Vulnerabilidad en Exim

Fecha de publicación: 26/07/2019
Importancia: 4 - Alta

Recursos afectados: 
Exim, versiones desde la 4.85 hasta la 4.92.

Descripción: 
El investigador Jeremy Harris ha descubierto una vulnerabilidad de criticidad alta. Un atacante, local o remoto, podría ejecutar programas con privilegios de root.

Solución: 
Actualizar Exim a la versión 4.92.1

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-exim

Vulnerabilities in Multiple #VPN Applications

Palo Alto Security Advisory PAN-SA-2019-00200
FortiGuard Security Advisory  FG-IR-18-384
Pulse Secure Security Advisory SA44101

https://www.us-cert.gov/ncas/current-activity/2019/07/26/vulnerabilities-multiple-vpn-applications

#LibreOffice – A Python Interpreter (code execution vulnerability CVE-2019-9848)

https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/

Grupo Iraní utiliza linkedIn para distribuir malware

https://unaaldia.hispasec.com/2019/07/grupo-irani-utiliza-linkedin-para-distribuir-malware.html

Buscando activos con onyphe.io #OSINT

Buenas a todos, en el post de hoy quería compartiros un servicio online lanzado hace un par de años, similar a #Shodan, llamado onyphe.io. Se trata de un portal muy simple, que nos dará acceso bien a través de la web, o bien a través de su API, a una gran cantidad de información de activos de Internet almacenada en sus bases de datos.

https://www.flu-project.com/2019/07/buscando-activos-con-onypheio.html

Use #Onyphe

Simple #PowerShell module to use Onyphe.io #API

Onyphe.io provides data about IP address space and publicly available information in just one place.

Some of the APIs required an API key. To request it : https://www.onyphe.io/login

https://github.com/MS-LUF/Use-Onyphe

Ataque de inyección XXE en Daeja ViewONE de IBM

Fecha de publicación: 29/07/2019
Importancia: 4 - Alta

Recursos afectados: 
Daeja ViewONE Virtual, desde la versión 5.0 hasta la 5.0.6.

Descripción: 
IBM ha publicado una vulnerabilidad de criticidad alta en Daeja ViewONE Professional, Standard y Virtual. Un atacante remoto podría revelar información sensible o generar una condición de denegación de servicio.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ataque-inyeccion-xxe-daeja-viewone-ibm

#Adobe ColdFusion Remote Code Execution (CVE-2019-7839)


Vulnerability Description
A remote code execution vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0910.html

#Symantec #DLP Cross-Site Scripting (CVE-2019-9701)


Vulnerability Description
A cross-site scripting vulnerability exists in Symantec DLP 15.5 MP1. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the effected system.

https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0899.html

#usbrip (derived from "USB Ripper", not "USB R.I.P." 😲) is an open source #forensics tool with CLI interface that lets you keep track of #USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.

https://github.com/snovvcrash/usbrip

#Urgent11 security flaws impact routers, printers, SCADA, medical equipment, and many other IoT devices.

Security flaws impact the networking stack of the VxWorks RTOS.

https://www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/?__twitter_impression=true

Capital One Target of Massive Data Breach

A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a suspect in the case .

https://www.securityweek.com/capital-one-target-massive-data-breach

RDP Fingerprinting

Profiling #RDP Clients with JA3 and RDFP

https://medium.com/@0x4d31/rdp-client-fingerprinting-9e7ac219f7f4

Why Hackers Abuse #ActiveDirectory

From Ransomware to APT Attacks, AD Can Make Connecting to Systems Easy

https://www.govinfosecurity.com/hackers-abuse-active-directory-a-12825

Adama

Searches For Threat Hunting and Security Analytics

A collection of known log and / or event data searches for threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK.

https://github.com/randomuserid/SpaceCake-Adama

BLUESPAWN helps #blueteams monitor Windows systems in real-time against active attackers by detecting anomalous activity

https://github.com/ION28/BLUESPAWN/blob/master/README.md

Técnica Anti-VM con MSAcpi_ThermalZoneTemperature
#Hackplayers

https://www.hackplayers.com/2019/07/anti-vm-msacpi-thermalzonetemperature.html

Las conversaciones de Apple Siri son revisadas por empresas externas poniendo en riesgo la privacidad de los usuarios
#privacidad

https://www.seguridadapple.com/2019/07/las-conversaciones-de-apple-siri-son.html

How an attacker can target #phishing attacks


There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.

https://www.csoonline.com/video/97009/how-an-attacker-can-target-phishing-attacks

AWDL flaws open #Apple users to tracking, #MitM, malware planting

Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in spite of MAC randomization, to intercept and modify transmitted files, and to prevent transmission or crash devices altogether.

https://www.helpnetsecurity.com/2019/07/31/apple-airdrop-issues/

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack.

https://securityaffairs.co/wordpress/89165/hacking/oxid-eshop-flaws.html