Ejecución remota de código en el protocolo WebDAV utilizado por Microsoft Windows

Fecha de publicación: 19/12/2019
Importancia: 4 - Alta

Recursos afectados: 
Clientes de Microsoft Windows que usen el protocolo WebDAV.

Descripción: 
Esta vulnerabilidad permite a un atacante remoto ejecutar código arbitrario en los equipos afectados de Microsoft Windows.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-el-protocolo-webdav-utilizado-microsoft

Múltiples vulnerabilidades en el core de Drupal

Fecha de publicación: 19/12/2019
Importancia: 4 - Alta

Recursos afectados: 
7.x,
8.8.x,
8.7.x

Descripción: 
El equipo de seguridad de Drupal ha detectado múltiples vulnerabilidades en el core que, entre otros, podrían permitir a un atacante la denegación del servicio, saltarse las protecciones del archivo .htaccess o acceder a elementos multimedia protegidos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-core-drupal-0

Microsoft Releases Out-of-Band Security Updates

Microsoft has released out-of-band security updates to address a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Security Advisory for CVE-2019-1491 and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2019/12/18/microsoft-releases-out-band-security-updates

Field Notice: FN - 70489 - PKI Self-Signed Certificate Expiration in #Cisco IOS and Cisco IOS XE Software - Software Upgrade Recommended

Updated:December 18, 2019
Document ID:FN70489

Problem Description

Self-signed X.509 PKI certificates (SSC) that were generated on devices that run affected Cisco IOS® or Cisco IOS XE software releases expire on 2020-01-01 00:00:00 UTC. New self-signed certificates cannot be created on affected devices after 2020-01-01 00:00:00 UTC. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires.

This issue affects only self-signed certificates that were generated by the Cisco IOS or Cisco IOS XE device and applied to a service on the device. Certificates that were generated by a Certificate Authority (CA), which includes those certificates generated by the Cisco IOS CA feature, are not impacted by this issue.

Note: To be impacted by this issue, a device must have a self-signed certificate defined AND the self-signed certificate must be applied to one or more features as outlined below. Presence of a self-signed certificate alone will not impact the operation of the device when the certificate expires and does not require immediate action.

https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html

Watch out, hackers are targeting CVE-2018-0296 #Cisco fixed in 2018

Cisco has warned customers that hackers continue to target Cisco ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw.

https://securityaffairs.co/wordpress/95460/hacking/cve-2018-0296-cisco-asa-attacks.html

SUSE: 2019:3379-1 important: the Linux Kernel

https://linuxsecurity.com/advisories/suse/suse-2019-3379-1-important-the-linux-kernel-10-11-01

#Wireshark 3.0.0 has been released. Installers for Windows, macOS, and source code are now available.

https://www.wireshark.org/news/20191218.html

#Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time.

https://thehackernews.com/2019/12/drupal-website-hacking.html

Flaw in Elementor and Beaver Addons Let Anyone Hack #WordPress Sites

Attention WordPress users!

Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions.

https://thehackernews.com/2019/12/wordpress-elementor-beaver.html

FBI Issues Alert For LockerGoga and MegaCortex #Ransomware

The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.

https://www.bleepingcomputer.com/news/security/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware/

Múltiples vulnerabilidades en Watson Studio Local de IBM

Fecha de publicación: 23/12/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Watson Studio Local, versión 1.2.3;

Descripción: 
IBM ha publicado múltiples vulnerabilidades de severidad alta en Watson Studio Local.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-watson-studio-local-ibm

Vulnerabilidad de inyección de parámetros en IBM Spectrum Scale

Fecha de publicación: 26/12/2019
Importancia: 4 - Alta

Recursos afectados: 
IBM Elastic Storage Server, versiones:
desde 5.3.0, hasta 5.3.4.1;
desde 5.0.0, hasta 5.2.7.0;
desde 4.5.0, hasta 4.6.0.0;
desde 4.0.0, hasta 4.0.6.0.

Descripción: 
IBM Elastic Storage Server está afectado por una vulnerabilidad en IBM Spectrum Scale, donde se pueden obtener privilegios de root inyectando parámetros en los archivos setuid.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-parametros-ibm-spectrum-scale

Fuga de memoria en el proceso tmrouted en BIG-IP de F5

Fecha de publicación: 26/12/2019
Importancia: 4 - Alta

Recursos afectados: 
BIG-IP (LTM), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3;
12.1.0 - 12.1.5.

Descripción: 
Una vulnerabilidad en los sistemas BIG-IP, con licencia Routing y configurado con Multicast Forwarding Cache (MFC), podría permitir a un atacante provocar la denegación del servicio.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/fuga-memoria-el-proceso-tmrouted-big-ip-f5

UhOh365

A script that can see if an email address is valid in #Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.

#Microsoft does not consider "email enumeration" a vulnerability, so this is taking advantage of a "feature". There are a couple other public Office365 email validation scripts out there, but they all (that I have seen) require at least 1 login attempt per user account. That is detectable and can be found as a light bruteforce attempt (1 "common" password across multiple accounts).

This script allows for email validation with zero login attempts and only uses Microsoft's built-in Autodiscover API so it is invisible to the person/company who owns the email address. Furthermore, this API call appears to be completely unthrottled and I was able to validate over 2,000 email addresses within 1 minute in my testing.


https://github.com/Raikia/UhOh365

Mozilla Adds Additional DNS-Over-HTTPS Provider to #Firefox

https://www.bleepingcomputer.com/news/software/mozilla-adds-additional-dns-over-https-provider-to-firefox/

Aprovechando el Directorio Activo como C2 (Command & Control)

#Hackplayers

https://www.hackplayers.com/2019/12/directorio-activo-como-c2.html

Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably more…

https://medium.com/@LargeCardinal/decrypting-config-bin-files-for-tp-link-wr841n-wa855re-and-probably-more-676de396d724

Reverse Engineering and Code Emulation with #Ghidra

Slides: https://github.com/kc0bfv/Saintcon2019GhidraTalk

Video: https://twitch.tv/videos/498159435

Source of python pcode emulator: https://github.com/kc0bfv/pcode-emulator

Cisco Data Center Network Manager Command Injection Vulnerabilities

Advisory ID: cisco-sa-20200102-dcnm-comm-inject

First Published: 2020 January 2 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs:
CSCvr44798 
CSCvr46507
CVE-2019-15978
CVE-2019-15979
CWE-78

CVSS Score:Base 7.2

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS).

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject

SSH Pentesting Guide

A Comprehensive Guide to Breaking SSH.

https://community.turgensec.com/ssh-hacking-guide/

Vulnerabilidad de ejecución de código en e2fsprogs

Fecha de publicación: 08/01/2020
Importancia: 4 - Alta

Recursos afectados: 
E2fsprogs, versiones 1.43.3 - 1.45.4.

Descripción: 
La investigadora Lilith, de Cisco Talos, ha descubierto una vulnerabilidad de tipo ejecución de código en e2fsprogs, un paquete de utilidades para el mantenimiento de sistemas de ficheros ext2, ext3 y ext4.

Solución: 
Actualizar e2fsprogs a la versión 1.45.5.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-codigo-e2fsprogs