Múltiples vulnerabilidades en productos #Juniper

Fecha de publicación: 10/10/2019
Importancia: 5 - Crítica

Recursos afectados: 
Junos OS 12.3X48, 15.1X49, 17.3, 17.4. Plataformas afectadas: SRX Series.
Junos OS 18.1, 18.1X75, 18.2, 18.2X75, 18.3, 18.4. Plataformas afectadas: MX2008, MX2010, MX2020, MX480, MX960.
Junos OS. Plataformas afectadas: NFX Series.
Junos OS 12.3X48. Plataformas afectadas: SRX Series.
Junos OS 18.1, 18.1X75.
Junos OS 15.1X49, 18.2, 18.4. Plataformas afectadas: SRX Series.
Junos OS 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4.
Junos OS 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1.
Junos OS. Plataformas afectadas: SRX 5000 Series.
Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4. Plataformas afectadas: MX Series.
Junos OS 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3.
Junos OS 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4.
Junos OS 15.1X49, 17.4, 18.1, 18.2, 18.3, 18.4. Plataformas afectadas: SRX1500.
Junos OS 12.3X48, 15.1X49, 17.4, 18.1, 18.2, 18.3. Plataformas afectadas: SRX Series.
Junos OS. Plataformas afectadas: NFX Series.
Junos OS 18.1R3-S4, 18.3R1-S3. Plataformas afectadas: EX2300, EX2300-C, EX3400.
Contrail Networking.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-juniper-5

AllThingsSSRF

This is a collection of writeups, cheatsheets, videos, related to #SSRF in one single location

This is currently work in progress I will add more resources as I find them.

https://github.com/jdonsec/AllThingsSSRF

Ispy - #Eternalblue (MS17-010) / #Bluekeep (CVE-2019-0708) Scanner And Exploit

https://www.kitploit.com/2019/10/ispy-eternalblue-ms17-010-bluekeep-cve.html?amp=1&m=1

21

 

 

Nemty #Ransomware Decryptor Released, Recover Files for Free

https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

In recognition of National Cybersecurity Awareness Month (NCSAM), the Federal Bureau of Investigation (FBI) has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/fbi-releases-article-defending-against-phishing-and-spearphishing

Staying Hidden on the Endpoint: Evading Detection with Shellcode

True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response ( #EDR ) products have matured over the years, the red teams must follow suit. This blog post will provide some insights into how the FireEye Mandiant Red Team crafts payloads to bypass modern EDR products and get full command and control (C2) on their victims’ systems.

https://www.fireeye.com/blog/threat-research/2019/10/staying-hidden-on-the-endpoint-evading-detection-with-shellcode.html

#Apple Software Update #ZeroDay Used by BitPaymer #Ransomware

Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows.

https://www.bleepingcomputer.com/news/security/apple-software-update-zero-day-used-by-bitpaymer-ransomware/

ACSC Releases Small Business Cybersecurity Guide

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide for small businesses. The guide provides checklists to help small businesses protect themselves against common cybersecurity incidents.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/acsc-releases-small-business-cybersecurity-guide

#Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/10/10/juniper-networks-releases-security-updates

ICS Advisory (ICSA-19-283-01)

#Siemens Industrial Real-Time ( #IRT ) Devices

#RCE

1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Real-Time (IRT) Devices
Vulnerability: Improper Input Validation

2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service condition.

https://www.us-cert.gov/ics/advisories/icsa-19-283-01

ICS Advisory (ICSA-19-283-02)

#Siemens PROFINET Devices

1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Uncontrolled Resource Consumption

2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service condition.

https://www.us-cert.gov/ics/advisories/icsa-19-283-02

ICS Medical Advisory (ICSMA-18-123-01)

Philips Brilliance Computed Tomography (CT) System (Update A)


1. EXECUTIVE SUMMARY
CVSS v3 8.4
ATTENTION: Low skill level to exploit
Vendor: Philips
--------- Begin Update A Part 1 of 3 ----------
Equipment: Brilliance CT Scanners and MX8000 Dual EXP
--------- End Update A Part 1 of 3 ----------
Vulnerabilities: Execution with Unnecessary Privileges, Exposure of Resource to Wrong Sphere, Use of Hard-coded Credentials

https://www.us-cert.gov/ics/advisories/ICSMA-18-123-01

ICS Advisory (ICSA-16-313-02)

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY
CVSS v3 6.4
ATTENTION: Exploitable locally
Vendor: Siemens
Equipment: Industrial Products
Vulnerability: Improper privilege management

2. UPDATE INFORMATION
This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local Privilege Escalation Vulnerability (Update H) that was published June 14, 2018, on the ICS webpage on us-cert.gov.

https://www.us-cert.gov/ics/advisories/ICSA-16-313-02

Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7’s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7’s new tools that we have called BOOSTWRITE and RDFSNIFFER.

https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html

Vulnerabilidad de tipo XXE en múltiples productos de Dell EMC

Fecha de publicación: 11/10/2019
Importancia: 4 - Alta

Recursos afectados: 
Dell EMC Avamar Server, versiones 7.4.1, 7.5.0, 7.5.1, 18.2 y 19.1;
Dell EMC Integrated Data Protection Appliance (IDPA), versiones 2.0, 2.1, 2.2, 2.3 y 2.4.

Descripción: 
Múltiples productos de Dell EMC contienen una vulnerabilidad, clasificada con severidad alta, de inyección de Entidad Externa XML (XXE).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-tipo-xxe-multiples-productos-dell-emc

New #IDAPro plugin provides #TileGX support

Overview

Cisco Talos has a new plugin available for IDA Pro that provides a new disassembler for TileGX binaries. This tool should assist researchers in reverse-engineering threats in IDA Pro that target TileGX.

https://blog.talosintelligence.com/2019/10/new-ida-pro-plugin-provides-tilegx.html

Bypass #McAfee with McAfee

Introduction

I wasn’t actually planning on writing this blog. Not because it’s super secretive or anything, but because I’m super lazy. Unfortunately, @fsdominguez and @_dirkjan forced me.

So here we are.. ¯\(ツ)/¯.

This is a story about how I used McAfee tools to bypass McAfee Endpoint Security during a (very TIBER-y) Red Team assignment we (aforementioned people and myself) were running. Let’s go.

https://dmaasland.github.io/posts/mcafee.html

#Debian Security Advisory

DSA-4543-1 #sudo -- security update

Date Reported:14 Oct 2019
Affected Packages:sudo
Vulnerable:Yes
Security database references:In the Debian bugtracking system: Bug 942322.
In Mitre's CVE dictionary: CVE-2019-14287.

https://www.debian.org/security/2019/dsa-4543

Potential bypass of Runas user restrictions

Release Date:October 14, 2019

Summary:
When #sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.

Sudo versions affected:
Sudo versions prior to 1.8.28 are affected.

https://www.sudo.ws/alerts/minus_1_uid.html

Actualización de seguridad 5.2.4 para WordPress

Fecha de publicación: 15/10/2019
Importancia: 3 - Media

Recursos afectados: 
WordPress, versiones 5.2.3 y anteriores.

Descripción: 
Se ha publicado la última versión de WordPress, que corrige 6 problemas de seguridad.

Solución: 
Actualizar a la versión 5.2.4.
Las versiones actualizadas de WordPress 5.1 y anteriores también están disponibles para cualquier usuario que aún no haya actualizado a la versión 5.2.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-524-wordpress