ar
Feedback
SysAdmin 24x7

SysAdmin 24x7

الذهاب إلى القناة على Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

إظهار المزيد
4 387
المشتركون
+124 ساعات
-47 أيام
لا توجد بيانات30 أيام
أرشيف المشاركات

Injecting Code into Windows Protected Processes using COM - Part 1 https://googleprojectzero.blogspot.com/2018/10/injecting-code-into-windows-protected.html

Zero-day in popular jQuery plugin actively exploited for at least three years A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages! https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/

Red Hat Security Advisory 2018-2944-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include an out-of-bounds write vulnerability. https://packetstormsecurity.com/files/download/149862/RHSA-2018-2944-01.txt

RCE en receptores satélite Linux (y sin despeinarse) https://www.hackplayers.com/2018/10/rce-en-receptores-satelite-linux-y-sin.html

Bug Trio Affecting Eight D-Link Models Leads to Full Compromise Several router models from D-Link are vulnerable to three security bugs that could help an attacker get full control over them. https://www.bleepingcomputer.com/news/security/bug-trio-affecting-eight-d-link-models-leads-to-full-compromise/

Múltiples vulnerabilidades en el núcleo de Drupal Fecha de publicación: 18/10/2018 Importancia: 5 - Crítica Recursos afectados: Drupal versiones 7.x y 8.x Descripción: Drupal ha publicado un boletín de seguridad que contiene 5 vulnerabilidades que podrían derivar en evasión de autorización para accesos específicos, redirecciones a sitios arbitrarios o ejecución remota de código. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-el-nucleo-drupal-0

imR0T - Send A Message To Your Whatsapp Contact And Protect Your Text By Encrypting And Decrypting (ROT13) https://amp.kitploit.com/2018/10/imr0t-send-message-to-your-whatsapp.html ==== https://github.com/Screetsec/imR0T ====

Cisco Releases Security Updates Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. https://www.us-cert.gov/ncas/current-activity/2018/10/17/Cisco-Releases-Security-Updates Cisco Security Advisories and Alerts https://tools.cisco.com/security/center/publicationListing.x

Evasión de autenticación en librería libssh Fecha de publicación: 17/10/2018 Importancia: 4 - Alta Recursos afectados: Versiones de libssh anteriores a 0.8.4 y a 0.7.6 Descripción: El investigador Peter Winter-Smith de NCC Group ha descubierto una vulnerabilidad en la librería libssh, que podría permitir a un atacante que se autenticara sin la introducción de credenciales en sesiones SSH que usen las versiones afectadas de la librería. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/evasion-autenticacion-libreria-libssh

#Windows FSCTL_FIND_FILES_BY_SID Information Disclosure Platform: Windows 10 (1709, 1803) Class: Information Disclosure / Elevation of Privilege Summary: The FSCTL_FIND_FILES_BY_SID control code doesn’t check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access. https://bugs.chromium.org/p/project-zero/issues/detail?id=1608

Check Point Advisories Microsoft Internet Explorer Memory Corruption (CVE-2018-8460) Severity:Critical https://www.checkpoint.com/defense/advisories/public/2018/cpai-2018-0997.html

New iPhone Bug Gives Anyone Access to Your Private Photos https://amp.thehackernews.com/thn/2018/10/iphone-lock-passcode-bypass.html

RHSA-2018:2921 - Security Advisory Sinopsis Important: tomcat security update Tipo/Gravedad Security Advisory: Important https://access.redhat.com/errata/RHSA-2018:2921

GandCrab ransomware variant targeting legacy systems: What you need to know The newest variant of the prolific ransomware forms this year has been updated to include a stolen National Security Agency exploit. https://www.healthcareitnews.com/news/gandcrab-ransomware-variant-targeting-legacy-systems-what-you-need-know

Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete Experts from 0Patch revealed that the Microsoft Zero-Day Patch for JET Database Engine vulnerability (CVE-2018-8423) is incomplete. https://securityaffairs.co/wordpress/77119/hacking/zero-day-patch-incomplete.html

Hackers are abusing Googlebot servers to deliver malicious payloads. https://www.hackread.com/hackers-using-googlebots-in-cryptomining-malware-attacks/

Como resultado de la encuesta de #Atenea, se ha añadido un nuevo reto dentro de la categoría #OSINT. ¿Podrás con él? https://atenea.ccn-cert.cni.es/home