Taller para escalar privilegios en Windows/Linux
https://www.hackplayers.com/2019/11/taller-para-escalar-privilegios-en-windows-linux.html
https://www.hackplayers.com/2019/11/taller-para-escalar-privilegios-en-windows-linux.html
Hackplayers
Taller para escalar privilegios en Windows/Linux
Sagi Shahar es un ingeniero de Google que desde hace algunos años lleva impartiendo un taller para escalado de privilegios de forma gratuit...
Múltiples vulnerabilidades en Moodle
Fecha de publicación: 18/11/2019
Importancia: 4 - Alta
Recursos afectados:
Las vulnerabilidades afectan a las siguientes versiones:
desde la 3.7 a la 3.7.2,
desde la 3.6 a la 3.6.6,
desde la 3.5 a la 3.5.8,
versiones anteriores sin soporte.
Descripción:
Se han publicado seis vulnerabilidades que afectan a la plataforma Moodle. Las dos de severidad más alta, podrían permitir llevar a cabo ataques de Cross Site Scripting (XSS) o comprometer la cuenta.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-7
Fecha de publicación: 18/11/2019
Importancia: 4 - Alta
Recursos afectados:
Las vulnerabilidades afectan a las siguientes versiones:
desde la 3.7 a la 3.7.2,
desde la 3.6 a la 3.6.6,
desde la 3.5 a la 3.5.8,
versiones anteriores sin soporte.
Descripción:
Se han publicado seis vulnerabilidades que afectan a la plataforma Moodle. Las dos de severidad más alta, podrían permitir llevar a cabo ataques de Cross Site Scripting (XSS) o comprometer la cuenta.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-7
INCIBE-CERT
Múltiples vulnerabilidades en Moodle
Se han publicado seis vulnerabilidades que afectan a la plataforma Moodle. Las dos de severidad más alta, podrían permitir llevar a cabo ataques de Cross Site Scripting (XSS) o comprometer la cuenta.
NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection
The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the NSA Cyber Advisory and apply the information, as appropriate. See CISA’s Alert on risks associated with HTTPS inspection.
https://www.us-cert.gov/ncas/current-activity/2019/11/19/nsa-releases-cyber-advisory-managing-risk-transport-layer-security
The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the NSA Cyber Advisory and apply the information, as appropriate. See CISA’s Alert on risks associated with HTTPS inspection.
https://www.us-cert.gov/ncas/current-activity/2019/11/19/nsa-releases-cyber-advisory-managing-risk-transport-layer-security
www.us-cert.gov
NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection | CISA
The National Security Agency (NSA) has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted,…
Google Releases Security Updates for #Chrome
Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/11/19/google-releases-security-updates-chrome
Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/11/19/google-releases-security-updates-chrome
www.us-cert.gov
Google Releases Security Updates for Chrome | CISA
Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users…
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users…
Vulnerabilidad en Security Identy Manager de IBM
Fecha de publicación: 20/11/2019
Importancia: 4 - Alta
Recursos afectados:
ISIM (SS) versión 6.0.0
Descripción:
Se ha publicado una vulnerabilidad en Security Identy Manager de IBM.
Solución:
Actualizar a la versión 6.0.0.22-ISS-SIM-IF0001
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-security-identy-manager-ibm
Fecha de publicación: 20/11/2019
Importancia: 4 - Alta
Recursos afectados:
ISIM (SS) versión 6.0.0
Descripción:
Se ha publicado una vulnerabilidad en Security Identy Manager de IBM.
Solución:
Actualizar a la versión 6.0.0.22-ISS-SIM-IF0001
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-security-identy-manager-ibm
INCIBE-CERT
Vulnerabilidad en Security Identy Manager de IBM
Se ha publicado una vulnerabilidad en Security Identy Manager de IBM.
Linux #Webmin Servers Being Attacked by New P2P Roboto Botnet
Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.
https://www.bleepingcomputer.com/news/security/linux-webmin-servers-being-attacked-by-new-p2p-roboto-botnet/
Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.
https://www.bleepingcomputer.com/news/security/linux-webmin-servers-being-attacked-by-new-p2p-roboto-botnet/
BleepingComputer
Linux Webmin Servers Being Attacked by New P2P Roboto Botnet
Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.
Múltiples vulnerabilidades en Cloud Pak System de IBM
Fecha de publicación: 21/11/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Cloud Pak System, versión 2.3.0.
Descripción:
Se han identificado dos vulnerabilidades, ambas de severidad alta, en el producto Cloud Pak System de IBM.
Solución:
Actualizar Cloud Pak System a la versión 2.3.0.1.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cloud-pak-system-ibm
Fecha de publicación: 21/11/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Cloud Pak System, versión 2.3.0.
Descripción:
Se han identificado dos vulnerabilidades, ambas de severidad alta, en el producto Cloud Pak System de IBM.
Solución:
Actualizar Cloud Pak System a la versión 2.3.0.1.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cloud-pak-system-ibm
INCIBE-CERT
Múltiples vulnerabilidades en Cloud Pak System de IBM
Se han identificado dos vulnerabilidades, ambas de severidad alta, en el producto Cloud Pak System de IBM.
ISC Releases Security Advisory for #BIND
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.
https://www.us-cert.gov/ncas/current-activity/2019/11/21/isc-releases-security-advisory-bind
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.
https://www.us-cert.gov/ncas/current-activity/2019/11/21/isc-releases-security-advisory-bind
www.us-cert.gov
ISC Releases Security Advisory for BIND | CISA
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service…
RDP loves company: Kaspersky finds 37 security holes in #VNC remote desktop software
BlueKeep isn't the only bug in town, plenty to go round
https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/
BlueKeep isn't the only bug in town, plenty to go round
https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/
www.theregister.co.uk
RDP loves company: Kaspersky finds 37 security holes in VNC remote desktop software
BlueKeep isn't the only bug in town, plenty to go round
Vulnerabilidad de inyección SQL en phpMyAdmin
Fecha de publicación: 25/11/2019
Importancia: 4 - Alta
Recursos afectados:
Versiones de phpMyAdmin anteriores a la 4.9.2, al menos tan antiguas como la 4.7.7.
Descripción:
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.
Solución:
Actualizar a la versión 4.9.2 o superior, o aplicar el parche correspondiente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin
Fecha de publicación: 25/11/2019
Importancia: 4 - Alta
Recursos afectados:
Versiones de phpMyAdmin anteriores a la 4.9.2, al menos tan antiguas como la 4.7.7.
Descripción:
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.
Solución:
Actualizar a la versión 4.9.2 o superior, o aplicar el parche correspondiente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin
INCIBE-CERT
Vulnerabilidad de inyección SQL en phpMyAdmin
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.
FIDL: FLARE’s IDA Decompiler Library
IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays decompiler a powerful tool for reverse engineering. However, interacting with the HexRays API and its underlying data sources can be daunting, making the creation of generic analysis scripts difficult or tedious.
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html
IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays decompiler a powerful tool for reverse engineering. However, interacting with the HexRays API and its underlying data sources can be daunting, making the creation of generic analysis scripts difficult or tedious.
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html
Trellix
Research | Trellix Stories
Trellix Research, get the latest cybersecurity trends, best practices, security vulnerabilities, and more from industry leaders.
Use attribute-based access control with AD FS to simplify IAM permissions management
#AWS
https://aws.amazon.com/es/blogs/security/attribute-based-access-control-ad-fs-simplify-iam-permissions-management/
#AWS
https://aws.amazon.com/es/blogs/security/attribute-based-access-control-ad-fs-simplify-iam-permissions-management/
Amazon Web Services
Use attribute-based access control with AD FS to simplify IAM permissions management | Amazon Web Services
AWS Identity and Access Management (IAM) allows customers to provide granular access control to resources in AWS. One approach to granting access to resources is to use attribute-based access control (ABAC) to centrally govern and manage access to your AWS…
Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
https://www.kitploit.com/2019/11/antispy-free-but-powerful-anti-virus.html
https://www.kitploit.com/2019/11/antispy-free-but-powerful-anti-virus.html
KitPloit - PenTest & Hacking Tools
Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
Vulnerabilidad de omisión de autenticación en BIG-IP de F5
Fecha de publicación: 26/11/2019
Importancia: 5 - Crítica
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), versiones:
15.x:
15.0.1.0.33.11-ENG Hotfix;
15.0.1.0.48.11-ENG Hotfix.
14.x:
14.1.0.3.0.79.6-ENG Hotfix;
14.1.0.3.0.97.6-ENG Hotfix;
14.1.0.3.0.99.6-ENG Hotfix;
14.1.0.5.0.15.5-ENG Hotfix;
14.1.0.5.0.36.5-ENG Hotfix;
14.1.0.5.0.40.5-ENG Hotfix;
14.1.0.6.0.11.9-ENG Hotfix;
14.1.0.6.0.14.9-ENG Hotfix;
14.1.0.6.0.68.9-ENG Hotfix;
14.1.0.6.0.70.9-ENG Hotfix;
14.1.2.0.11.37-ENG Hotfix;
14.1.2.0.18.37-ENG Hotfix;
14.1.2.0.32.37-ENG Hotfix;
14.1.2.1.0.46.4-ENG Hotfix;
14.1.2.1.0.14.4-ENG Hotfix;
14.1.2.1.0.16.4-ENG Hotfix;
14.1.2.1.0.34.4-ENG Hotfix;
14.1.2.1.0.97.4-ENG Hotfix;
14.1.2.1.0.99.4-ENG Hotfix;
14.1.2.1.0.105.4-ENG Hotfix;
14.1.2.1.0.111.4-ENG Hotfix;
14.1.2.1.0.115.4-ENG Hotfix;
14.1.2.1.0.122.4-ENG Hotfix.
NOTA: esta vulnerabilidad afecta únicamente a los hotfixes de BIG-IP Engineering obtenidos del soporte de F5. Las versiones major, minor, o maintenance obtenidas de la web de descargas de F5 no se ven afectadas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-omision-autenticacion-big-ip-f5
Fecha de publicación: 26/11/2019
Importancia: 5 - Crítica
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), versiones:
15.x:
15.0.1.0.33.11-ENG Hotfix;
15.0.1.0.48.11-ENG Hotfix.
14.x:
14.1.0.3.0.79.6-ENG Hotfix;
14.1.0.3.0.97.6-ENG Hotfix;
14.1.0.3.0.99.6-ENG Hotfix;
14.1.0.5.0.15.5-ENG Hotfix;
14.1.0.5.0.36.5-ENG Hotfix;
14.1.0.5.0.40.5-ENG Hotfix;
14.1.0.6.0.11.9-ENG Hotfix;
14.1.0.6.0.14.9-ENG Hotfix;
14.1.0.6.0.68.9-ENG Hotfix;
14.1.0.6.0.70.9-ENG Hotfix;
14.1.2.0.11.37-ENG Hotfix;
14.1.2.0.18.37-ENG Hotfix;
14.1.2.0.32.37-ENG Hotfix;
14.1.2.1.0.46.4-ENG Hotfix;
14.1.2.1.0.14.4-ENG Hotfix;
14.1.2.1.0.16.4-ENG Hotfix;
14.1.2.1.0.34.4-ENG Hotfix;
14.1.2.1.0.97.4-ENG Hotfix;
14.1.2.1.0.99.4-ENG Hotfix;
14.1.2.1.0.105.4-ENG Hotfix;
14.1.2.1.0.111.4-ENG Hotfix;
14.1.2.1.0.115.4-ENG Hotfix;
14.1.2.1.0.122.4-ENG Hotfix.
NOTA: esta vulnerabilidad afecta únicamente a los hotfixes de BIG-IP Engineering obtenidos del soporte de F5. Las versiones major, minor, o maintenance obtenidas de la web de descargas de F5 no se ven afectadas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-omision-autenticacion-big-ip-f5
INCIBE-CERT
Vulnerabilidad de omisión de autenticación en BIG-IP de F5
Las configuraciones BIG-IP que utilizan Active Directory, LDAP o Client Certificate LDAP para la autenticación de gestión con varios servidores están expuestas a esta vulnerabilidad, que permite una omisión de autenticación que puede causar un compromiso…
Kali Linux 2019.4 Release
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:
A new default desktop environment, Xfce
New GTK3 theme (for Gnome and Xfce)
Introduction of “Kali Undercover” mode
Kali Documentation has a new home and is now Git powered
Public Packaging – getting your tools into Kali
Kali NetHunter KeX – Full Kali desktop on Android
BTRFS during setup
Added PowerShell
The kernel is upgraded to version 5.3.9
… Plus the normal bugs fixes and updates.
https://www.kali.org/news/kali-linux-2019-4-release/
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:
A new default desktop environment, Xfce
New GTK3 theme (for Gnome and Xfce)
Introduction of “Kali Undercover” mode
Kali Documentation has a new home and is now Git powered
Public Packaging – getting your tools into Kali
Kali NetHunter KeX – Full Kali desktop on Android
BTRFS during setup
Added PowerShell
The kernel is upgraded to version 5.3.9
… Plus the normal bugs fixes and updates.
https://www.kali.org/news/kali-linux-2019-4-release/
Kali Linux
Kali Linux 2019.4 Release (Xfce, Gnome, GTK3, Kali-Undercover, Kali-Docs, KeX, PowerShell & Public Packaging) | Kali Linux Blog
Time to grab yourself a drink, this will take a while!
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…
How to get started with security response automation on #AWS
https://aws.amazon.com/es/blogs/security/how-get-started-security-response-automation-aws/
https://aws.amazon.com/es/blogs/security/how-get-started-security-response-automation-aws/
Amazon
How to get started with security response automation on AWS | Amazon Web Services
December 2, 2019: We’ve updated this post to include some additional information about Security Hub. At AWS, we encourage you to use automation to help quickly detect and respond to security events within your AWS environments. In addition to increasing the…
Instagram’s updated security and privacy settings
How to protect your Instagram account and personal photos from prying eyes.
https://www.kaspersky.com/blog/keep-instagram-secure/11045/
How to protect your Instagram account and personal photos from prying eyes.
https://www.kaspersky.com/blog/keep-instagram-secure/11045/
Kaspersky
Instagram’s updated security and privacy settings
How to protect your Instagram account and personal photos from prying eyes.
Múltiples vulnerabilidades en productos F5
Fecha de publicación: 27/11/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3.1;
12.1.0 - 12.1.5;
11.5.1 - 11.6.5.
Enterprise Manager, versión 3.1.1.
BIG-IQ Centralized Management, versiones:
6.0.0;
5.2.0 - 5.4.0.
F5 iWorkflow, versión 2.3.0.
Descripción:
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la cuenta root.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-f5-5
Fecha de publicación: 27/11/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3.1;
12.1.0 - 12.1.5;
11.5.1 - 11.6.5.
Enterprise Manager, versión 3.1.1.
BIG-IQ Centralized Management, versiones:
6.0.0;
5.2.0 - 5.4.0.
F5 iWorkflow, versión 2.3.0.
Descripción:
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la cuenta root.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-f5-5
INCIBE-CERT
Múltiples vulnerabilidades en productos F5
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la
#Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/
BleepingComputer
Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.