Múltiples vulnerabilidades en RouterOS de MikroTik
Fecha de publicación: 29/10/2019
Importancia: 4 - Alta
Recursos afectados:
RouterOS Stable, con versiones 6.45.6 y anteriores,
RouterOS Long-term, con versiones 6.44.5 y anteriores.
Descripción:
Jacob Baines, investigador de seguridad en Tenable, ha descubierto 4 vulnerabilidades con criticidades altas. Un atacante remoto, no autenticado, podría acceder, modificar u obtener privilegios de root en el dispositivo.
Solución:
MikroTik ha publicado actualizaciones que solucionan las vulnerabilidades:
RouterOS Stable, actualizar a la versión 6.45.7,
RouterOS Long-term, actualizar a la versión 6.44.6.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routeros-mikrotik
Fecha de publicación: 29/10/2019
Importancia: 4 - Alta
Recursos afectados:
RouterOS Stable, con versiones 6.45.6 y anteriores,
RouterOS Long-term, con versiones 6.44.5 y anteriores.
Descripción:
Jacob Baines, investigador de seguridad en Tenable, ha descubierto 4 vulnerabilidades con criticidades altas. Un atacante remoto, no autenticado, podría acceder, modificar u obtener privilegios de root en el dispositivo.
Solución:
MikroTik ha publicado actualizaciones que solucionan las vulnerabilidades:
RouterOS Stable, actualizar a la versión 6.45.7,
RouterOS Long-term, actualizar a la versión 6.44.6.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routeros-mikrotik
INCIBE-CERT
Múltiples vulnerabilidades en RouterOS de MikroTik
Jacob Baines, investigador de seguridad en Tenable, ha descubierto 4 vulnerabilidades con criticidades altas. Un atacante remoto, no autenticado, podría acceder, modificar u obtener privilegios de
New 'unremovable' xHelper malware has infected 45,000 Android devices
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/
ZDNet
New 'unremovable' xHelper malware has infected 45,000 Android devices
Factory resets aren't helping. Neither are mobile antivirus solutions. Malware keeps reinstalling itself.
Denegación de servicio en RDesktop
Fecha de publicación: 31/10/2019
Importancia: 4 - Alta
Recursos afectados:
RDesktop, anterior a la versión 1.8.4.
Descripción:
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-rdesktop
Fecha de publicación: 31/10/2019
Importancia: 4 - Alta
Recursos afectados:
RDesktop, anterior a la versión 1.8.4.
Descripción:
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-rdesktop
INCIBE-CERT
Denegación de servicio en RDesktop
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
Malware Analysis Report (AR19-304A)
MAR-10135536-8 – North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/ar19-304a
MAR-10135536-8 – North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/ar19-304a
www.us-cert.gov
MAR-10135536-8 – North Korean Trojan: HOPLIGHT | CISA
Notification
This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial…
This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial…
#Chrome Zero-Day Bug with Exploit in the Wild Gets A Patch
Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild.
Both security issues are serious as they could be leveraged to take control of a vulnerable system, reads an alert from the Cybersecurity and Infrastructure Security Agency (CISA).
https://www.bleepingcomputer.com/news/security/chrome-zero-day-bug-with-exploit-in-the-wild-gets-a-patch/
Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild.
Both security issues are serious as they could be leveraged to take control of a vulnerable system, reads an alert from the Cybersecurity and Infrastructure Security Agency (CISA).
https://www.bleepingcomputer.com/news/security/chrome-zero-day-bug-with-exploit-in-the-wild-gets-a-patch/
BleepingComputer
Chrome Zero-Day Bug with Exploit in the Wild Gets A Patch
Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild.
Google Releases Security Updates for Chrome
Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/10/31/google-releases-security-updates-chrome
Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/10/31/google-releases-security-updates-chrome
www.us-cert.gov
Google Releases Security Updates for Chrome | CISA
Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits…
Watch Out IT Admins! Two Unpatched Critical #RCE Flaws Disclosed in #rConfig
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.
A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers, and connected network devices.
https://thehackernews.com/2019/11/rConfig-network-vulnerability.html
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.
A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers, and connected network devices.
https://thehackernews.com/2019/11/rConfig-network-vulnerability.html
ICS Advisory (ICSA-19-304-02)
#Honeywell equIP Series IP Cameras
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series IP cameras
Vulnerability: Improper Input Validation
https://www.us-cert.gov/ics/advisories/icsa-19-304-02
#Honeywell equIP Series IP Cameras
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series IP cameras
Vulnerability: Improper Input Validation
https://www.us-cert.gov/ics/advisories/icsa-19-304-02
us-cert.cisa.gov
Honeywell equIP Series IP Cameras | CISA
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series IP cameras
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability…
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series IP cameras
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability…
ICS Advisory (ICSA-19-304-03)
#Honeywell equIP and Performance Series IP Cameras
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras
Vulnerability: Missing Authentication for Critical Function
https://www.us-cert.gov/ics/advisories/icsa-19-304-03
#Honeywell equIP and Performance Series IP Cameras
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras
Vulnerability: Missing Authentication for Critical Function
https://www.us-cert.gov/ics/advisories/icsa-19-304-03
www.us-cert.gov
Honeywell equIP and Performance Series IP Cameras | CISA
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
…
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
…
ICS Advisory (ICSA-19-304-04)
#Honeywell equIP and Performance Series IP Cameras and Recorders
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras and recorders
Vulnerability: Authentication Bypass by Capture-Replay
https://www.us-cert.gov/ics/advisories/icsa-19-304-04
#Honeywell equIP and Performance Series IP Cameras and Recorders
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras and recorders
Vulnerability: Authentication Bypass by Capture-Replay
https://www.us-cert.gov/ics/advisories/icsa-19-304-04
us-cert.cisa.gov
Honeywell equIP and Performance Series IP Cameras and Recorders | CISA
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras and recorders
Vulnerability: Authentication Bypass by Capture-Replay
2. RISK EVALUATION
Successful exploitation…
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Honeywell
Equipment: equIP series and Performance series IP cameras and recorders
Vulnerability: Authentication Bypass by Capture-Replay
2. RISK EVALUATION
Successful exploitation…
#BlueKeep Attacks Have Arrived, Are Initially Underwhelming
The first attacks that exploit the zero-day #Windows vulnerability install cryptominers and scan for targets rather than a worm with WannaCry potential.
The wave of BlueKeep attacks that security experts predicted could take down systems globally have arrived, but they are not in showing the form nor the destructive impact experts initially feared.
https://threatpost.com/bluekeep-attacks-have-arrived-are-initially-underwhelming/149829/
The first attacks that exploit the zero-day #Windows vulnerability install cryptominers and scan for targets rather than a worm with WannaCry potential.
The wave of BlueKeep attacks that security experts predicted could take down systems globally have arrived, but they are not in showing the form nor the destructive impact experts initially feared.
https://threatpost.com/bluekeep-attacks-have-arrived-are-initially-underwhelming/149829/
Threat Post
BlueKeep Attacks Have Arrived, Are Initially Underwhelming
The first attacks that exploit the zero-day Windows vulnerability install cryptominers and scan for targets rather than a worm with WannaCry potential.
#BlueKeep attacks go live, but it isn’t as dangerous as feared
Hackers have already started using BlueKeep exploit to break into Windows systems, but according to security researchers, the exploit is not as dangerous as everybody feared.
For those unaware, BlueKeep affects the Remote Desktop Protocole service(RDP), which is widely used for remote control administration. May 14 is when it first came into existence and security experts at various firms labeled it as “wormable,” meaning that code exploiting this vulnerability can be self-propagating in nature, and, therefore, can spread very quickly, just like how Wannacry spread.
https://mspoweruser.com/bluekeep-attacks-go-live-but-it-isnt-as-dangerous-as-feared/amp/
Hackers have already started using BlueKeep exploit to break into Windows systems, but according to security researchers, the exploit is not as dangerous as everybody feared.
For those unaware, BlueKeep affects the Remote Desktop Protocole service(RDP), which is widely used for remote control administration. May 14 is when it first came into existence and security experts at various firms labeled it as “wormable,” meaning that code exploiting this vulnerability can be self-propagating in nature, and, therefore, can spread very quickly, just like how Wannacry spread.
https://mspoweruser.com/bluekeep-attacks-go-live-but-it-isnt-as-dangerous-as-feared/amp/
MSPoweruser
BlueKeep attacks go live, but it isn’t as dangerous as feared
Hackers have already started using BlueKeep exploit to break into Windows systems, but according to security researchers, the exploit is not as dangerous as everybody feared. For those unaware, BlueKeep affects the Remote Desktop Protocole service(RDP), which…
Múltiples vulnerabilidades en Xen
Fecha de publicación: 04/11/2019
Importancia: 4 - Alta
Recursos afectados:
Xen, versiones 4.6 y posteriores;
Xen, versiones de 32 bit, desde la versión 3.2;
Xen, todos los sistemas x86, con invitados PV sin confianza;
los sistemas Xen en los que los huéspedes tengan acceso directo a los dispositivos físicos.
Xen, todos los sistemas ARM;
Citrix Hypervisor, versión 8.0 y anteriores.
Descripción:
Se han publicado varias vulnerabilidades en Xen que podrían permitir la denegación del servicio, escalada de privilegios o corrupción de datos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-xen-1
Fecha de publicación: 04/11/2019
Importancia: 4 - Alta
Recursos afectados:
Xen, versiones 4.6 y posteriores;
Xen, versiones de 32 bit, desde la versión 3.2;
Xen, todos los sistemas x86, con invitados PV sin confianza;
los sistemas Xen en los que los huéspedes tengan acceso directo a los dispositivos físicos.
Xen, todos los sistemas ARM;
Citrix Hypervisor, versión 8.0 y anteriores.
Descripción:
Se han publicado varias vulnerabilidades en Xen que podrían permitir la denegación del servicio, escalada de privilegios o corrupción de datos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-xen-1
INCIBE-CERT
Múltiples vulnerabilidades en Xen
Se han publicado varias vulnerabilidades en Xen que podrían permitir la denegación del servicio, escalada de privilegios o corrupción de datos.
Vulnerabilidad de XSS en BIG-IP TMUI de F5
Fecha de publicación: 04/11/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM y WebAccelerator), versiones:
desde 13.1.0, hasta 13.1.3;
desde 12.1.0, hasta 12.1.5;
desde 11.5.2, hasta 11.6.5.
Descripción:
The Tarantula Team ha descubierto una vulnerabilidad de cross-site scripting (XSS) reflejado en una página no revelada en el componente Traffic Management User Interface (TMUI) del producto BIG-IP , también conocido como la utilidad de configuración de BIG-IP.
Solución:
Actualizar BIG-IP a la versión 14.0.0.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-xss-big-ip-tmui-f5
Fecha de publicación: 04/11/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM y WebAccelerator), versiones:
desde 13.1.0, hasta 13.1.3;
desde 12.1.0, hasta 12.1.5;
desde 11.5.2, hasta 11.6.5.
Descripción:
The Tarantula Team ha descubierto una vulnerabilidad de cross-site scripting (XSS) reflejado en una página no revelada en el componente Traffic Management User Interface (TMUI) del producto BIG-IP , también conocido como la utilidad de configuración de BIG-IP.
Solución:
Actualizar BIG-IP a la versión 14.0.0.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-xss-big-ip-tmui-f5
INCIBE-CERT
Vulnerabilidad de XSS en BIG-IP TMUI de F5
The Tarantula Team ha descubierto una vulnerabilidad de cross-site scripting (XSS) reflejado en una página no revelada en el componente Traffic Management User Interface (TMUI) del producto BIG-IP , también conocido como la utilidad de configuración de BIG…
Denegación de servicio en RDesktop
Fecha de publicación: 31/10/2019
Importancia: 4 - Alta
Recursos afectados:
RDesktop, anterior a la versión 1.8.4.
Descripción:
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
Solución:
Actualizar a la versión 1.8.5.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-rdesktop
Fecha de publicación: 31/10/2019
Importancia: 4 - Alta
Recursos afectados:
RDesktop, anterior a la versión 1.8.4.
Descripción:
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
Solución:
Actualizar a la versión 1.8.5.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-rdesktop
INCIBE-CERT
Denegación de servicio en RDesktop
El investigador de seguridad, Pavel Cheremushkin, de Kaspersky ICS CERT ha detectado una vulnerabilidad en RDesktop, que podría permitir a un atacante remoto generar una condición de denegación de servicio.
Forwarded from Derecho de la Red
BOE-A-2019-15790.pdf
326.3 KB
⚖ "Publicado el Real Decreto-ley 14/2019, de 31 de octubre, por el que se adoptan medidas urgentes por razones de seguridad pública en materia de administración digital, contratación del sector público y telecomunicaciones"
El Gobierno podrá cerrar servicios digitales ahora también si hay 'amenazas de orden público'
Ya se podía ordenar el cese de urgencia y sin audiencia previa de forma cautelar por razones de seguridad pública, protección civil, emergencias, defensa de la vida humana o interferencia con otras redes, ahora las razones son mucho más amplias
Fuente: t.me/criptored
https://civio.es/el-boe-nuestro-de-cada-dia/2019/11/05/las-administraciones-publicas-tienen-seis-meses-para-que-todas-sus-bases-y-servicios-con-datos-personales-esten-alojadas-en-servidores-europeos/
Ya se podía ordenar el cese de urgencia y sin audiencia previa de forma cautelar por razones de seguridad pública, protección civil, emergencias, defensa de la vida humana o interferencia con otras redes, ahora las razones son mucho más amplias
Fuente: t.me/criptored
https://civio.es/el-boe-nuestro-de-cada-dia/2019/11/05/las-administraciones-publicas-tienen-seis-meses-para-que-todas-sus-bases-y-servicios-con-datos-personales-esten-alojadas-en-servidores-europeos/
Telegram
Criptored - Privacidad, libertades civiles e inteligencia
Dr. Alfonso Muñoz
Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM
https://www.microsoft.com/security/blog/2019/11/05/azure-sentinel-updates-improve-your-security-operations-with-innovations-from-a-cloud-native-siem/
https://www.microsoft.com/security/blog/2019/11/05/azure-sentinel-updates-improve-your-security-operations-with-innovations-from-a-cloud-native-siem/
Microsoft Security
Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM
Learn about all the new features and enhancements introduced in Azure Sentinel, Microsoft’s cloud-native SIEM solution, during Ignite 2019.
USN-4174-1: #HAproxy vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
HAproxy would allow unintended access if ii received specially crafted HTTP request.
Software Description
haproxy - fast and reliable load balancing reverse proxy
https://usn.ubuntu.com/4174-1/
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS
Summary
HAproxy would allow unintended access if ii received specially crafted HTTP request.
Software Description
haproxy - fast and reliable load balancing reverse proxy
https://usn.ubuntu.com/4174-1/
Ubuntu
USN-4174-1: HAproxy vulnerability | Ubuntu security notices
It was discovered that HAproxy incorrectly handled certain HTTP requests. An attacker could possibly use this issue to a privilege escalation (Request Smuggling).
Google patches bug that let nearby hackers send malware to your phone
Google has patched a bug in the Android operating system that could have allowed attackers to install a rogue application on a victim’s phone – but only if they were able to invade their personal space.
https://nakedsecurity.sophos.com/2019/11/05/google-patches-dont-stand-so-close-to-me-bug/
Google has patched a bug in the Android operating system that could have allowed attackers to install a rogue application on a victim’s phone – but only if they were able to invade their personal space.
https://nakedsecurity.sophos.com/2019/11/05/google-patches-dont-stand-so-close-to-me-bug/
Naked Security
Google patches bug that let nearby hackers send malware to your phone
Google has patched an Android bug that could have allowed attackers to use NFC to send over a malicious file to the victim’s phone