#Docker Security Playground v3.2 releases: A Microservices-based framework for the study of network security

https://securityonline.info/docker-security-playground/

U.S. Cyber Command Shares 11 New Malware Samples

https://www.us-cert.gov/ncas/current-activity/2019/09/08/us-cyber-command-shares-11-new-malware-samples

Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)

https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708

Ejecución remota de código en Exim

Fecha de publicación: 09/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
Servidores Exim, versiones 4.92.1 y anteriores, que acepten conexiones TLS, tanto GnuTLS como OpenSSL.

Descripción: 
Un fallo de seguridad crítico en Exim podría permitir la ejecución de código remoto con privilegios de root en servidores que aceptan conexiones TLS.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-exim-0

Múltiples vulnerabilidades en dispositivo N300 WNR2000v5 de Netgear

Fecha de publicación: 10/09/2019
Importancia: 4 - Alta

Recursos afectados: 
Router Netgear N300 WNR2000v5, versión de firmware 1.0.0.70.

Descripción: 
Dave McDaniel, de Cisco Talos, ha publicado dos vulnerabilidades de tipo denegación de servicio que afectan al router inalámbrico N300 WNR2000v5 de Netgear.

Solución: 
Actualizar Netgear N300 WNR2000v5 a la versión 1.0.0.72.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-dispositivo-n300-wnr2000v5-netgear

#Microsoft Fixes 79 Vulnerabilities Including Two Active #ZeroDays #Exploits and 4 Critical #RDP Flaws

Microsoft released security updates for September that addresses 79 security vulnerabilities, out of the 17 are critical, 61 rated as important and one classified as Moderate.

The update covers two active Elevation of Privilege Zero-Days Vulnerabilities CVE-2019-1215 & CVE-2019-1214.

https://gbhackers.com/microsoft-fixes-79-vulnerabilities/

#Adobe September 2019 Patch Tuesday updates fix 2 code execution flaws in #Flash Player

Adobe September 2019 Patch Tuesday updates address two code execution bugs in Flash Player and a DLL hijacking flaw in Application Manager.

https://securityaffairs.co/wordpress/91083/security/adobe-september-2019-patch-tuesday.html

#DEFCON #DFIR CTF 2019 writeup (I): Crypto + Deadbox Forensics

https://www.securityartwork.es/2019/09/10/defcon-dfir-ctf-2019-writeup-i-crypto-deadbox-forensics/

#DEFCON #DFIR CTF 2019 writeup (II): Crypto + Deadbox Forensics

https://www.securityartwork.es/2019/09/11/defcon-dfir-ctf-2019-writeup-ii-linux-forensics/

#Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

https://www.us-cert.gov/ncas/current-activity/2019/09/10/intel-releases-security-updates

Some models of Comba and D-Link WiFi routers leak admin credentials

Security experts have discovered that some models of D-Link and Comba WiFi routers leak their administrative login credentials in plaintext.

https://securityaffairs.co/wordpress/91105/breaking-news/comba-d-link-routes-flaws.html

Boletín de seguridad de Microsoft de septiembre de 2019

Fecha de publicación: 11/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows;
Internet Explorer;
Microsoft Edge (basado en EdgeHTML);
ChakraCore;
Microsoft Office, Microsoft Office Services y Web Apps.;
Adobe Flash Player;
Microsoft Lync;
Visual Studio;
Microsoft Exchange Server;
.NET Framework;
Microsoft Yammer;
.NET Core;
ASP.NET;
Team Foundation Server;
Project Rome.

Descripción: 
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de septiembre consta de 77 vulnerabilidades, 17 clasificadas como críticas y 60 como importantes.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-septiembre-2019

Actualización de seguridad de SAP de septiembre de 2019

Fecha de publicación: 11/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
SAP Business Client, versión 6.5;
SAP Business One Client, versiones 9.2 y 9.3;
SAP Business One, versión 9.3;
SAP BusinessObjects Business Intelligence Platform (CMC), versiones 4.1, 4.2 y 4.3;
SAP BusinessObjects Business Intelligence Platform, versiones 4.1 y 4.2;
SAP Diagnostic Agent (LM-Service), versión 7.20;
SAP HANA Extended Application Services, versiones anteriores a la 1.0.118;
SAP HANA, versión 1.0, 2.0;
SAP Kernel (RFC), versiones KRNL32NUC, KRNL32UC y KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 y KERNEL 7.21, 7.49, 7.53, 7.73, 7.76;
SAP NetWeaver AS para Java (Web Container)-ENGINEAPI, versiones 7.10, 7.20, 7.30, 7.31, 7.40 y 7.50;
SAP NetWeaver Process Integration Runtime Workbench – MESSAGING y SAP_XIA, versiones 7.31, 7.40 y 7.50;
SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT), versiones 3.73, 7.31 y 7.32.

Descripción: 
SAP ha publicado varias actualizaciones de seguridad de diferentes productos en su comunicado mensual.

Solución: 
Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-septiembre-2019

NetCAT: New Attack Lets Hackers Remotely Steal Data From #Intel CPUs

Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff out sensitive data, such as someone's SSH password, from Intel's CPU cache.

https://thehackernews.com/2019/09/netcat-intel-side-channel.html

#Wireshark 3.0.4 Released – Several Vulnerabilities are Fixed & Updated Versions of #Npcap

https://gbhackers.com/wireshark-3-0-4-released/

#Simjacker Vulnerability – Attackers take Control Over Mobile Phones via an SMS Message

https://gbhackers.com/simjacker-vulnerability/

#Google #Calendar vulnerability affects 1 billion users

Google has finally acknowledged vulnerability in the Google Calendar app that left more than a billion users open to a credential-stealing exploit. 

In 2017, two cybersecurity researchers at Black Hills Information Security had informed and demonstrated how they exploited the vulnerability in gaining access to the users credentials.

https://www.ehackingnews.com/2019/09/google-calendar-vulnerability-affects-1.html

#Sophos Releases #Sandbox Program Sandboxie as Free Tool

Sandboxie is now available for download from its official website as free app

Sophos acquired Sandboxie when it bought cyber-security firm Invincea in February 2017.

https://opensourceforu.com/2019/09/sophos-releases-sandbox-program-sandboxie-as-free-tool/

InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information

A remote access Trojan ( #RAT ) dubbed InnfiRAT comes with extensive capabilities to steal sensitive information, including cryptocurrency wallet data. Zscaler's ThreatLabZ team took a closer look at its inner workings, although the malware has been in the wild for a while.

https://www.bleepingcomputer.com/news/security/innfirat-malware-steals-litecoin-and-bitcoin-wallet-information/

#Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Summary:
A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

#AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability

Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware, which includes graphics cards and graphics processing units. This specific vulnerability exists on the Radeon RX 550 and the 550 Series while running VMWare Workstation 15. An attacker could exploit this vulnerability by supplying a malformed pixel shared inside the VMware guest operating system to the driver. This could corrupt memory in a way that would allow the attacker to gain the ability to remotely execute code on the victim machine.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-AMD-Radeon-ATI-sept-19.html

Vulnerability Spotlight: Multiple vulnerabilities in #Atlassian #Jira

Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and the disclosure of information inside of tasks created in Jira, including attached documents.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-atlassian-jira-sept-19.html