Linux #Webmin Servers Being Attacked by New P2P Roboto Botnet
Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.
https://www.bleepingcomputer.com/news/security/linux-webmin-servers-being-attacked-by-new-p2p-roboto-botnet/
Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.
https://www.bleepingcomputer.com/news/security/linux-webmin-servers-being-attacked-by-new-p2p-roboto-botnet/
BleepingComputer
Linux Webmin Servers Being Attacked by New P2P Roboto Botnet
Linux servers running unpatched Webmin installations are under attack and slowly getting added to a new peer-to-peer (P2P) botnet dubbed Roboto by security researchers at 360 Netlab who tracked it for roughly three months.
Múltiples vulnerabilidades en Cloud Pak System de IBM
Fecha de publicación: 21/11/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Cloud Pak System, versión 2.3.0.
Descripción:
Se han identificado dos vulnerabilidades, ambas de severidad alta, en el producto Cloud Pak System de IBM.
Solución:
Actualizar Cloud Pak System a la versión 2.3.0.1.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cloud-pak-system-ibm
Fecha de publicación: 21/11/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Cloud Pak System, versión 2.3.0.
Descripción:
Se han identificado dos vulnerabilidades, ambas de severidad alta, en el producto Cloud Pak System de IBM.
Solución:
Actualizar Cloud Pak System a la versión 2.3.0.1.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cloud-pak-system-ibm
INCIBE-CERT
Múltiples vulnerabilidades en Cloud Pak System de IBM
Se han identificado dos vulnerabilidades, ambas de severidad alta, en el producto Cloud Pak System de IBM.
ISC Releases Security Advisory for #BIND
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.
https://www.us-cert.gov/ncas/current-activity/2019/11/21/isc-releases-security-advisory-bind
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.
https://www.us-cert.gov/ncas/current-activity/2019/11/21/isc-releases-security-advisory-bind
www.us-cert.gov
ISC Releases Security Advisory for BIND | CISA
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service…
RDP loves company: Kaspersky finds 37 security holes in #VNC remote desktop software
BlueKeep isn't the only bug in town, plenty to go round
https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/
BlueKeep isn't the only bug in town, plenty to go round
https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/
www.theregister.co.uk
RDP loves company: Kaspersky finds 37 security holes in VNC remote desktop software
BlueKeep isn't the only bug in town, plenty to go round
Vulnerabilidad de inyección SQL en phpMyAdmin
Fecha de publicación: 25/11/2019
Importancia: 4 - Alta
Recursos afectados:
Versiones de phpMyAdmin anteriores a la 4.9.2, al menos tan antiguas como la 4.7.7.
Descripción:
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.
Solución:
Actualizar a la versión 4.9.2 o superior, o aplicar el parche correspondiente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin
Fecha de publicación: 25/11/2019
Importancia: 4 - Alta
Recursos afectados:
Versiones de phpMyAdmin anteriores a la 4.9.2, al menos tan antiguas como la 4.7.7.
Descripción:
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.
Solución:
Actualizar a la versión 4.9.2 o superior, o aplicar el parche correspondiente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin
INCIBE-CERT
Vulnerabilidad de inyección SQL en phpMyAdmin
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.
FIDL: FLARE’s IDA Decompiler Library
IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays decompiler a powerful tool for reverse engineering. However, interacting with the HexRays API and its underlying data sources can be daunting, making the creation of generic analysis scripts difficult or tedious.
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html
IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays decompiler a powerful tool for reverse engineering. However, interacting with the HexRays API and its underlying data sources can be daunting, making the creation of generic analysis scripts difficult or tedious.
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html
Trellix
Research | Trellix Stories
Trellix Research, get the latest cybersecurity trends, best practices, security vulnerabilities, and more from industry leaders.
Use attribute-based access control with AD FS to simplify IAM permissions management
#AWS
https://aws.amazon.com/es/blogs/security/attribute-based-access-control-ad-fs-simplify-iam-permissions-management/
#AWS
https://aws.amazon.com/es/blogs/security/attribute-based-access-control-ad-fs-simplify-iam-permissions-management/
Amazon Web Services
Use attribute-based access control with AD FS to simplify IAM permissions management | Amazon Web Services
AWS Identity and Access Management (IAM) allows customers to provide granular access control to resources in AWS. One approach to granting access to resources is to use attribute-based access control (ABAC) to centrally govern and manage access to your AWS…
Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
https://www.kitploit.com/2019/11/antispy-free-but-powerful-anti-virus.html
https://www.kitploit.com/2019/11/antispy-free-but-powerful-anti-virus.html
KitPloit - PenTest & Hacking Tools
Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
Vulnerabilidad de omisión de autenticación en BIG-IP de F5
Fecha de publicación: 26/11/2019
Importancia: 5 - Crítica
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), versiones:
15.x:
15.0.1.0.33.11-ENG Hotfix;
15.0.1.0.48.11-ENG Hotfix.
14.x:
14.1.0.3.0.79.6-ENG Hotfix;
14.1.0.3.0.97.6-ENG Hotfix;
14.1.0.3.0.99.6-ENG Hotfix;
14.1.0.5.0.15.5-ENG Hotfix;
14.1.0.5.0.36.5-ENG Hotfix;
14.1.0.5.0.40.5-ENG Hotfix;
14.1.0.6.0.11.9-ENG Hotfix;
14.1.0.6.0.14.9-ENG Hotfix;
14.1.0.6.0.68.9-ENG Hotfix;
14.1.0.6.0.70.9-ENG Hotfix;
14.1.2.0.11.37-ENG Hotfix;
14.1.2.0.18.37-ENG Hotfix;
14.1.2.0.32.37-ENG Hotfix;
14.1.2.1.0.46.4-ENG Hotfix;
14.1.2.1.0.14.4-ENG Hotfix;
14.1.2.1.0.16.4-ENG Hotfix;
14.1.2.1.0.34.4-ENG Hotfix;
14.1.2.1.0.97.4-ENG Hotfix;
14.1.2.1.0.99.4-ENG Hotfix;
14.1.2.1.0.105.4-ENG Hotfix;
14.1.2.1.0.111.4-ENG Hotfix;
14.1.2.1.0.115.4-ENG Hotfix;
14.1.2.1.0.122.4-ENG Hotfix.
NOTA: esta vulnerabilidad afecta únicamente a los hotfixes de BIG-IP Engineering obtenidos del soporte de F5. Las versiones major, minor, o maintenance obtenidas de la web de descargas de F5 no se ven afectadas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-omision-autenticacion-big-ip-f5
Fecha de publicación: 26/11/2019
Importancia: 5 - Crítica
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), versiones:
15.x:
15.0.1.0.33.11-ENG Hotfix;
15.0.1.0.48.11-ENG Hotfix.
14.x:
14.1.0.3.0.79.6-ENG Hotfix;
14.1.0.3.0.97.6-ENG Hotfix;
14.1.0.3.0.99.6-ENG Hotfix;
14.1.0.5.0.15.5-ENG Hotfix;
14.1.0.5.0.36.5-ENG Hotfix;
14.1.0.5.0.40.5-ENG Hotfix;
14.1.0.6.0.11.9-ENG Hotfix;
14.1.0.6.0.14.9-ENG Hotfix;
14.1.0.6.0.68.9-ENG Hotfix;
14.1.0.6.0.70.9-ENG Hotfix;
14.1.2.0.11.37-ENG Hotfix;
14.1.2.0.18.37-ENG Hotfix;
14.1.2.0.32.37-ENG Hotfix;
14.1.2.1.0.46.4-ENG Hotfix;
14.1.2.1.0.14.4-ENG Hotfix;
14.1.2.1.0.16.4-ENG Hotfix;
14.1.2.1.0.34.4-ENG Hotfix;
14.1.2.1.0.97.4-ENG Hotfix;
14.1.2.1.0.99.4-ENG Hotfix;
14.1.2.1.0.105.4-ENG Hotfix;
14.1.2.1.0.111.4-ENG Hotfix;
14.1.2.1.0.115.4-ENG Hotfix;
14.1.2.1.0.122.4-ENG Hotfix.
NOTA: esta vulnerabilidad afecta únicamente a los hotfixes de BIG-IP Engineering obtenidos del soporte de F5. Las versiones major, minor, o maintenance obtenidas de la web de descargas de F5 no se ven afectadas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-omision-autenticacion-big-ip-f5
INCIBE-CERT
Vulnerabilidad de omisión de autenticación en BIG-IP de F5
Las configuraciones BIG-IP que utilizan Active Directory, LDAP o Client Certificate LDAP para la autenticación de gestión con varios servidores están expuestas a esta vulnerabilidad, que permite una omisión de autenticación que puede causar un compromiso…
Kali Linux 2019.4 Release
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:
A new default desktop environment, Xfce
New GTK3 theme (for Gnome and Xfce)
Introduction of “Kali Undercover” mode
Kali Documentation has a new home and is now Git powered
Public Packaging – getting your tools into Kali
Kali NetHunter KeX – Full Kali desktop on Android
BTRFS during setup
Added PowerShell
The kernel is upgraded to version 5.3.9
… Plus the normal bugs fixes and updates.
https://www.kali.org/news/kali-linux-2019-4-release/
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:
A new default desktop environment, Xfce
New GTK3 theme (for Gnome and Xfce)
Introduction of “Kali Undercover” mode
Kali Documentation has a new home and is now Git powered
Public Packaging – getting your tools into Kali
Kali NetHunter KeX – Full Kali desktop on Android
BTRFS during setup
Added PowerShell
The kernel is upgraded to version 5.3.9
… Plus the normal bugs fixes and updates.
https://www.kali.org/news/kali-linux-2019-4-release/
Kali Linux
Kali Linux 2019.4 Release (Xfce, Gnome, GTK3, Kali-Undercover, Kali-Docs, KeX, PowerShell & Public Packaging) | Kali Linux Blog
Time to grab yourself a drink, this will take a while!
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:…
How to get started with security response automation on #AWS
https://aws.amazon.com/es/blogs/security/how-get-started-security-response-automation-aws/
https://aws.amazon.com/es/blogs/security/how-get-started-security-response-automation-aws/
Amazon
How to get started with security response automation on AWS | Amazon Web Services
December 2, 2019: We’ve updated this post to include some additional information about Security Hub. At AWS, we encourage you to use automation to help quickly detect and respond to security events within your AWS environments. In addition to increasing the…
Instagram’s updated security and privacy settings
How to protect your Instagram account and personal photos from prying eyes.
https://www.kaspersky.com/blog/keep-instagram-secure/11045/
How to protect your Instagram account and personal photos from prying eyes.
https://www.kaspersky.com/blog/keep-instagram-secure/11045/
Kaspersky
Instagram’s updated security and privacy settings
How to protect your Instagram account and personal photos from prying eyes.
Múltiples vulnerabilidades en productos F5
Fecha de publicación: 27/11/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3.1;
12.1.0 - 12.1.5;
11.5.1 - 11.6.5.
Enterprise Manager, versión 3.1.1.
BIG-IQ Centralized Management, versiones:
6.0.0;
5.2.0 - 5.4.0.
F5 iWorkflow, versión 2.3.0.
Descripción:
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la cuenta root.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-f5-5
Fecha de publicación: 27/11/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3.1;
12.1.0 - 12.1.5;
11.5.1 - 11.6.5.
Enterprise Manager, versión 3.1.1.
BIG-IQ Centralized Management, versiones:
6.0.0;
5.2.0 - 5.4.0.
F5 iWorkflow, versión 2.3.0.
Descripción:
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la cuenta root.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-f5-5
INCIBE-CERT
Múltiples vulnerabilidades en productos F5
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la
#Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/
BleepingComputer
Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
#Adobe Hacked – Hackers Exploit The Bug in #Magento Marketplace & Gained Access To The Users Data
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
https://gbhackers.com/magento-marketplace/
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
https://gbhackers.com/magento-marketplace/
GBHackers On Security
Adobe Hacked - Hackers Exploit the Vulnerability in Magento Marketplace
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the customer's sensitive account information.
Tácticas CNA: una primera propuesta
https://www.securityartwork.es/2019/11/11/tacticas-cna-una-primera-propuesta/
https://www.securityartwork.es/2019/11/11/tacticas-cna-una-primera-propuesta/
Security Art Work
Tácticas CNA: una primera propuesta - Security Art Work
Hoy toca un artículo doctrinal y algo metafísico…. Vamos, algo denso. Avisados estáis :) Dentro las operaciones CNO (Computer Network Operations) encontramos tres tipos de capacidades o acciones: CND, CNA y CNE (Defensa, Ataque y Explotación respectivamente);…
#OwnCloud version 8.1.8 (stable) are vulnerable to recovery all username login list.
https://packetstormsecurity.com/files/155499/owncloud818-disclose.txt
https://packetstormsecurity.com/files/155499/owncloud818-disclose.txt
Packetstormsecurity
OwnCloud 8.1.8 Username Disclosure ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
SUPPORT COMMUNICATION - CUSTOMER BULLETIN
Document ID: a00092491en_us
Version: 1
Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation
Release Date: 2019-11-19
Last Updated: 2019-11-22
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Document ID: a00092491en_us
Version: 1
Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation
Release Date: 2019-11-19
Last Updated: 2019-11-22
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us