#Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/
BleepingComputer
Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
#Adobe Hacked – Hackers Exploit The Bug in #Magento Marketplace & Gained Access To The Users Data
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
https://gbhackers.com/magento-marketplace/
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
https://gbhackers.com/magento-marketplace/
GBHackers On Security
Adobe Hacked - Hackers Exploit the Vulnerability in Magento Marketplace
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the customer's sensitive account information.
Tácticas CNA: una primera propuesta
https://www.securityartwork.es/2019/11/11/tacticas-cna-una-primera-propuesta/
https://www.securityartwork.es/2019/11/11/tacticas-cna-una-primera-propuesta/
Security Art Work
Tácticas CNA: una primera propuesta - Security Art Work
Hoy toca un artículo doctrinal y algo metafísico…. Vamos, algo denso. Avisados estáis :) Dentro las operaciones CNO (Computer Network Operations) encontramos tres tipos de capacidades o acciones: CND, CNA y CNE (Defensa, Ataque y Explotación respectivamente);…
#OwnCloud version 8.1.8 (stable) are vulnerable to recovery all username login list.
https://packetstormsecurity.com/files/155499/owncloud818-disclose.txt
https://packetstormsecurity.com/files/155499/owncloud818-disclose.txt
Packetstormsecurity
OwnCloud 8.1.8 Username Disclosure ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
SUPPORT COMMUNICATION - CUSTOMER BULLETIN
Document ID: a00092491en_us
Version: 1
Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation
Release Date: 2019-11-19
Last Updated: 2019-11-22
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Document ID: a00092491en_us
Version: 1
Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation
Release Date: 2019-11-19
Last Updated: 2019-11-22
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Actively Exploited StrandHogg Vulnerability Affects #Android OS
A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10.
https://www.bleepingcomputer.com/news/security/actively-exploited-strandhogg-vulnerability-affects-android-os/
A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10.
https://www.bleepingcomputer.com/news/security/actively-exploited-strandhogg-vulnerability-affects-android-os/
BleepingComputer
Actively Exploited StrandHogg Vulnerability Affects Android OS
A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10.
Windows Users Beware! – More than 60% of Malicious Ads Targeting Windows Computer Systems
A new report shows that 61% of malicious ads on the Internet targeting Windows computers to infect with malware or to steal the information.
The malicious ads act as a platform to distribute malware, by attracting users and redirect them to malicious websites which results in downloading the malware.
https://gbhackers.com/malicious-ads-windows/
A new report shows that 61% of malicious ads on the Internet targeting Windows computers to infect with malware or to steal the information.
The malicious ads act as a platform to distribute malware, by attracting users and redirect them to malicious websites which results in downloading the malware.
https://gbhackers.com/malicious-ads-windows/
GBHackers On Security
More than 60% of Malicious Ads Targeting Windows Computer Systems
A new report shows that 61% of malicious ads on the Internet targeting Windows computers to infect with malware or to steal the information.
RHSA-2019:4056 - Security Advisory
Important: kernel security update
Security Advisory: Important
Tema:
An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
https://access.redhat.com/errata/RHSA-2019:4056
Important: kernel security update
Security Advisory: Important
Tema:
An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
https://access.redhat.com/errata/RHSA-2019:4056
Critical Flaw in #GoAhead Web Server Could Affect Wide Range of #IoT Devices
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.
One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them.
https://thehackernews.com/2019/12/goahead-web-server-hacking.html
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.
One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them.
https://thehackernews.com/2019/12/goahead-web-server-hacking.html
Critical Vulnerability in #Microsoft #Azure Let Hackers Take Over the Complete Control of the Azure Accounts
Researchers discovered a critical vulnerability in Microsoft Azure named “ #BlackDirect ” that allows attackers to take over the Azure user’s accounts and creating the Token with the victim’s permissions.
The vulnerability specifically affected Microsoft’s OAuth 2.0 applications that allow malicious attacker access and control a victim’s account
https://gbhackers.com/microsoft-azure/
Researchers discovered a critical vulnerability in Microsoft Azure named “ #BlackDirect ” that allows attackers to take over the Azure user’s accounts and creating the Token with the victim’s permissions.
The vulnerability specifically affected Microsoft’s OAuth 2.0 applications that allow malicious attacker access and control a victim’s account
https://gbhackers.com/microsoft-azure/
GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Critical Vulnerability in Microsoft Azure Let Hackers Take Over the Complete Control of the Azure Accounts
Researchers discovered a critical vulnerability in Microsoft Azure named "BlackDirect" that allows attackers to take over the Azure user's accounts
#Cisco and #AWS Team Up for Better Application Performance, Enhanced Security
https://blogs.cisco.com/enterprise/cisco-and-aws-extend-partnership-in-campus-datacenter
https://blogs.cisco.com/enterprise/cisco-and-aws-extend-partnership-in-campus-datacenter
Cisco Blogs
Cisco and AWS Team Up for Better Application Performance, Enhanced Security - Cisco Blogs
Cisco's enhanced integration partnership with AWS will lead to cloud apps that perform better and more securely. We will make it more straightforward for you to deploy new apps on hybrid networks, to make apps more manageable using the Cisco network tools…
Breaking the Rules: A Tough #Outlook for Home Page Attacks (CVE-2017-11774)
Attackers have a dirty little secret that is being used to conduct big intrusions. We’ll explain how they're "unpatching" an exploit and then provide new Outlook hardening guidance that is not available elsewhere. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to reverse Microsoft’s CVE-2017-11774 patch functionality.
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
Attackers have a dirty little secret that is being used to conduct big intrusions. We’ll explain how they're "unpatching" an exploit and then provide new Outlook hardening guidance that is not available elsewhere. Specifically, this blog post covers field-tested automated registry processing for registry keys to protect against attacker attempts to reverse Microsoft’s CVE-2017-11774 patch functionality.
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
Google Cloud Blog
Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774) | Mandiant | Google Cloud Blog
[SECURITY] [DLA 2020-1] libonig security update
Package : libonig
Version : 5.9.5-3.2+deb8u4
CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246
Debian Bug : 944959 945313
Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012
https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html
Package : libonig
Version : 5.9.5-3.2+deb8u4
CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246
Debian Bug : 944959 945313
Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012
https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter
Exposed private cert key may also be an issue for IBM Aspera
Updated Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM's Aspera software.
The SwiftOnSecurity Twitter account revealed that Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service, to enable the Atlassian Companion app to edit files in a preferred local application and save the files back to Confluence.
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
Exposed private cert key may also be an issue for IBM Aspera
Updated Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM's Aspera software.
The SwiftOnSecurity Twitter account revealed that Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service, to enable the Atlassian Companion app to edit files in a preferred local application and save the files back to Confluence.
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
www.theregister.co.uk
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter
Exposed private cert key may also be an issue for IBM Aspera
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3.
https://www.us-cert.gov/ncas/current-activity/2019/12/04/mozilla-releases-security-updates-firefox-and-firefox-esr
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3.
https://www.us-cert.gov/ncas/current-activity/2019/12/04/mozilla-releases-security-updates-firefox-and-firefox-esr
www.us-cert.gov
Mozilla Releases Security Updates for Firefox and Firefox ESR | CISA
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Múltiples vulnerabilidades en Liferay
Fecha de publicación: 04/12/2019
Importancia: 5 - Crítica
Recursos afectados:
Liferay Portal, versión 7.2.0 y anteriores.
Descripción:
Se han detectado 6 vulnerabilidades, una con severidad crítica y cinco con severidades altas. Un atacante remoto podría obtener credenciales de usuario, ejecución o inyección de código, generar una condición de denegación de servicio (DoS) o realizar acciones sin autorización sobre los recursos del sistema.
Solución:
Actualizar la versión Liferay Portal 7.2.1 o posterior, cuando esté disponible.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-liferay-2
Fecha de publicación: 04/12/2019
Importancia: 5 - Crítica
Recursos afectados:
Liferay Portal, versión 7.2.0 y anteriores.
Descripción:
Se han detectado 6 vulnerabilidades, una con severidad crítica y cinco con severidades altas. Un atacante remoto podría obtener credenciales de usuario, ejecución o inyección de código, generar una condición de denegación de servicio (DoS) o realizar acciones sin autorización sobre los recursos del sistema.
Solución:
Actualizar la versión Liferay Portal 7.2.1 o posterior, cuando esté disponible.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-liferay-2
INCIBE-CERT
Múltiples vulnerabilidades en Liferay
Se han detectado 6 vulnerabilidades, una con severidad crítica y cinco con severidades altas. Un atacante remoto podría obtener credenciales de usuario, ejecución o inyección de código, generar una
Two malicious #Python libraries caught stealing #SSH and #GPG keys
One library was available for only two days, but the second was live for nearly a year.
The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers.
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
One library was available for only two days, but the second was live for nearly a year.
The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers.
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
ZDNET
Two malicious Python libraries caught stealing SSH and GPG keys
One library was available for only two days, but the second was live for nearly a year.
Verificación inadecuada de autenticación en Palo Alto PAN-OS
Fecha de publicación: 05/12/2019
Importancia: 4 - Alta
Recursos afectados:
PAN-OS 7.1, versiones anteriores a la 7.1.25;
PAN-OS 8.0, versiones anteriores a la 8.0.20;
PAN-OS 8.1, versiones anteriores a la 8.1.11;
PAN-OS 9.0, versiones anteriores a la 9.0.5.
Descripción:
Palo Alto ha publicado una vulnerabilidad en PAN-OS que podría permitir a un atacante escalar privilegios
Solución:
Actualizar a las versiones 7.1.25, 8.0.20, 8.1.11, 9.0.5 o posteriores.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/verificacion-inadecuada-autenticacion-palo-alto-pan-os
Fecha de publicación: 05/12/2019
Importancia: 4 - Alta
Recursos afectados:
PAN-OS 7.1, versiones anteriores a la 7.1.25;
PAN-OS 8.0, versiones anteriores a la 8.0.20;
PAN-OS 8.1, versiones anteriores a la 8.1.11;
PAN-OS 9.0, versiones anteriores a la 9.0.5.
Descripción:
Palo Alto ha publicado una vulnerabilidad en PAN-OS que podría permitir a un atacante escalar privilegios
Solución:
Actualizar a las versiones 7.1.25, 8.0.20, 8.1.11, 9.0.5 o posteriores.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/verificacion-inadecuada-autenticacion-palo-alto-pan-os
INCIBE-CERT
Verificación inadecuada de autenticación en Palo Alto PAN-OS
Palo Alto ha publicado una vulnerabilidad en PAN-OS que podría permitir a un atacante escalar privilegios
Cómo te levantan 100.000€ sin pestañear – Análisis forense de una «Estafa al CEO» (I)
https://www.securityartwork.es/2019/12/03/como-te-levantan-100-000e-sin-pestanear-analisis-forense-de-una-estafa-al-ceo-i/
Cómo te levantan 100.000€ sin pestañear – Análisis forense de una «Estafa al CEO» (II)
https://www.securityartwork.es/2019/12/05/como-te-levantan-100-000e-sin-pestanear-analisis-forense-de-una-estafa-al-ceo-ii/
https://www.securityartwork.es/2019/12/03/como-te-levantan-100-000e-sin-pestanear-analisis-forense-de-una-estafa-al-ceo-i/
Cómo te levantan 100.000€ sin pestañear – Análisis forense de una «Estafa al CEO» (II)
https://www.securityartwork.es/2019/12/05/como-te-levantan-100-000e-sin-pestanear-analisis-forense-de-una-estafa-al-ceo-ii/