Azure Sentinel updates: Improve your security operations with innovations from a cloud-native SIEM

https://www.microsoft.com/security/blog/2019/11/05/azure-sentinel-updates-improve-your-security-operations-with-innovations-from-a-cloud-native-siem/

USN-4174-1: #HAproxy vulnerability

A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 19.10
Ubuntu 19.04
Ubuntu 18.04 LTS
Ubuntu 16.04 LTS

Summary
HAproxy would allow unintended access if ii received specially crafted HTTP request.

Software Description
haproxy - fast and reliable load balancing reverse proxy

https://usn.ubuntu.com/4174-1/

Google patches bug that let nearby hackers send malware to your phone

Google has patched a bug in the Android operating system that could have allowed attackers to install a rogue application on a victim’s phone – but only if they were able to invade their personal space.

https://nakedsecurity.sophos.com/2019/11/05/google-patches-dont-stand-so-close-to-me-bug/

NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114]

NFC beaming of applications between devices using Android OS bypasses some security controls (the “install unknown application” prompt). A rogue device like a payment terminal can use this vulnerability to infect devices with malware.

https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/

Everis Hacked: Ransomware Sample Emerges, Company Silent on Attack

Everis’s parent company NTT Data has maintained a deafening silence in the wake of a ransomware attack on Spain’s largest IT consultancy – which employs 24,500 staff across Europe, USA and Latin America.

https://www.cbronline.com/news/everis-hacked-ransomware

Goodbye, #Symantec for Consumers; Hello #NortonLifeLock

Era Ends With Broadcom's Buy of Symantec's Enterprise Assets for $10.7 Billion

https://www.bankinfosecurity.com/goodbye-symantec-for-consumers-hello-nortonlifelock-a-13350

#Ransomware attack impacted government services in the territory of Nunavut, Canada

A ransomware attack disrupted IT operations in the territory of Nunavut (Canada), all government services requiring access to electronic data were impacted.

https://securityaffairs.co/wordpress/93446/malware/territory-nunavut-ransomware.html

Kaspersky identifies mysterious #APT mentioned in 2017 Shadow Brokers leak

The NSA had superior insight into foreign nation-state hacking operations than many cyber-security vendors.

https://www.zdnet.com/article/kaspersky-identifies-mysterious-apt-mentioned-in-2017-shadow-brokers-leak/

Actualización de seguridad de Joomla! 3.9.13

Fecha de publicación: 06/11/2019
Importancia: 2 - Baja

Recursos afectados: 
Joomla! CMS, versiones desde la 3.2.0, hasta la 3.9.12.

Descripción: 
Joomla! ha publicado una nueva versión que soluciona dos vulnerabilidades de criticidad baja en su núcleo, de los tipos cross-site request forgery (CSRF) y divulgación de ruta.

Solución: 
Actualizar a la versión 3.9.13.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla-3913

U.S. Cyber Command Shares Seven New Malware Samples

U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

https://www.us-cert.gov/ncas/current-activity/2019/11/06/us-cyber-command-shares-seven-new-malware-samples

ReconPi: convierte tu Raspberry Pi en una herramienta de reconocimiento de dominios

#Hackplayers

ReconPi es una herramienta de reconocimiento bastante liviana que realiza un extenso escaneo de dominios con las últimas herramientas utilizando una Raspberry Pi, Golang y Docker.

https://www.hackplayers.com/2019/11/reconpi-rpi-herramienta-reconocimiento.html

Malware Persistence without the Windows Registry

https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html

#AWS Artifact is now available in AWS GovCloud (US) Regions

AWS Artifact is now available in the AWS GovCloud (US) Regions, where you’ll now have on-demand access to AWS compliance reports and select online AWS agreements with a single-click in the AWS Management Console.

https://aws.amazon.com/es/blogs/security/aws-artifact-is-now-available-in-aws-govcloud-us-regions/

#NVIDIA Fixes Security Flaws in GPU Driver, GeForce Experience

NVIDIA released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software.

https://www.bleepingcomputer.com/news/security/nvidia-fixes-security-flaws-in-gpu-driver-geforce-experience/

Múltiples vulnerabilidades en productos Cisco

Fecha de publicación: 07/11/2019
Importancia: 4 - Alta

Recursos afectados: 
Cisco EPNM, versiones anteriores a 3.0.2,
Cisco Prime Infrastructure (PI),versiones anteriores a:
3.4.2,
3.5.1,
3.6.0 Update 02,
Cisco RoomOS Software, versiones anteriores a RoomOS July Drop 1 2019,
Cisco RoomOS Software, versiones anteriores a RoomOS September Drop 1 2019 con SSH habilitado,
Routeres Cisco Small Business RV Series, con versiones de firmware anteriores a la 4.2.3.10,
Cisco TC Software, versiones anteriores a 7.3.19,
Cisco TelePresence CE Software, versiones anteriores a 9.8.0,
Cisco Web Security Appliance (WSA),
Cisco Webex Meetings Online, todas las versiones de Webex Network Recording Player y Webex Player anteriores a la versión 1.3.44,
Cisco Webex Meetings Server, todas las versiones de Webex Network Recording Player anteriores a la versión 4.0MR2,
Cisco Webex Meetings sites, todas las versiones de Webex Network Recording Player y Webex Player anteriores a la versión WBS 39.5.12,
Cisco Wireless LAN Controllers, desde la versión 8.4 hasta la versión 8.9.

Descripción: 
Cisco ha publicado 12 vulnerabilidades de severidad alta que afectan a sus productos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-58

#Linux users warned to update libarchive to beat flaw

Every now and again, a security vulnerability is discovered in a program with little fanfare, despite the fact that it’s buried in plain sight inside software lots of people depend on.

A good example is libarchive, which has a flaw discovered by Google researchers in May using the ClusterFuzz and OSSFuzz automated ‘fuzzing’ tools and fixed by libarchive’s maintainers on 12 June in version 3.4.0.

https://nakedsecurity.sophos.com/2019/11/07/linux-users-warned-to-update-libarchive-to-beat-flaw/

#QNAP Warns Users to Secure Devices Against #QSnatch #Malware

Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.

https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-devices-against-qsnatch-malware/

¡Hola España! An AWS Region is coming to Spain!

https://www.allthingsdistributed.com/2019/10/aws-region-europe-spain.html

#Microsoft Warns of More Harmful #Windows #BlueKeep Attacks, Patch Now


The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.

BlueKeep is an unauthenticated remote code execution vulnerability affecting Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2, and patched by Microsoft on May 14.

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/