Two malicious #Python libraries caught stealing #SSH and #GPG keys

One library was available for only two days, but the second was live for nearly a year.

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers.

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

Verificación inadecuada de autenticación en Palo Alto PAN-OS

Fecha de publicación: 05/12/2019
Importancia: 4 - Alta

Recursos afectados: 
PAN-OS 7.1, versiones anteriores a la 7.1.25;
PAN-OS 8.0, versiones anteriores a la 8.0.20;
PAN-OS 8.1, versiones anteriores a la 8.1.11;
PAN-OS 9.0, versiones anteriores a la 9.0.5.

Descripción: 
Palo Alto ha publicado una vulnerabilidad en PAN-OS que podría permitir a un atacante escalar privilegios

Solución: 
Actualizar a las versiones 7.1.25, 8.0.20, 8.1.11, 9.0.5 o posteriores.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/verificacion-inadecuada-autenticacion-palo-alto-pan-os

Cómo te levantan 100.000€ sin pestañear – Análisis forense de una «Estafa al CEO» (I)

https://www.securityartwork.es/2019/12/03/como-te-levantan-100-000e-sin-pestanear-analisis-forense-de-una-estafa-al-ceo-i/

Cómo te levantan 100.000€ sin pestañear – Análisis forense de una «Estafa al CEO» (II)

https://www.securityartwork.es/2019/12/05/como-te-levantan-100-000e-sin-pestanear-analisis-forense-de-una-estafa-al-ceo-ii/

#Microsoft Releases Security Advisory for #WindowsHello for Business

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations.

https://www.us-cert.gov/ncas/current-activity/2019/12/05/microsoft-releases-security-advisory-windows-hello-business

The Advantages of Next-Generation Firewalls (NGFWs)

Network managers and security teams are facing a double-edged challenge: networks are growing far more complex and expanding across multiple perimeters just as threat vectors become increasingly difficult to detect and threats grow more sophisticated. The Next-Generation Firewall (NGFW) offers a solution. According to Cisco ASA reviews and Cisco Firepower NGFW reviews on IT Central Station, they enable greater visibility into the network and applications while improving threat mitigation.

https://blogs.cisco.com/security/the-advantages-of-next-generation-firewalls

Múltiples vulnerabilidades en productos de Netgear

Fecha de publicación: 05/12/2019
Importancia: 5 - Crítica

Descripción: 

Netgear ha publicado 21 vulnerabilidades, 1 de severidad crítica y 20 de severidad alta, que afectan a sus productos.

Solución: 

Acceder a la página de soporte de Netgear, y descargar la última versión del firmware del dispositivo afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-9

CVE-2019-14899 flaw allows hijacking #VPN connections on #Linux, #Unix systems

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel

https://securityaffairs.co/wordpress/94764/hacking/cve-2019-14899-vpn-flaw.html

VMware Releases Security Updates for ESXi and Horizon DaaS

VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0022 and apply the necessary updates and workarounds.

https://www.us-cert.gov/ncas/current-activity/2019/12/06/vmware-releases-security-updates-esxi-and-horizon-daas

FBI Recommends Securing Your Smart TVs and IoT Devices

The U.S. Federal Bureau of Investigation (FBI) recommends making sure that Internet of Things (IoT) devices and smart TVs in your home are properly configured to protect them and your other devices from potential attackers. 

https://www.bleepingcomputer.com/news/security/fbi-recommends-securing-your-smart-tvs-and-iot-devices/

Ryuk Ransomware Decryptor Is Broken, Could Lead to Data Loss

Due to recent changes in the Ryuk Ransomware encryption process, a bug in the decryptor could lead to data loss in large files.

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-decryptor-is-broken-could-lead-to-data-loss/

Tool Illegally Enables Windows 7 Extended Security Updates

A method has been discovered that allows Windows 7 users to bypass eligibility checks and receive Extended Security Updates even if they have not paid for a license.

https://www.bleepingcomputer.com/news/microsoft/tool-illegally-enables-windows-7-extended-security-updates/

Detecting unsafe path access patterns with PathAuditor

Posted by Marta Rożek, Google Summer Intern 2019, and Stephen Röttger, Software Engineer 

https://security.googleblog.com/2019/12/detecting-unsafe-path-access-patterns.html

Microsoft to end updates to Windows 7's free AV software, Security Essentials

When support for Windows 7 ends on Jan. 14, Microsoft will also stop providing new malware signatures for its home-grown Security Essentials software.

https://www.computerworld.com/article/3489036/microsoft-to-end-updates-to-windows-7s-free-av-software-security-essentials.html

Cuenta IPMI por defecto en DataPower Gateway de IBM

Fecha de publicación: 10/12/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM DataPower Gateway, versiones 2018.4.1.0-2018.4.1.5 y 7.6.0.0-7.6.0.14.

Descripción: 
Cuando se activa la opción IPMI sobre LAN también se habilita, automáticamente, la cuenta de administrador por defecto.

Solución: 
Actualizar a:
IBM DataPower Gateway 2018.4.1.6 (APAR IT29004);
IBM DataPower Gateway 7.6.0.15 (APAR IT29004);

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cuenta-ipmi-defecto-datapower-gateway-ibm

Vulnerabilidad de ejecución remota en productos VMware

Fecha de publicación: 10/12/2019
Importancia: 5 - Crítica

Recursos afectados: 
VMware ESXi, versiones:
6.7,
6.5,
6.0.
VMware Horizon DaaS, rama de versiones 8.x.

Descripción: 
El equipo de 360Vulcan, de la competición Tianfu Cup Pwn Contest 2019, ha detectado una vulnerabilidad de severidad crítica que afecta a múltiples productos de VMware. Un atacante remoto podría ejecutar código en el sistema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-productos-vmware

Múltiples vulnerabilidades en productos de Dell EMC

Fecha de publicación: 10/12/2019
Importancia: 5 - Crítica

Recursos afectados: 
Dell EMC Data Protection Advisor, versiones:
6.3;
6.4;
6.5;
18.1;
18.2 anterior al patch 83;
19.1 anterior al patch 71.
Integrated Data Protection Appliance, versiones:
2.0;
2.1;
2.2;
2.3;
2.4.

Descripción: 
El API REST de la aplicación DPA, dentro del software Dell EMC Data Protection Advisor, contiene correcciones para múltiples vulnerabilidades que pueden ser explotadas por atacantes para comprometer el sistema afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-dell-emc

Detectando técnicas y tácticas ATT&CK en Linux

El australiano Krishna aka Kirtar22 ha creado un interesante proyecto en Github para asentar una buena base de conocimiento que ayude a crear/mejorar las capacidades de detección de amenazas en Linux. Los vectores de ataque están alineados con el framework ATT&CK de MITRE.

https://www.hackplayers.com/2019/12/detectando-tecnicas-y-tacticas-att-en-linux.html

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
ColdFusion APSB19-58
Brackets APSB19-57
Photoshop CC APSB19-56
Acrobat and Reader APSB19-55

https://www.us-cert.gov/ncas/current-activity/2019/12/10/adobe-releases-security-updates

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14861 and CVE-2019-14870 and apply the necessary updates and workarounds.

https://www.us-cert.gov/ncas/current-activity/2019/12/10/samba-releases-security-updates

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.

https://thehackernews.com/2019/12/windows-zero-day-patch.html

Microsoft Releases December 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s December 2019 Security Update Summary and Deployment Information and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/12/10/microsoft-releases-december-2019-security-updates