Boletín de seguridad de Microsoft de septiembre de 2019

Fecha de publicación: 11/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows;
Internet Explorer;
Microsoft Edge (basado en EdgeHTML);
ChakraCore;
Microsoft Office, Microsoft Office Services y Web Apps.;
Adobe Flash Player;
Microsoft Lync;
Visual Studio;
Microsoft Exchange Server;
.NET Framework;
Microsoft Yammer;
.NET Core;
ASP.NET;
Team Foundation Server;
Project Rome.

Descripción: 
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de septiembre consta de 77 vulnerabilidades, 17 clasificadas como críticas y 60 como importantes.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-septiembre-2019

Actualización de seguridad de SAP de septiembre de 2019

Fecha de publicación: 11/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
SAP Business Client, versión 6.5;
SAP Business One Client, versiones 9.2 y 9.3;
SAP Business One, versión 9.3;
SAP BusinessObjects Business Intelligence Platform (CMC), versiones 4.1, 4.2 y 4.3;
SAP BusinessObjects Business Intelligence Platform, versiones 4.1 y 4.2;
SAP Diagnostic Agent (LM-Service), versión 7.20;
SAP HANA Extended Application Services, versiones anteriores a la 1.0.118;
SAP HANA, versión 1.0, 2.0;
SAP Kernel (RFC), versiones KRNL32NUC, KRNL32UC y KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 y KERNEL 7.21, 7.49, 7.53, 7.73, 7.76;
SAP NetWeaver AS para Java (Web Container)-ENGINEAPI, versiones 7.10, 7.20, 7.30, 7.31, 7.40 y 7.50;
SAP NetWeaver Process Integration Runtime Workbench – MESSAGING y SAP_XIA, versiones 7.31, 7.40 y 7.50;
SAP Supplier Relationship Management (Master Data Management Catalog) (SRM_MDM_CAT), versiones 3.73, 7.31 y 7.32.

Descripción: 
SAP ha publicado varias actualizaciones de seguridad de diferentes productos en su comunicado mensual.

Solución: 
Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-septiembre-2019

NetCAT: New Attack Lets Hackers Remotely Steal Data From #Intel CPUs

Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff out sensitive data, such as someone's SSH password, from Intel's CPU cache.

https://thehackernews.com/2019/09/netcat-intel-side-channel.html

#Wireshark 3.0.4 Released – Several Vulnerabilities are Fixed & Updated Versions of #Npcap

https://gbhackers.com/wireshark-3-0-4-released/

#Simjacker Vulnerability – Attackers take Control Over Mobile Phones via an SMS Message

https://gbhackers.com/simjacker-vulnerability/

#Google #Calendar vulnerability affects 1 billion users

Google has finally acknowledged vulnerability in the Google Calendar app that left more than a billion users open to a credential-stealing exploit. 

In 2017, two cybersecurity researchers at Black Hills Information Security had informed and demonstrated how they exploited the vulnerability in gaining access to the users credentials.

https://www.ehackingnews.com/2019/09/google-calendar-vulnerability-affects-1.html

#Sophos Releases #Sandbox Program Sandboxie as Free Tool

Sandboxie is now available for download from its official website as free app

Sophos acquired Sandboxie when it bought cyber-security firm Invincea in February 2017.

https://opensourceforu.com/2019/09/sophos-releases-sandbox-program-sandboxie-as-free-tool/

InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information

A remote access Trojan ( #RAT ) dubbed InnfiRAT comes with extensive capabilities to steal sensitive information, including cryptocurrency wallet data. Zscaler's ThreatLabZ team took a closer look at its inner workings, although the malware has been in the wild for a while.

https://www.bleepingcomputer.com/news/security/innfirat-malware-steals-litecoin-and-bitcoin-wallet-information/

#Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Summary:
A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

#AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability

Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware, which includes graphics cards and graphics processing units. This specific vulnerability exists on the Radeon RX 550 and the 550 Series while running VMWare Workstation 15. An attacker could exploit this vulnerability by supplying a malformed pixel shared inside the VMware guest operating system to the driver. This could corrupt memory in a way that would allow the attacker to gain the ability to remotely execute code on the victim machine.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-AMD-Radeon-ATI-sept-19.html

Vulnerability Spotlight: Multiple vulnerabilities in #Atlassian #Jira

Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and the disclosure of information inside of tasks created in Jira, including attached documents.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-atlassian-jira-sept-19.html

Debian Security Advisory

DLA-1889-1 python3.4 -- LTS security update

https://www.debian.org/lts/security/2019/dla-1889

Múltiples vulnerabilidades en Moodle

Fecha de publicación: 17/09/2019
Importancia: 4 - Alta

Recursos afectados: 
Desde la versión 3.7 hasta 3.7.1, 3.6 hasta 3.6.5, 3.5 hasta 3.5.7 y versiones anteriores sin soporte.

Descripción: 
Se han descubierto 6 vulnerabilidades en la plataforma Moodle, 2 de criticidad alta y 4 de criticidad baja.

Solución: 
Actualizar a las versiones 3.7.2, 3.6.6 y 3.5.8.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-6

Múltiples vulnerabilidades en productos VMware

Fecha de publicación: 17/09/2019
Importancia: 4 - Alta

Recursos afectados: 
VMware vSphere ESXi, versiones 6.0, 6.5 y 6.7.
VMware vCenter Server, versiones 6.0, 6.5 y 6.7.

Descripción: 
Diversos investigadores han reportado 4 vulnerabilidades a VMware, dos de severidad media y dos de severidad alta, de tipo inyección de comandos y divulgación de información, que afectan a los productos vSphere ESXi y vCenter Server.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-11

Data of 24.3 million #Lumin PDF users shared on hacking forum

#Drive #Google

The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.

https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/

Múltiples vulnerabilidades en productos TIBCO

Fecha de publicación: 18/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
TIBCO Enterprise Runtime para R - Server Edition, versiones 1.2.0 y anteriores.
TIBCO Spotfire Analytics Platform para AWS Marketplace, versiones 10.4.0 y 10.5.0.

Descripción: 
TIBCO ha detectado dos vulnerabilidades de severidad crítica. Un atacante remoto, no autenticado, podría omitir el acceso, revelar información confidencial o ejecutar código arbitrario.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-1

Remote access flaws found in popular routers, NAS devices

In almost all tested units, the researchers achieved their goal of obtaining remote root-level access

Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks.

https://www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/

How to use #AWS Secrets Manager to securely store and rotate SSH key pairs

AWS Secrets Manager provides full lifecycle management for secrets within your environment. In this post, Maitreya and I will show you how to use Secrets Manager to store, deliver, and rotate SSH keypairs used for communication within compute clusters. Rotation of these keypairs is a security best practice, and sometimes a regulatory requirement. Traditionally, these keypairs have been associated with a number of tough challenges. For example, synchronizing key rotation across all compute nodes, enable detailed logging and auditing, and manage access to users in order to modify secrets.

https://aws.amazon.com/es/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/

#VMware Releases Security Updates for Multiple Products

VMware has released security updates to address vulnerabilities in ESXi and vCenter. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0013 and apply the necessary updates and workarounds.

https://www.us-cert.gov/ncas/current-activity/2019/09/17/vmware-releases-security-updates-multiple-products

Exposición de información en BIG-IP ASM de F5

Fecha de publicación: 20/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
VIPRION con BIG-IP ASM, versiones:
15.0.0,
14.0.0 y 14.1.0,
13.1.0 - 13.1.1,
12.1.0 - 12.1.4,
11.6.1 - 11.6.4,
11.5.2 - 11.5.9.

Descripción: 
F5 ha detectado una vulnerabilidad de severidad crítica en sistemas VIPRION provistos de BIG-IP ASM.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/exposicion-informacion-big-ip-asm-f5

Múltiples vulnerabilidades en productos VMware

Fecha de publicación: 20/09/2019
Importancia: 4 - Alta

Recursos afectados: 
VMware vSphere ESXi, versiones 6.7, 6.5 y 6.0;
VMware Workstation Pro / Player, versiones 15.x;
VMware Fusion Pro / Fusion, versiones 11.x;
VMware Remote Console (VMRC) para Windows y Linux, versiones 10.x;
VMware Horizon Client para Windows, Linux y Mac, versiones 5.x y anteriores.

Descripción: 
Diversos investigadores han reportado 2 vulnerabilidades a VMware, una de severidad alta y otra de severidad media, de uso después de liberación de memoria y denegación de servicio respectivamente, que afectan a varios productos de WMware.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-12