Watch out, hackers are targeting CVE-2018-0296 #Cisco fixed in 2018
Cisco has warned customers that hackers continue to target Cisco ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw.
https://securityaffairs.co/wordpress/95460/hacking/cve-2018-0296-cisco-asa-attacks.html
Cisco has warned customers that hackers continue to target Cisco ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw.
https://securityaffairs.co/wordpress/95460/hacking/cve-2018-0296-cisco-asa-attacks.html
Security Affairs
Watch out, hackers are targeting CVE-2018-0296 Cisco fixed in 2018
Cisco has warned customers that hackers continue to target ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw.
SUSE: 2019:3379-1 important: the Linux Kernel
https://linuxsecurity.com/advisories/suse/suse-2019-3379-1-important-the-linux-kernel-10-11-01
https://linuxsecurity.com/advisories/suse/suse-2019-3379-1-important-the-linux-kernel-10-11-01
Linux Security
SUSE: 2019:3379-1 important: the Linux Kernel.
suse 2019 3379 1 important the linux kernel 10 11 01 An update that solves 26 vulnerabilities and has 14 fixes is now available. SUSE Security Update: Security
#Wireshark 3.0.0 has been released. Installers for Windows, macOS, and source code are now available.
https://www.wireshark.org/news/20191218.html
https://www.wireshark.org/news/20191218.html
#Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw
If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time.
https://thehackernews.com/2019/12/drupal-website-hacking.html
If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time.
https://thehackernews.com/2019/12/drupal-website-hacking.html
Flaw in Elementor and Beaver Addons Let Anyone Hack #WordPress Sites
Attention WordPress users!
Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions.
https://thehackernews.com/2019/12/wordpress-elementor-beaver.html
Attention WordPress users!
Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions.
https://thehackernews.com/2019/12/wordpress-elementor-beaver.html
FBI Issues Alert For LockerGoga and MegaCortex #Ransomware
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
https://www.bleepingcomputer.com/news/security/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware/
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
https://www.bleepingcomputer.com/news/security/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware/
BleepingComputer
FBI Issues Alert For LockerGoga and MegaCortex Ransomware
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
Múltiples vulnerabilidades en Watson Studio Local de IBM
Fecha de publicación: 23/12/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Watson Studio Local, versión 1.2.3;
Descripción:
IBM ha publicado múltiples vulnerabilidades de severidad alta en Watson Studio Local.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-watson-studio-local-ibm
Fecha de publicación: 23/12/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Watson Studio Local, versión 1.2.3;
Descripción:
IBM ha publicado múltiples vulnerabilidades de severidad alta en Watson Studio Local.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-watson-studio-local-ibm
INCIBE-CERT
Múltiples vulnerabilidades en Watson Studio Local de IBM
IBM ha publicado múltiples vulnerabilidades de severidad alta en Watson Studio Local.
Vulnerabilidad de inyección de parámetros en IBM Spectrum Scale
Fecha de publicación: 26/12/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Elastic Storage Server, versiones:
desde 5.3.0, hasta 5.3.4.1;
desde 5.0.0, hasta 5.2.7.0;
desde 4.5.0, hasta 4.6.0.0;
desde 4.0.0, hasta 4.0.6.0.
Descripción:
IBM Elastic Storage Server está afectado por una vulnerabilidad en IBM Spectrum Scale, donde se pueden obtener privilegios de root inyectando parámetros en los archivos setuid.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-parametros-ibm-spectrum-scale
Fecha de publicación: 26/12/2019
Importancia: 4 - Alta
Recursos afectados:
IBM Elastic Storage Server, versiones:
desde 5.3.0, hasta 5.3.4.1;
desde 5.0.0, hasta 5.2.7.0;
desde 4.5.0, hasta 4.6.0.0;
desde 4.0.0, hasta 4.0.6.0.
Descripción:
IBM Elastic Storage Server está afectado por una vulnerabilidad en IBM Spectrum Scale, donde se pueden obtener privilegios de root inyectando parámetros en los archivos setuid.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-parametros-ibm-spectrum-scale
INCIBE-CERT
Vulnerabilidad de inyección de parámetros en IBM Spectrum Scale
IBM Elastic Storage Server está afectado por una vulnerabilidad en IBM Spectrum Scale, donde se pueden obtener privilegios de root inyectando parámetros en los archivos setuid.
Fuga de memoria en el proceso tmrouted en BIG-IP de F5
Fecha de publicación: 26/12/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3;
12.1.0 - 12.1.5.
Descripción:
Una vulnerabilidad en los sistemas BIG-IP, con licencia Routing y configurado con Multicast Forwarding Cache (MFC), podría permitir a un atacante provocar la denegación del servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/fuga-memoria-el-proceso-tmrouted-big-ip-f5
Fecha de publicación: 26/12/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3;
12.1.0 - 12.1.5.
Descripción:
Una vulnerabilidad en los sistemas BIG-IP, con licencia Routing y configurado con Multicast Forwarding Cache (MFC), podría permitir a un atacante provocar la denegación del servicio.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/fuga-memoria-el-proceso-tmrouted-big-ip-f5
INCIBE-CERT
Fuga de memoria en el proceso tmrouted en BIG-IP de F5
Una vulnerabilidad en los sistemas BIG-IP, con licencia Routing y configurado con Multicast Forwarding Cache (MFC), podría permitir a un atacante provocar la denegación del servicio.
UhOh365
A script that can see if an email address is valid in #Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
#Microsoft does not consider "email enumeration" a vulnerability, so this is taking advantage of a "feature". There are a couple other public Office365 email validation scripts out there, but they all (that I have seen) require at least 1 login attempt per user account. That is detectable and can be found as a light bruteforce attempt (1 "common" password across multiple accounts).
This script allows for email validation with zero login attempts and only uses Microsoft's built-in Autodiscover API so it is invisible to the person/company who owns the email address. Furthermore, this API call appears to be completely unthrottled and I was able to validate over 2,000 email addresses within 1 minute in my testing.
https://github.com/Raikia/UhOh365
A script that can see if an email address is valid in #Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
#Microsoft does not consider "email enumeration" a vulnerability, so this is taking advantage of a "feature". There are a couple other public Office365 email validation scripts out there, but they all (that I have seen) require at least 1 login attempt per user account. That is detectable and can be found as a light bruteforce attempt (1 "common" password across multiple accounts).
This script allows for email validation with zero login attempts and only uses Microsoft's built-in Autodiscover API so it is invisible to the person/company who owns the email address. Furthermore, this API call appears to be completely unthrottled and I was able to validate over 2,000 email addresses within 1 minute in my testing.
https://github.com/Raikia/UhOh365
GitHub
GitHub - Raikia/UhOh365: A script that can see if an email address is valid in Office365 (user/email enumeration). This does not…
A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering ...
Mozilla Adds Additional DNS-Over-HTTPS Provider to #Firefox
https://www.bleepingcomputer.com/news/software/mozilla-adds-additional-dns-over-https-provider-to-firefox/
https://www.bleepingcomputer.com/news/software/mozilla-adds-additional-dns-over-https-provider-to-firefox/
BleepingComputer
Mozilla Adds Additional DNS-Over-HTTPS Provider to Firefox
Mozilla has added an additional DNS provider to its DNS-Over-HTTPS implementation in Firefox. This gives Firefox users more options as to which DoH provider they use for secure DNS lookups.
Aprovechando el Directorio Activo como C2 (Command & Control)
#Hackplayers
https://www.hackplayers.com/2019/12/directorio-activo-como-c2.html
#Hackplayers
https://www.hackplayers.com/2019/12/directorio-activo-como-c2.html
Hackplayers
Aprovechando el Directorio Activo como C2 (Command & Control)
En un directorio activo, por defecto, todos los usuarios autenticados tienen acceso de escritura a algunos de sus propios atributos y acces...
Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably more…
https://medium.com/@LargeCardinal/decrypting-config-bin-files-for-tp-link-wr841n-wa855re-and-probably-more-676de396d724
https://medium.com/@LargeCardinal/decrypting-config-bin-files-for-tp-link-wr841n-wa855re-and-probably-more-676de396d724
Medium
Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably more…
Tl;Dr — it’s basically the same as it always was, except they added a compression step. YOLO. We’ll show you how to get the data back…
Reverse Engineering and Code Emulation with #Ghidra
Slides: https://github.com/kc0bfv/Saintcon2019GhidraTalk
Video: https://twitch.tv/videos/498159435
Source of python pcode emulator: https://github.com/kc0bfv/pcode-emulator
Slides: https://github.com/kc0bfv/Saintcon2019GhidraTalk
Video: https://twitch.tv/videos/498159435
Source of python pcode emulator: https://github.com/kc0bfv/pcode-emulator
GitHub
GitHub - kc0bfv/Saintcon2019GhidraTalk: The slides from my Saintcon 2019 talk.
The slides from my Saintcon 2019 talk. Contribute to kc0bfv/Saintcon2019GhidraTalk development by creating an account on GitHub.
Cisco Data Center Network Manager Command Injection Vulnerabilities
Advisory ID: cisco-sa-20200102-dcnm-comm-inject
First Published: 2020 January 2 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs:
CSCvr44798
CSCvr46507
CVE-2019-15978
CVE-2019-15979
CWE-78
CVSS Score:Base 7.2
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS).
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
Advisory ID: cisco-sa-20200102-dcnm-comm-inject
First Published: 2020 January 2 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs:
CSCvr44798
CSCvr46507
CVE-2019-15978
CVE-2019-15979
CWE-78
CVSS Score:Base 7.2
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS).
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject
Cisco
Cisco Security Advisory: Cisco Data Center Network Manager Command Injection Vulnerabilities
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating…
SSH Pentesting Guide
A Comprehensive Guide to Breaking SSH.
https://community.turgensec.com/ssh-hacking-guide/
A Comprehensive Guide to Breaking SSH.
https://community.turgensec.com/ssh-hacking-guide/
Vulnerabilidad de ejecución de código en e2fsprogs
Fecha de publicación: 08/01/2020
Importancia: 4 - Alta
Recursos afectados:
E2fsprogs, versiones 1.43.3 - 1.45.4.
Descripción:
La investigadora Lilith, de Cisco Talos, ha descubierto una vulnerabilidad de tipo ejecución de código en e2fsprogs, un paquete de utilidades para el mantenimiento de sistemas de ficheros ext2, ext3 y ext4.
Solución:
Actualizar e2fsprogs a la versión 1.45.5.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-codigo-e2fsprogs
Fecha de publicación: 08/01/2020
Importancia: 4 - Alta
Recursos afectados:
E2fsprogs, versiones 1.43.3 - 1.45.4.
Descripción:
La investigadora Lilith, de Cisco Talos, ha descubierto una vulnerabilidad de tipo ejecución de código en e2fsprogs, un paquete de utilidades para el mantenimiento de sistemas de ficheros ext2, ext3 y ext4.
Solución:
Actualizar e2fsprogs a la versión 1.45.5.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-codigo-e2fsprogs
INCIBE-CERT
Vulnerabilidad de ejecución de código en e2fsprogs
La investigadora Lilith, de Cisco Talos, ha descubierto una vulnerabilidad de tipo ejecución de código en e2fsprogs, un paquete de utilidades para el mantenimiento de sistemas de ficheros ext2, ext3 y ext4.
Vulnerabilidad de inyección SQL en phpMyAdmin
Fecha de publicación: 08/01/2020
Importancia: 4 - Alta
Recursos afectados:
phpMyAdmin, rama de versiones 4.x anteriores a la 4.9.4,
phpMyAdmin versión 5.0.0.
Descripción:
CSW Research Labs ha detectado una vulnerabilidad de criticidad alta que afecta a varias versiones de phpMyAdmin. Un atacante podría realizar una inyección SQL.
Solución:
Versiones de la rama 4.x de phpMyAdmin:
Para las versiones 4.8 y 4.9, actualizar a la versión 4.9.4 o superior.
Para versiones anteriores, aplicar este parche de seguridad.
Versiones de la rama 5.x de phpMyAdmin, actualizar a la versión 5.0.1 o superior.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin-0
Fecha de publicación: 08/01/2020
Importancia: 4 - Alta
Recursos afectados:
phpMyAdmin, rama de versiones 4.x anteriores a la 4.9.4,
phpMyAdmin versión 5.0.0.
Descripción:
CSW Research Labs ha detectado una vulnerabilidad de criticidad alta que afecta a varias versiones de phpMyAdmin. Un atacante podría realizar una inyección SQL.
Solución:
Versiones de la rama 4.x de phpMyAdmin:
Para las versiones 4.8 y 4.9, actualizar a la versión 4.9.4 o superior.
Para versiones anteriores, aplicar este parche de seguridad.
Versiones de la rama 5.x de phpMyAdmin, actualizar a la versión 5.0.1 o superior.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin-0
INCIBE-CERT
Vulnerabilidad de inyección SQL en phpMyAdmin
CSW Research Labs ha detectado una vulnerabilidad de criticidad alta que afecta a varias versiones de phpMyAdmin. Un atacante podría realizar una inyección SQL.
Tails 4.2 Fixes Numerous Security Flaws, Improves Direct Upgrades
The Tails Project released a new version of the security-focused Tails Linux distribution and advises users to upgrade as soon as possible to fix multiple security vulnerabilities impacting the previous Tails 4.1.1 version.
https://www.bleepingcomputer.com/news/linux/tails-42-fixes-numerous-security-flaws-improves-direct-upgrades/
The Tails Project released a new version of the security-focused Tails Linux distribution and advises users to upgrade as soon as possible to fix multiple security vulnerabilities impacting the previous Tails 4.1.1 version.
https://www.bleepingcomputer.com/news/linux/tails-42-fixes-numerous-security-flaws-improves-direct-upgrades/
BleepingComputer
Tails 4.2 Fixes Numerous Security Flaws, Improves Direct Upgrades
The Tails Project released a new version of the security-focused Tails Linux distribution and advises users to upgrade as soon as possible to fix multiple security vulnerabilities impacting the previous Tails 4.1.1 version.
Cisco Releases Security Updates
Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
Cisco Data Center Network Manager SQL Injection Vulnerabilities
Cisco Data Center Network Manager Path Traversal Vulnerabilities
Cisco Data Center Network Manager Command Injection Vulnerabilities
https://www.us-cert.gov/ncas/current-activity/2020/01/07/cisco-releases-security-updates
Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
Cisco Data Center Network Manager SQL Injection Vulnerabilities
Cisco Data Center Network Manager Path Traversal Vulnerabilities
Cisco Data Center Network Manager Command Injection Vulnerabilities
https://www.us-cert.gov/ncas/current-activity/2020/01/07/cisco-releases-security-updates
www.us-cert.gov
Cisco Releases Security Updates | CISA
Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities…
SNAKE Ransomware is targeting business networks
A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks.
https://securityaffairs.co/wordpress/96137/malware/snake-ransomware.html
A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks.
https://securityaffairs.co/wordpress/96137/malware/snake-ransomware.html
Security Affairs
SNAKE Ransomware is targeting business networks
A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks. ... ...