#Ransomware attack impacted government services in the territory of Nunavut, Canada
A ransomware attack disrupted IT operations in the territory of Nunavut (Canada), all government services requiring access to electronic data were impacted.
https://securityaffairs.co/wordpress/93446/malware/territory-nunavut-ransomware.html
A ransomware attack disrupted IT operations in the territory of Nunavut (Canada), all government services requiring access to electronic data were impacted.
https://securityaffairs.co/wordpress/93446/malware/territory-nunavut-ransomware.html
Security Affairs
Ransomware attack impacted government services in territory of Nunavut
A ransomware attack disrupted IT operations in the territory of Nunavut (Canada), all government services requiring access to electronic data were impacted.
Kaspersky identifies mysterious #APT mentioned in 2017 Shadow Brokers leak
The NSA had superior insight into foreign nation-state hacking operations than many cyber-security vendors.
https://www.zdnet.com/article/kaspersky-identifies-mysterious-apt-mentioned-in-2017-shadow-brokers-leak/
The NSA had superior insight into foreign nation-state hacking operations than many cyber-security vendors.
https://www.zdnet.com/article/kaspersky-identifies-mysterious-apt-mentioned-in-2017-shadow-brokers-leak/
ZDNET
Kaspersky identifies mysterious APT mentioned in 2017 Shadow Brokers leak
The NSA had superior insight into foreign nation-state hacking operations than many cyber-security vendors.
Forwarded from tpx Security ⠠⠵
¡Alerta de Malware de Linkedin! Hay una nueva amenaza de ciberseguridad que atraviesa las cuentas pirateadas de LinkedIn. Le ofrece la oportunidad de responder a una propuesta y adjunta un "pdf".
Forwarded from tpx Security ⠠⠵
Pastebin
2019-11-05 Emotet IOCs - Pastebin.com
Actualización de seguridad de Joomla! 3.9.13
Fecha de publicación: 06/11/2019
Importancia: 2 - Baja
Recursos afectados:
Joomla! CMS, versiones desde la 3.2.0, hasta la 3.9.12.
Descripción:
Joomla! ha publicado una nueva versión que soluciona dos vulnerabilidades de criticidad baja en su núcleo, de los tipos cross-site request forgery (CSRF) y divulgación de ruta.
Solución:
Actualizar a la versión 3.9.13.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla-3913
Fecha de publicación: 06/11/2019
Importancia: 2 - Baja
Recursos afectados:
Joomla! CMS, versiones desde la 3.2.0, hasta la 3.9.12.
Descripción:
Joomla! ha publicado una nueva versión que soluciona dos vulnerabilidades de criticidad baja en su núcleo, de los tipos cross-site request forgery (CSRF) y divulgación de ruta.
Solución:
Actualizar a la versión 3.9.13.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla-3913
INCIBE-CERT
Actualización de seguridad de Joomla! 3.9.13
Joomla! ha publicado una nueva versión que soluciona dos vulnerabilidades de criticidad baja en su núcleo, de los tipos cross-site request forgery (CSRF) y divulgación de ruta.
U.S. Cyber Command Shares Seven New Malware Samples
U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.
https://www.us-cert.gov/ncas/current-activity/2019/11/06/us-cyber-command-shares-seven-new-malware-samples
U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.
https://www.us-cert.gov/ncas/current-activity/2019/11/06/us-cyber-command-shares-seven-new-malware-samples
www.us-cert.gov
U.S. Cyber Command Shares Seven New Malware Samples | CISA
U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page…
ReconPi: convierte tu Raspberry Pi en una herramienta de reconocimiento de dominios
#Hackplayers
ReconPi es una herramienta de reconocimiento bastante liviana que realiza un extenso escaneo de dominios con las últimas herramientas utilizando una Raspberry Pi, Golang y Docker.
https://www.hackplayers.com/2019/11/reconpi-rpi-herramienta-reconocimiento.html
#Hackplayers
ReconPi es una herramienta de reconocimiento bastante liviana que realiza un extenso escaneo de dominios con las últimas herramientas utilizando una Raspberry Pi, Golang y Docker.
https://www.hackplayers.com/2019/11/reconpi-rpi-herramienta-reconocimiento.html
Hackplayers
ReconPi: convierte tu Raspberry Pi en una herramienta de reconocimiento de dominios
ReconPi es una herramienta de reconocimiento bastante liviana que realiza un extenso escaneo de dominios con las últimas herramientas uti...
Malware Persistence without the Windows Registry
https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html
https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html
FireEye
Malware Persistence without the Windows Registry
For an attacker to maintain a foothold inside your network they will typically install a piece of backdoor malware on at least one of your systems. The malware needs to be installed persistently, meaning that it will remain active in the event of a reboot.…
#AWS Artifact is now available in AWS GovCloud (US) Regions
AWS Artifact is now available in the AWS GovCloud (US) Regions, where you’ll now have on-demand access to AWS compliance reports and select online AWS agreements with a single-click in the AWS Management Console.
https://aws.amazon.com/es/blogs/security/aws-artifact-is-now-available-in-aws-govcloud-us-regions/
AWS Artifact is now available in the AWS GovCloud (US) Regions, where you’ll now have on-demand access to AWS compliance reports and select online AWS agreements with a single-click in the AWS Management Console.
https://aws.amazon.com/es/blogs/security/aws-artifact-is-now-available-in-aws-govcloud-us-regions/
Amazon Web Services
AWS Artifact is now available in AWS GovCloud (US) Regions | Amazon Web Services
AWS Artifact is now available in the AWS GovCloud (US) Regions, where you’ll now have on-demand access to AWS compliance reports and select online AWS agreements with a single-click in the AWS Management Console. The AWS GovCloud (US) Regions are isolated…
#NVIDIA Fixes Security Flaws in GPU Driver, GeForce Experience
NVIDIA released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software.
https://www.bleepingcomputer.com/news/security/nvidia-fixes-security-flaws-in-gpu-driver-geforce-experience/
NVIDIA released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software.
https://www.bleepingcomputer.com/news/security/nvidia-fixes-security-flaws-in-gpu-driver-geforce-experience/
BleepingComputer
NVIDIA Fixes Security Flaws in GPU Driver, GeForce Experience
NVIDIA released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software.
Múltiples vulnerabilidades en productos Cisco
Fecha de publicación: 07/11/2019
Importancia: 4 - Alta
Recursos afectados:
Cisco EPNM, versiones anteriores a 3.0.2,
Cisco Prime Infrastructure (PI),versiones anteriores a:
3.4.2,
3.5.1,
3.6.0 Update 02,
Cisco RoomOS Software, versiones anteriores a RoomOS July Drop 1 2019,
Cisco RoomOS Software, versiones anteriores a RoomOS September Drop 1 2019 con SSH habilitado,
Routeres Cisco Small Business RV Series, con versiones de firmware anteriores a la 4.2.3.10,
Cisco TC Software, versiones anteriores a 7.3.19,
Cisco TelePresence CE Software, versiones anteriores a 9.8.0,
Cisco Web Security Appliance (WSA),
Cisco Webex Meetings Online, todas las versiones de Webex Network Recording Player y Webex Player anteriores a la versión 1.3.44,
Cisco Webex Meetings Server, todas las versiones de Webex Network Recording Player anteriores a la versión 4.0MR2,
Cisco Webex Meetings sites, todas las versiones de Webex Network Recording Player y Webex Player anteriores a la versión WBS 39.5.12,
Cisco Wireless LAN Controllers, desde la versión 8.4 hasta la versión 8.9.
Descripción:
Cisco ha publicado 12 vulnerabilidades de severidad alta que afectan a sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-58
Fecha de publicación: 07/11/2019
Importancia: 4 - Alta
Recursos afectados:
Cisco EPNM, versiones anteriores a 3.0.2,
Cisco Prime Infrastructure (PI),versiones anteriores a:
3.4.2,
3.5.1,
3.6.0 Update 02,
Cisco RoomOS Software, versiones anteriores a RoomOS July Drop 1 2019,
Cisco RoomOS Software, versiones anteriores a RoomOS September Drop 1 2019 con SSH habilitado,
Routeres Cisco Small Business RV Series, con versiones de firmware anteriores a la 4.2.3.10,
Cisco TC Software, versiones anteriores a 7.3.19,
Cisco TelePresence CE Software, versiones anteriores a 9.8.0,
Cisco Web Security Appliance (WSA),
Cisco Webex Meetings Online, todas las versiones de Webex Network Recording Player y Webex Player anteriores a la versión 1.3.44,
Cisco Webex Meetings Server, todas las versiones de Webex Network Recording Player anteriores a la versión 4.0MR2,
Cisco Webex Meetings sites, todas las versiones de Webex Network Recording Player y Webex Player anteriores a la versión WBS 39.5.12,
Cisco Wireless LAN Controllers, desde la versión 8.4 hasta la versión 8.9.
Descripción:
Cisco ha publicado 12 vulnerabilidades de severidad alta que afectan a sus productos.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-58
INCIBE-CERT
Múltiples vulnerabilidades en productos Cisco
Cisco ha publicado 12 vulnerabilidades de severidad alta que afectan a sus productos.
#Linux users warned to update libarchive to beat flaw
Every now and again, a security vulnerability is discovered in a program with little fanfare, despite the fact that it’s buried in plain sight inside software lots of people depend on.
A good example is libarchive, which has a flaw discovered by Google researchers in May using the ClusterFuzz and OSSFuzz automated ‘fuzzing’ tools and fixed by libarchive’s maintainers on 12 June in version 3.4.0.
https://nakedsecurity.sophos.com/2019/11/07/linux-users-warned-to-update-libarchive-to-beat-flaw/
Every now and again, a security vulnerability is discovered in a program with little fanfare, despite the fact that it’s buried in plain sight inside software lots of people depend on.
A good example is libarchive, which has a flaw discovered by Google researchers in May using the ClusterFuzz and OSSFuzz automated ‘fuzzing’ tools and fixed by libarchive’s maintainers on 12 June in version 3.4.0.
https://nakedsecurity.sophos.com/2019/11/07/linux-users-warned-to-update-libarchive-to-beat-flaw/
Naked Security
Linux users warned to update libarchive to beat flaw
The bug is identified as CVE-2019-18408, a high-priority ‘use-after-free’ bug when dealing with a failed archive.
#QNAP Warns Users to Secure Devices Against #QSnatch #Malware
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.
https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-devices-against-qsnatch-malware/
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.
https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-secure-devices-against-qsnatch-malware/
BleepingComputer
QNAP Warns Users to Secure Devices Against QSnatch Malware
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials.
¡Hola España! An AWS Region is coming to Spain!
https://www.allthingsdistributed.com/2019/10/aws-region-europe-spain.html
https://www.allthingsdistributed.com/2019/10/aws-region-europe-spain.html
Allthingsdistributed
¡Hola España! An AWS Region is coming to Spain!
AWS plans to launch an AWS Region in Spain
#Microsoft Warns of More Harmful #Windows #BlueKeep Attacks, Patch Now
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
BlueKeep is an unauthenticated remote code execution vulnerability affecting Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2, and patched by Microsoft on May 14.
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
BlueKeep is an unauthenticated remote code execution vulnerability affecting Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2, and patched by Microsoft on May 14.
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/
BleepingComputer
Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
#Microsoft works with researchers to detect and protect against new #RDP #exploits
On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and confirm that they were caused by a BlueKeep exploit module for the Metasploit penetration testing framework.
https://www.microsoft.com/security/blog/2019/11/07/the-new-cve-2019-0708-rdp-exploit-attacks-explained/
On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and confirm that they were caused by a BlueKeep exploit module for the Metasploit penetration testing framework.
https://www.microsoft.com/security/blog/2019/11/07/the-new-cve-2019-0708-rdp-exploit-attacks-explained/
Microsoft Security Blog
Microsoft works with researchers to detect and protect against new RDP exploits | Microsoft Security Blog
The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check.
Spanish MSSP Targeted by #BitPaymer #Ransomware
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/spanish-mssp-targeted-by-bitpaymer-ransomware/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/spanish-mssp-targeted-by-bitpaymer-ransomware/
McAfee Blog
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
Welcome to the McAfee Blog, where we share posts about security solutions and products to keep you and your connected family safe online.
Nvidia’s latest driver update also fixes security vulnerabilities
https://www.kitguru.net/tech-news/featured-tech-news/matthew-wilson/nvidias-latest-driver-update-also-fixes-security-vulnerabilities/
https://www.kitguru.net/tech-news/featured-tech-news/matthew-wilson/nvidias-latest-driver-update-also-fixes-security-vulnerabilities/
KitGuru
Nvidia’s latest driver update also fixes security vulnerabilities - KitGuru
If you aren’t interested in playing Red Dead Redemption 2 on PC this week, or getting G-Sync compati
Múltiples vulnerabilidades en Squid
Fecha de publicación: 11/11/2019
Importancia: 4 - Alta
Recursos afectados:
Las siguientes versiones de Squid:
desde la 2.x hasta la 2.7.STABLE9;
desde la 3.x hasta la 3.5.28;
desde la 4.x hasta la 4.8.
Descripción:
Se han detectado cinco vulnerabilidades en múltiples versiones del servidor proxy Squid.
Solución:
Actualizar a la versión 4.9.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-squid-0
Fecha de publicación: 11/11/2019
Importancia: 4 - Alta
Recursos afectados:
Las siguientes versiones de Squid:
desde la 2.x hasta la 2.7.STABLE9;
desde la 3.x hasta la 3.5.28;
desde la 4.x hasta la 4.8.
Descripción:
Se han detectado cinco vulnerabilidades en múltiples versiones del servidor proxy Squid.
Solución:
Actualizar a la versión 4.9.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-squid-0
INCIBE-CERT
Múltiples vulnerabilidades en Squid
Se han detectado cinco vulnerabilidades en múltiples versiones del servidor proxy Squid.