Vulnerabilities Exploited in Multiple VPN Applications

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Alert for more information and to review the following security advisories and apply the necessary updates:
Palo Alto Security Advisory PAN-SA-2019-0020
FortiGuard Security Advisory FG-IR-18-384
FortiGuard Security Advisory FG-IR-18-388
FortiGuard Security Advisory FG-IR-18-389
Pulse Secure Security Advisory SA44101

https://www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications

HildaCrypt Ransomware Developer Releases Decryption Keys

The developer behind the HildaCrypt Ransomware has decided to release the ransomware's private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.

https://www.bleepingcomputer.com/news/security/hildacrypt-ransomware-developer-releases-decryption-keys/

October 3, 2019—KB4524147 (OS Build 18362.388)

Applies to: 
#Windows10, version 1903
#WindowsServer version 1903

Release Date:October 3, 2019
Version:OS Build 18362.388

IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent printing issue some users have experienced. Customers using Windows Update or Windows Server Update Services (WSUS) will be offered this update automatically. To help secure your devices, we recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations. Like all cumulative updates, this update supersedes any preceding update.

Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.

https://support.microsoft.com/en-us/help/4524147/windows-10-update-kb4524147

UK NCSC agency warns of #APT exploiting Enterprise #VPN vulnerabilities

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in #Fortinet, #PaloAlto Networks and #PulseSecure

https://securityaffairs.co/wordpress/92177/hacking/ncsc-alert-vpn-vulnerabilities.html

#Windows lifecycle fact sheet

Applies to: 
#Windows10
#Windows7
#Windows8.1

Last updated: June 2019

https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

API vulnerable a una escalada de privilegios en Sterling Connect:Direct para UNIX de IBM

Fecha de publicación: 07/10/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Sterling Connect:Direct para Unix versiones:
6.0.0,
4.3.0,
4.2.0.

Descripción: 
IBM ha detectado una vulnerabilidad de criticidad alta. Un atacante remoto, autenticado, podría obtener acceso no autorizado al sistema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/api-vulnerable-escalada-privilegios-sterling-connectdirect-unix-ibm

[SECURITY] [DSA 4539-2] #openssh regression update

Package : openssh
#Debian Bug : 941663

A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection attempts if running on an old kernel. This does not affect Linux kernels shipped in Debian oldstable/stable, but may affect buster systems which are running on an older kernel. For the stable distribution (buster), this problem has been fixed in version 1:7.9p1-10+deb10u1. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh

https://lists.debian.org/debian-security-announce/2019/msg00192.html

Esta es la razón por la que #Apple no podrá parchear #Checkm8

Hace cosa de una semana, el investigador de seguridad conocido como axi0mX publicó en su cuenta de Twitter el descubrimiento de un nuevo exploit para iOS 13 con el que se podía realizar jaibreak a todos los modelos de iPhone desde el 4s hasta el iPhone X  (solo los modelos con chip A12 o A13 no son vulnerables). El exploit en cuestión recibe el nombre de Checkm8 y actúa sobre la memoria de arranque de los dispositivos, esta memoria de solo lectura hace que sea imposible para Apple solucionar este problema ya que se trata más bien de un problema de hardware y no puede solucionarse con una actualización convencional.

http://www.seguridadapple.com/2019/10/esta-es-la-razon-por-la-que-apple-no.html

NSA Releases Advisory on Mitigating Recent #VPN Vulnerabilities

The National Security Agency (NSA) has released an advisory on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review NSA's Cybersecurity Advisory and CISA's Current Activity on Vulnerabilities in Multiple VPN Applications for more information and apply the necessary updates or mitigations.

https://www.us-cert.gov/ncas/current-activity/2019/10/07/nsa-releases-advisory-mitigating-recent-vpn-vulnerabilities

New Microsoft NTLM Flaws May Allow Full Domain Compromise

Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise.

Microsoft patched the two NTLM flaws and issued security advisories as part of the Patch Tuesday security updates issued yesterday after Preempt’s disclosure.

Preempt researchers Yaron Zinar and Marina Simakov discovered that attackers can exploit these flaws as part of NTLM relay attacks that may, in some cases, "cause full domain compromise of a network," with all Active Directory customers with default configurations being exposed.

https://www.bleepingcomputer.com/news/security/new-microsoft-ntlm-flaws-may-allow-full-domain-compromise/

API vulnerable a una escalada de privilegios en Sterling Connect:Direct para UNIX de IBM

Fecha de publicación: 07/10/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Sterling Connect:Direct para Unix versiones:
6.0.0,
4.3.0,
4.2.0.

Descripción: 
IBM ha detectado una vulnerabilidad de criticidad alta. Un atacante remoto, autenticado, podría obtener acceso no autorizado al sistema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/api-vulnerable-escalada-privilegios-sterling-connectdirect-unix-ibm

Actualización de seguridad de SAP de octubre de 2019

Fecha de publicación: 09/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
SAP NetWeaver Process Integration:
AS2 Adapter, versiones 1.0 y 2.0;
B2B Toolkit, versiones 1.0 y 2.0.
SAP Landscape Management enterprise edition, versión 3.0;
SAP IQ, versión 16.1;
SAP SQL Anywhere, versión 17.0;
SAP Dynamic Tiering, versiones 1.0 y 2.0;
SAP Customer Relationship Management (Email Management):
S4CRM, versiones 100 y 200;
BBPCRM, versiones 700, 701, 702, 712, 713 y 714.
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versiones 420 y 430;
SAP Financial Consolidation, versiones 10.0 y 10.1;
SAP Kernel (RFC):
KRNL32NUC, KRNL32UC y KRNL64NUC, versiones 7.21, 7.21EXT, 7.22 y 7.22EXT;
KRNL64UC, versiones 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 y 7.73;
KERNEL, versiones 7.21, 7.49, 7.53, 7.73 y 7.76.

Descripción: 
SAP ha publicado varias actualizaciones de seguridad de diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-octubre-2019

Boletín de seguridad de Microsoft de octubre de 2019

Fecha de publicación: 09/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows,
Internet Explorer,
Microsoft Edge (EdgeHTML-based),
ChakraCore,
Microsoft Office, Microsoft Office Services y Web Apps,
SQL Server Management Studio,
Open Source Software,
Microsoft Dynamics 365,
Windows Update Assistant.

Descripción: 
La publicación mensual de actualizaciones de seguridad de Microsoft consta de 59 vulnerabilidades, 10 clasificadas como críticas y 49 como importantes, siendo el resto de severidad media o baja.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-octubre-2019

Vulnerabilidad de inyección de parámetros en Spectrum Scale de IBM

Fecha de publicación: 09/10/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Spectrum Scale:
Desde la versión 5.0.0.0 hasta la versión 5.0.3.2.
Desde la versión 4.2.0.0 hasta la versión 4.2.3.17.

Descripción:
IBM ha detectado una vulnerabilidad de criticidad alta en uno de sus productos. Un atacante podría obtener privilegios de root en el sistema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-parametros-spectrum-scale-ibm

Vulnerability Spotlight: Multiple remote code execution bugs in #NitroPDF

#RCE
Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines. There are two versions of the product: a free and a paid version called “Pro.” The paid version offers several features the free one does not, including the ability to combine multiple PDFs into one file and to redact sensitive information in the file. These bugs all exist in the Pro version of the software.

https://blog.talosintelligence.com/2019/10/vuln-spotlight-Nitro-PDF-RCE-bugs-sept-19.html

#Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:
iCloud for Windows 7.14
iCloud for Windows 10.7
iTunes 12.10.1 for Windows
macOS Catalina 10.15

https://www.us-cert.gov/ncas/current-activity/2019/10/08/apple-releases-security-updates

Uncovering The Unknowns
Mapping Windows API’s to Sysmon Events

https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971

GitHub: https://github.com/jsecurity101/Windows-API-To-Sysmon-Events

#iTerm2 Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#763073, Mozilla’s blog post, and iTerm2’s downloads page for patch information and additional details.

https://www.us-cert.gov/ncas/current-activity/2019/10/09/iterm2-vulnerability

PENTESTING-BIBLE

hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

#Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
Active System Console Advisory INTEL-SA-00261
Smart Connect Technology for Intel NUC Advisory INTEL-SA-00286
NUC Advisory INTEL-SA-00296

https://www.us-cert.gov/ncas/current-activity/2019/10/09/intel-releases-security-updates