SysAdmin 24x7

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service. https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/

Múltiples vulnerabilidades en productos de Asterisk Fecha de publicación: 07/03/2022 Importancia: 5 - Crítica Recursos afectados: Asterisk Open Source: versiones 16.x; versiones 18.x; versiones 19.x. Certified Asterisk: versiones 16.x. Descripción: Asterisk ha publicado 3 vulnerabilidades: 2 de severidad crítica y 1 media, por las que un atacante podría ejecutar código arbitrario o realizar una denegación de servicio o un acceso a la memoria fuera de límites. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-asterisk

Malware now using stolen NVIDIA code signing certificates Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data. The extortion group, known as Lapsus$, states that they stole 1TB of data during the attack and began leaking the data online https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/

New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape? CVE-2022-0492 Public on 7 de febrero de 2022 https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/

Avast released a free decryptor for the HermeticRansom that hit Ukraine. https://securityaffairs.co/wordpress/128652/breaking-news/free-decryptor-hermeticransom-ukraine.html

Hackers leak 190GB of alleged Samsung data, source code. https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/

Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes. https://www.ghacks.net/2022/03/05/firefox-97-0-2-and-firefox-esr-91-6-1-are-out-with-critical-security-fixes/

Remote code execution vulnerability uncovered in Hashnode blogging platform. A local file coding error could be exploited to trigger RCE https://portswigger.net/daily-swig/remote-code-execution-vulnerability-uncovered-in-hashnode-blogging-platform

Ukrainian WordPress sites under massive complex attacks. Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. https://securityaffairs.co/wordpress/128613/cyber-warfare-2/ukrainian-wordpress-sites-attacks.html

Múltiples vulnerabilidades en librería PJSIP de Teluu Fecha de publicación: 03/03/2022 Importancia: 4 - Alta Recursos afectados: Cualquier proyecto que utilice la librería PJSIP, con versiones anteriores a la 2.12, y pase argumentos controlados por el atacante a cualquiera de las siguientes API: pjsua_player_create – filename, pjsua_recorder_create – filename, pjsua_playlist_create – file_names, pjsua_call_dump – buffer. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-libreria-pjsip-teluu

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability Advisory ID: cisco-sa-ise-dos-JLh9TxBp First Published: 2022 March 2 16:00 GMT Cisco Bug IDs: CSCvz77905 CVE-2022-20756 CWE-399 CVSS Score: Base 8.6 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability Advisory ID:cisco-sa-uccsmi-prvesc-BQHGe4cm First Published: 2022 March 2 16:00 GMT Cisco Bug IDs: CSCvz40263 CVE-2022-20762 CWE-284 CVSS Score: Base 7.8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities Advisory ID: cisco-sa-expressway-filewrite-87Q5YRk First Published: 2022 March 2 16:00 GMT Version 1.0: Final Cisco Bug IDs: CSCvz85393 CSCwa25107 CVE-2022-20754 CVE-2022-20755 CWE-23 CWE-78 CVSS Score: Base 9.0 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Omisión de autenticación administrativa en FortiMail de Fortinet Fecha de publicación: 02/03/2022 Importancia: 5 - Crítica Recursos afectados: FortiMail, versiones: 7.0.0 y anteriores; 6.4.5 y anteriores; 6.2.7 y anteriores; 6.0.11 y anteriores; 5.4.12 y anteriores. Descripción: Giuseppe Cocomazzi, del equipo de seguridad de productos de Fortinet, ha reportado una vulnerabilidad de severidad crítica de omisión de autenticación en FortiMail. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-administrativa-fortimail-fortinet

VMSA-2022-0007 CVSSv3 Range: 5.6 Issue Date: 2022-03-01 CVE(s): CVE-2022-22943 Synopsis: VMware Tools for Windows update addresses an uncontrolled search path vulnerability (CVE-2022-22943) Impacted Products VMware Tools for Windows https://www.vmware.com/security/advisories/VMSA-2022-0007.html

Múltiples vulnerabilidades en Lansweeper Fecha de publicación: 01/03/2022 Importancia: 5 - Crítica Recursos afectados: Lansweeper 9.1.20. 2. Descripción: Marcin "Icewall" Noga, investigador de Cisco Talos, ha reportado 4 vulnerabilidades en la solución de gestión de activos informáticos Lansweeper, 3 de severidad crítica y 1 medio, cuya explotación podría permitir a un atacante realizar inyecciones SQL e inyección arbitraria de código Javascript. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lansweeper

Múltiples vulnerabilidades en productos de GitLab Fecha de publicación: 28/02/2022 Importancia: 5 - Crítica Recursos afectados: GitLab CE/EE, todas las versiones; GitLab Omnibus, versiones anteriores a 14.8. Descripción: GitLab ha publicado 7 vulnerabilidades: 1 de severidad crítica, 5 de severidad media y 1 de severidad baja, por las que un atacante podría acceder al token de registro, añadir usuarios a grupos a través de una API, acceder a variables de entorno, listar usuarios no autenticados, ejecutar comandos arbitrarios, filtrar credenciales o causar una denegación de servicio. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-gitlab

GPU giant Nvidia is investigating a potential cyberattack. US chipmaker giant Nvidia confirmed today it's currently investigating an "incident" that reportedly took down some of its systems for two days. https://www.bleepingcomputer.com/news/security/gpu-giant-nvidia-is-investigating-a-potential-cyberattack/

Cisco NX-OS Software NX-API Command Injection Vulnerability Advisory ID: cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2 First Published: 2022 February 23 16:00 GMT Cisco Bug IDs: CSCvz80191 CSCvz81047 CVSS Score: Base 8.8 Summary A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. Note: The NX-API feature is disabled by default. Vulnerable Products This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the NX-API feature enabled: Nexus 3000 Series Switches (CSCvz80191) Nexus 5500 Platform Switches (CSCvz81047) Nexus 5600 Platform Switches (CSCvz81047) Nexus 6000 Series Switches (CSCvz81047) Nexus 9000 Series Switches in standalone NX-OS mode (CSCvz80191) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2

Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability Advisory ID: cisco-sa-cfsoip-dos-tpykyDr First Published: 2022 February 23 16:00 GMT Cisco Bug IDs: CSCvy95696 CSCvy95840 CVSS Score: 8.6 Vulnerable Products This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the CFSoIP feature enabled: Nexus 3000 Series Switches (CSCvy95696) Nexus 9000 Series Switches in standalone NX-OS mode (CSCvy95696) UCS 6400 Series Fabric Interconnects (CSCvy95840) Note: For Nexus 3000 and Nexus 9000 Series Switches, CFSoIP is not enabled by default. For UCS 6400 Series Fabric Interconnects, CFSoIP is enabled by default. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr