How to enable encryption in a browser with the #AWS Encryption SDK for JavaScript and Node.js

https://aws.amazon.com/es/blogs/security/how-to-enable-encryption-browser-aws-encryption-sdk-javascript-node-js/

#Adobe Patches Vulnerabilities in Design, Web Products

Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.

https://www.securityweek.com/adobe-patches-vulnerabilities-design-web-products

Keylogging users via #Slack themes

Back in August I found a vulnerability in Slack which allowed me to keylog slack input via custom themes. I came across this vulnerability when we were having some discussions in my work’s slack regarding using CSS to change the font to comic-sans, as seen below:

#FFFFFF;}*{FONT-FAMILY:"COMIC SANS MS

https://fletchto99.dev/2019/november/slack-vulnerability/

#Cisco Fixes High-Risk Vulnerabilities in Some Small Business RV Series #Routers

A number of Cisco Small Business RV Series Routers series were found to be vulnerable to a couple of attacks, and Cisco was quick to explain what the vulnerabilities were and that the patches were issued.

Cisco confirmed that command injection and arbitrary command execution vulnerabilities were found in routers series including RV016, RV042, RV042G, RV082, RV320, and RV325. Both vulnerabilities are considered high risk, which is the main reason for issuing patches so quickly.

https://securityboulevard.com/2019/11/cisco-fixes-high-risk-vulnerabilities-in-some-small-business-rv-series-routers/

Boletín de seguridad de Microsoft de noviembre de 2019

Fecha de publicación: 13/11/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows,
Internet Explorer,
Microsoft Edge (Edge basado en HTML),
ChakraCore,
Microsoft Office y Microsoft Office Services y Web Apps,
Open Source Software,
Microsoft Exchange Server,
Visual Studio,
Azure Stack.

Descripción: 
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de noviembre consta de 75 vulnerabilidades, 13 clasificadas como críticas y 62 como importantes.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-noviembre-2019

Debian Security Advisory

DSA-4565-1 intel-microcode -- security update

Date Reported:13 Nov 2019

https://www.debian.org/security/2019/dsa-4565

VMware Releases Security Updates

Original release date: November 12, 2019

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/11/12/vmware-releases-security-updates

Intel Releases Security Updates

Original release date: November 12, 2019

Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

BMC Advisory INTEL-SA-00313

UEFI Advisory INTEL-SA-00280

SGX and TXT Advisory INTEL-SA-00220

Processor Security Advisory INTEL-SA-00240

CSME, Intel SPS, Intel TXE, Intel AMT, Intel PTT and Intel DAL Advisory INTEL-SA-00241

Graphics Driver for Windows Advisory INTEL-SA-00242

Ethernet 700 Series Controllers Advisory INTEL-SA-00255

SGX Advisory INTEL-SA-00293

Proset/Wireless Wifi Software Security Advisory INTEL-SA-00288

WIFI Drivers and Intel® PROSet/Wireless WiFi Software Extension DLL Advisory INTEL-SA-00287

For updates addressing medium severity vulnerabilities, see the Intel Security Advisories page.

https://www.us-cert.gov/ncas/current-activity/2019/11/12/intel-releases-security-updates

Adobe Releases Security Updates

Original release date: November 12, 2019

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Animate CC 2019 APSB19-34
Illustrator CC APSB19-36
Media Encoder APSB19-52
Bridge CC APSB19-53

https://www.us-cert.gov/ncas/current-activity/2019/11/12/adobe-releases-security-updates

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation

Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a user with a specially crafted QuickTime file to exploit this vulnerability.

https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel


Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability exists in the component responsible for handling the “MicrosoftÆ Office HTML and XML” format introduced in Microsoft Office 2000. A specially crafted XLS file could lead to a user-after-free vulnerability and remote code execution.

https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html

[SECURITY] [DLA 1991-1] libssh2 security update


Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server For Debian 8 "Jessie", this problem has been fixed in version 1.4.3-4.1+deb8u6.

https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html

Cross-site scripting (XSS) en TIBCO EBX

Fecha de publicación: 13/11/2019
Importancia: 4 - Alta

Recursos afectados: 
El servidor web de las siguientes versiones de TIBCO EBX:
5.8.1.fixR y anteriores
5.9.3, 5.9.4, 5.9.5 y 5.9.6
En el interfaz web del Digital Asset Manager de las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0, 4.2.0, 4.2.1 y 4.2.2
En el interfaz web del Data Exchange las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0

Descripción: 
TIBCO ha publicado 3 vulnerabilidades que afectan a varios de sus productos, que permitirían a un atacante realizar ataques cross-site scripting (XSS).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-scripting-xss-tibco-ebx

SCShell: movimientos laterales a través del service manager

https://www.hackplayers.com/2019/11/scshell-movimientos-laterales-sc.html

#Google Fixes White Screen Problem in #Chrome, Admins Furious

Google has rolled back an experimental WebContent Occlusion feature that caused major disruption for enterprise users using Chrome in a multi-user terminal server environment. While the issue is now fixed, enterprise admins are furious that this feature was enabled in the first place without their knowledge or permission.

https://www.bleepingcomputer.com/news/software/google-fixes-white-screen-problem-in-chrome-admins-furious/

Vulnerabilidad de inyección CSV en UCD de IBM

Fecha de publicación: 15/11/2019
Importancia: 4 - Alta

Recursos afectados: 
UCD - IBM UrbanCode Deploy.

Descripción: 
Se ha publicado una vulnerabilidad de inyección CSV que podría permitir la generación de un archivo de descarga CSV malicioso.

Solución: 
Actualizar a la versión 7.0.4.0 o posterior.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-csv-ucd-ibm

Vulnerabilidad de denegación de servicio en BIG-IP de F5

Fecha de publicación: 15/11/2019
Importancia: 4 - Alta

Recursos afectados: 
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones desde 14.0.0, hasta 14.1.0.1.

Descripción: 
Los servidores virtuales BIG-IP, con TLS 1.3, activado podrían experimentar una denegación de servicio (DoS) debido a mensajes entrantes no revelados.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-denegacion-servicio-big-ip-f5

Attention is All They Need: Combatting Social Media Information Operations With Neural Language Models

https://www.fireeye.com/blog/threat-research/2019/11/combatting-social-media-information-operations-neural-language-models.html

Changing security incident response by utilizing the power of the cloud— #DART tools, techniques, and procedures: part 1

This is the first in a blog series discussing the tools, techniques, and procedures that the #Microsoft Detection and Response Team (DART) use to investigate cybersecurity incidents at our customer organizations.

https://www.microsoft.com/security/blog/2019/11/14/security-incident-response-utilizing-cloud-dart-tools-techniques-procedures-part-1/

#Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document

Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday.

https://www.welivesecurity.com/2019/11/14/microsoft-patch-internet-explorer-zero-day/

#Microsoft Removes #Windows10 1909 Realtek Driver Update Block

Microsoft removed a compatibility hold caused by outdated Realtek Bluetooth drivers and published a support document describing a workaround designed to help Windows 10 users still affected by the safeguard hold.

https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-10-1909-realtek-driver-update-block/