Omisión de autenticación en productos ManageEngine

Fecha de publicación: 19/08/2022
Identificador: INCIBE-2022-0889
Importancia: 5 - Crítica

Descripción:
Se ha identificado una vulnerabilidad crítica en varios productos de ManageEngine que podría permitir a un atacante omitir el proceso de autenticación y acceder a API externas.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-manageengine

Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2022-35820

Security Vulnerability
Released: Aug 9, 2022 Last updated: Aug 19, 2022

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35820

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional detection signatures.

CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations.

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-updates-advisory-threat-actors-exploiting-multiple-cves

Ejecución remota de comandos en productos GitLab

Fecha de publicación: 23/08/2022
Identificador: INCIBE-2022-0891
Importancia: 5 - Crítica

Recursos afectados:
GitLab Community Edition (CE) y Enterprise Edition (EE), versiones anteriores a la 15.3.1, 15.2.3 y 15.1.5.

Descripción:
GitLab ha lanzado nuevas versiones que corrigen vulnerabilidades que podrían permitir a un atacante la ejecución remota de comandos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-comandos-productos-gitlab

VMSA-2022-0024

CVSSv3 Range: 7.0
Issue Date: 2022-08-23
CVE(s): CVE-2022-31676

Synopsis:
VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)

Impacted Products
VMware Tools

https://www.vmware.com/security/advisories/VMSA-2022-0024.html

Cisco Releases Security Updates for Multiple Products

Original release date: August 25, 2022

Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the advisories for ACI Multi-Site Orchestrator, FXOS, and NX-OS and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/25/cisco-releases-security-updates-multiple-products

Notice of Recent Security Incident

To All LastPass Customers,

I want to inform you of a development that we feel is important for us to share with our LastPass business and consumer community.
[...]
FAQs
1. Has my Master password or the Master Password of my users been compromised?
No. This incident did not compromise your Master Password. We never store or have knowledge of your Master Password. We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. You can read about the technical implementation of Zero Knowledge here.

https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/

Bitbucket Server and Data Center - Command injection vulnerability - CVE-2022-36804

There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request.

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html

Twilio breach let hackers gain access to Authy 2FA accounts.

Twilio’s investigation into the attack on August 4 reveals that hackers gained access to some Authy user accounts and registered unauthorized devices.

https://www.bleepingcomputer.com/news/security/twilio-breach-let-hackers-gain-access-to-authy-2fa-accounts/

Múltiples vulnerabilidades en GitLab

Fecha de publicación: 31/08/2022
Identificador: INCIBE-2022-0904
Importancia: 5 - Crítica

Recursos afectados:
GitLab CE/EE, versiones anteriores a 15.3.2, 15.2.4 y 15.1.6.

Descripción:
GitLab ha publicado 15 vulnerabilidades: 1 de severidad crítica, 2 de severidad alta, 10 de severidad media y 2 de severidad baja, por las que un atacante podría ejecutar comandos de forma remota o una vulnerabilidad tipo Stored Cross-Site Scripting (persistent XSS), divulgar información o causar una denegación de servicio entre otros.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-2

Actualización de seguridad 6.0.2 para WordPress

Fecha de publicación: 31/08/2022
Identificador: INCIBE-2022-0905
Importancia: 4 - Alta

Recursos afectados:
WordPress, versiones anteriores a 6.0.2.

Descripción:
Se ha publicado la última versión de WordPress, que contiene 3 correcciones de seguridad.

Solución:
Actualizar a la versión 6.0.2 desde WordPress.org o desde el panel de control (Updates > Update Now).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-602-wordpress

URGENT! Apple slips out zero-day update for older iPhones and iPads

https://nakedsecurity.sophos.com/2022/08/31/urgent-apple-quietly-slips-out-zero-day-update-for-older-iphones/

Apple Releases Security Updates for Multiple Products

Original release date: September 01, 2022

Apple has released security updates to address a vulnerability (CVE-2022-32893) in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Exploitation of this vulnerability could allow an attacker to take control of affected device.

CISA encourages users and administrators to review Apple’s advisory HT213428 and apply necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/01/apple-releases-security-updates-multiple-products

https://support.apple.com/en-us/HT213428

Privilege escalation in HP Support Assistant

Severity High
HP Reference HPSBHF03809 Rev. 1
Release date September 6, 2022
Category PC
Potential Security Impact Privilege escalation

Affected products
Identify the following affected products.
HP Support Assistant versions earlier than 9.11.
Fusion versions earlier than 1.38.2601.0.

https://support.hp.com/us-en/document/ish_6788123-6788147-16/hpsbhf03809

Cisco Releases Security Updates for Multiple Products

Original release date: September 08, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services cisco-sa-vmanage-msg-serv-AqTup7vs

• Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022 cisco-sa-mlx5-jbPCrqD8

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/08/cisco-releases-security-updates-multiple-products

Ataque de cifrado de datos en sistemas Windows con BitLocker

https://unaaldia.hispasec.com/2022/09/ataque-de-cifrado-de-datos-en-sistemas-windows-con-bitlocker.html

Vulnerability in Xalan-J could allow arbitrary code execution.

Open source project is used by various SAML implementations

A vulnerability in Xalan-J, an Apache project used by multiple SAML implementations, could allow arbitrary code execution, researchers warn.

https://portswigger.net/daily-swig/vulnerability-in-xalan-j-could-allow-arbitrary-code-execution

Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws


18 Elevation of Privilege Vulnerabilities
1 Security Feature Bypass Vulnerabilities
30 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
16 Edge - Chromium Vulnerabilities

https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2022-patch-tuesday-fixes-zero-day-used-in-attacks-63-flaws/

September 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

PsExec nueva implementación sobre el puerto 135

https://unaaldia.hispasec.com/2022/09/psexec-nueva-implementacion-sobre-el-puerto-135.html

Múltiples vulnerabilidades en HPE SAN Switches con Brocade FOS

Fecha de publicación: 20/09/2022
Identificador: INCIBE-2022-0926
Importancia: 5 - Crítica

Recursos afectados:
HPE SAN Switches con las siguientes versiones de Brocade Fabric OS (FOS):
9.1 anteriores a 9.1.1;
9.0 anteriores a 9.0.1e;
8.2 anteriores a 8.2.3c;
7.4 anteriores a 7.4.2j.

Descripción:
Se han identificado 28 vulnerabilidades en productos HPE SAN Switches con Brocade FOS, 7 con severidad crítica, 11 altas, 9 medias y 1 baja.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-hpe-san-switches-brocade-fos