Uncovering The Unknowns
Mapping Windows API’s to Sysmon Events

https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971

GitHub: https://github.com/jsecurity101/Windows-API-To-Sysmon-Events

#iTerm2 Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#763073, Mozilla’s blog post, and iTerm2’s downloads page for patch information and additional details.

https://www.us-cert.gov/ncas/current-activity/2019/10/09/iterm2-vulnerability

PENTESTING-BIBLE

hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

#Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
Active System Console Advisory INTEL-SA-00261
Smart Connect Technology for Intel NUC Advisory INTEL-SA-00286
NUC Advisory INTEL-SA-00296

https://www.us-cert.gov/ncas/current-activity/2019/10/09/intel-releases-security-updates

#SAP Patches Critical Vulnerabilities With October 2019 Security Updates

SAP this week released seven new security notes as part of the October 2019 Security Patch Day, with two of these notes rated Hot News (Critical).

This month’s set of patches also includes two security notes released after the second Tuesday of last month but before this Tuesday, along with one update for a previously released patch, totalling 10 security notes.

The most important of these notes addresses a missing authentication check in the AS2 adapter of the B2B add-on for SAP NetWeaver Process Integration. Tracked as CVE-2019-0379, the vulnerability features a CVSS score of 9.3.

https://www.securityweek.com/sap-patches-critical-vulnerabilities-october-2019-security-updates

Ejecución remota de código en #Dameware Mini Remote Control de #SolarWinds

Fecha de publicación: 10/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
Solarwinds Dameware Mini Remote Client Agent Service, versión 12.1.0.89.

Descripción: 
Tenable ha encontrado una vulnerabilidad de severidad crítica. Un atacante remoto, sin autenticación, podría ejecutar código arbitrario en el dispositivo.

Solución: 
Todavía no hay una solución disponible.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-dameware-mini-remote-control-solarwinds

Múltiples vulnerabilidades en productos #Juniper

Fecha de publicación: 10/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
Junos OS 12.3X48, 15.1X49, 17.3, 17.4. Plataformas afectadas: SRX Series.
Junos OS 18.1, 18.1X75, 18.2, 18.2X75, 18.3, 18.4. Plataformas afectadas: MX2008, MX2010, MX2020, MX480, MX960.
Junos OS. Plataformas afectadas: NFX Series.
Junos OS 12.3X48. Plataformas afectadas: SRX Series.
Junos OS 18.1, 18.1X75.
Junos OS 15.1X49, 18.2, 18.4. Plataformas afectadas: SRX Series.
Junos OS 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4.
Junos OS 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1.
Junos OS. Plataformas afectadas: SRX 5000 Series.
Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4. Plataformas afectadas: MX Series.
Junos OS 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3.
Junos OS 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4.
Junos OS 15.1X49, 17.4, 18.1, 18.2, 18.3, 18.4. Plataformas afectadas: SRX1500.
Junos OS 12.3X48, 15.1X49, 17.4, 18.1, 18.2, 18.3. Plataformas afectadas: SRX Series.
Junos OS. Plataformas afectadas: NFX Series.
Junos OS 18.1R3-S4, 18.3R1-S3. Plataformas afectadas: EX2300, EX2300-C, EX3400.
Contrail Networking.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-juniper-5

AllThingsSSRF

This is a collection of writeups, cheatsheets, videos, related to #SSRF in one single location

This is currently work in progress I will add more resources as I find them.

https://github.com/jdonsec/AllThingsSSRF

Ispy - #Eternalblue (MS17-010) / #Bluekeep (CVE-2019-0708) Scanner And Exploit

https://www.kitploit.com/2019/10/ispy-eternalblue-ms17-010-bluekeep-cve.html?amp=1&m=1

21

 

 

Nemty #Ransomware Decryptor Released, Recover Files for Free

https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/fbi-releases-article-defending-against-phishing-and-spearphishing

Staying Hidden on the Endpoint: Evading Detection with Shellcode

True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response ( #EDR ) products have matured over the years, the red teams must follow suit. This blog post will provide some insights into how the FireEye Mandiant Red Team crafts payloads to bypass modern EDR products and get full command and control (C2) on their victims’ systems.

https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html

#Apple Software Update #ZeroDay Used by BitPaymer #Ransomware

Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows.

https://www.bleepingcomputer.com/news/security/apple-software-update-zero-day-used-by-bitpaymer-ransomware/

ACSC Releases Small Business Cybersecurity Guide

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide for small businesses. The guide provides checklists to help small businesses protect themselves against common cybersecurity incidents.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/acsc-releases-small-business-cybersecurity-guide

#Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/juniper-networks-releases-security-updates

ICS Advisory (ICSA-19-283-01)

#Siemens Industrial Real-Time ( #IRT ) Devices

#RCE

1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Real-Time (IRT) Devices
Vulnerability: Improper Input Validation

2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service condition.

https://www.us-cert.gov/ics/advisories/icsa-19-283-01

ICS Advisory (ICSA-19-283-02)

#Siemens PROFINET Devices

1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Uncontrolled Resource Consumption

2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service condition.

https://www.us-cert.gov/ics/advisories/icsa-19-283-02

ICS Medical Advisory (ICSMA-18-123-01)

Philips Brilliance Computed Tomography (CT) System (Update A)


1. EXECUTIVE SUMMARY
CVSS v3 8.4
ATTENTION: Low skill level to exploit
Vendor: Philips
--------- Begin Update A Part 1 of 3 ----------
Equipment: Brilliance CT Scanners and MX8000 Dual EXP
--------- End Update A Part 1 of 3 ----------
Vulnerabilities: Execution with Unnecessary Privileges, Exposure of Resource to Wrong Sphere, Use of Hard-coded Credentials

https://www.us-cert.gov/ics/advisories/ICSMA-18-123-01

ICS Advisory (ICSA-16-313-02)

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY
CVSS v3 6.4
ATTENTION: Exploitable locally
Vendor: Siemens
Equipment: Industrial Products
Vulnerability: Improper privilege management

2. UPDATE INFORMATION
This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local Privilege Escalation Vulnerability (Update H) that was published June 14, 2018, on the ICS webpage on us-cert.gov.

https://www.us-cert.gov/ics/advisories/ICSA-16-313-02

Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7’s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7’s new tools that we have called BOOSTWRITE and RDFSNIFFER.

https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html