#Urgent11 security flaws impact routers, printers, SCADA, medical equipment, and many other IoT devices.
Security flaws impact the networking stack of the VxWorks RTOS.
https://www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/?__twitter_impression=true
Security flaws impact the networking stack of the VxWorks RTOS.
https://www.zdnet.com/article/urgent11-security-flaws-impact-routers-printers-scada-and-many-iot-devices/?__twitter_impression=true
ZDNet
Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices
Security updates are out, but patching will most likely take months, if not years.
Capital One Target of Massive Data Breach
A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a suspect in the case .
https://www.securityweek.com/capital-one-target-massive-data-breach
A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a suspect in the case .
https://www.securityweek.com/capital-one-target-massive-data-breach
Securityweek
Capital One Target of Massive Data Breach | SecurityWeek.Com
A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said, as federal authorities arrested suspect Paige A. Thompson in the case.
RDP Fingerprinting
Profiling #RDP Clients with JA3 and RDFP
https://medium.com/@0x4d31/rdp-client-fingerprinting-9e7ac219f7f4
Profiling #RDP Clients with JA3 and RDFP
https://medium.com/@0x4d31/rdp-client-fingerprinting-9e7ac219f7f4
Medium
RDP Fingerprinting
Profiling RDP Clients with JA3 and RDFP
Why Hackers Abuse #ActiveDirectory
From Ransomware to APT Attacks, AD Can Make Connecting to Systems Easy
https://www.govinfosecurity.com/hackers-abuse-active-directory-a-12825
From Ransomware to APT Attacks, AD Can Make Connecting to Systems Easy
https://www.govinfosecurity.com/hackers-abuse-active-directory-a-12825
Govinfosecurity
Why Hackers Abuse Active Directory
Warning: Attackers are abusing poorly secured and managed implementations of Microsoft Windows Active Directory to hack organizations and distribute ransomware.
Adama
Searches For Threat Hunting and Security Analytics
A collection of known log and / or event data searches for threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK.
https://github.com/randomuserid/SpaceCake-Adama
Searches For Threat Hunting and Security Analytics
A collection of known log and / or event data searches for threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK.
https://github.com/randomuserid/SpaceCake-Adama
GitHub
randomuserid/Adama
Searches For Threat Hunting and Security Analytics - randomuserid/Adama
BLUESPAWN helps #blueteams monitor Windows systems in real-time against active attackers by detecting anomalous activity
https://github.com/ION28/BLUESPAWN/blob/master/README.md
https://github.com/ION28/BLUESPAWN/blob/master/README.md
GitHub
BLUESPAWN/README.md at master · ION28/BLUESPAWN
An Active Defense and EDR software to empower Blue Teams - ION28/BLUESPAWN
Técnica Anti-VM con MSAcpi_ThermalZoneTemperature
#Hackplayers
https://www.hackplayers.com/2019/07/anti-vm-msacpi-thermalzonetemperature.html
#Hackplayers
https://www.hackplayers.com/2019/07/anti-vm-msacpi-thermalzonetemperature.html
Hackplayers
Técnica Anti-VM con MSAcpi_ThermalZoneTemperature
Hoy en día es extremadamente fácil escribir muestras de malware utilizando técnicas anti-VM diseñadas para detectar entornos virtuales o ...
Las conversaciones de Apple Siri son revisadas por empresas externas poniendo en riesgo la privacidad de los usuarios
#privacidad
https://www.seguridadapple.com/2019/07/las-conversaciones-de-apple-siri-son.html
#privacidad
https://www.seguridadapple.com/2019/07/las-conversaciones-de-apple-siri-son.html
Seguridadapple
Las conversaciones de Apple Siri son revisadas por empresas externas poniendo en riesgo la privacidad de los usuarios
Ya no es sólo un problema de Google o Amazon , Apple también tiene que revisar su política de seguridad respecto a Siri y las escuchas...
How an attacker can target #phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.
https://www.csoonline.com/video/97009/how-an-attacker-can-target-phishing-attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise from these potential attacks.
https://www.csoonline.com/video/97009/how-an-attacker-can-target-phishing-attacks
CSO Online
How an attacker can target phishing attacks
There are a number of ways attackers can exploit public information about your organization's employees. CSO Online's Susan Bradley walks through how an attacker can gain access to your organization's Office 365 accounts and how you can protect your enterprise…
AWDL flaws open #Apple users to tracking, #MitM, malware planting
Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in spite of MAC randomization, to intercept and modify transmitted files, and to prevent transmission or crash devices altogether.
https://www.helpnetsecurity.com/2019/07/31/apple-airdrop-issues/
Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in spite of MAC randomization, to intercept and modify transmitted files, and to prevent transmission or crash devices altogether.
https://www.helpnetsecurity.com/2019/07/31/apple-airdrop-issues/
Help Net Security
AWDL flaws open Apple users to tracking, MitM, malware planting - Help Net Security
Vulnerabilities in AWDL could allow attackers to modify transmitted files, crash devices, and track users. Researchers demonstrated Apple AirDrop issues.
Hacking eCommerce sites based on OXID eShop by chaining 2 flaws
Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack.
https://securityaffairs.co/wordpress/89165/hacking/oxid-eshop-flaws.html
Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack.
https://securityaffairs.co/wordpress/89165/hacking/oxid-eshop-flaws.html
Security Affairs
Hacking eCommerce sites based on OXID eShop by chaining 2 flaws
Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack
#CISA Releases Advisory on Wind River #VxWorks Platform
The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/07/30/cisa-releases-advisory-wind-river-vxworks-platform
The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/07/30/cisa-releases-advisory-wind-river-vxworks-platform
www.us-cert.gov
CISA Releases Advisory on Wind River VxWorks Platform | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could exploit some of these vulnerabilities to take control…
Vulnerabilidad de validación incorrecta de entrada en las series Nexus 9000 de Cisco
Fecha de publicación: 01/08/2019
Importancia: 4 - Alta
Recursos afectados:
Series Nexus 9000 del producto Cisco Fabric Switches en modo ACI, si están ejecutando el software Cisco Nexus 9000 Series ACI en modo switch, versiones anteriores a 13.2(7f) o cualquiera de la rama 14.x.
Descripción:
Una vulnerabilidad en el subsistema Link Layer Discovery Protocol (LLDP), del software Cisco Nexus 9000 Series ACI en modo switch, permitiría a un atacante adyacente no autenticado provocar una condición de denegación de servicio (DoS) o ejecutar código arbitrario con privilegios de root.
Solución:
Las actualizaciones que corrigen la vulnerabilidad indicada pueden descargarse desde: Panel de descarga de Software Cisco.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-validacion-incorrecta-entrada-las-series-nexus-9000
Fecha de publicación: 01/08/2019
Importancia: 4 - Alta
Recursos afectados:
Series Nexus 9000 del producto Cisco Fabric Switches en modo ACI, si están ejecutando el software Cisco Nexus 9000 Series ACI en modo switch, versiones anteriores a 13.2(7f) o cualquiera de la rama 14.x.
Descripción:
Una vulnerabilidad en el subsistema Link Layer Discovery Protocol (LLDP), del software Cisco Nexus 9000 Series ACI en modo switch, permitiría a un atacante adyacente no autenticado provocar una condición de denegación de servicio (DoS) o ejecutar código arbitrario con privilegios de root.
Solución:
Las actualizaciones que corrigen la vulnerabilidad indicada pueden descargarse desde: Panel de descarga de Software Cisco.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-validacion-incorrecta-entrada-las-series-nexus-9000
INCIBE-CERT
Vulnerabilidad de validación incorrecta de entrada en las series Nexus 9000 de Cisco
Una vulnerabilidad en el subsistema Link Layer Discovery Protocol (LLDP), del software Cisco Nexus 9000 Series ACI en modo switch, permitiría a un atacante adyacente no autenticado provocar una condición de denegación de servicio (DoS) o ejecutar código arbitrario…
Múltiples vulnerabilidades en productos de HPE
Fecha de publicación: 02/08/2019
Importancia: 5 - Crítica
Recursos afectados:
HPE 3PAR Service Processor, versiones anteriores a 5.0.5.1
HPE 3PAR StoreServ Management y Core Software Media, versiones anteriores a 3.5.0.1
Descripción:
El equipo de respuesta de seguridad de HPE ha descubierto múltiples vulnerabilidades en varios productos del fabricante.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-hpe-4
Fecha de publicación: 02/08/2019
Importancia: 5 - Crítica
Recursos afectados:
HPE 3PAR Service Processor, versiones anteriores a 5.0.5.1
HPE 3PAR StoreServ Management y Core Software Media, versiones anteriores a 3.5.0.1
Descripción:
El equipo de respuesta de seguridad de HPE ha descubierto múltiples vulnerabilidades en varios productos del fabricante.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-hpe-4
INCIBE-CERT
Múltiples vulnerabilidades en productos de HPE
El equipo de respuesta de seguridad de HPE ha descubierto múltiples vulnerabilidades en varios productos del fabricante.
Practical case: Crack Me 0x01
#CTF #pentesters
The challenge in this practical case is taken from the Pen.Test CTF 2018 of the Platform Voor Informatiebeveiliging(Platform For Information Security), which took place on the 11th of October 2018. The challenge has been created by Jeffrey Jansen from Access42. During the CTF, I solved this challenge together with my team mate Exploiteer.
https://maxkersten.nl/binary-analysis-course/assembly-basics/practical-case-crack-me-0x01/
#CTF #pentesters
The challenge in this practical case is taken from the Pen.Test CTF 2018 of the Platform Voor Informatiebeveiliging(Platform For Information Security), which took place on the 11th of October 2018. The challenge has been created by Jeffrey Jansen from Access42. During the CTF, I solved this challenge together with my team mate Exploiteer.
https://maxkersten.nl/binary-analysis-course/assembly-basics/practical-case-crack-me-0x01/
Creando un laboratorio de #Pentesting con #GNS3 y #Docker
https://www.dragonjar.org/creando-un-laboratorio-de-pentesting-gns3.xhtml
https://www.dragonjar.org/creando-un-laboratorio-de-pentesting-gns3.xhtml
Extracción de configuración de malware con MalConfScan (plugin de #Volatility)
#Hackplayers
https://www.hackplayers.com/2019/08/extraccion-de-configuracion-de-malware.html
#Hackplayers
https://www.hackplayers.com/2019/08/extraccion-de-configuracion-de-malware.html
Hackplayers
Extracción de configuración de malware con MalConfScan (plugin de Volatility)
Todos los días, se descubren nuevos tipos de malware. Sin embargo, muchos de ellos son en realidad variantes del malware existente: compart...
Critical Remote Code Execution Vulnerability in #DHCP Client Let Hackers Take Control of the Network
https://gbhackers.com/dhcp-client/
https://gbhackers.com/dhcp-client/
GBHackers On Security
Critical Remote Code Execution Vulnerability in DHCP Client
A critical remote code execution vulnerability that resides in the DHCP client allows attackers to take control of the system by sending malicious DHCP reply packets.
#NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
NVIDIA released a GPU display driver security update to fix five high and medium severity vulnerabilities that could lead to local code execution, escalation of privileges, and denial of service on vulnerable Windows computers.
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/
NVIDIA released a GPU display driver security update to fix five high and medium severity vulnerabilities that could lead to local code execution, escalation of privileges, and denial of service on vulnerable Windows computers.
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/
BleepingComputer
NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
NVIDIA released a GPU display driver security update to fix five high and medium severity vulnerabilities that could lead to local code execution, escalation of privileges, and denial of service on vulnerable Windows computers.