VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service.

https://portswigger.net/daily-swig/virustotal-debunks-claims-of-a-serious-vulnerability-in-google-owned-antivirus-service

Inyecciones de malware en el gestor de contraseñas KeePass

https://unaaldia.hispasec.com/2022/04/inyecciones-de-malware-en-el-gestor-de-contrasenas-keepass.html

Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL.

Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.

Microsoft has patched a dangerous pair of vulnerabilities in its Azure Database for PostgreSQL Flexible Server that gave attackers unauthorized cross-account access to databases in cloud hosted environments.

https://www.darkreading.com/cloud/microsoft-patches-pair-of-dangerous-vulnerabilities-in-azure-postgresql

CISCO corrige vulnerabilidades en dispositivos ASA, FTD y FMC

Fecha de publicación: 29/04/2022
Importancia: 4 - Alta

Descripción:
Cisco ha publicado varias vulnerabilidades de severidad alta de tipo denegación de servicio, desbordamiento de pila, divulgación de información, escalada de privilegios, y bypass de seguridad en la carga de archivos que afectan a dispositivos con el software ASA, FTD y FMC.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/cisco-corrige-vulnerabilidades-dispositivos-asa-ftd-y-fmc

Vulnerable plugins plague the CMS website security landscape.

https://www.zdnet.com/article/vulnerable-plugins-default-configurations-plague-the-website-security-landscape/

Atlassian: Two-week-long cloud outage impacted 775 customers.

Atlassian says that this month's two-week-long cloud outage has impacted almost double the number of customers it initially estimated after learning of the incident.

https://www.bleepingcomputer.com/news/technology/atlassian-two-week-long-cloud-outage-impacted-775-customers/

Vulnerabilidades críticas en DSM y SRM de Synology

Fecha de publicación: 03/05/2022
Importancia: 5 - Crítica

Recursos afectados:
Software para los NAS (DSM) y los rúteres (SRM):
DSM, versiones 7.1, 7.0 y 6.2;
Firmware, versión VS 2.3;
SRM, versión 1.2.

Descripción:
Synology ha publicado varias vulnerabilidades de severidad crítica que afectan al software DSM y SRM, las cuales podrían permitir a un atacante ejecutar código arbitrario u obtener información confidencial.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidades-criticas-dsm-y-srm-synology

Ejecución remota de código en switches de Aruba

Fecha de publicación: 04/05/2022
Importancia: 5 - Crítica

Descripción:
El equipo de investigación de Armis ha descubierto múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en varios dispositivos de Aruba que podría permitir a un atacante remoto la ejecución de código arbitrario en el dispositivo afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-switches-aruba

Security Advisory Description
Undisclosed requests may bypass iControl REST authentication. (CVE-2022-1388)

Impact
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

https://support.f5.com/csp/article/K23605346

K55879220: Overview of F5 vulnerabilities (May 2022)

https://support.f5.com/csp/article/K55879220

Múltiples vulnerabilidades en NFVIS de Cisco

Fecha de publicación: 05/05/2022
Importancia: 5 - Crítica

Recursos afectados:
Cisco Enterprise NFV Infrastructure Software (NFVIS), con la configuración por defecto.

Descripción:
Se han publicado 2 vulnerabilidades, una crítica y otra alta, en Cisco Enterprise NFV Infrastructure (NFVIS), que podrían permitir a un atacante pasar de la máquina virtual (VM) invitada al host, inyectar comandos como root o filtrar datos del sistema, desde el anfitrión a la máquina virtual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-nfvis-cisco

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
CVE-2022-29972

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972

May 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-May

May 2022 Microsoft Security Updates

RCE's en el reporte de mayo:

Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972

Windows LDAP Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29128
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29129
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29131
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29139

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22015

Remote Desktop Client Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017

Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019

Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270

Windows Address Book Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26926

Windows Graphics Component Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26927

Windows Network File System Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937

Microsoft SharePoint Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108

Microsoft Excel Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110

Windows Fax Service Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29115

Visual Studio Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29148
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30129

May 2022 Microsoft Security Updates
Tabla resumen.

Actualización de seguridad de SAP de mayo de 2022

Fecha de publicación: 11/05/2022
Importancia: 5 - Crítica

Recursos afectados:
SAP Business One Cloud, versión 1.1;
SAP Commerce, versiones 1905, 2005, 2105 y 2011;
SAP Customer Profitability Analytics, versión 2;
SAP Webdispatcher, versiones 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.83 y 7.85;
SAP Netweaver AS para ABAP y Java (ICM), versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, 8.04, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 y 8.04;
SAP BusinessObjects Business Intelligence Platform, versiones 420 y 430;
SAP NetWeaver Application Server para ABAP y ABAP Platform, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 y 788;
SAP Employee Self Service (Fiori My Leave Request), versión 605;
SAP Host Agent, versión 7.22.

Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-mayo-2022

Intel® NUC Firmware Advisory

Intel ID: INTEL-SA-00654
Advisory Category: Firmware
Impact of vulnerability: Escalation of Privilege
Severity rating: HIGH

Original release: 05/10/2022

Summary:
Potential security vulnerabilities in some Intel® NUCs may allow escalation of privilege.
Intel is releasing firmware updates to mitigate these potential vulnerabilities.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html

HP PC BIOS - May 2022 Security Updates

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Severity: High
HP Reference: HPSBHF03788 Rev. 2
Release date: May 10, 2022

https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788

SonicWall urges customers to fix SMA 1000 vulnerabilities.

SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products.

SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products. An attacker can exploit the vulnerabilities to bypass authorization and, potentially, compromise vulnerable devices.


https://securityaffairs.co/wordpress/131247/security/sonicwall-urges-customers-to-fix-sma-1000-vulnerabilities.html

Vulnerabilidad en el sistema operativo de los cortafuegos de Zyxel

Fecha de publicación: 16/05/2022
Importancia: 4 - Alta

Recursos afectados:
USG FLEX 100(W), 200, 500 y 700 con versiones de firmware ZLD V5.00 hasta ZLD V5.21 Patch 1.
USG FLEX 50(W) y USG20(W)-VPN con versiones de firmware ZLD V5.10 hasta ZLD V5.21 Patch 1.
ATP series con versiones de firmware ZLD V5.10 hasta ZLD V5.21 Patch 1.
VPN series con versiones de firmware ZLD V4.60 hasta ZLD V5.21 Patch 1.

Descripción:
Zyxel ha publicado el parche que soluciona una vulnerabilidad de inyección de comandos en el sistema operativo de los firewalls detallados en “Recursos afectados”.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-el-sistema-operativo-los-cortafuegos-zyxel

Apache Releases Security Advisory for Tomcat
Original release date: May 16, 2022

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/16/apache-releases-security-advisory-tomcat