Detectando técnicas y tácticas ATT&CK en Linux

El australiano Krishna aka Kirtar22 ha creado un interesante proyecto en Github para asentar una buena base de conocimiento que ayude a crear/mejorar las capacidades de detección de amenazas en Linux. Los vectores de ataque están alineados con el framework ATT&CK de MITRE.

https://www.hackplayers.com/2019/12/detectando-tecnicas-y-tacticas-att-en-linux.html

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
ColdFusion APSB19-58
Brackets APSB19-57
Photoshop CC APSB19-56
Acrobat and Reader APSB19-55

https://www.us-cert.gov/ncas/current-activity/2019/12/10/adobe-releases-security-updates

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14861 and CVE-2019-14870 and apply the necessary updates and workarounds.

https://www.us-cert.gov/ncas/current-activity/2019/12/10/samba-releases-security-updates

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.

https://thehackernews.com/2019/12/windows-zero-day-patch.html

Microsoft Releases December 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s December 2019 Security Update Summary and Deployment Information and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/12/10/microsoft-releases-december-2019-security-updates

Google Releases Security Updates for Chrome

Google has released security updates for Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/12/10/google-releases-security-updates-chrome

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.us-cert.gov/ncas/current-activity/2019/12/10/apple-releases-multiple-security-updates

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.

https://www.us-cert.gov/ncas/current-activity/2019/12/10/intel-releases-security-updates

Vulnerabilidad en Spectrum Scale de IBM

Fecha de publicación: 11/12/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Spectrum Scale, versiones 5.0.0.0 - 5.0.4.0 y 4.2.0.0 - 4.2.3.18.

Descripción: 
IBM ha identificado una vulnerabilidad de seguridad en IBM Spectrum Scale que podría permitir a un atacante remoto autenticado, ejecutar comandos arbitrarios en el sistema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-spectrum-scale-ibm

Actualización de seguridad de SAP de diciembre de 2019

Fecha de publicación: 11/12/2019
Importancia: 5 - Crítica

Recursos afectados: 
SAP Business Client, versión 6.5;
SAP Adaptive Server Enterprise, versiones 15.7 y 16.0;
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), versión 4.2;
SAP ERP HCM (SAP_HRCES), versión 3;
SAP Enable Now, versión 1911;
SAP Portfolio and Project Management, versiones S4CORE 102, 103, EPPM 100, CPRXRPM 500_702, 600_740 y 610_740;
SAP BusinessObjects Business Intelligence Platform (Monitoring Application), versiones 4.1, 4.2 y 4.3.

Descripción: 
SAP ha publicado varias actualizaciones de seguridad de diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-diciembre-2019

Boletín de seguridad de Microsoft de diciembre de 2019

Fecha de publicación: 11/12/2019
Importancia: 5 - Crítica

Recursos afectados: 
Microsoft Windows,
Internet Explorer,
Microsoft Office, Microsoft Office Services y Web Apps,
SQL Server,
Visual Studio,
Skype for Business.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-diciembre-2019

Vulnerabilidades en múltiples productos de Intel

Fecha de publicación: 11/12/2019
Importancia: 4 - Alta

Descripción: 
Intel ha descubierto siete vulnerabilidades de criticidad alta en múltiples productos. Un atacante local podría realizar una escalada de privilegios o revelar información sensible.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-multiples-productos-intel

Microsoft Office December Security Updates Fix Remote Execution Bugs

Microsoft released the December 2019 Office security updates, bundling a total of 16 security updates and five cumulative updates for five different products, three of them patching flaws allowing remote code execution.

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-december-security-updates-fix-remote-execution-bugs/

WordPress: Stored XSS on Wordpress 5.3 via Title Post2019-12-09 13:22:18

ID H1:754352
Type hackerone
Reporter md15ev
Modified 2019-12-10 09:58:14

Description
I have identified a WordPress security vulnerability , a Stored XSS vulnerability that affects latest version of WordPress (5.3)

https://vulners.com/hackerone/H1:754352

New Zeppelin #Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin, has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada.

https://thehackernews.com/2019/12/zeppelin-ransomware-attacks.html

#Plundervolt : A new attack on #Intel processors threatening SGX data

Simply put; Plundervolt flaw lets attackers manipulate voltage delivered to targeted CPU and steal data. 

Altering Intel’s CPU voltages and frequency directly in the operating system is a feature that many users appreciate as it allows them to use all those software-based utilities that aid in overclocking. Now, this feature may not be as secure as previously anticipated.

https://www.hackread.com/plundervolt-attack-intel-processors-threat-sgx-data/

New Plundervolt attack impacts Intel CPUs

Intel desktop, server, and mobile CPUs are impacted. Intel has released firmware patches today.

[...]
According to Intel, the following CPU series are vulnerable to Plundervolt attacks:

Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors

Intel® Xeon® Processor E3 v5 & v6

Intel® Xeon® Processor E-2100 & E-2200 families

Plundervolt is nothing that end-users should worry about. It's an attack vector that is of little interest for malware authors since it's hard to automate at scale. It is, however, an attack vector that could be weaponized in targeted attacks, against specially selected targets. If Plundervolt is a serious threat depends on each user's threat matrix.
[...]

https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/

Múltiples vulnerabilidades en Xen

Fecha de publicación: 12/12/2019
Importancia: 4 - Alta

Recursos afectados: 
Todas las versiones de Xen.
Citrix Hypervisor 8.0 y anteriores.
Citrix XenServer 7.6.
Citrix XenServer 7.1 LTSR CU2.
Citrix XenServer 7.0.

Descripción: 
Xen ha descubierto siete vulnerabilidades que afectan a sus productos. Un atacante remoto podría causar un cierre inesperado, generar una condición de denegación de servicio (DoS), escalar privilegios o divulgar información.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-xen-2

New Echobot Variant Exploits 77 Remote Code Execution Flaws

The Echobot botnet is still after the low hanging fruit as a new variant has been spotted with an increased number of exploits that target unpatched devices, IoT for the most part.

A variant discovered this summer included more than 50 exploits that allow remote code execution. A security researcher noticed that a new version emerged with even more exploits, 77 of them.

https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/

Actualización de seguridad 5.3.1 para WordPress

Fecha de publicación: 13/12/2019
Importancia: 4 - Alta

Recursos afectados: 
WordPress, versiones 5.3 y anteriores.

Descripción: 
Esta versión de seguridad y mantenimiento incluye 46 correcciones y mejoras. Además, agrega una serie de correcciones de seguridad.

Solución: 
Ha sido publicada la versión 5.3.1 del gestor de contenidos, WordPress, para solucionar dichas vulnerabilidades, disponible desde su página de descarga.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-531-wordpress