New Microsoft NTLM Flaws May Allow Full Domain Compromise

Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise.

Microsoft patched the two NTLM flaws and issued security advisories as part of the Patch Tuesday security updates issued yesterday after Preempt’s disclosure.

Preempt researchers Yaron Zinar and Marina Simakov discovered that attackers can exploit these flaws as part of NTLM relay attacks that may, in some cases, "cause full domain compromise of a network," with all Active Directory customers with default configurations being exposed.

https://www.bleepingcomputer.com/news/security/new-microsoft-ntlm-flaws-may-allow-full-domain-compromise/

API vulnerable a una escalada de privilegios en Sterling Connect:Direct para UNIX de IBM

Fecha de publicación: 07/10/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Sterling Connect:Direct para Unix versiones:
6.0.0,
4.3.0,
4.2.0.

Descripción: 
IBM ha detectado una vulnerabilidad de criticidad alta. Un atacante remoto, autenticado, podría obtener acceso no autorizado al sistema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/api-vulnerable-escalada-privilegios-sterling-connectdirect-unix-ibm

Actualización de seguridad de SAP de octubre de 2019

Fecha de publicación: 09/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
SAP NetWeaver Process Integration:
AS2 Adapter, versiones 1.0 y 2.0;
B2B Toolkit, versiones 1.0 y 2.0.
SAP Landscape Management enterprise edition, versión 3.0;
SAP IQ, versión 16.1;
SAP SQL Anywhere, versión 17.0;
SAP Dynamic Tiering, versiones 1.0 y 2.0;
SAP Customer Relationship Management (Email Management):
S4CRM, versiones 100 y 200;
BBPCRM, versiones 700, 701, 702, 712, 713 y 714.
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versiones 420 y 430;
SAP Financial Consolidation, versiones 10.0 y 10.1;
SAP Kernel (RFC):
KRNL32NUC, KRNL32UC y KRNL64NUC, versiones 7.21, 7.21EXT, 7.22 y 7.22EXT;
KRNL64UC, versiones 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 y 7.73;
KERNEL, versiones 7.21, 7.49, 7.53, 7.73 y 7.76.

Descripción: 
SAP ha publicado varias actualizaciones de seguridad de diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-octubre-2019

Boletín de seguridad de Microsoft de octubre de 2019

Fecha de publicación: 09/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows,
Internet Explorer,
Microsoft Edge (EdgeHTML-based),
ChakraCore,
Microsoft Office, Microsoft Office Services y Web Apps,
SQL Server Management Studio,
Open Source Software,
Microsoft Dynamics 365,
Windows Update Assistant.

Descripción: 
La publicación mensual de actualizaciones de seguridad de Microsoft consta de 59 vulnerabilidades, 10 clasificadas como críticas y 49 como importantes, siendo el resto de severidad media o baja.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-octubre-2019

Vulnerabilidad de inyección de parámetros en Spectrum Scale de IBM

Fecha de publicación: 09/10/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Spectrum Scale:
Desde la versión 5.0.0.0 hasta la versión 5.0.3.2.
Desde la versión 4.2.0.0 hasta la versión 4.2.3.17.

Descripción:
IBM ha detectado una vulnerabilidad de criticidad alta en uno de sus productos. Un atacante podría obtener privilegios de root en el sistema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-parametros-spectrum-scale-ibm

Vulnerability Spotlight: Multiple remote code execution bugs in #NitroPDF

#RCE
Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines. There are two versions of the product: a free and a paid version called “Pro.” The paid version offers several features the free one does not, including the ability to combine multiple PDFs into one file and to redact sensitive information in the file. These bugs all exist in the Pro version of the software.

https://blog.talosintelligence.com/2019/10/vuln-spotlight-Nitro-PDF-RCE-bugs-sept-19.html

#Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:
iCloud for Windows 7.14
iCloud for Windows 10.7
iTunes 12.10.1 for Windows
macOS Catalina 10.15

https://www.us-cert.gov/ncas/current-activity/2019/10/08/apple-releases-security-updates

Uncovering The Unknowns
Mapping Windows API’s to Sysmon Events

https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971

GitHub: https://github.com/jsecurity101/Windows-API-To-Sysmon-Events

#iTerm2 Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#763073, Mozilla’s blog post, and iTerm2’s downloads page for patch information and additional details.

https://www.us-cert.gov/ncas/current-activity/2019/10/09/iterm2-vulnerability

PENTESTING-BIBLE

hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

#Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
Active System Console Advisory INTEL-SA-00261
Smart Connect Technology for Intel NUC Advisory INTEL-SA-00286
NUC Advisory INTEL-SA-00296

https://www.us-cert.gov/ncas/current-activity/2019/10/09/intel-releases-security-updates

#SAP Patches Critical Vulnerabilities With October 2019 Security Updates

SAP this week released seven new security notes as part of the October 2019 Security Patch Day, with two of these notes rated Hot News (Critical).

This month’s set of patches also includes two security notes released after the second Tuesday of last month but before this Tuesday, along with one update for a previously released patch, totalling 10 security notes.

The most important of these notes addresses a missing authentication check in the AS2 adapter of the B2B add-on for SAP NetWeaver Process Integration. Tracked as CVE-2019-0379, the vulnerability features a CVSS score of 9.3.

https://www.securityweek.com/sap-patches-critical-vulnerabilities-october-2019-security-updates

Ejecución remota de código en #Dameware Mini Remote Control de #SolarWinds

Fecha de publicación: 10/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
Solarwinds Dameware Mini Remote Client Agent Service, versión 12.1.0.89.

Descripción: 
Tenable ha encontrado una vulnerabilidad de severidad crítica. Un atacante remoto, sin autenticación, podría ejecutar código arbitrario en el dispositivo.

Solución: 
Todavía no hay una solución disponible.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-dameware-mini-remote-control-solarwinds

Múltiples vulnerabilidades en productos #Juniper

Fecha de publicación: 10/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
Junos OS 12.3X48, 15.1X49, 17.3, 17.4. Plataformas afectadas: SRX Series.
Junos OS 18.1, 18.1X75, 18.2, 18.2X75, 18.3, 18.4. Plataformas afectadas: MX2008, MX2010, MX2020, MX480, MX960.
Junos OS. Plataformas afectadas: NFX Series.
Junos OS 12.3X48. Plataformas afectadas: SRX Series.
Junos OS 18.1, 18.1X75.
Junos OS 15.1X49, 18.2, 18.4. Plataformas afectadas: SRX Series.
Junos OS 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4.
Junos OS 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1.
Junos OS. Plataformas afectadas: SRX 5000 Series.
Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4. Plataformas afectadas: MX Series.
Junos OS 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3.
Junos OS 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4.
Junos OS 15.1X49, 17.4, 18.1, 18.2, 18.3, 18.4. Plataformas afectadas: SRX1500.
Junos OS 12.3X48, 15.1X49, 17.4, 18.1, 18.2, 18.3. Plataformas afectadas: SRX Series.
Junos OS. Plataformas afectadas: NFX Series.
Junos OS 18.1R3-S4, 18.3R1-S3. Plataformas afectadas: EX2300, EX2300-C, EX3400.
Contrail Networking.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-juniper-5

AllThingsSSRF

This is a collection of writeups, cheatsheets, videos, related to #SSRF in one single location

This is currently work in progress I will add more resources as I find them.

https://github.com/jdonsec/AllThingsSSRF

Ispy - #Eternalblue (MS17-010) / #Bluekeep (CVE-2019-0708) Scanner And Exploit

https://www.kitploit.com/2019/10/ispy-eternalblue-ms17-010-bluekeep-cve.html?amp=1&m=1

21

 

 

Nemty #Ransomware Decryptor Released, Recover Files for Free

https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/fbi-releases-article-defending-against-phishing-and-spearphishing

Staying Hidden on the Endpoint: Evading Detection with Shellcode

True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response ( #EDR ) products have matured over the years, the red teams must follow suit. This blog post will provide some insights into how the FireEye Mandiant Red Team crafts payloads to bypass modern EDR products and get full command and control (C2) on their victims’ systems.

https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html