VLC no es vulnerable y no tienes que desinstalarlo

https://unaaldia.hispasec.com/2019/07/vlc-no-es-vulnerable-y-no-tienes-que-desinstalarlo.html

#Linux #Botnet Adding BlueKeep-Flawed Windows #RDP Servers to Its Target List

Cybersecurity researchers have discovered a new variant of #WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.

https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html

Feliz #SysAdminDay a tod@s
https://sysadminday.com/

Vulnerabilidad en Exim

Fecha de publicación: 26/07/2019
Importancia: 4 - Alta

Recursos afectados: 
Exim, versiones desde la 4.85 hasta la 4.92.

Descripción: 
El investigador Jeremy Harris ha descubierto una vulnerabilidad de criticidad alta. Un atacante, local o remoto, podría ejecutar programas con privilegios de root.

Solución: 
Actualizar Exim a la versión 4.92.1

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-exim

Vulnerabilities in Multiple #VPN Applications

Palo Alto Security Advisory PAN-SA-2019-00200
FortiGuard Security Advisory  FG-IR-18-384
Pulse Secure Security Advisory SA44101

https://www.us-cert.gov/ncas/current-activity/2019/07/26/vulnerabilities-multiple-vpn-applications

#LibreOffice – A Python Interpreter (code execution vulnerability CVE-2019-9848)

https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/

Grupo Iraní utiliza linkedIn para distribuir malware

https://unaaldia.hispasec.com/2019/07/grupo-irani-utiliza-linkedin-para-distribuir-malware.html

Buscando activos con onyphe.io #OSINT

Buenas a todos, en el post de hoy quería compartiros un servicio online lanzado hace un par de años, similar a #Shodan, llamado onyphe.io. Se trata de un portal muy simple, que nos dará acceso bien a través de la web, o bien a través de su API, a una gran cantidad de información de activos de Internet almacenada en sus bases de datos.

https://www.flu-project.com/2019/07/buscando-activos-con-onypheio.html

Use #Onyphe

Simple #PowerShell module to use Onyphe.io #API

Onyphe.io provides data about IP address space and publicly available information in just one place.

Some of the APIs required an API key. To request it : https://www.onyphe.io/login

https://github.com/MS-LUF/Use-Onyphe

Ataque de inyección XXE en Daeja ViewONE de IBM

Fecha de publicación: 29/07/2019
Importancia: 4 - Alta

Recursos afectados: 
Daeja ViewONE Virtual, desde la versión 5.0 hasta la 5.0.6.

Descripción: 
IBM ha publicado una vulnerabilidad de criticidad alta en Daeja ViewONE Professional, Standard y Virtual. Un atacante remoto podría revelar información sensible o generar una condición de denegación de servicio.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ataque-inyeccion-xxe-daeja-viewone-ibm

#Adobe ColdFusion Remote Code Execution (CVE-2019-7839)


Vulnerability Description
A remote code execution vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0910.html

#Symantec #DLP Cross-Site Scripting (CVE-2019-9701)


Vulnerability Description
A cross-site scripting vulnerability exists in Symantec DLP 15.5 MP1. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the effected system.

https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0899.html

#usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source #forensics tool with CLI interface that lets you keep track of #USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.

https://github.com/snovvcrash/usbrip

#Urgent11 security flaws impact routers, printers, SCADA, medical equipment, and many other IoT devices.

Security flaws impact the networking stack of the VxWorks RTOS.

https://www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/?__twitter_impression=true

Capital One Target of Massive Data Breach

A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a suspect in the case .

https://www.securityweek.com/capital-one-target-massive-data-breach

RDP Fingerprinting

Profiling #RDP Clients with JA3 and RDFP

https://medium.com/@0x4d31/rdp-client-fingerprinting-9e7ac219f7f4

Why Hackers Abuse #ActiveDirectory

From Ransomware to APT Attacks, AD Can Make Connecting to Systems Easy

https://www.govinfosecurity.com/hackers-abuse-active-directory-a-12825

Adama

Searches For Threat Hunting and Security Analytics

A collection of known log and / or event data searches for threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK.

https://github.com/randomuserid/SpaceCake-Adama

BLUESPAWN helps #blueteams monitor Windows systems in real-time against active attackers by detecting anomalous activity

https://github.com/ION28/BLUESPAWN/blob/master/README.md

Técnica Anti-VM con MSAcpi_ThermalZoneTemperature
#Hackplayers

https://www.hackplayers.com/2019/07/anti-vm-msacpi-thermalzonetemperature.html

Las conversaciones de Apple Siri son revisadas por empresas externas poniendo en riesgo la privacidad de los usuarios
#privacidad

https://www.seguridadapple.com/2019/07/las-conversaciones-de-apple-siri-son.html