Forwarded from Una al día
IDEs y herramientas de ingeniería inversa afectados por la vulnerabilidad ParseDroid
http://unaaldia.hispasec.com/2017/12/ides-y-herramientas-de-ingenieria.html
http://unaaldia.hispasec.com/2017/12/ides-y-herramientas-de-ingenieria.html
Hispasec
IDEs y herramientas de ingeniería inversa afectados por la vulnerabilidad ParseDroid
Boletín de noticias de seguridad informática unaaldia, ofrecido por Hispasec
Vulnerabilidad en Microsoft Malware Protection Engine
Fecha de publicación: 11/12/2017
Importancia: 5 - Crítica
https://www.certsi.es/alerta-temprana/avisos-seguridad/vulnerabilidad-microsoft-malware-protection-engine
Fecha de publicación: 11/12/2017
Importancia: 5 - Crítica
https://www.certsi.es/alerta-temprana/avisos-seguridad/vulnerabilidad-microsoft-malware-protection-engine
CERTSI
Vulnerabilidad en Microsoft Malware Protection Engine
Microsoft ha publicado un parche de seguridad fuera de ciclo para Microsoft Malware Protection Engine.
Las vulnerabilidades en MacOS High Sierra persisten.
http://www.seguridadapple.com/2017/12/las-vulnerabilidades-en-macos-high.html
http://www.seguridadapple.com/2017/12/las-vulnerabilidades-en-macos-high.html
Seguridadapple
Las vulnerabilidades en MacOS High Sierra persisten.
Hace escasos días Apple se vió obligado a lanzar un parche de seguridad para acabar con una vulnerabilidad bastante importante , sin emba...
Apple Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2017/12/12/Apple-Releases-Security-Updates
https://www.us-cert.gov/ncas/current-activity/2017/12/12/Apple-Releases-Security-Updates
www.us-cert.gov
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected system.Users and administrators are encouraged to review the Apple security pages…
Microsoft Releases December 2017 Security Updates
https://www.us-cert.gov/ncas/current-activity/2017/12/12/Microsoft-Releases-December-2017-Security-Updates
https://www.us-cert.gov/ncas/current-activity/2017/12/12/Microsoft-Releases-December-2017-Security-Updates
www.us-cert.gov
Microsoft Releases December 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Filtran 1.400 millones de correos y contraseñas
#contraseñas #fuga_información
http://blog.segu-info.com.ar/2017/12/filtran-1400-millones-de-correos-y.html
#contraseñas #fuga_información
http://blog.segu-info.com.ar/2017/12/filtran-1400-millones-de-correos-y.html
blog.segu-info.com.ar
Filtran 1.400 millones de correos y contraseñas
El mes pasado hablamos de una recopilación de más de 560 millones de correos y contraseñas procedentes de ataques a servicios como Spotify,...
Variation of 19-Year-Old Cryptographic Attack Affects Facebook, PayPal, Others
https://www.bleepingcomputer.com/news/security/variation-of-19-year-old-cryptographic-attack-affects-facebook-paypal-others/
https://www.bleepingcomputer.com/news/security/variation-of-19-year-old-cryptographic-attack-affects-facebook-paypal-others/
BleepingComputer
Variation of 19-Year-Old Cryptographic Attack Affects Facebook, PayPal, Others
Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.
Túneles, Port-Forwarding y Meterpreter: Salta conmigo
http://www.flu-project.com/2017/12/tuneles-port-forwarding-y-meterpreter.html
http://www.flu-project.com/2017/12/tuneles-port-forwarding-y-meterpreter.html
Flu Project
Túneles, Port-Forwarding y Meterpreter: Salta conmigo
Here's How to Enable the Built-In Windows 10 OpenSSH Client
https://www.bleepingcomputer.com/news/microsoft/heres-how-to-enable-the-built-in-windows-10-openssh-client/
https://www.bleepingcomputer.com/news/microsoft/heres-how-to-enable-the-built-in-windows-10-openssh-client/
BleepingComputer
Here's How to Enable the Built-In Windows 10 OpenSSH Client
With each new release of Windows 10, we see more and more useful tools being ported from Linux. First, we had the Windows Subsystem for Linux, which is awesome, and now we have a built-in OpenSSH client and server, which uses version 7.5p1 of OpenSSH.
Las páginas de Phishing están usando páginas con HTTPS para parecer legítimos
http://www.seguridadapple.com/2017/12/los-portales-de-phishing-estan-usando.html
http://www.seguridadapple.com/2017/12/los-portales-de-phishing-estan-usando.html
Seguridadapple
Las páginas de Phishing están usando páginas con HTTPS para parecer legítimos
Actualmente más de la mitad de sitios web usan protocolos de cifrado de Internet para mantener los datos protegidos. Esto se debe a que des...
¿Realmente es tan sencillo manipular un Whatsapp como para que no puedan ser utilizados en procedimientos judiciales?
#Forensic
https://glider.es/whatsapp-razonando-una-duda-razonable/
#Forensic
https://glider.es/whatsapp-razonando-una-duda-razonable/
GLIDER.es
Whatsapp: Razonando una duda razonable.
En este nuevo artículo de GLIDER.es os quiero hablar de algo que últimamente está siendo muy recurrente en medios de comunicación, y no es otra cosa que la posibilidad de manipular una conversación…
3 Simple, Excellent Linux Network Monitors
https://www.linux.com/learn/intro-to-linux/2017/10/3-simple-excellent-linux-network-monitors
https://www.linux.com/learn/intro-to-linux/2017/10/3-simple-excellent-linux-network-monitors
Linux.com | The source for Linux information
3 Simple, Excellent Linux Network Monitors
You can learn an amazing amount of information about your network connections with these three glorious Linux networking commands. iftop tracks network connections by process number, Nethogs quickly reveals what is hogging your bandwidth, and vnstat runs…
#Microsoft #Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".
https://nvd.nist.gov/vuln/detail/CVE-2017-11932
https://nvd.nist.gov/vuln/detail/CVE-2017-11932
Forwarded from canyoupwn.me
CVE-2017-15944: Palo Alto Networks firewalls remote root code execution
http://seclists.org/fulldisclosure/2017/Dec/38
http://seclists.org/fulldisclosure/2017/Dec/38
seclists.org
Full Disclosure: CVE-2017-15944: Palo Alto Networks firewalls remote root code
execution
execution
Avast open-sources its machine-code decompiler
https://blog.avast.com/avast-open-sources-its-machine-code-decompiler
https://blog.avast.com/avast-open-sources-its-machine-code-decompiler
Avast
Avast open-sources its machine-code decompiler
After seven years of development, Avast open-sources its machine-code decompiler for platform-independent analysis of executable files.
Qualys Security Advisory - Buffer overflow in glibc's ld.so
http://seclists.org/fulldisclosure/2017/Dec/40
http://seclists.org/fulldisclosure/2017/Dec/40
seclists.org
Full Disclosure: Qualys Security Advisory - Buffer overflow in glibc's ld.so
Extracting data from closely-protected SCADA and ICS critical networks
https://www.intelligenceonline.com/surveillance--interception/2017/12/13/extracting-data-from-closely-protected-scada-and-ics-critical-networks,108285810-art
https://www.intelligenceonline.com/surveillance--interception/2017/12/13/extracting-data-from-closely-protected-scada-and-ics-critical-networks,108285810-art
Intelligence Online
ISRAEL : Extracting data from closely-protected SCADA and ICS critical networks
A piece of malware can transform a Siemens industrial controller into a radio that transmits sensitive data from critical infrastructure.
Fuga de información en implementaciones TLS con cifrado RSA
Fecha de publicación: 13/12/2017
Importancia: 4 - Alta
https://www.certsi.es/alerta-temprana/avisos-seguridad/fuga-informacion-implementaciones-tls-cifrado-rsa
Fecha de publicación: 13/12/2017
Importancia: 4 - Alta
https://www.certsi.es/alerta-temprana/avisos-seguridad/fuga-informacion-implementaciones-tls-cifrado-rsa
CERTSI
Fuga de información en implementaciones TLS con cifrado RSA
Se ha descubierto una vulnerabilidad en implementaciones TLS con cifrado RSA que permitiría capturar y descifrar el tráfico. Este ataque es conocido como "ROBOT attack",