#Sophos Releases #Sandbox Program Sandboxie as Free Tool

Sandboxie is now available for download from its official website as free app

Sophos acquired Sandboxie when it bought cyber-security firm Invincea in February 2017.

https://opensourceforu.com/2019/09/sophos-releases-sandbox-program-sandboxie-as-free-tool/

InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information

A remote access Trojan ( #RAT ) dubbed InnfiRAT comes with extensive capabilities to steal sensitive information, including cryptocurrency wallet data. Zscaler's ThreatLabZ team took a closer look at its inner workings, although the malware has been in the wild for a while.

https://www.bleepingcomputer.com/news/security/innfirat-malware-steals-litecoin-and-bitcoin-wallet-information/

#Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Summary:
A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

#AMD ATI Radeon ATIDXX64.DLL shader functionality remote code execution vulnerability

Some AMD Radeon cards contain a remote code execution vulnerability in their ATIDXX64.DLL driver. AMD produces the Radeon line of hardware, which includes graphics cards and graphics processing units. This specific vulnerability exists on the Radeon RX 550 and the 550 Series while running VMWare Workstation 15. An attacker could exploit this vulnerability by supplying a malformed pixel shared inside the VMware guest operating system to the driver. This could corrupt memory in a way that would allow the attacker to gain the ability to remotely execute code on the victim machine.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-AMD-Radeon-ATI-sept-19.html

Vulnerability Spotlight: Multiple vulnerabilities in #Atlassian #Jira

Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and the disclosure of information inside of tasks created in Jira, including attached documents.

https://blog.talosintelligence.com/2019/09/vuln-spotlight-atlassian-jira-sept-19.html

Debian Security Advisory

DLA-1889-1 python3.4 -- LTS security update

https://www.debian.org/lts/security/2019/dla-1889

Múltiples vulnerabilidades en Moodle

Fecha de publicación: 17/09/2019
Importancia: 4 - Alta

Recursos afectados: 
Desde la versión 3.7 hasta 3.7.1, 3.6 hasta 3.6.5, 3.5 hasta 3.5.7 y versiones anteriores sin soporte.

Descripción: 
Se han descubierto 6 vulnerabilidades en la plataforma Moodle, 2 de criticidad alta y 4 de criticidad baja.

Solución: 
Actualizar a las versiones 3.7.2, 3.6.6 y 3.5.8.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-6

Múltiples vulnerabilidades en productos VMware

Fecha de publicación: 17/09/2019
Importancia: 4 - Alta

Recursos afectados: 
VMware vSphere ESXi, versiones 6.0, 6.5 y 6.7.
VMware vCenter Server, versiones 6.0, 6.5 y 6.7.

Descripción: 
Diversos investigadores han reportado 4 vulnerabilidades a VMware, dos de severidad media y dos de severidad alta, de tipo inyección de comandos y divulgación de información, que afectan a los productos vSphere ESXi y vCenter Server.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-11

Data of 24.3 million #Lumin PDF users shared on hacking forum

#Drive #Google

The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.

https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/

Múltiples vulnerabilidades en productos TIBCO

Fecha de publicación: 18/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
TIBCO Enterprise Runtime para R - Server Edition, versiones 1.2.0 y anteriores.
TIBCO Spotfire Analytics Platform para AWS Marketplace, versiones 10.4.0 y 10.5.0.

Descripción: 
TIBCO ha detectado dos vulnerabilidades de severidad crítica. Un atacante remoto, no autenticado, podría omitir el acceso, revelar información confidencial o ejecutar código arbitrario.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-1

Remote access flaws found in popular routers, NAS devices

In almost all tested units, the researchers achieved their goal of obtaining remote root-level access

Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks.

https://www.welivesecurity.com/2019/09/18/popular-routers-nas-devices-vulnerabilities/

How to use #AWS Secrets Manager to securely store and rotate SSH key pairs

AWS Secrets Manager provides full lifecycle management for secrets within your environment. In this post, Maitreya and I will show you how to use Secrets Manager to store, deliver, and rotate SSH keypairs used for communication within compute clusters. Rotation of these keypairs is a security best practice, and sometimes a regulatory requirement. Traditionally, these keypairs have been associated with a number of tough challenges. For example, synchronizing key rotation across all compute nodes, enable detailed logging and auditing, and manage access to users in order to modify secrets.

https://aws.amazon.com/es/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/

#VMware Releases Security Updates for Multiple Products

VMware has released security updates to address vulnerabilities in ESXi and vCenter. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0013 and apply the necessary updates and workarounds.

https://www.us-cert.gov/ncas/current-activity/2019/09/17/vmware-releases-security-updates-multiple-products

Exposición de información en BIG-IP ASM de F5

Fecha de publicación: 20/09/2019
Importancia: 5 - Crítica

Recursos afectados: 
VIPRION con BIG-IP ASM, versiones:
15.0.0,
14.0.0 y 14.1.0,
13.1.0 - 13.1.1,
12.1.0 - 12.1.4,
11.6.1 - 11.6.4,
11.5.2 - 11.5.9.

Descripción: 
F5 ha detectado una vulnerabilidad de severidad crítica en sistemas VIPRION provistos de BIG-IP ASM.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/exposicion-informacion-big-ip-asm-f5

Múltiples vulnerabilidades en productos VMware

Fecha de publicación: 20/09/2019
Importancia: 4 - Alta

Recursos afectados: 
VMware vSphere ESXi, versiones 6.7, 6.5 y 6.0;
VMware Workstation Pro / Player, versiones 15.x;
VMware Fusion Pro / Fusion, versiones 11.x;
VMware Remote Console (VMRC) para Windows y Linux, versiones 10.x;
VMware Horizon Client para Windows, Linux y Mac, versiones 5.x y anteriores.

Descripción: 
Diversos investigadores han reportado 2 vulnerabilidades a VMware, una de severidad alta y otra de severidad media, de uso después de liberación de memoria y denegación de servicio respectivamente, que afectan a varios productos de WMware.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-12

Una forma de saltarse la pantalla de bloqueo en #iOS 13

Los usuarios de iOS 13 deberán actualizar su firmware para parchear una vulnerabilidad que ha sido descubierta recientemente por el investigador Jose Rodriguez. El fallo en cuestión permite a cualquier usuario hacer un bypass al bloqueo del iPhone y acceder a los contactos. Este exploit afecta a aquellos dispositivos que dispongan de iOS 13, el nuevo sistema operativo de Apple que será lanzado durante este mes. Para llevar este “hack” a cabo es necesario responder a una llamada utilizando una de las opciones de Siri que permite responder a través de un mensaje de texto. Una vez que Siri se vuelve a activar la aplicación debería de cerrarse pero no sucede así. La aplicación de contactos se queda abierta permitiendo el acceso a los contactos del dispositivo.

https://www.seguridadapple.com/2019/09/una-forma-de-saltarse-la-pantalla-de.html

Critical Bug In Harbor Container Registry Gives Admin Access

Attackers can exploit a critical security vulnerability in Harbor cloud native registry for container images to obtain admin privileges on a vulnerable hosting system.

Harbor is open source and can integrate with Docker Hub and various image registries like Docker Registry and Google Container Registry, to add security, identity, and management features.

https://www.bleepingcomputer.com/news/security/critical-bug-in-harbor-container-registry-gives-admin-access/

#VMware Releases Security Updates for Multiple Products

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0014 and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/09/20/vmware-releases-security-updates-multiple-products