Vulnerabilidad de omisión de autenticación en BIG-IP de F5

Fecha de publicación: 26/11/2019
Importancia: 5 - Crítica

Recursos afectados: 
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), versiones:
15.x:
15.0.1.0.33.11-ENG Hotfix;
15.0.1.0.48.11-ENG Hotfix.
14.x:
14.1.0.3.0.79.6-ENG Hotfix;
14.1.0.3.0.97.6-ENG Hotfix;
14.1.0.3.0.99.6-ENG Hotfix;
14.1.0.5.0.15.5-ENG Hotfix;
14.1.0.5.0.36.5-ENG Hotfix;
14.1.0.5.0.40.5-ENG Hotfix;
14.1.0.6.0.11.9-ENG Hotfix;
14.1.0.6.0.14.9-ENG Hotfix;
14.1.0.6.0.68.9-ENG Hotfix;
14.1.0.6.0.70.9-ENG Hotfix;
14.1.2.0.11.37-ENG Hotfix;
14.1.2.0.18.37-ENG Hotfix;
14.1.2.0.32.37-ENG Hotfix;
14.1.2.1.0.46.4-ENG Hotfix;
14.1.2.1.0.14.4-ENG Hotfix;
14.1.2.1.0.16.4-ENG Hotfix;
14.1.2.1.0.34.4-ENG Hotfix;
14.1.2.1.0.97.4-ENG Hotfix;
14.1.2.1.0.99.4-ENG Hotfix;
14.1.2.1.0.105.4-ENG Hotfix;
14.1.2.1.0.111.4-ENG Hotfix;
14.1.2.1.0.115.4-ENG Hotfix;
14.1.2.1.0.122.4-ENG Hotfix.
NOTA: esta vulnerabilidad afecta únicamente a los hotfixes de BIG-IP Engineering obtenidos del soporte de F5. Las versiones major, minor, o maintenance obtenidas de la web de descargas de F5 no se ven afectadas.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-omision-autenticacion-big-ip-f5

Kali Linux 2019.4 Release

We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.

2019.4 includes some exciting new updates:
A new default desktop environment, Xfce
New GTK3 theme (for Gnome and Xfce)
Introduction of “Kali Undercover” mode
Kali Documentation has a new home and is now Git powered
Public Packaging – getting your tools into Kali
Kali NetHunter KeX – Full Kali desktop on Android
BTRFS during setup
Added PowerShell
The kernel is upgraded to version 5.3.9
… Plus the normal bugs fixes and updates.

https://www.kali.org/news/kali-linux-2019-4-release/

How to get started with security response automation on #AWS

https://aws.amazon.com/es/blogs/security/how-get-started-security-response-automation-aws/

Instagram’s updated security and privacy settings

How to protect your Instagram account and personal photos from prying eyes.

https://www.kaspersky.com/blog/keep-instagram-secure/11045/

Múltiples vulnerabilidades en productos F5

Fecha de publicación: 27/11/2019
Importancia: 4 - Alta

Recursos afectados: 
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3.1;
12.1.0 - 12.1.5;
11.5.1 - 11.6.5.
Enterprise Manager, versión 3.1.1.
BIG-IQ Centralized Management, versiones:
6.0.0;
5.2.0 - 5.4.0.
F5 iWorkflow, versión 2.3.0.

Descripción: 
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la cuenta root.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-f5-5

#Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network

In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/

#Adobe Hacked – Hackers Exploit The Bug in #Magento Marketplace & Gained Access To The Users Data

Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.

https://gbhackers.com/magento-marketplace/

Tácticas CNA: una primera propuesta

https://www.securityartwork.es/2019/11/11/tacticas-cna-una-primera-propuesta/

What’s new in #Volatility 3?

https://www.andreafortuna.org/2019/11/28/whats-new-in-volatility-3/

#OwnCloud version 8.1.8 (stable) are vulnerable to recovery all username login list.

https://packetstormsecurity.com/files/155499/owncloud818-disclose.txt

SUPPORT COMMUNICATION - CUSTOMER BULLETIN

Document ID: a00092491en_us
Version: 1
Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation

Release Date: 2019-11-19
Last Updated: 2019-11-22

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us

Actively Exploited StrandHogg Vulnerability Affects #Android OS

A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10.

https://www.bleepingcomputer.com/news/security/actively-exploited-strandhogg-vulnerability-affects-android-os/

Windows Users Beware! – More than 60% of Malicious Ads Targeting Windows Computer Systems

A new report shows that 61% of malicious ads on the Internet targeting Windows computers to infect with malware or to steal the information.

The malicious ads act as a platform to distribute malware, by attracting users and redirect them to malicious websites which results in downloading the malware.

https://gbhackers.com/malicious-ads-windows/

RHSA-2019:4056 - Security Advisory

Important: kernel security update
Security Advisory: Important

Tema:
An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

https://access.redhat.com/errata/RHSA-2019:4056

Critical Flaw in #GoAhead Web Server Could Affect Wide Range of #IoT Devices

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.

One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them.

https://thehackernews.com/2019/12/goahead-web-server-hacking.html

Critical Vulnerability in #Microsoft #Azure Let Hackers Take Over the Complete Control of the Azure Accounts

Researchers discovered a critical vulnerability in Microsoft Azure named “ #BlackDirect ” that allows attackers to take over the Azure user’s accounts and creating the Token with the victim’s permissions.

The vulnerability specifically affected Microsoft’s OAuth 2.0 applications that allow malicious attacker access and control a victim’s account

https://gbhackers.com/microsoft-azure/

#Cisco and #AWS Team Up for Better Application Performance, Enhanced Security

https://blogs.cisco.com/enterprise/cisco-and-aws-extend-partnership-in-campus-datacenter

Breaking the Rules: A Tough #Outlook for Home Page Attacks (CVE-2017-11774)

Attackers have a dirty little secret that is being used to conduct big intrusions. We’ll explain how they're "unpatching" an exploit and then provide new Outlook hardening guidance that is not available elsewhere. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to reverse Microsoft’s CVE-2017-11774 patch functionality.

https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html

[SECURITY] [DLA 2020-1] libonig security update

Package : libonig
Version : 5.9.5-3.2+deb8u4
CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246

Debian Bug : 944959 945313
Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012

https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html