#Microsoft Fixes 79 Vulnerabilities Including Two Active #ZeroDays #Exploits and 4 Critical #RDP Flaws

Microsoft released security updates for September that addresses 79 security vulnerabilities, out of the 17 are critical, 61 rated as important and one classified as Moderate.

The update covers two active Elevation of Privilege Zero-Days Vulnerabilities CVE-2019-1215 & CVE-2019-1214.

https://gbhackers.com/microsoft-fixes-79-vulnerabilities/

#Adobe September 2019 Patch Tuesday updates fix 2 code execution flaws in #Flash Player

Adobe September 2019 Patch Tuesday updates address two code execution bugs in Flash Player and a DLL hijacking flaw in Application Manager.

https://securityaffairs.co/wordpress/91083/security/adobe-september-2019-patch-tuesday.html

#DEFCON #DFIR CTF 2019 writeup (I): Crypto + Deadbox Forensics

https://www.securityartwork.es/2019/09/10/defcon-dfir-ctf-2019-writeup-i-crypto-deadbox-forensics/

#DEFCON #DFIR CTF 2019 writeup (II): Crypto + Deadbox Forensics

https://www.securityartwork.es/2019/09/11/defcon-dfir-ctf-2019-writeup-ii-linux-forensics/

#Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

https://www.us-cert.gov/ncas/current-activity/2019/09/10/intel-releases-security-updates

Some models of Comba and D-Link WiFi routers leak admin credentials

Security experts have discovered that some models of D-Link and Comba WiFi routers leak their administrative login credentials in plaintext.

https://securityaffairs.co/wordpress/91105/breaking-news/comba-d-link-routes-flaws.html

Boletín de seguridad de Microsoft de septiembre de 2019

Fecha de publicación: 11/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows;
Internet Explorer;
Microsoft Edge (basado en EdgeHTML);
ChakraCore;
Microsoft Office, Microsoft Office Services y Web Apps.;
Adobe Flash Player;
Microsoft Lync;
Visual Studio;
Microsoft Exchange Server;
.NET Framework;
Microsoft Yammer;
.NET Core;
ASP.NET;
Team Foundation Server;
Project Rome.

Descripción: 
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de septiembre consta de 77 vulnerabilidades, 17 clasificadas como críticas y 60 como importantes.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-septiembre-2019

Actualización de seguridad de SAP de septiembre de 2019

Fecha de publicación: 11/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
SAP Business Client, versión 6.5;
SAP Business One Client, versiones 9.2 y 9.3;
SAP Business One, versión 9.3;
SAP BusinessObjects Business Intelligence Platform (CMC), versiones 4.1, 4.2 y 4.3;
SAP BusinessObjects Business Intelligence Platform, versiones 4.1 y 4.2;
SAP Diagnostic Agent (LM-Service), versión 7.20;
SAP HANA Extended Application Services, versiones anteriores a la 1.0.118;
SAP HANA, versión 1.0, 2.0;
SAP Kernel (RFC), versiones KRNL32NUC, KRNL32UC y KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 y KERNEL 7.21, 7.49, 7.53, 7.73, 7.76;
SAP NetWeaver AS para Java (Web Container)-ENGINEAPI, versiones 7.10, 7.20, 7.30, 7.31, 7.40 y 7.50;
SAP NetWeaver Process Integration Runtime Workbench – MESSAGING y SAP_XIA, versiones 7.31, 7.40 y 7.50;
SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT), versiones 3.73, 7.31 y 7.32.

Descripción: 
SAP ha publicado varias actualizaciones de seguridad de diferentes productos en su comunicado mensual.

Solución: 
Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-septiembre-2019

NetCAT: New Attack Lets Hackers Remotely Steal Data From #Intel CPUs

Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff out sensitive data, such as someone's SSH password, from Intel's CPU cache.

https://thehackernews.com/2019/09/netcat-intel-side-channel.html

#Wireshark 3.0.4 Released – Several Vulnerabilities are Fixed & Updated Versions of #Npcap

https://gbhackers.com/wireshark-3-0-4-released/

#Simjacker Vulnerability – Attackers take Control Over Mobile Phones via an SMS Message

https://gbhackers.com/simjacker-vulnerability/

#Google #Calendar vulnerability affects 1 billion users

Google has finally acknowledged vulnerability in the Google Calendar app that left more than a billion users open to a credential-stealing exploit. 

In 2017, two cybersecurity researchers at Black Hills Information Security had informed and demonstrated how they exploited the vulnerability in gaining access to the users credentials.

https://www.ehackingnews.com/2019/09/google-calendar-vulnerability-affects-1.html

#Sophos Releases #Sandbox Program Sandboxie as Free Tool

Sandboxie is now available for download from its official website as free app

Sophos acquired Sandboxie when it bought cyber-security firm Invincea in February 2017.

https://opensourceforu.com/2019/09/sophos-releases-sandbox-program-sandboxie-as-free-tool/

InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information

A remote access Trojan ( #RAT ) dubbed InnfiRAT comes with extensive capabilities to steal sensitive information, including cryptocurrency wallet data. Zscaler's ThreatLabZ team took a closer look at its inner workings, although the malware has been in the wild for a while.

https://www.bleepingcomputer.com/news/security/innfirat-malware-steals-litecoin-and-bitcoin-wallet-information/

#Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Summary:
A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

#AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability

Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware, which includes graphics cards and graphics processing units. This specific vulnerability exists on the Radeon RX 550 and the 550 Series while running VMWare Workstation 15. An attacker could exploit this vulnerability by supplying a malformed pixel shared inside the VMware guest operating system to the driver. This could corrupt memory in a way that would allow the attacker to gain the ability to remotely execute code on the victim machine.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-AMD-Radeon-ATI-sept-19.html

Vulnerability Spotlight: Multiple vulnerabilities in #Atlassian #Jira

Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and the disclosure of information inside of tasks created in Jira, including attached documents.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-atlassian-jira-sept-19.html

Debian Security Advisory

DLA-1889-1 python3.4 -- LTS security update

https://www.debian.org/lts/security/2019/dla-1889

Múltiples vulnerabilidades en Moodle

Fecha de publicación: 17/09/2019
Importancia: 4 - Alta

Recursos afectados: 
Desde la versión 3.7 hasta 3.7.1, 3.6 hasta 3.6.5, 3.5 hasta 3.5.7 y versiones anteriores sin soporte.

Descripción: 
Se han descubierto 6 vulnerabilidades en la plataforma Moodle, 2 de criticidad alta y 4 de criticidad baja.

Solución: 
Actualizar a las versiones 3.7.2, 3.6.6 y 3.5.8.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-6

Múltiples vulnerabilidades en productos VMware

Fecha de publicación: 17/09/2019
Importancia: 4 - Alta

Recursos afectados: 
VMware vSphere ESXi, versiones 6.0, 6.5 y 6.7.
VMware vCenter Server, versiones 6.0, 6.5 y 6.7.

Descripción: 
Diversos investigadores han reportado 4 vulnerabilidades a VMware, dos de severidad media y dos de severidad alta, de tipo inyección de comandos y divulgación de información, que afectan a los productos vSphere ESXi y vCenter Server.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-11

Data of 24.3 million #Lumin PDF users shared on hacking forum

#Drive #Google

The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.

https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/

Múltiples vulnerabilidades en productos TIBCO

Fecha de publicación: 18/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
TIBCO Enterprise Runtime para R - Server Edition, versiones 1.2.0 y anteriores.
TIBCO Spotfire Analytics Platform para AWS Marketplace, versiones 10.4.0 y 10.5.0.

Descripción: 
TIBCO ha detectado dos vulnerabilidades de severidad crítica. Un atacante remoto, no autenticado, podría omitir el acceso, revelar información confidencial o ejecutar código arbitrario.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-1