#Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document

Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday.

https://www.welivesecurity.com/2019/11/14/microsoft-patch-internet-explorer-zero-day/

#Microsoft Removes #Windows10 1909 Realtek Driver Update Block

Microsoft removed a compatibility hold caused by outdated Realtek Bluetooth drivers and published a support document describing a workaround designed to help Windows 10 users still affected by the safeguard hold.

https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-10-1909-realtek-driver-update-block/

Experts found undocumented access feature in Siemens SIMATIC PLCs

Researchers discovered a vulnerability in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could allow attackers to execute arbitrary code on vulnerable devices.

https://securityaffairs.co/wordpress/93939/ics-scada/siemens-simatic-flaw.html

Critical Vulnerability in Android Phone Let Hackers Execute an Arbitrary Code Remotely

Researchers discovered a new Critical Android vulnerability that may allow attackers to perform remote code execution on a vulnerable Android device and to take control of it.

https://gbhackers.com/android-vulnerability/

[SECURITY] [DSA 4571-1] thunderbird security update

Package : thunderbird
CVE ID : CVE-2019-15903 CVE-2019-11764 CVE-2019-11763 CVE-2019-11762 CVE-2019-11761 CVE-2019-11760 CVE-2019-11759 CVE-2019-11757 CVE-2019-11755

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.

https://lists.debian.org/debian-security-announce/2019/msg00223.html

Actualiza a la última versión de #WhatsApp

Se ha hecho pública una vulnerabilidad en la aplicación de mensajería instantánea, WhatsApp. Esta vulnerabilidad podría explotarse mediante un vídeo, en formato MP4, manipulado de forma maliciosa. Después de enviar dicho vídeo a la víctima en cuestión, el ciberdelincuente podría ejecutar código malicioso en el dispositivo de manera remota.

Recursos afectados:
La vulnerabilidad afecta a dispositivos:
Android con versión anterior a 2.19.274;
iOS con versión anterior a 2.19.100;
Enterprise Client, versión anterior a 2.25.3;
Windows Phone, versión 2.18.368 y anteriores;
WhastApp Business para Android, versión anterior a 2.19.104;
WhatsApp Business para iOS, versión anterior a 2.19.100.

Detalles
El fallo de seguridad, que ha sido confirmado por Facebook a través de un comunicado publicado en su web, podría permitir a un ciberdelincuente lanzar ataques #DoS (denegación del servicio) o #RCE (ejecución de código de manera remota).

https://www.osi.es/es/actualidad/avisos/2019/11/actualiza-la-ultima-version-de-whatsapp

Android Camera App Bug Lets Apps Record Video Without Permission

A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions.

https://www.bleepingcomputer.com/news/security/android-camera-app-bug-lets-apps-record-video-without-permission/

#Microsoft Is Adding DNS-Over-HTTPS (#DoH ) to #Windows10

Microsoft announced that it's working on adding support for the privacy-focused DNS over HTTPS (DoH) protocol in a future Windows 10 release, while also keeping the addition of DNS over TLS (DoT) on the table.

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-adding-dns-over-https-doh-to-windows-10/

Taller para escalar privilegios en Windows/Linux

https://www.hackplayers.com/2019/11/taller-para-escalar-privilegios-en-windows-linux.html

Múltiples vulnerabilidades en Moodle

Fecha de publicación: 18/11/2019
Importancia: 4 - Alta

Recursos afectados: 
Las vulnerabilidades afectan a las siguientes versiones:
desde la 3.7 a la 3.7.2,
desde la 3.6 a la 3.6.6,
desde la 3.5 a la 3.5.8,
versiones anteriores sin soporte.

Descripción: 
Se han publicado seis vulnerabilidades que afectan a la plataforma Moodle. Las dos de severidad más alta, podrían permitir llevar a cabo ataques de Cross Site Scripting (XSS) o comprometer la cuenta.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-7

NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection

The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the NSA Cyber Advisory and apply the information, as appropriate. See CISA’s Alert on risks associated with HTTPS inspection.

https://www.us-cert.gov/ncas/current-activity/2019/11/19/nsa-releases-cyber-advisory-managing-risk-transport-layer-security

Google Releases Security Updates for #Chrome

Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/11/19/google-releases-security-updates-chrome

Vulnerabilidad en Security Identy Manager de IBM

Fecha de publicación: 20/11/2019
Importancia: 4 - Alta

Recursos afectados: 
ISIM (SS) versión 6.0.0

Descripción: 
Se ha publicado una vulnerabilidad en Security Identy Manager de IBM.

Solución: 
Actualizar a la versión 6.0.0.22-ISS-SIM-IF0001

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-security-identy-manager-ibm

Linux #Webmin Servers Being Attacked by New P2P Roboto Botnet

Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months. 

https://www.bleepingcomputer.com/news/security/linux-webmin-servers-being-attacked-by-new-p2p-roboto-botnet/

Múltiples vulnerabilidades en Cloud Pak System de IBM

Fecha de publicación: 21/11/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Cloud Pak System, versión 2.3.0.

Descripción: 
Se han identificado dos vulnerabilidades, ambas de severidad alta, en el producto Cloud Pak System de IBM.

Solución: 
Actualizar Cloud Pak System a la versión 2.3.0.1.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cloud-pak-system-ibm

ISC Releases Security Advisory for #BIND

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.

https://www.us-cert.gov/ncas/current-activity/2019/11/21/isc-releases-security-advisory-bind

RDP loves company: Kaspersky finds 37 security holes in #VNC remote desktop software

BlueKeep isn't the only bug in town, plenty to go round

https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/

Vulnerabilidad de inyección SQL en phpMyAdmin

Fecha de publicación: 25/11/2019
Importancia: 4 - Alta

Recursos afectados: 
Versiones de phpMyAdmin anteriores a la 4.9.2, al menos tan antiguas como la 4.7.7.

Descripción: 
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.

Solución: 
Actualizar a la versión 4.9.2 o superior, o aplicar el parche correspondiente.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin

FIDL: FLARE’s IDA Decompiler Library

IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays decompiler a powerful tool for reverse engineering. However, interacting with the HexRays API and its underlying data sources can be daunting, making the creation of generic analysis scripts difficult or tedious.

https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html

Use attribute-based access control with AD FS to simplify IAM permissions management

#AWS

https://aws.amazon.com/es/blogs/security/attribute-based-access-control-ad-fs-simplify-iam-permissions-management/

Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit

https://www.kitploit.com/2019/11/antispy-free-but-powerful-anti-virus.html