#Microsoft Warns of More Harmful #Windows #BlueKeep Attacks, Patch Now
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
BlueKeep is an unauthenticated remote code execution vulnerability affecting Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2, and patched by Microsoft on May 14.
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
BlueKeep is an unauthenticated remote code execution vulnerability affecting Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2, and patched by Microsoft on May 14.
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now/
BleepingComputer
Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.
#Microsoft works with researchers to detect and protect against new #RDP #exploits
On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and confirm that they were caused by a BlueKeep exploit module for the Metasploit penetration testing framework.
https://www.microsoft.com/security/blog/2019/11/07/the-new-cve-2019-0708-rdp-exploit-attacks-explained/
On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and confirm that they were caused by a BlueKeep exploit module for the Metasploit penetration testing framework.
https://www.microsoft.com/security/blog/2019/11/07/the-new-cve-2019-0708-rdp-exploit-attacks-explained/
Microsoft Security Blog
Microsoft works with researchers to detect and protect against new RDP exploits | Microsoft Security Blog
The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check.
Spanish MSSP Targeted by #BitPaymer #Ransomware
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/spanish-mssp-targeted-by-bitpaymer-ransomware/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/spanish-mssp-targeted-by-bitpaymer-ransomware/
McAfee Blog
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
Welcome to the McAfee Blog, where we share posts about security solutions and products to keep you and your connected family safe online.
Nvidia’s latest driver update also fixes security vulnerabilities
https://www.kitguru.net/tech-news/featured-tech-news/matthew-wilson/nvidias-latest-driver-update-also-fixes-security-vulnerabilities/
https://www.kitguru.net/tech-news/featured-tech-news/matthew-wilson/nvidias-latest-driver-update-also-fixes-security-vulnerabilities/
KitGuru
Nvidia’s latest driver update also fixes security vulnerabilities - KitGuru
If you aren’t interested in playing Red Dead Redemption 2 on PC this week, or getting G-Sync compati
Múltiples vulnerabilidades en Squid
Fecha de publicación: 11/11/2019
Importancia: 4 - Alta
Recursos afectados:
Las siguientes versiones de Squid:
desde la 2.x hasta la 2.7.STABLE9;
desde la 3.x hasta la 3.5.28;
desde la 4.x hasta la 4.8.
Descripción:
Se han detectado cinco vulnerabilidades en múltiples versiones del servidor proxy Squid.
Solución:
Actualizar a la versión 4.9.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-squid-0
Fecha de publicación: 11/11/2019
Importancia: 4 - Alta
Recursos afectados:
Las siguientes versiones de Squid:
desde la 2.x hasta la 2.7.STABLE9;
desde la 3.x hasta la 3.5.28;
desde la 4.x hasta la 4.8.
Descripción:
Se han detectado cinco vulnerabilidades en múltiples versiones del servidor proxy Squid.
Solución:
Actualizar a la versión 4.9.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-squid-0
INCIBE-CERT
Múltiples vulnerabilidades en Squid
Se han detectado cinco vulnerabilidades en múltiples versiones del servidor proxy Squid.
Adaudit - Powershell Script To Do Domain Auditing Automation
https://www.kitploit.com/2019/11/adaudit-powershell-script-to-do-domain.html
https://www.kitploit.com/2019/11/adaudit-powershell-script-to-do-domain.html
Kitploit
Kitploit – Maintenance in Progress
Kitploit is temporarily under maintenance. We’ll be back shortly with improvements.
How to enable encryption in a browser with the #AWS Encryption SDK for JavaScript and Node.js
https://aws.amazon.com/es/blogs/security/how-to-enable-encryption-browser-aws-encryption-sdk-javascript-node-js/
https://aws.amazon.com/es/blogs/security/how-to-enable-encryption-browser-aws-encryption-sdk-javascript-node-js/
Amazon
How to enable encryption in a browser with the AWS Encryption SDK for JavaScript and Node.js | Amazon Web Services
October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. In this post, we’ll show you how…
#Adobe Patches Vulnerabilities in Design, Web Products
Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.
https://www.securityweek.com/adobe-patches-vulnerabilities-design-web-products
Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.
https://www.securityweek.com/adobe-patches-vulnerabilities-design-web-products
Securityweek
Adobe Patches Vulnerabilities in Design, Web Products | SecurityWeek.Com
Adobe has patched a total of 11 vulnerabilities in its Animate, Illustrator, Media Encoder and Bridge products
Keylogging users via #Slack themes
Back in August I found a vulnerability in Slack which allowed me to keylog slack input via custom themes. I came across this vulnerability when we were having some discussions in my work’s slack regarding using CSS to change the font to comic-sans, as seen below:
#FFFFFF;}*{FONT-FAMILY:"COMIC SANS MS
https://fletchto99.dev/2019/november/slack-vulnerability/
Back in August I found a vulnerability in Slack which allowed me to keylog slack input via custom themes. I came across this vulnerability when we were having some discussions in my work’s slack regarding using CSS to change the font to comic-sans, as seen below:
#FFFFFF;}*{FONT-FAMILY:"COMIC SANS MS
https://fletchto99.dev/2019/november/slack-vulnerability/
Matt's Blog
Keylogging users via Slack themes
Back in August I found a vulnerability in Slack which allowed me to keylog slack input via custom themes.
#Cisco Fixes High-Risk Vulnerabilities in Some Small Business RV Series #Routers
A number of Cisco Small Business RV Series Routers series were found to be vulnerable to a couple of attacks, and Cisco was quick to explain what the vulnerabilities were and that the patches were issued.
Cisco confirmed that command injection and arbitrary command execution vulnerabilities were found in routers series including RV016, RV042, RV042G, RV082, RV320, and RV325. Both vulnerabilities are considered high risk, which is the main reason for issuing patches so quickly.
https://securityboulevard.com/2019/11/cisco-fixes-high-risk-vulnerabilities-in-some-small-business-rv-series-routers/
A number of Cisco Small Business RV Series Routers series were found to be vulnerable to a couple of attacks, and Cisco was quick to explain what the vulnerabilities were and that the patches were issued.
Cisco confirmed that command injection and arbitrary command execution vulnerabilities were found in routers series including RV016, RV042, RV042G, RV082, RV320, and RV325. Both vulnerabilities are considered high risk, which is the main reason for issuing patches so quickly.
https://securityboulevard.com/2019/11/cisco-fixes-high-risk-vulnerabilities-in-some-small-business-rv-series-routers/
Security Boulevard
Cisco Fixes High-Risk Vulnerabilities in Some Small Business RV Series Routers - Security Boulevard
A number of Cisco Small Business RV Series Routers series were found to be vulnerable to a couple of attacks, and Cisco was quick to explain what the vulnerabilities were and that the patches were issued. Cisco confirmed that command injection and arbitrary…
Boletín de seguridad de Microsoft de noviembre de 2019
Fecha de publicación: 13/11/2019
Importancia: 5 - Crítica
Recursos afectados:
Microsoft Windows,
Internet Explorer,
Microsoft Edge (Edge basado en HTML),
ChakraCore,
Microsoft Office y Microsoft Office Services y Web Apps,
Open Source Software,
Microsoft Exchange Server,
Visual Studio,
Azure Stack.
Descripción:
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de noviembre consta de 75 vulnerabilidades, 13 clasificadas como críticas y 62 como importantes.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-noviembre-2019
Fecha de publicación: 13/11/2019
Importancia: 5 - Crítica
Recursos afectados:
Microsoft Windows,
Internet Explorer,
Microsoft Edge (Edge basado en HTML),
ChakraCore,
Microsoft Office y Microsoft Office Services y Web Apps,
Open Source Software,
Microsoft Exchange Server,
Visual Studio,
Azure Stack.
Descripción:
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de noviembre consta de 75 vulnerabilidades, 13 clasificadas como críticas y 62 como importantes.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-noviembre-2019
INCIBE-CERT
Boletín de seguridad de Microsoft de noviembre de 2019
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de noviembre consta de 75 vulnerabilidades, 13 clasificadas como críticas y 62 como importantes.
Debian Security Advisory
DSA-4565-1 intel-microcode -- security update
Date Reported:13 Nov 2019
https://www.debian.org/security/2019/dsa-4565
DSA-4565-1 intel-microcode -- security update
Date Reported:13 Nov 2019
https://www.debian.org/security/2019/dsa-4565
VMware Releases Security Updates
Original release date: November 12, 2019
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/11/12/vmware-releases-security-updates
Original release date: November 12, 2019
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/11/12/vmware-releases-security-updates
www.us-cert.gov
VMware Releases Security Updates | CISA
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Intel Releases Security Updates
Original release date: November 12, 2019
Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
BMC Advisory INTEL-SA-00313
UEFI Advisory INTEL-SA-00280
SGX and TXT Advisory INTEL-SA-00220
Processor Security Advisory INTEL-SA-00240
CSME, Intel SPS, Intel TXE, Intel AMT, Intel PTT and Intel DAL Advisory INTEL-SA-00241
Graphics Driver for Windows Advisory INTEL-SA-00242
Ethernet 700 Series Controllers Advisory INTEL-SA-00255
SGX Advisory INTEL-SA-00293
Proset/Wireless Wifi Software Security Advisory INTEL-SA-00288
WIFI Drivers and Intel® PROSet/Wireless WiFi Software Extension DLL Advisory INTEL-SA-00287
For updates addressing medium severity vulnerabilities, see the Intel Security Advisories page.
https://www.us-cert.gov/ncas/current-activity/2019/11/12/intel-releases-security-updates
Original release date: November 12, 2019
Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
BMC Advisory INTEL-SA-00313
UEFI Advisory INTEL-SA-00280
SGX and TXT Advisory INTEL-SA-00220
Processor Security Advisory INTEL-SA-00240
CSME, Intel SPS, Intel TXE, Intel AMT, Intel PTT and Intel DAL Advisory INTEL-SA-00241
Graphics Driver for Windows Advisory INTEL-SA-00242
Ethernet 700 Series Controllers Advisory INTEL-SA-00255
SGX Advisory INTEL-SA-00293
Proset/Wireless Wifi Software Security Advisory INTEL-SA-00288
WIFI Drivers and Intel® PROSet/Wireless WiFi Software Extension DLL Advisory INTEL-SA-00287
For updates addressing medium severity vulnerabilities, see the Intel Security Advisories page.
https://www.us-cert.gov/ncas/current-activity/2019/11/12/intel-releases-security-updates
www.us-cert.gov
Intel Releases Security Updates | CISA
Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
Adobe Releases Security Updates
Original release date: November 12, 2019
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Animate CC 2019 APSB19-34
Illustrator CC APSB19-36
Media Encoder APSB19-52
Bridge CC APSB19-53
https://www.us-cert.gov/ncas/current-activity/2019/11/12/adobe-releases-security-updates
Original release date: November 12, 2019
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Animate CC 2019 APSB19-34
Illustrator CC APSB19-36
Media Encoder APSB19-52
Bridge CC APSB19-53
https://www.us-cert.gov/ncas/current-activity/2019/11/12/adobe-releases-security-updates
www.us-cert.gov
Adobe Releases Security Updates | CISA
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a user with a specially crafted QuickTime file to exploit this vulnerability.
https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html
Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a user with a specially crafted QuickTime file to exploit this vulnerability.
https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html
Talosintelligence
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel
Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability exists in the component responsible for handling the “MicrosoftÆ Office HTML and XML” format introduced in Microsoft Office 2000. A specially crafted XLS file could lead to a user-after-free vulnerability and remote code execution.
https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html
Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability exists in the component responsible for handling the “MicrosoftÆ Office HTML and XML” format introduced in Microsoft Office 2000. A specially crafted XLS file could lead to a user-after-free vulnerability and remote code execution.
https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html
Talosintelligence
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
[SECURITY] [DLA 1991-1] libssh2 security update
Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server For Debian 8 "Jessie", this problem has been fixed in version 1.4.3-4.1+deb8u6.
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server For Debian 8 "Jessie", this problem has been fixed in version 1.4.3-4.1+deb8u6.
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
Cross-site scripting (XSS) en TIBCO EBX
Fecha de publicación: 13/11/2019
Importancia: 4 - Alta
Recursos afectados:
El servidor web de las siguientes versiones de TIBCO EBX:
5.8.1.fixR y anteriores
5.9.3, 5.9.4, 5.9.5 y 5.9.6
En el interfaz web del Digital Asset Manager de las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0, 4.2.0, 4.2.1 y 4.2.2
En el interfaz web del Data Exchange las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0
Descripción:
TIBCO ha publicado 3 vulnerabilidades que afectan a varios de sus productos, que permitirían a un atacante realizar ataques cross-site scripting (XSS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-scripting-xss-tibco-ebx
Fecha de publicación: 13/11/2019
Importancia: 4 - Alta
Recursos afectados:
El servidor web de las siguientes versiones de TIBCO EBX:
5.8.1.fixR y anteriores
5.9.3, 5.9.4, 5.9.5 y 5.9.6
En el interfaz web del Digital Asset Manager de las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0, 4.2.0, 4.2.1 y 4.2.2
En el interfaz web del Data Exchange las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0
Descripción:
TIBCO ha publicado 3 vulnerabilidades que afectan a varios de sus productos, que permitirían a un atacante realizar ataques cross-site scripting (XSS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-scripting-xss-tibco-ebx
INCIBE-CERT
Cross-site scripting (XSS) en TIBCO EBX
TIBCO ha publicado 3 vulnerabilidades que afectan a varios de sus productos, que permitirían a un atacante realizar ataques cross-site scripting (XSS).