SysAdmin 24x7

NSA, CISA release Kubernetes Hardening Guidance https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF

ROMA (Sputnik) — El mayor ataque informático en la historia italiana puso en riesgo los datos personales del presidente y primer ministro del país, así como los del 70% de los habitantes de la región de Lacio. https://mundo.sputniknews.com/20210802/italia-ante-el-peor-ciberataque-de-su-historia-1114705745.html

Public print server gives anyone Windows admin privileges https://www.bleepingcomputer.com/news/microsoft/public-print-server-gives-anyone-windows-admin-privileges/

Node.js fixes severe HTTP bug that could let attackers crash apps. [...] The fixes landed in the latest Node.js release 16.6.0 and were also backported to versions 12.22.4 (LTS) and 14.17.4 (LTS). [...] https://www.bleepingcomputer.com/news/security/nodejs-fixes-severe-http-bug-that-could-let-attackers-crash-apps/

Palo Alto Networks Discloses New Attack Surface Targeting Microsoft IIS and SQL Server at Black Hat Asia 2021. https://unit42.paloaltonetworks.com/iis-and-sql-server/

Linux eBPF bug gets root privileges on Ubuntu - Exploit released. https://www.bleepingcomputer.com/news/security/linux-ebpf-bug-gets-root-privileges-on-ubuntu-exploit-released/

Cisco researchers spotlight Solarmarker malware. https://blog.talosintelligence.com/2021/07/threat-spotlight-solarmarker.html

Vulnerabilidad de deserialización insegura en IBM Partner Engagement Manager Fecha de publicación: 30/07/2021 Importancia: 5 - Crítica Recursos afectados: Partner Engagement Manager, versión 2.0. Descripción: El investigador theloshackers ha reportado a IBM una vulnerabilidad, de severidad crítica, que podría permitir a un atacante remoto ejecutar código arbitrario en el sistema. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-deserializacion-insegura-ibm-partner-engagement

Feliz SysAdminDay a tod@s 30 de julio de 2021

Critical flaw in Microsoft Hyper-V could allow RCE and DoS Experts disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow executing arbitrary code on it. Researchers Peleg Hadar of SafeBreach and Ophir Harpaz of Guardicore disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow triggering a DoS condition ot executing arbitrary code on it. https://securityaffairs.co/wordpress/120654/hacking/critical-microsoft-hyper-v-bug.html

ICS Advisory (ICSA-21-208-03) Geutebrück G-Cam E2 and G-Code 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Geutebrück Equipment: G-Cam E2 and G-Code Vulnerabilities: Missing Authentication for Critical Function, Command Injection, Stack-based Buffer Overflow 2. RISK EVALUATION UDP Technology supplies multiple OEMs such as Geutebrück with firmware for IP cameras. Successful exploitation of these vulnerabilities could allow unauthenticated access to sensitive information; buffer overflow and command injection conditions may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Geutebrück devices contain the affected third-party firmware provided by UDP Technology: E2 Series cameras – G-CAM; Versions 1.12.0.27 and prior, Versions 1.12.13.2 and 1.12.14.5 EBC-21xx EFD-22xx ETHC-22xx EWPC-22xx Encoder G-Code; Versions 1.12.0.27 and prior, Versions 1.12.13.2 and 1.12.14.5 EEC-2xx EEN-20xx https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03

New Android Malware Uses VNC to Spy and Steal Passwords from Victims https://thehackernews.com/2021/07/new-android-malware-uses-vnc-to-spy-and.html

Apple fixes zero-day affecting iPhones and Macs, exploited in the wild. https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-affecting-iphones-and-macs-exploited-in-the-wild/

Google revamps bug bounty program. https://www.theregister.com/2021/07/28/google_revamps_vulnerability_reward_program

Apple Releases Security Updates https://us-cert.cisa.gov/ncas/current-activity/2021/07/27/apple-releases-security-updates

KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429

Windows “PetitPotam” network attack – how to protect against it https://nakedsecurity.sophos.com/2021/07/26/windows-petitpotam-network-attack-how-to-protect-against-it/

CVE-2021-33909 Statement Any Red Hat product which relies on the Red Hat Enterprise Linux kernel is also potentially impacted. This includes layered products such as OpenShift Container Platform, OpenStack, Red Hat Virtualization, and others. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible. https://access.redhat.com/security/cve/cve-2021-33909

Windows Elevation of Privilege Vulnerability CVE-2021-36934 Released: Jul 20, 2021 Last updated: Jul 23, 2021 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) ADV210003 Released: Jul 23, 2021 https://msrc.microsoft.com/update-guide/vulnerability/ADV210003