SysAdmin 24x7
@sysadmin24x7
4.34K subscribers
41 photos
2 videos
8 files
6.03K links
Noticias y alertas de seguridad informática.
Chat y contacto:
t.me/sysadmin24x7chat
Download Telegram
About
Blog
Apps
Platform
Join
SysAdmin 24x7
4.34K subscribers
SysAdmin 24x7
GNU Mailutils: unexpected processsing of escape sequences — GLSA 202310-13

https://security.gentoo.org/glsa/202310-13
security.gentoo.org
GNU Mailutils: unexpected processsing of escape sequences (GLSA 202310-13) — Gentoo security
A vulnerability has been discovered in Mailutils where escape sequences are processed in a context where this may lead to RCE.
929 views
SysAdmin 24x7
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

Description of Problem
Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
930 views
SysAdmin 24x7
Oracle Releases October 2023

Critical Patch Update Advisory
Release DateOctober 19, 2023

Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

https://www.cisa.gov/news-events/alerts/2023/10/19/oracle-releases-october-2023-critical-patch-update-advisory
772 views
SysAdmin 24x7
VMSA-2023-0021

CVSSv3 Range: 8.1
Issue Date: 2023-10-19
CVE(s): CVE-2023-34051, CVE-2023-34052

Synopsis:
VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052)

Impacted Products
Aria Operations for Logs

Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2023-0021.html
780 views
SysAdmin 24x7
VMSA-2023-0022

CVSSv3 Range: 6.6-7.1
Issue Date: 2023-10-19
CVE(s): CVE-2023-34044, CVE-2023-34045, CVE-2023-34046

Synopsis:
VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)

Impacted Products
VMware Workstation Pro / Player (Workstation)
VMware Fusion

Introduction
Multiple security vulnerabilities in VMware Workstation and Fusion were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2023-0022.html
833 views
SysAdmin 24x7
Critical RCE flaws found in SolarWinds access audit solution

Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.

https://www.bleepingcomputer.com/news/security/critical-rce-flaws-found-in-solarwinds-access-audit-solution/
BleepingComputer
Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
761 views
SysAdmin 24x7
THREAT ACTORS BREACHED OKTA SUPPORT SYSTEM AND STOLE CUSTOMERS’ DATA

Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks.
Okta says that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valide users.

Okta asks customers to upload an HTTP Archive (HAR) file in order to support them in solving their problems and replicating browser activity. HAR files can also contain sensitive data, including authentication information.

https://securityaffairs.com/152803/data-breach/okta-support-system-breached.html
Security Affairs
Threat actors breached Okta support system and stole customers’ data
Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks.
887 views
SysAdmin 24x7
SysAdmin 24x7
VMSA-2023-0021 CVSSv3 Range: 8.1 Issue Date: 2023-10-19 CVE(s): CVE-2023-34051, CVE-2023-34052 Synopsis: VMware Aria Operations for Logs updates address multiple vulnerabilities. (CVE-2023-34051, CVE-2023-34052) Impacted Products Aria Operations for Logs…
👆🏼Updated On: 2023-10-23

https://www.vmware.com/security/advisories/VMSA-2023-0021.html
801 views
SysAdmin 24x7
1Password discloses security incident linked to Okta breach

1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant.

"We detected suspicious activity on our Okta instance related to their Support System incident. After a thorough investigation, we concluded that no 1Password user data was accessed," reads a very brief security incident notification from 1Password CTO Pedro Canahuati.

"On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps."

https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/

https://blog.1password.com/okta-incident/
BleepingComputer
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant.
916 views
SysAdmin 24x7
VMSA-2023-0023

CVSSv3 Range: 4.3-9.8
Issue Date: 2023-10-25
CVE(s): CVE-2023-34048, CVE-2023-34056

Synopsis:
VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056)

Impacted Products
VMware vCenter Server
VMware Cloud Foundation

Introduction
An out-of-bounds write (CVE-2023-34048) and a partial information disclosure (CVE-2023-34056) in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2023-0023.html
803 views
SysAdmin 24x7
SysAdmin 24x7
VMSA-2023-0023 CVSSv3 Range: 4.3-9.8 Issue Date: 2023-10-25 CVE(s): CVE-2023-34048, CVE-2023-34056 Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities (CVE-2023-34048, CVE-2023-34056) Impacted Products…
👆🏼⚠️VMware addressed critical vCenter flaw also for End-of-Life products

VMware vCenter Server 6.7U3t
Release Date 2023-10-24

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VC67U3T&productId=742&rPId=112241

VMware vCenter Server 6.5U3v
Release Date 2023-10-24

https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VC65U3V&productId=614&rPId=111937

Applying vCenter Server 6.7 Update 3t patch on VMware Cloud Foundation for VCF 3.x releases. (95194)
Last Updated: 25/10/2023

https://kb.vmware.com/s/article/95194
873 views
SysAdmin 24x7
Múltiples vulnerabilidades en Squid

Fecha 26/10/2023
Importancia 5 - Crítica

Recursos Afectados
Squid, versiones anteriores a 6.4.

Descripción
Varios investigadores han detectado y reportado varias vulnerabilidades de severidad crítica que afectan a Squid, cuya explotación podría permitir a un atacante realizar DoS o contrabando de peticiones ( request smuggling) HTTP.

Solución
Actualizar Squid a la versión 6.4.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-squid
www.incibe.es
Múltiples vulnerabilidades en Squid
Varios investigadores han detectado y reportado varias vulnerabilidades de severidad crítica que afect
827 views
SysAdmin 24x7
Apple Releases Security Advisories for Multiple Products

Release DateOctober 26, 2023

iOS 17.1 and iPadOS 17.1
iOS 16.7.2 and iPadOS 16.7.2
iOS 15.8 and iPadOS 15.8
macOS Sonoma 14.1
macOS Ventura 13.6.1
macOS Monterey 12.7.1
tvOS 17.1
watchOS 10.1
Safari 17.1

https://www.cisa.gov/news-events/alerts/2023/10/26/apple-releases-security-advisories-multiple-products
797 views
SysAdmin 24x7
NextGen Mirth Connect Remote Code Execution Vulnerability (CVE-2023-43208)

Summary

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

https://www.horizon3.ai/nextgen-mirth-connect-remote-code-execution-vulnerability-cve-2023-43208/
Horizon3.ai
NextGen Mirth Connect Remote Code Execution Vulnerability (CVE-2023-43208)
Mirth Connect, by NextGen HealthCare, versions prior to 4.4.1 are vulnerable to an unauthenticated RCE vulnerability, CVE-2023-43208.
911 views
SysAdmin 24x7
VMSA-2023-0024

CVSSv3 Range: 7.5 - 7.8
Issue Date: 2023-10-26
CVE(s): CVE-2023-34057, CVE-2023-34058

Synopsis:
VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities (CVE-2023-34057, CVE-2023-34058)

Impacted Products
VMware Tools

Introduction
Multiple vulnerabilities in VMware Tools were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2023-0024.html
998 views
SysAdmin 24x7
Múltiples vulnerabilidades en productos F5

Fecha 30/10/2023
Importancia 5 - Crítica

Recursos Afectados
BIG-IP (todos los módulos), versiones:
17.1.0;
desde 16.1.0 hasta 16.1.4;
desde 15.1.0 hasta 15.1.10;
desde 14.1.0 hasta 14.1.5;
desde 13.1.0 hasta 13.1.5.
BIG-IP Next (todos los módulos), versión 20.0.1.
BIG-IP Next SPK, versiones desde 1.5.0 hasta 1.8.2.
BIG-IP Next CNF, versiones desde 1.1.0 hasta 1.1.1.

Descripción
F5 ha publicado un aviso de seguridad que contiene información de 2 vulnerabilidades, una crítica y otra alta, cuya explotación podría permitir a un atacante realizar acciones, tales como una ejecución remota de código o una inyección SQL.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-f5-0
www.incibe.es
Múltiples vulnerabilidades en productos F5
F5 ha publicado un aviso de seguridad que contiene información de 2 vulnerabilidades, una crítica y ot
820 views
SysAdmin 24x7
VMSA-2023-0025

CVSSv3 Range:8.8
Issue Date:2023-10-31
CVE(s):CVE-2023-20886

Synopsis:VMware Workspace ONE UEM console updates address an open redirect vulnerability (CVE-2023-20886)

Impacted Products
VMware Workspace ONE UEM console

Introduction
An open redirect vulnerability in VMware Workspace ONE UEM console was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2023-0025.html
753 views
SysAdmin 24x7
Server-Side Request Forgery en productos Sage

Fecha 31/10/2023
Importancia 4 - Alta

Recursos Afectados
XRT Business Exchange DMZ y Proxy Tools, versiones 14.0.2.2259 y anteriores.

Descripción
INCIBE ha coordinado la publicación de 1 vulnerabilidad que afecta a Sage XRT Business Exchange DMZ y Proxy Tools, una solución para el intercambio de datos financieros intragrupo y con las entidades financieras, la cual ha sido descubierta por Rafael Pedrero.

Solución
La vulnerabilidad ha sido solucionada por el equipo de Sage. Se recomienda a los clientes afectados actualizar a la última versión de software disponible.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/server-side-request-forgery-en-productos-sage
www.incibe.es
Server-Side Request Forgery en productos Sage
INCIBE ha coordinado la publicación de 1 vulnerabilidad que afecta a Sage XRT Business Exchange DMZ y
703 views
SysAdmin 24x7
Autorización incorrecta en Confluence Data Center y Confluence Server de Atlassian

Fecha 31/10/2023
Importancia 5 - Crítica

Recursos Afectados
Todas las versiones de Confluence Data Center y Server.

Descripción
Atlassian ha informado de una vulnerabilidad de severidad crítica que podría ser explotada por un atacante y provocar una perdida significativa de datos.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/autorizacion-incorrecta-en-confluence-data-center-y-confluence-server-de
www.incibe.es
[Actualización 08/11/2023] Autorización incorrecta en Confluence Data Center y Confluence Server de Atlassian
Atlassian ha informado de una vulnerabilidad de severidad crítica que podría ser explotada por un atac
801 views
SysAdmin 24x7
Inyección de comandos en Cisco Firepower Management Center

Fecha 02/11/2023
Importancia 5 - Crítica

Recursos Afectados
Esta vulnerabilidad afecta a los productos Cisco que ejecuten una versión vulnerable del software Cisco FMC.

Descripción
Javier Ortega Palacios, investigador de Cisco, ha detectado una vulnerabilidad crítica durante unas pruebas internas de seguridad. La explotación de esta vulnerabilidad podría permitir a un atacante, remoto y autenticado, ejecutar comandos de configuración no autorizados en el dispositivo FTD (Firepower Threat Defense) que es gestionado por FMC (Firepower Management Center).

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/inyeccion-de-comandos-en-cisco-firepower-management-center
www.incibe.es
Inyección de comandos en Cisco Firepower Management Center
Javier Ortega Palacios, investigador de Cisco, ha detectado una vulnerabilidad crítica durante unas pr
783 views
SysAdmin 24x7
Ejecución remota de código en ActiveMQ de Apache

Fecha 02/11/2023
Importancia 5 - Crítica

Recursos Afectados
Apache ActiveMQ 5.18.0 anterior a 5.18.3;
Apache ActiveMQ 5.17.0 anterior a 5.17.6;
Apache ActiveMQ 5.16.0 anterior a 5.16.7;
Apache ActiveMQ antes del 5.15.16;
Módulo Apache ActiveMQ Legacy OpenWire 5.18.0 anterior a 5.18.3;
Módulo Apache ActiveMQ Legacy OpenWire 5.17.0 anterior a 5.17.6;
Módulo Apache ActiveMQ Legacy OpenWire 5.16.0 anterior a 5.16.7;
Módulo Apache ActiveMQ Legacy OpenWire 5.8.0 anterior a 5.15.16;

Descripción
Rapid7 Managed Detección y Respuesta (MDR) ha identificado una explotación sospechosa de una vulnerabilidad crítica en Apache ActiveMQ que podría permitir a un atacante remoto, con acceso a la red, ejecutar comandos de shell arbitrarios.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-remota-de-codigo-en-activemq-de-apache
www.incibe.es
Ejecución remota de código en ActiveMQ de Apache
Rapid7 Managed Detección y Respuesta (MDR) ha identificado una explotación sospechosa de una vulnerabi
928 views