Microsoft Releases January 2022 Security Updates
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/microsoft-releases-january-2022-security-updates
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/microsoft-releases-january-2022-security-updates
www.cisa.gov
Microsoft Releases January 2022 Security Updates | CISA
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s January…
CISA encourages users and administrators to review Microsoft’s January…
Samba Releases Security Update
The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Samba Security Announcement CVE-2021-43566 and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/samba-releases-security-update
The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Samba Security Announcement CVE-2021-43566 and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/samba-releases-security-update
www.cisa.gov
Samba Releases Security Update | CISA
The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Samba Security…
CISA encourages users and administrators to review Samba Security…
Citrix Releases Security Update for Workspace App for Linux
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/citrix-releases-security-update-workspace-app-linux
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/citrix-releases-security-update-workspace-app-linux
www.cisa.gov
Citrix Releases Security Update for Workspace App for Linux | CISA
Citrix has released a security update to address a vulnerability in Workspace App for Linux. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Citrix Security Update CTX338435 and…
CISA encourages users and administrators to review Citrix Security Update CTX338435 and…
Adobe Releases Security Updates for Multiple Products
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/adobe-releases-security-updates-multiple-products
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/adobe-releases-security-updates-multiple-products
www.cisa.gov
Adobe Releases Security Updates for Multiple Products | CISA
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Adobe…
CISA encourages users and administrators to review the following Adobe…
Múltiples vulnerabilidades en productos de TIBCO
Fecha de publicación: 12/01/2022
Importancia: 5 - Crítica
Recursos afectados:
TIBCO eFTL:
Community Edition, versión 6.7.2 y anteriores;
Developer Edition, versión 6.7.2 y anteriores;
Enterprise Edition, versión 6.7.2 y anteriores.
TIBCO FTL:
Community Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Developer Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Enterprise Edition, versión 6.7.2 y anteriores.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-3
Fecha de publicación: 12/01/2022
Importancia: 5 - Crítica
Recursos afectados:
TIBCO eFTL:
Community Edition, versión 6.7.2 y anteriores;
Developer Edition, versión 6.7.2 y anteriores;
Enterprise Edition, versión 6.7.2 y anteriores.
TIBCO FTL:
Community Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Developer Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Enterprise Edition, versión 6.7.2 y anteriores.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-3
INCIBE-CERT
Múltiples vulnerabilidades en productos de TIBCO
TIBCO ha publicado 4 vulnerabilidades, 1 de severidad crítica, 2 altas y 1 media, por las que un atacante podría obtener pleno acceso a la comunicación en un canal eFTL y a la comunicación en un
Moodle e-learning platform patches session hijack bug that led to pre-auth RCE.
Researchers disclose second critical flaw in authentication plugin
https://portswigger.net/daily-swig/moodle-e-learning-platform-patches-session-hijack-bug-that-led-to-pre-auth-rce
Researchers disclose second critical flaw in authentication plugin
https://portswigger.net/daily-swig/moodle-e-learning-platform-patches-session-hijack-bug-that-led-to-pre-auth-rce
The Daily Swig | Cybersecurity news and views
Moodle e-learning platform patches session hijack bug that led to pre-auth RCE
Researchers disclose second critical flaw in authentication plugin
Home routers with NetUSB support could have critical kernel hole.
Now that a patch has been circulated to vendors, researchers at Sentinel One have released details of a worrying bug in an IoT software driver called NetUSB.
https://nakedsecurity.sophos.com/2022/01/11/home-routers-with-netusb-support-could-have-critical-kernel-hole/
Now that a patch has been circulated to vendors, researchers at Sentinel One have released details of a worrying bug in an IoT software driver called NetUSB.
https://nakedsecurity.sophos.com/2022/01/11/home-routers-with-netusb-support-could-have-critical-kernel-hole/
Naked Security
Home routers with NetUSB support could have critical kernel hole
Got a router that supports USB access across the network? You might need a kernel update…
Forwarded from Una al día
Detectadas múltiples vulnerabilidades en Microsoft Teams
https://unaaldia.hispasec.com/2022/01/detectadas-multiples-vulnerabilidades-en-microsoft-teams.html
https://unaaldia.hispasec.com/2022/01/detectadas-multiples-vulnerabilidades-en-microsoft-teams.html
Una al Día
Detectadas múltiples vulnerabilidades en Microsoft Teams
Vulnerabilidades en la plataforma de videoconferencias de Microsoft, Microsoft Teams, dando acceso a los ciberatacantes.
Apple fixes doorLock bug that can disable iPhones and iPads
Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.
https://www.bleepingcomputer.com/news/security/apple-fixes-doorlock-bug-that-can-disable-iphones-and-ipads/
Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.
https://www.bleepingcomputer.com/news/security/apple-fixes-doorlock-bug-that-can-disable-iphones-and-ipads/
BleepingComputer
Apple fixes doorLock bug that can disable iPhones and iPads
Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.
SysJoker, a previously undetected cross-platform backdoor made the headlines
Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group.
https://securityaffairs.co/wordpress/126656/malware/sysjoker-backdoor.html
Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group.
https://securityaffairs.co/wordpress/126656/malware/sysjoker-backdoor.html
Security Affairs
SysJoker, a previously undetected cross-platform backdoor made the headlines
Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group.
New SysJoker Backdoor Targets Windows, Linux, and macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
Intezer
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. In December 2021, we discovered a new multi-platform…
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2022-21907
CVSS:3.1 9.8 / 8.5
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907
CVE-2022-21907
CVSS:3.1 9.8 / 8.5
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907
Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
Advisory ID: cisco-sa-ccmp-priv-esc-JzhTFLm4
First Published:2022 January 12 16:00 GMT
Cisco Bug IDs: CSCvz49473 CVE-2022-20658 CWE-602
CVSS Score:Base 9.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Advisory ID: cisco-sa-ccmp-priv-esc-JzhTFLm4
First Published:2022 January 12 16:00 GMT
Cisco Bug IDs: CSCvz49473 CVE-2022-20658 CWE-602
CVSS Score:Base 9.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Cisco
Cisco Security Advisory: Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation…
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges…
Juniper Networks Releases Security Updates for Multiple Products
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/13/juniper-networks-releases-security-updates-multiple-products
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/13/juniper-networks-releases-security-updates-multiple-products
www.cisa.gov
Juniper Networks Releases Security Updates for Multiple Products | CISA
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Juniper…
CISA encourages users and administrators to review the Juniper…
Citrix Hypervisor Security Update
2022-01-12 Initial Publication
What Customers Should Do
Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.2 CU1 LTSR: CTX338448 and CTX335882
Citrix Hypervisor 8.2: CTX338444 and CTX335880
Citrix XenServer 7.1 LTSR CU2: CTX335531 and CTX335881
https://support.citrix.com/article/CTX335432
2022-01-12 Initial Publication
What Customers Should Do
Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.2 CU1 LTSR: CTX338448 and CTX335882
Citrix Hypervisor 8.2: CTX338444 and CTX335880
Citrix XenServer 7.1 LTSR CU2: CTX335531 and CTX335881
https://support.citrix.com/article/CTX335432
Múltiples vulnerabilidades en IBM HTTP Server
Fecha de publicación: 13/01/2022
Importancia: 5 - Crítica
Recursos afectados:
IBM HTTP Server (utilizado por IBM WebSphere Application Server), versión 9.0
Descripción:
IBM ha publicado 2 vulnerabilidades, 1 crítica y 1 alta, que podrían permitir a un atacante enviar peticiones a un Unix Domain Socket del endpoint, la ejecución remota de código o el bloqueo de la aplicación.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-http-server
Fecha de publicación: 13/01/2022
Importancia: 5 - Crítica
Recursos afectados:
IBM HTTP Server (utilizado por IBM WebSphere Application Server), versión 9.0
Descripción:
IBM ha publicado 2 vulnerabilidades, 1 crítica y 1 alta, que podrían permitir a un atacante enviar peticiones a un Unix Domain Socket del endpoint, la ejecución remota de código o el bloqueo de la aplicación.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-http-server
www.incibe.es
Múltiples vulnerabilidades en IBM HTTP Server
IBM ha publicado 2 vulnerabilidades, 1 crítica y 1 alta, que podrían permitir a un atacante enviar pet
Security problem of zabbix-agent2
CVE-2022-22704
CVSS Score : 10.0
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Publish Date : 2022-01-06
Last Update Date : 2022-01-13
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368
CVE-2022-22704
CVSS Score : 10.0
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Publish Date : 2022-01-06
Last Update Date : 2022-01-13
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368
GitLab
Security problem of zabbix-agent2 (#13368) · Issues · alpine / aports · GitLab
There is a security problem with zabbix-agent2. zabbix-agent2-openrc package. Old zabbix_agentd works correctly under "$user" zabbix which is set by /etc/zabbix/zabbix_agentd.conf
Forwarded from Una al día
Vulnerabilidad crítica en Cisco Unified CCMP y CCDM
https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-cisco-unified-ccmp-y-ccdm.html
https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-cisco-unified-ccmp-y-ccdm.html
Una al Día
Vulnerabilidad crítica en Cisco Unified CCMP y CCDM
Cisco ha publicado un boletín de seguridad crítico para abordar una vulnerabilidad en Unified CCMP y Unified CCDM.
Windows Update
An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing.
https://twitter.com/WindowsUpdate/status/1483212333560172545?t=qdgWjT1hdxGZ332GaZQ7fw&s=19
An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing.
https://twitter.com/WindowsUpdate/status/1483212333560172545?t=qdgWjT1hdxGZ332GaZQ7fw&s=19
Twitter
Windows Update
An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing. docs.microsoft.com/en-us/windows/…
VMSA-2022-0002
CVSSv3 Range: 4.0
Issue Date: 2022-01-18
Updated On: 2022-01-18 (Initial Advisory)
CVE(s): CVE-2022-22938
Synopsis:
VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)
Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Horizon Client for Windows
https://www.vmware.com/security/advisories/VMSA-2022-0002.html
CVSSv3 Range: 4.0
Issue Date: 2022-01-18
Updated On: 2022-01-18 (Initial Advisory)
CVE(s): CVE-2022-22938
Synopsis:
VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)
Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Horizon Client for Windows
https://www.vmware.com/security/advisories/VMSA-2022-0002.html
VMware
VMSA-2022-0002
VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)
Oracle Releases January 2022 Critical Patch Update
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/oracle-releases-january-2022-critical-patch-update
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/oracle-releases-january-2022-critical-patch-update
www.cisa.gov
Oracle Releases January 2022 Critical Patch Update | CISA
Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators…
CISA encourages users and administrators…