Reverse Engineering and Code Emulation with #Ghidra

Slides: https://github.com/kc0bfv/Saintcon2019GhidraTalk

Video: https://twitch.tv/videos/498159435

Source of python pcode emulator: https://github.com/kc0bfv/pcode-emulator

Cisco Data Center Network Manager Command Injection Vulnerabilities

Advisory ID: cisco-sa-20200102-dcnm-comm-inject

First Published: 2020 January 2 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs:
CSCvr44798 
CSCvr46507
CVE-2019-15978
CVE-2019-15979
CWE-78

CVSS Score:Base 7.2

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS).

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-comm-inject

SSH Pentesting Guide

A Comprehensive Guide to Breaking SSH.

https://community.turgensec.com/ssh-hacking-guide/

Vulnerabilidad de ejecución de código en e2fsprogs

Fecha de publicación: 08/01/2020
Importancia: 4 - Alta

Recursos afectados: 
E2fsprogs, versiones 1.43.3 - 1.45.4.

Descripción: 
La investigadora Lilith, de Cisco Talos, ha descubierto una vulnerabilidad de tipo ejecución de código en e2fsprogs, un paquete de utilidades para el mantenimiento de sistemas de ficheros ext2, ext3 y ext4.

Solución: 
Actualizar e2fsprogs a la versión 1.45.5.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-codigo-e2fsprogs

Vulnerabilidad de inyección SQL en phpMyAdmin

Fecha de publicación: 08/01/2020
Importancia: 4 - Alta

Recursos afectados: 
phpMyAdmin, rama de versiones 4.x anteriores a la 4.9.4,
phpMyAdmin versión 5.0.0.

Descripción: 
CSW Research Labs ha detectado una vulnerabilidad de criticidad alta que afecta a varias versiones de phpMyAdmin. Un atacante podría realizar una inyección SQL.

Solución: 
Versiones de la rama 4.x de phpMyAdmin:
Para las versiones 4.8 y 4.9, actualizar a la versión 4.9.4 o superior.
Para versiones anteriores, aplicar este parche de seguridad.
Versiones de la rama 5.x de phpMyAdmin, actualizar a la versión 5.0.1 o superior.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin-0

Tails 4.2 Fixes Numerous Security Flaws, Improves Direct Upgrades

The Tails Project released a new version of the security-focused Tails Linux distribution and advises users to upgrade as soon as possible to fix multiple security vulnerabilities impacting the previous Tails 4.1.1 version.

https://www.bleepingcomputer.com/news/linux/tails-42-fixes-numerous-security-flaws-improves-direct-upgrades/

Cisco Releases Security Updates

Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
Cisco Data Center Network Manager SQL Injection Vulnerabilities
Cisco Data Center Network Manager Path Traversal Vulnerabilities
Cisco Data Center Network Manager Command Injection Vulnerabilities

https://www.us-cert.gov/ncas/current-activity/2020/01/07/cisco-releases-security-updates

SNAKE Ransomware is targeting business networks

A new piece of ransomware called SNAKE appeared in threat landscape, the malware is now targeting company networks.

https://securityaffairs.co/wordpress/96137/malware/snake-ransomware.html

Múltiples vulnerabilidades en productos Juniper

Fecha de publicación: 09/01/2020
Importancia: 4 - Alta

Descripción: 
Se han publicado múltiples vulnerabilidades en productos Juniper que podrían permitir a un atacante ejecutar comandos como root, provocar la denegación del servicio, secuestrar la sesión J-Web para llevar a cabo acciones de administración o provocar el cierre inesperado y el reinicio del dispositivo.

Solución: 
Actualizar los productos afectados desde el centro de descargas de Juniper.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-juniper-6

Múltiples vulnerabilidades en productos Cisco

Fecha de publicación: 09/01/2020
Importancia: 4 - Alta

Recursos afectados: 
Cisco IOS y Cisco IOS XE, versiones anteriores a 16.1.1 con la funcionalidad HTTP Server habilitada.
Cisco Webex Video Mesh, versiones anteriores a 2019.09.19.1956m.

Descripción: 
Se han identificado dos vulnerabilidades en productos Cisco, ambas de severidad alta, que podrían permitir a un atacante remoto realizar CSRF (Cross-Site Request Forgery) o inyección de comandos en el sistema afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-59

Mozilla Patches Critical Vulnerability

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-patches-critical-vulnerability

Citrix Application Delivery Controller and Citrix Gateway Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the wild.   

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 for more information and workarounds.

https://www.us-cert.gov/ncas/current-activity/2020/01/08/citrix-application-delivery-controller-and-citrix-gateway

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72 and Firefox ESR 68.4 and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2020/01/08/mozilla-releases-security-updates-firefox-and-firefox-esr

Google Releases Security Updates for Chrome

Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2020/01/08/google-releases-security-updates-chrome

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2020/01/09/juniper-networks-releases-security-updates

Alert (AA20-010A)

Continued Exploitation of Pulse Secure VPN Vulnerability

https://www.us-cert.gov/ncas/alerts/aa20-010a

#UnderDOCS - #Enero 2020, Número 6
📌 https://underc0de.org/foro/e-zines/underdocs-enero-2020-numero-6/msg138108/#msg138108

En esta edición disfruten de:

• Criptomonedas/Blockchain
• Noticias Informáticas
• Hacking/Pentesting
• Seguridad Informática
• QA Analítica web
• Privacidad
• Off Topic

#Citrix ADC CVE-2019-19781 Exploits Released, Fix Now!

Numerous working exploits for the Citrix ADC (NetScaler) CVE-2019-19781 vulnerability are finally here and have been publicly posted in numerous locations. There is no patch available for this vulnerability, but Citrix has provided mitigations, which should be applied now!

https://www.bleepingcomputer.com/news/security/citrix-adc-cve-2019-19781-exploits-released-fix-now/

PoC Exploits Released for #Citrix ADC and Gateway RCE Vulnerability

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.

https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html

#Sodinokibi #Ransomware Publishes Stolen Data for the First Time

For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.

https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-publishes-stolen-data-for-the-first-time/

Maze #Ransomware Publishes 14GB of Stolen Southwire Files

The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand.

https://www.bleepingcomputer.com/news/security/maze-ransomware-publishes-14gb-of-stolen-southwire-files/