Implant.ARM.iLOBleed.a.

HP servers provide a management module called iLO (a.k.a. Integrated Lights-Out), which turns on as soon as the power cable is connected, loading a full-blown proprietary operating system. This module has full access to all the firmware, hardware, software, and operating system installed on the server. In addition to managing the server hardware, it allows the admin to remotely turn the server on and off, gain access to the server’s console, and even install an operating system on it.

There are numerous aspects of iLO that make it an ideal utopia for malware and APT groups: Extremely high privileges (above any level of access in the operating system), very low-level access to the hardware, being totally out of the sight of the admins, and security tools, the general lack of knowledge and tools for inspecting iLO and/or protecting it

https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/

Boletín de seguridad de Android de enero de 2022

Fecha de publicación: 05/01/2022
Importancia: 4 - Alta

Recursos afectados:
Android Open Source Project (AOSP):
Versiones 9, 10, 11 y 12.

Descripción:
El boletín mensual de Android de enero de 2022 soluciona catorce vulnerabilidades de severidad alta: once afectan al sistema y tres a componentes del kernel, que podrían permitir a un ciberatacante instalar paquetes sin el consentimiento del usuario, divulgación de información o una escalada de privilegios en el sistema.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/boletin-seguridad-android-enero-2022

Emergency Windows Server update fixes Remote Desktop issues.

https://www.bleepingcomputer.com/news/microsoft/emergency-windows-server-update-fixes-remote-desktop-issues/

Careful! Uber flaw allows anyone to send an email from uber.com.

On New Year’s Eve, Seif Elsallamy (@0x21SAFE on Twitter), a bug bounty hunter and security researcher, pointed out a phish-worthy security flaw he found on Uber’s email system. The flaw allowed anyone to send emails on behalf of Uber, meaning they would end with “@uber.com“

https://blog.malwarebytes.com/social-engineering/2022/01/careful-uber-flaw-allows-anyone-to-send-an-email-from-uber-com/

Actualización de seguridad 5.8.3 para WordPress

Fecha de publicación: 07/01/2022
Importancia: 4 - Alta

Recursos afectados:
WordPress, versiones entre la 3.7 y la 5.8.

Descripción:
Se han publicado 4 vulnerabilidades que afectan a WordPress del tipo stored XSS, Object injection y SQL injection.

Solución:
Actualizar a la versión 5.8 desde WordPress.org o desde el panel de control (Updates>Update Now).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-583-wordpress

Unauthenticated RCE in H2 Database Console is similar to Log4Shell

Jfrog researchers discovered a critical vulnerability in the H2 open-source Java SQL database related to the Log4Shell Log4J vulnerability. The flaw, tracked as CVE-2021-42392, could allow attackers to execute remote code on vulnerable systems, the good news is that unlike the Log4J issue it should not be as widespread.

https://securityaffairs.co/wordpress/126460/security/unauthenticated-rce-h2-database.html

Vulnerabilidad JNDI en la consola de la base de datos H2 (RCE sin autenticación)

creado por Vicente Motos el enero 08, 2022

https://www.hackplayers.com/2022/01/vulnerabilidad-jndi-en-la-consola-de-.html

USN-5219-1: Linux kernel vulnerability
11 JANUARY 2022

The system could be made to crash or run programs as an administrator.

Releases
Ubuntu 21.10 Ubuntu 21.04 Ubuntu 20.04 LTS

Details
It was discovered that the eBPF implementation in the Linux kernel did
not properly validate the memory size of certain ring buffer operation
arguments. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.

https://ubuntu.com/security/notices/USN-5219-1

DLA-2876-1 vim -- LTS security update

Date Reported: 10 Jan 2022
Affected Packages: vim

Description:
vim is vulnerable to Heap-based Buffer Overflow ...

CVE-2022-0158

https://www.debian.org/lts/security/2022/dla-2876

https://security-tracker.debian.org/tracker/CVE-2022-0158

Malware bancario explota la verificación de firma de Microsoft

https://unaaldia.hispasec.com/2022/01/malware-bancario-explota-la-verificacion-de-firma-de-microsoft.html

Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed

https://www.zdnet.com/article/microsoft-january-2022-patch-tuesday-six-zero-days-over-90-vulnerabilities-fixed/

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/mozilla-releases-security-updates-firefox-firefox-esr-and

SAP Releases January 2022 Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/sap-releases-january-2022-security-updates

Microsoft Releases January 2022 Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/microsoft-releases-january-2022-security-updates

Samba Releases Security Update

The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Samba Security Announcement CVE-2021-43566 and apply the necessary update.

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/samba-releases-security-update

Citrix Releases Security Update for Workspace App for Linux

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/citrix-releases-security-update-workspace-app-linux

Adobe Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/adobe-releases-security-updates-multiple-products

Múltiples vulnerabilidades en productos de TIBCO

Fecha de publicación: 12/01/2022
Importancia: 5 - Crítica

Recursos afectados:
TIBCO eFTL:
Community Edition, versión 6.7.2 y anteriores;
Developer Edition, versión 6.7.2 y anteriores;
Enterprise Edition, versión 6.7.2 y anteriores.
TIBCO FTL:
Community Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Developer Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Enterprise Edition, versión 6.7.2 y anteriores.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-3

Moodle e-learning platform patches session hijack bug that led to pre-auth RCE.

Researchers disclose second critical flaw in authentication plugin

https://portswigger.net/daily-swig/moodle-e-learning-platform-patches-session-hijack-bug-that-led-to-pre-auth-rce

Home routers with NetUSB support could have critical kernel hole.

Now that a patch has been circulated to vendors, researchers at Sentinel One have released details of a worrying bug in an IoT software driver called NetUSB.

https://nakedsecurity.sophos.com/2022/01/11/home-routers-with-netusb-support-could-have-critical-kernel-hole/

Detectadas múltiples vulnerabilidades en Microsoft Teams

https://unaaldia.hispasec.com/2022/01/detectadas-multiples-vulnerabilidades-en-microsoft-teams.html