Evasión de autentificación en Citrix Application Delivery Controller y Citrix Gateway
Fecha de publicación: 21/10/2019
Importancia: 4 - Alta
Recursos afectados:
Citrix ADC y Citrix Gateway versión 13.0, hasta la build 41.20;
Citrix ADC y NetScaler Gateway versión 12.1, hasta la build 54.13;
Citrix ADC y NetScaler Gateway versión 12.0, hasta la build 62.8;
Citrix ADC y NetScaler Gateway version 11.1, hasta la build 62.8;
Citrix ADC y NetScaler Gateway version 10.5, hasta la build 70.5.
Descripción:
Se ha identificado una vulnerabilidad en la interfaz de gestión de Citrix Application Delivery Controller (ADC), anteriormente conocida como NetScaler ADC, y Citrix Gateway, anteriormente conocida como NetScaler Gateway.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/evasion-autentificacion-citrix-application-delivery-controller-y
Fecha de publicación: 21/10/2019
Importancia: 4 - Alta
Recursos afectados:
Citrix ADC y Citrix Gateway versión 13.0, hasta la build 41.20;
Citrix ADC y NetScaler Gateway versión 12.1, hasta la build 54.13;
Citrix ADC y NetScaler Gateway versión 12.0, hasta la build 62.8;
Citrix ADC y NetScaler Gateway version 11.1, hasta la build 62.8;
Citrix ADC y NetScaler Gateway version 10.5, hasta la build 70.5.
Descripción:
Se ha identificado una vulnerabilidad en la interfaz de gestión de Citrix Application Delivery Controller (ADC), anteriormente conocida como NetScaler ADC, y Citrix Gateway, anteriormente conocida como NetScaler Gateway.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/evasion-autentificacion-citrix-application-delivery-controller-y
INCIBE-CERT
Evasión de autentificación en Citrix Application Delivery Controller y Citrix Gateway
Se ha identificado una vulnerabilidad en la interfaz de gestión de Citrix Application Delivery Controller (ADC), anteriormente conocida como NetScaler ADC, y Citrix Gateway, anteriormente conocida como NetScaler Gateway.
Vulnerabilidad de escalada de privilegios en FortiMail de Fortinet
Fecha de publicación: 21/10/2019
Importancia: 4 - Alta
Recursos afectados:
FortiMail, versiones:
6.2.0,
6.0.0 hasta 6.0.6,
5.4.10 y anteriores.
Descripción:
Fortinet ha descubierto dos vulnerabilidades con criticidades altas en FortiMail. Un atacante, con privilegios de administración, podría obtener acceso no autorizado al sistema.
Solución:
Actualizar a las versiones de FortiMail:
6.2.1,
6.0.7,
5.4.11. (pendiente de publicación).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-escalada-privilegios-fortimail-fortinet
Fecha de publicación: 21/10/2019
Importancia: 4 - Alta
Recursos afectados:
FortiMail, versiones:
6.2.0,
6.0.0 hasta 6.0.6,
5.4.10 y anteriores.
Descripción:
Fortinet ha descubierto dos vulnerabilidades con criticidades altas en FortiMail. Un atacante, con privilegios de administración, podría obtener acceso no autorizado al sistema.
Solución:
Actualizar a las versiones de FortiMail:
6.2.1,
6.0.7,
5.4.11. (pendiente de publicación).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-escalada-privilegios-fortimail-fortinet
INCIBE-CERT
Vulnerabilidad de escalada de privilegios en FortiMail de Fortinet
Fortinet ha descubierto dos vulnerabilidades con criticidades altas en FortiMail. Un atacante, con privilegios de administración, podría obtener acceso no autorizado al sistema.
NSA and NCSC Release Joint Advisory on Turla Group Activity
The National Security Agency (NSA) and the United Kingdom National Cyber Security Centre (NCSC) have released a joint advisory on advanced persistent threat (APT) group Turla—widely reported to be Russian. The advisory provides an update to NCSC’s January 2018 report on Turla’s use of the malicious Neuron, Nautilus, and Snake tools to steal sensitive data. Additionally, the advisory states that Turla has compromised—and is currently leveraging—an Iranian APT group’s infrastructure and resources, which include the Neuron and Nautilus tools.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources for more information:
• NSA Advisory Turla Group Exploits Iranian APT To Expand Coverage Of Victims
• UK NCSC Advisory Turla group exploits Iranian APT to expand coverage of victims
• January 2018 UK NCSC Report Turla Group Malware
https://www.us-cert.gov/ncas/current-activity/2019/10/21/nsa-and-ncsc-release-joint-advisory-turla-group-activity
The National Security Agency (NSA) and the United Kingdom National Cyber Security Centre (NCSC) have released a joint advisory on advanced persistent threat (APT) group Turla—widely reported to be Russian. The advisory provides an update to NCSC’s January 2018 report on Turla’s use of the malicious Neuron, Nautilus, and Snake tools to steal sensitive data. Additionally, the advisory states that Turla has compromised—and is currently leveraging—an Iranian APT group’s infrastructure and resources, which include the Neuron and Nautilus tools.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources for more information:
• NSA Advisory Turla Group Exploits Iranian APT To Expand Coverage Of Victims
• UK NCSC Advisory Turla group exploits Iranian APT to expand coverage of victims
• January 2018 UK NCSC Report Turla Group Malware
https://www.us-cert.gov/ncas/current-activity/2019/10/21/nsa-and-ncsc-release-joint-advisory-turla-group-activity
www.us-cert.gov
NSA and NCSC Release Joint Advisory on Turla Group Activity | CISA
The National Security Agency (NSA) and the United Kingdom National Cyber Security Centre (NCSC) have released a joint advisory on advanced persistent threat (APT) group Turla—widely reported to be Russian. The advisory provides an update to NCSC’s January…
#Avast says #CCleaner was targeted by hackers… again
Security firm Avast has revealed that it detected and intercepted suspicious activity on its network. The malicious attack is believed to have been instigated by hackers seeking to target the CCleaner software.
https://betanews.com/2019/10/21/avast-abiss-hack-abiss/
Security firm Avast has revealed that it detected and intercepted suspicious activity on its network. The malicious attack is believed to have been instigated by hackers seeking to target the CCleaner software.
https://betanews.com/2019/10/21/avast-abiss-hack-abiss/
BetaNews
Avast says CCleaner was targeted by hackers... again
Security firm Avast has revealed that it detected and intercepted suspicious activity on its network. The malicious attack is believed to have been instigated by hackers seeking to target the CCleaner software.
#NordVPN confirms it was hacked
#VPV
NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked.
The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
#VPV
NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked.
The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
TechCrunch
NordVPN confirms it was hacked
NordVPN, a virtual private network provider that promises to "protect your privacy online," has confirmed it was hacked. The admission comes following
#NordVPN confirma un ataque que accedió a su centro de datos, aunque "no afectó a los usuarios"
#VPN
NordVPN dice que se enteró de la brecha hace unos meses
https://www.genbeta.com/seguridad/nordvpn-confirma-que-uno-sus-centros-datos-fue-atacado-exito-hace-ano
#VPN
NordVPN dice que se enteró de la brecha hace unos meses
https://www.genbeta.com/seguridad/nordvpn-confirma-que-uno-sus-centros-datos-fue-atacado-exito-hace-ano
Genbeta
NordVPN confirma un ataque que accedió a uno de sus centros de datos, aunque "no afectó a los usuarios"
Uno de los proveedores de redes privada virtuales más populares, NordVPN, ha confirmado que fue atacado con éxito. La acción se llevó a cabo contra un centro...
Evil-WinRM: shell que usa WinRM para hacking/pentesting
#HackPlayers
https://www.hackplayers.com/2019/10/evil-winrm-shell-winrm-para-pentesting.html
#HackPlayers
https://www.hackplayers.com/2019/10/evil-winrm-shell-winrm-para-pentesting.html
Hackplayers
Evil-WinRM: shell que usa WinRM para hacking/pentesting
Uno de los proyectos más interesantes que tenemos en el Github de Hackplayers es el de Evil-WinRM , que Luis, Oscar y Jari acaban de actua...
CVE-2019-18217
#ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticateds denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217
#ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticateds denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217
cve.mitre.org
CVE -
CVE-2019-18217
CVE-2019-18217
Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. Assigned by CVE Numbering Authorities (CNAs)…
Hacker Breached Servers Belonging to Multiple #VPN Providers
Servers belonging to the #NordVPN and #TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.
https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/
Servers belonging to the #NordVPN and #TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.
https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/
BleepingComputer
Hacker Breached Servers Belonging to Multiple VPN Providers
Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.
#Ransomware Goes Fileless, Uses Malicious Documents and #PowerShell to Encrypt Files
https://www.bromium.com/ransomware-goes-fileless-uses-malicious-documents-and-powershell-to-encrypt-files/
https://www.bromium.com/ransomware-goes-fileless-uses-malicious-documents-and-powershell-to-encrypt-files/
Chinese Hackers Use New Malware to Backdoor #Microsoft #SQL Servers
New malware created by Chinese-backed Winnti Group has been discovered by researchers at ESET while being used to gain persistence on Microsoft SQL Server (MSSQL) systems.
The new malicious tool dubbed skip-2.0 can be used by the attackers to backdoor MSSQL Server 11 and 12 servers, enabling them to connect to any account on the server using a so-called "magic password" and hide their activity from the security logs.
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-malware-to-backdoor-microsoft-sql-servers/
New malware created by Chinese-backed Winnti Group has been discovered by researchers at ESET while being used to gain persistence on Microsoft SQL Server (MSSQL) systems.
The new malicious tool dubbed skip-2.0 can be used by the attackers to backdoor MSSQL Server 11 and 12 servers, enabling them to connect to any account on the server using a so-called "magic password" and hide their activity from the security logs.
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-malware-to-backdoor-microsoft-sql-servers/
BleepingComputer
Chinese Hackers Use New Malware to Backdoor Microsoft SQL Servers
New malware created by Chinese-backed Winnti Group has been discovered by researchers at ESET while being used to gain persistence on Microsoft SQL Server (MSSQL) systems.
Vulnerabilidad en Security Access Manager de IBM
Fecha de publicación: 25/10/2019
Importancia: 4 - Alta
Recursos afectados:
Todas las versiones de IBM Security Access Manager.
Descripción:
Lczap, investigador de seguridad, ha reportado a IBM una vulnerabilidad de criticidad alta. Un atacante, sin autenticar, podría generar una condición de denegación de servicio.
Solución:
Por el momento, no se dispone de actualización que solucione la vulnerabilidad. IBM ha publicado unas indicaciones para mitigar este tipo de ataques.
Detalle:
IBM Security Access Manager es vulnerable a ataques del tipo Slow HTTP Attack. Un atacante, sin autenticación, podría generar una condición de denegación de servicio en el sistema. Se ha reservado el identificador CVE-2019-4036 para esta vulnerabilidad.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-security-access-manager-ibm
Fecha de publicación: 25/10/2019
Importancia: 4 - Alta
Recursos afectados:
Todas las versiones de IBM Security Access Manager.
Descripción:
Lczap, investigador de seguridad, ha reportado a IBM una vulnerabilidad de criticidad alta. Un atacante, sin autenticar, podría generar una condición de denegación de servicio.
Solución:
Por el momento, no se dispone de actualización que solucione la vulnerabilidad. IBM ha publicado unas indicaciones para mitigar este tipo de ataques.
Detalle:
IBM Security Access Manager es vulnerable a ataques del tipo Slow HTTP Attack. Un atacante, sin autenticación, podría generar una condición de denegación de servicio en el sistema. Se ha reservado el identificador CVE-2019-4036 para esta vulnerabilidad.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-security-access-manager-ibm
INCIBE-CERT
Vulnerabilidad en Security Access Manager de IBM
Lczap, investigador de seguridad, ha reportado a IBM una vulnerabilidad de criticidad alta. Un atacante, sin autenticar, podría generar una condición de denegación de servicio.
List of open source tools for #AWS security: defensive, offensive, auditing, #DFIR, etc.
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
https://github.com/toniblyx/my-arsenal-of-aws-security-tools
GitHub
GitHub - toniblyx/my-arsenal-of-aws-security-tools: List of open source tools for AWS security: defensive, offensive, auditing…
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. - toniblyx/my-arsenal-of-aws-security-tools
Securing #Docker Containers
I made a guide on how to secure docker. I’ve split it up into 3 categories. Feedback is appreciated as this is more a compilation of other resources than anything else and I did not verify everything.
https://0x00sec.org/t/securing-docker-containers/16913
I made a guide on how to secure docker. I’ve split it up into 3 categories. Feedback is appreciated as this is more a compilation of other resources than anything else and I did not verify everything.
https://0x00sec.org/t/securing-docker-containers/16913
Unsecured #ElasticSearch DB exposed data for 7.5M #Adobe Creative Cloud Users
Adobe suffered an important data leak, data for 7.5 Million Adobe Creative Cloud users have been exposed online through an unsecured server.
https://securityaffairs.co/wordpress/92986/breaking-news/adobe-creative-cloud-data-leak.html
Adobe suffered an important data leak, data for 7.5 Million Adobe Creative Cloud users have been exposed online through an unsecured server.
https://securityaffairs.co/wordpress/92986/breaking-news/adobe-creative-cloud-data-leak.html
Security Affairs
Unsecured ElasticSearch DB exposed data for 7.5M Adobe Creative Cloud users
Adobe suffered an important data leak, data for 7.5 Million Creative Cloud users have been exposed online through an unsecured server.
Nasty #PHP7 remote code execution bug exploited in the wild
New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers.
The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL.
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers.
The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL.
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
ZDNet
Nasty PHP7 remote code execution bug exploited in the wild
New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers.
Múltiples vulnerabilidades en RouterOS de MikroTik
Fecha de publicación: 29/10/2019
Importancia: 4 - Alta
Recursos afectados:
RouterOS Stable, con versiones 6.45.6 y anteriores,
RouterOS Long-term, con versiones 6.44.5 y anteriores.
Descripción:
Jacob Baines, investigador de seguridad en Tenable, ha descubierto 4 vulnerabilidades con criticidades altas. Un atacante remoto, no autenticado, podría acceder, modificar u obtener privilegios de root en el dispositivo.
Solución:
MikroTik ha publicado actualizaciones que solucionan las vulnerabilidades:
RouterOS Stable, actualizar a la versión 6.45.7,
RouterOS Long-term, actualizar a la versión 6.44.6.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routeros-mikrotik
Fecha de publicación: 29/10/2019
Importancia: 4 - Alta
Recursos afectados:
RouterOS Stable, con versiones 6.45.6 y anteriores,
RouterOS Long-term, con versiones 6.44.5 y anteriores.
Descripción:
Jacob Baines, investigador de seguridad en Tenable, ha descubierto 4 vulnerabilidades con criticidades altas. Un atacante remoto, no autenticado, podría acceder, modificar u obtener privilegios de root en el dispositivo.
Solución:
MikroTik ha publicado actualizaciones que solucionan las vulnerabilidades:
RouterOS Stable, actualizar a la versión 6.45.7,
RouterOS Long-term, actualizar a la versión 6.44.6.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routeros-mikrotik
INCIBE-CERT
Múltiples vulnerabilidades en RouterOS de MikroTik
Jacob Baines, investigador de seguridad en Tenable, ha descubierto 4 vulnerabilidades con criticidades altas. Un atacante remoto, no autenticado, podría acceder, modificar u obtener privilegios de
New 'unremovable' xHelper malware has infected 45,000 Android devices
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/
ZDNet
New 'unremovable' xHelper malware has infected 45,000 Android devices
Factory resets aren't helping. Neither are mobile antivirus solutions. Malware keeps reinstalling itself.
Denegación de servicio en RDesktop
Fecha de publicación: 31/10/2019
Importancia: 4 - Alta
Recursos afectados:
RDesktop, anterior a la versión 1.8.4.
Descripción:
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-rdesktop
Fecha de publicación: 31/10/2019
Importancia: 4 - Alta
Recursos afectados:
RDesktop, anterior a la versión 1.8.4.
Descripción:
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-rdesktop
INCIBE-CERT
Denegación de servicio en RDesktop
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.