerable to remote code execution and information disclosure attacks that could be triggered after successful exploitation of an arbitrary file copy vulnerability.
https://www.bleepingcomputer.com/news/security/proftpd-remote-code-execution-bug-exposes-over-1-million-servers/
BleepingComputer
ProFTPD Vulnerability Lets Users Copy Files Without Permission
Under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks after successful exploitation of an arbitrary file copy vulnerability in the mod_copy module.
#Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/07/22/apple-releases-multiple-security-updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/07/22/apple-releases-multiple-security-updates
www.us-cert.gov
Apple Releases Multiple Security Updates | CISA
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Hackers Exploit #Jira, Exim #Linux Servers to "Keep the Internet Safe'
Hackers are exploiting vulnerable Jira and #Exim servers with the end goal of infecting them with a new #Watchbog Linux Trojan variant and using the resulting botnet as part of a #Monero cryptomining operation.
Watchbog is a malware strain used to infect Linux servers by exploiting vulnerable software such as Jenkins during a campaign from May, as well as Nexus Repository Manager 3, ThinkPHP, and Linux Supervisord as part of an operation from March as discovered by Alibaba Cloud Security researchers.
https://www.bleepingcomputer.com/news/security/hackers-exploit-jira-exim-linux-servers-to-keep-the-internet-safe/
Hackers are exploiting vulnerable Jira and #Exim servers with the end goal of infecting them with a new #Watchbog Linux Trojan variant and using the resulting botnet as part of a #Monero cryptomining operation.
Watchbog is a malware strain used to infect Linux servers by exploiting vulnerable software such as Jenkins during a campaign from May, as well as Nexus Repository Manager 3, ThinkPHP, and Linux Supervisord as part of an operation from March as discovered by Alibaba Cloud Security researchers.
https://www.bleepingcomputer.com/news/security/hackers-exploit-jira-exim-linux-servers-to-keep-the-internet-safe/
BleepingComputer
Hackers Exploit Jira, Exim Linux Servers to "Keep the Internet Safe'
Hackers are exploiting vulnerable Jira and Exim servers with the end goal of infecting them with a new Watchbog Linux Trojan variant and using the resulting botnet as part of a Monero cryptomining operation.
QCSuper: A tool for capturing 2G/3G/4G air traffic on Qualcomm-based phones
https://www.andreafortuna.org/2019/07/23/qcsuper-a-tool-for-capturing-2g-3g-4g-air-traffic-on-qualcomm-based-phones/
https://www.andreafortuna.org/2019/07/23/qcsuper-a-tool-for-capturing-2g-3g-4g-air-traffic-on-qualcomm-based-phones/
Andrea Fortuna
QCSuper: A tool for capturing 2G/3G/4G air traffic on Qualcomm-based phones
QCSuper is a tool allowing to capture raw 2G/3G/4G radio frames, generating PCAP captures using Qualcomm-based phones and modems. Lately, I have been playing with a 3G dongle – a small USB device enabling to connect to the mobile Internet. I have discovered…
Building #Resilience to Foreign Interference, #Misinformation Activities
https://www.us-cert.gov/ncas/current-activity/2019/07/22/building-resilience-foreign-interference-misinformation-activities
https://www.us-cert.gov/ncas/current-activity/2019/07/22/building-resilience-foreign-interference-misinformation-activities
www.us-cert.gov
Building Resilience to Foreign Interference, Misinformation Activities | CISA
As part of the effort to #Protect2020, the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities (e.g., disinformation, misinformation).
#PuTTY a free #SSH and #Telnet client
New in 0.72 (released 2019-07-20)
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
New in 0.72 (released 2019-07-20)
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Forwarded from tpx Security ⠠⠵
¡Cuidado al compartir enlaces de Google Fotos!
Se descubrió un error el cual permite acceder a un enlace compartido de manera privada sin necesidad de estar logueado, basta con acceder desde una ventana de incógnito al enlace.
Mucho cuidado.
Se descubrió un error el cual permite acceder a un enlace compartido de manera privada sin necesidad de estar logueado, basta con acceder desde una ventana de incógnito al enlace.
Mucho cuidado.
#Comodo #Antivirus Affected With Multiple Vulnerabilities that Includes Privilege Escalation and Denial of Service
Researchers discovered five critical vulnerabilities in Comodo Antivirus / Advanced version. Out of five vulnerabilities four present in version 12.0.0.6810 and one with 11.0.0.6582.
https://gbhackers.com/comodo-antivirus-affected-with-multiple-vulnerabilities-that-includes-privilege-escalation-and-denial-of-service
Researchers discovered five critical vulnerabilities in Comodo Antivirus / Advanced version. Out of five vulnerabilities four present in version 12.0.0.6810 and one with 11.0.0.6582.
https://gbhackers.com/comodo-antivirus-affected-with-multiple-vulnerabilities-that-includes-privilege-escalation-and-denial-of-service
GBHackers On Security
Comodo Antivirus Affected With Multiple Vulnerabilities
Researchers discovered five critical vulnerabilities in Comodo Antivirus / Comodo Antivirus Advanced. Out of five vulnerabilities four present in version 12.0.0.6810 and one with 11.0.0.6582.
[SECURITY] [DSA 4487-1] #neovim security update
https://lists.debian.org/debian-security-announce/2019/msg00135.html
https://lists.debian.org/debian-security-announce/2019/msg00135.html
CVE-2019–13382: Local Privilege Escalation in #SnagIt
Version: Snagit 2019.1.2 Build 3596
Operating System tested on: Windows 10 1803 (x64)
Vulnerability: SnagIt Relay Classic Recorder Local Privilege Escalation through insecure file move
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349
Version: Snagit 2019.1.2 Build 3596
Operating System tested on: Windows 10 1803 (x64)
Vulnerability: SnagIt Relay Classic Recorder Local Privilege Escalation through insecure file move
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349
Medium
CVE-2019–13382: Local Privilege Escalation in SnagIt
Version: Snagit 2019.1.2 Build 3596 Operating System tested on: Windows 10 1803 (x64) Vulnerability: SnagIt Relay Classic Recorder Local…
Consiguiendo persistencia invisible al editor del registro de Windows (regedit)
#Hackplayers
https://www.hackplayers.com/2019/07/persistencia-invisible-regedit.html?m=1
#Hackplayers
https://www.hackplayers.com/2019/07/persistencia-invisible-regedit.html?m=1
Hackplayers
Consiguiendo persistencia invisible al editor del registro de Windows (regedit)
Hoy vamos a ver como, mediante algunas llamadas al API nativa de Windows, podemos crear valores en el registro que Regedit no puede mostr...
Vulnerabilidad en Network Time Protocol (NTP)
Fecha de publicación: 25/07/2019
Importancia: 4 - Alta
Recursos afectados:
Productos F5:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0;
desde la 14.0.0 hasta la 14.1.0;
desde la 13.1.0 hasta la 13.1.1;
desde la 12.1.0 hasta la 12.1.4;
desde la 11.5.2 hasta la 11.6.4;
Enterprise Manager. versión 3.1.1;
BIG-IQ Centralized Management, versiones:
desde la 6.0.0 hasta la 6.1.0;
desde la 5.1.0 hasta la 5.4.0;
F5 iWorkflow, versión 2.3.0;
Traffix SDC, desde la versión 5.0.0 hasta la versión 5.1.0.
Red Hat Enterprise versiones 5, 6 y 7
Descripción:
Se ha detectado una vulnerabilidad de criticidad alta que afecta al protocolo NTP. Un atacante remoto podría acceder a los recursos, modificar archivos o generar una condición de denegación de servicio en el sistema.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-network-time-protocol-ntp
Fecha de publicación: 25/07/2019
Importancia: 4 - Alta
Recursos afectados:
Productos F5:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0;
desde la 14.0.0 hasta la 14.1.0;
desde la 13.1.0 hasta la 13.1.1;
desde la 12.1.0 hasta la 12.1.4;
desde la 11.5.2 hasta la 11.6.4;
Enterprise Manager. versión 3.1.1;
BIG-IQ Centralized Management, versiones:
desde la 6.0.0 hasta la 6.1.0;
desde la 5.1.0 hasta la 5.4.0;
F5 iWorkflow, versión 2.3.0;
Traffix SDC, desde la versión 5.0.0 hasta la versión 5.1.0.
Red Hat Enterprise versiones 5, 6 y 7
Descripción:
Se ha detectado una vulnerabilidad de criticidad alta que afecta al protocolo NTP. Un atacante remoto podría acceder a los recursos, modificar archivos o generar una condición de denegación de servicio en el sistema.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-network-time-protocol-ntp
INCIBE-CERT
Vulnerabilidad en Network Time Protocol (NTP)
Se ha detectado una vulnerabilidad de criticidad alta que afecta al protocolo NTP. Un atacante remoto podría acceder a los recursos, modificar archivos o generar una condición de denegación de
Vulnerabilidad en servidores ProFTPD
Fecha de publicación: 25/07/2019
Importancia: 5 - Crítica
Recursos afectados:
Versiones 1.3.6 y anteriores.
Descripción:
El investigador Tobias Mädel ha detectado una vulnerabilidad de severidad crítica en el módulo mod_copy de los servidores ProFTPD. Un atacante remoto, sin autenticación, podría ejecutar código o revelar información.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-servidores-proftpd
Fecha de publicación: 25/07/2019
Importancia: 5 - Crítica
Recursos afectados:
Versiones 1.3.6 y anteriores.
Descripción:
El investigador Tobias Mädel ha detectado una vulnerabilidad de severidad crítica en el módulo mod_copy de los servidores ProFTPD. Un atacante remoto, sin autenticación, podría ejecutar código o revelar información.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-servidores-proftpd
INCIBE-CERT
Vulnerabilidad en servidores ProFTPD
El investigador Tobias Mädel ha detectado una vulnerabilidad de severidad crítica en el módulo mod_copy de los servidores ProFTPD. Un atacante remoto, sin autenticación, podría ejecutar código o revelar información.
Forwarded from Una al día
VLC no es vulnerable y no tienes que desinstalarlo
https://unaaldia.hispasec.com/2019/07/vlc-no-es-vulnerable-y-no-tienes-que-desinstalarlo.html
https://unaaldia.hispasec.com/2019/07/vlc-no-es-vulnerable-y-no-tienes-que-desinstalarlo.html
Una al Día
VLC no es vulnerable y no tienes que desinstalarlo — Una al Día
La vulnerabilidad llevaba parcheada 16 meses y no formaba parte VLC, aunque un cúmulo de malas prácticas han permitido que la noticia llegue hasta los medios
#Linux #Botnet Adding BlueKeep-Flawed Windows #RDP Servers to Its Target List
Cybersecurity researchers have discovered a new variant of #WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.
https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html
Cybersecurity researchers have discovered a new variant of #WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.
https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html