Múltiples vulnerabilidades en productos de TIBCO
Fecha de publicación: 12/01/2022
Importancia: 5 - Crítica
Recursos afectados:
TIBCO eFTL:
Community Edition, versión 6.7.2 y anteriores;
Developer Edition, versión 6.7.2 y anteriores;
Enterprise Edition, versión 6.7.2 y anteriores.
TIBCO FTL:
Community Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Developer Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Enterprise Edition, versión 6.7.2 y anteriores.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-3
Fecha de publicación: 12/01/2022
Importancia: 5 - Crítica
Recursos afectados:
TIBCO eFTL:
Community Edition, versión 6.7.2 y anteriores;
Developer Edition, versión 6.7.2 y anteriores;
Enterprise Edition, versión 6.7.2 y anteriores.
TIBCO FTL:
Community Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Developer Edition, versión 6.7.2 y anteriores;
TIBCO FTL - Enterprise Edition, versión 6.7.2 y anteriores.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-tibco-3
INCIBE-CERT
Múltiples vulnerabilidades en productos de TIBCO
TIBCO ha publicado 4 vulnerabilidades, 1 de severidad crítica, 2 altas y 1 media, por las que un atacante podría obtener pleno acceso a la comunicación en un canal eFTL y a la comunicación en un
Moodle e-learning platform patches session hijack bug that led to pre-auth RCE.
Researchers disclose second critical flaw in authentication plugin
https://portswigger.net/daily-swig/moodle-e-learning-platform-patches-session-hijack-bug-that-led-to-pre-auth-rce
Researchers disclose second critical flaw in authentication plugin
https://portswigger.net/daily-swig/moodle-e-learning-platform-patches-session-hijack-bug-that-led-to-pre-auth-rce
The Daily Swig | Cybersecurity news and views
Moodle e-learning platform patches session hijack bug that led to pre-auth RCE
Researchers disclose second critical flaw in authentication plugin
Home routers with NetUSB support could have critical kernel hole.
Now that a patch has been circulated to vendors, researchers at Sentinel One have released details of a worrying bug in an IoT software driver called NetUSB.
https://nakedsecurity.sophos.com/2022/01/11/home-routers-with-netusb-support-could-have-critical-kernel-hole/
Now that a patch has been circulated to vendors, researchers at Sentinel One have released details of a worrying bug in an IoT software driver called NetUSB.
https://nakedsecurity.sophos.com/2022/01/11/home-routers-with-netusb-support-could-have-critical-kernel-hole/
Naked Security
Home routers with NetUSB support could have critical kernel hole
Got a router that supports USB access across the network? You might need a kernel update…
Forwarded from Una al día
Detectadas múltiples vulnerabilidades en Microsoft Teams
https://unaaldia.hispasec.com/2022/01/detectadas-multiples-vulnerabilidades-en-microsoft-teams.html
https://unaaldia.hispasec.com/2022/01/detectadas-multiples-vulnerabilidades-en-microsoft-teams.html
Una al Día
Detectadas múltiples vulnerabilidades en Microsoft Teams
Vulnerabilidades en la plataforma de videoconferencias de Microsoft, Microsoft Teams, dando acceso a los ciberatacantes.
Apple fixes doorLock bug that can disable iPhones and iPads
Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.
https://www.bleepingcomputer.com/news/security/apple-fixes-doorlock-bug-that-can-disable-iphones-and-ipads/
Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.
https://www.bleepingcomputer.com/news/security/apple-fixes-doorlock-bug-that-can-disable-iphones-and-ipads/
BleepingComputer
Apple fixes doorLock bug that can disable iPhones and iPads
Apple has released security updates to address a persistent denial of service (DoS) dubbed doorLock that would altogether disable iPhones and iPads running HomeKit on iOS 14.7 and later.
SysJoker, a previously undetected cross-platform backdoor made the headlines
Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group.
https://securityaffairs.co/wordpress/126656/malware/sysjoker-backdoor.html
Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group.
https://securityaffairs.co/wordpress/126656/malware/sysjoker-backdoor.html
Security Affairs
SysJoker, a previously undetected cross-platform backdoor made the headlines
Security researchers found a new cross-platform backdoor, dubbed SysJoker, the is suspected to be the work of an APT group.
New SysJoker Backdoor Targets Windows, Linux, and macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
Intezer
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. In December 2021, we discovered a new multi-platform…
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2022-21907
CVSS:3.1 9.8 / 8.5
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907
CVE-2022-21907
CVSS:3.1 9.8 / 8.5
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907
Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability
Advisory ID: cisco-sa-ccmp-priv-esc-JzhTFLm4
First Published:2022 January 12 16:00 GMT
Cisco Bug IDs: CSCvz49473 CVE-2022-20658 CWE-602
CVSS Score:Base 9.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Advisory ID: cisco-sa-ccmp-priv-esc-JzhTFLm4
First Published:2022 January 12 16:00 GMT
Cisco Bug IDs: CSCvz49473 CVE-2022-20658 CWE-602
CVSS Score:Base 9.6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Cisco
Cisco Security Advisory: Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation…
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges…
Juniper Networks Releases Security Updates for Multiple Products
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/13/juniper-networks-releases-security-updates-multiple-products
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/13/juniper-networks-releases-security-updates-multiple-products
www.cisa.gov
Juniper Networks Releases Security Updates for Multiple Products | CISA
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Juniper…
CISA encourages users and administrators to review the Juniper…
Citrix Hypervisor Security Update
2022-01-12 Initial Publication
What Customers Should Do
Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.2 CU1 LTSR: CTX338448 and CTX335882
Citrix Hypervisor 8.2: CTX338444 and CTX335880
Citrix XenServer 7.1 LTSR CU2: CTX335531 and CTX335881
https://support.citrix.com/article/CTX335432
2022-01-12 Initial Publication
What Customers Should Do
Citrix has released hotfixes to address these issues. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.2 CU1 LTSR: CTX338448 and CTX335882
Citrix Hypervisor 8.2: CTX338444 and CTX335880
Citrix XenServer 7.1 LTSR CU2: CTX335531 and CTX335881
https://support.citrix.com/article/CTX335432
Múltiples vulnerabilidades en IBM HTTP Server
Fecha de publicación: 13/01/2022
Importancia: 5 - Crítica
Recursos afectados:
IBM HTTP Server (utilizado por IBM WebSphere Application Server), versión 9.0
Descripción:
IBM ha publicado 2 vulnerabilidades, 1 crítica y 1 alta, que podrían permitir a un atacante enviar peticiones a un Unix Domain Socket del endpoint, la ejecución remota de código o el bloqueo de la aplicación.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-http-server
Fecha de publicación: 13/01/2022
Importancia: 5 - Crítica
Recursos afectados:
IBM HTTP Server (utilizado por IBM WebSphere Application Server), versión 9.0
Descripción:
IBM ha publicado 2 vulnerabilidades, 1 crítica y 1 alta, que podrían permitir a un atacante enviar peticiones a un Unix Domain Socket del endpoint, la ejecución remota de código o el bloqueo de la aplicación.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-http-server
www.incibe.es
Múltiples vulnerabilidades en IBM HTTP Server
IBM ha publicado 2 vulnerabilidades, 1 crítica y 1 alta, que podrían permitir a un atacante enviar pet
Security problem of zabbix-agent2
CVE-2022-22704
CVSS Score : 10.0
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Publish Date : 2022-01-06
Last Update Date : 2022-01-13
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368
CVE-2022-22704
CVSS Score : 10.0
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Publish Date : 2022-01-06
Last Update Date : 2022-01-13
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368
GitLab
Security problem of zabbix-agent2 (#13368) · Issues · alpine / aports · GitLab
There is a security problem with zabbix-agent2. zabbix-agent2-openrc package. Old zabbix_agentd works correctly under "$user" zabbix which is set by /etc/zabbix/zabbix_agentd.conf
Forwarded from Una al día
Vulnerabilidad crítica en Cisco Unified CCMP y CCDM
https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-cisco-unified-ccmp-y-ccdm.html
https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-cisco-unified-ccmp-y-ccdm.html
Una al Día
Vulnerabilidad crítica en Cisco Unified CCMP y CCDM
Cisco ha publicado un boletín de seguridad crítico para abordar una vulnerabilidad en Unified CCMP y Unified CCDM.
Windows Update
An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing.
https://twitter.com/WindowsUpdate/status/1483212333560172545?t=qdgWjT1hdxGZ332GaZQ7fw&s=19
An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing.
https://twitter.com/WindowsUpdate/status/1483212333560172545?t=qdgWjT1hdxGZ332GaZQ7fw&s=19
Twitter
Windows Update
An out-of-band update has been released to address issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machine start failures, and ReFS-formatted removeable media failing. docs.microsoft.com/en-us/windows/…
VMSA-2022-0002
CVSSv3 Range: 4.0
Issue Date: 2022-01-18
Updated On: 2022-01-18 (Initial Advisory)
CVE(s): CVE-2022-22938
Synopsis:
VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)
Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Horizon Client for Windows
https://www.vmware.com/security/advisories/VMSA-2022-0002.html
CVSSv3 Range: 4.0
Issue Date: 2022-01-18
Updated On: 2022-01-18 (Initial Advisory)
CVE(s): CVE-2022-22938
Synopsis:
VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)
Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Horizon Client for Windows
https://www.vmware.com/security/advisories/VMSA-2022-0002.html
VMware
VMSA-2022-0002
VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)
Oracle Releases January 2022 Critical Patch Update
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/oracle-releases-january-2022-critical-patch-update
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/oracle-releases-january-2022-critical-patch-update
www.cisa.gov
Oracle Releases January 2022 Critical Patch Update | CISA
Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators…
CISA encourages users and administrators…
Emotet often uses information from emails and address books stolen from infected Windows hosts. Malicious spam (malspam) from Emotet spoofs legitimate senders to trick potential victims into running malicious files.
Additionally, Emotet uses IP address 0.0.0.0 in spambot traffic, possibly attempting to hide the actual IP address of an Emotet-infected host.
https://isc.sans.edu/diary/0.0.0.0+in+Emotet+Spambot+Traffic/28254
Additionally, Emotet uses IP address 0.0.0.0 in spambot traffic, possibly attempting to hide the actual IP address of an Emotet-infected host.
https://isc.sans.edu/diary/0.0.0.0+in+Emotet+Spambot+Traffic/28254
SANS Internet Storm Center
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Internet Storm Center Diary 2023-06-01, Author: Johannes Ullrich
EU wants to build its own DNS infrastructure with built-in filtering capabilities
https://therecord.media/eu-wants-to-build-its-own-dns-infrastructure-with-built-in-filtering-capabilities/
https://therecord.media/eu-wants-to-build-its-own-dns-infrastructure-with-built-in-filtering-capabilities/
The Record
EU wants to build its own DNS infrastructure with built-in filtering capabilities
The European Union is interested in building its own recursive DNS service that will be made available to EU institutions and the general public for free.
VMSA-2021-0028.9
CVSSv3 Range:9.0-10.0
Issue Date:2021-12-10
Updated On:2022-01-19
CVE(s): CVE-2021-44228, CVE-2021-45046
Synopsis:
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
CVSSv3 Range:9.0-10.0
Issue Date:2021-12-10
Updated On:2022-01-19
CVE(s): CVE-2021-44228, CVE-2021-45046
Synopsis:
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
Microsoft News
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks.