ar
Feedback
SysAdmin 24x7

SysAdmin 24x7

الذهاب إلى القناة على Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

إظهار المزيد
4 387
المشتركون
+224 ساعات
+17 أيام
-530 أيام
أرشيف المشاركات
Ruby 2.5.1 has been released This release includes important security and bug fixes (CVE-2017-17742, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780) https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/

p0wnedShell: un toolkit ofensivo "todo en uno" con un runspace en Powershell p0wnedShell de los holandeses Cn33liz y Skons es un toolkit ofensivo de PowerShell escrito en C# que no depende de powershell.exe pero ejecuta comandos y funciones de powershell dentro de un entorno de espacio de ejecución de powershell (.NET). http://www.hackplayers.com/2018/03/p0wnedshell-un-toolkit-PS-ofensivo-todo-en-uno.html

Total Meltdown? [...] Is my system vulnerable? Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable. If your system isn't patched since December 2017 or if it's patched with the 2018-03 2018-03-29 patches or later it will be secure. Other Windows versions - such as Windows 10 or 8.1 are completely secure with regards to this issue and have never been affected by it. Other I discovered this vulnerability just after it had been patched in the 2018-03 Patch Tuesday. I have not been able to correlate the vulnerability to known CVEs or other known issues. Updates Windows 2008R2 was vulnerable as well. OOB security update released to fully resolve the vulnerability on 2018-03-29. CVE-2018-1038. Apply immediately if affected! [...] https://blog.frizk.net/2018/03/total-meltdown.html

CVE-2018-1038 | Windows Kernel Elevation of Privilege Vulnerability Security Vulnerability Published: 03/29/2018  MITRE CVE-2018-1038 On this page Executive SummaryExploitability AssessmentAffected ProductsMitigationsWorkaroundsFAQAcknowledgementsDisclaimerRevisions An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038

Cisco Removes Backdoor Account from IOS XE Software [...] The company says the "undocumented user account" only impacts devices running Cisco XE Software 16.x —an operating system deployed mostly with Cisco ASR routers and Catalyst switches. Cisco says devices running IOS XE 16.x come with a hidden default account named "cisco," and a static password that Cisco didn't reveal to avoid future exploitation attempts. [...] If patching is not possible, mitigations exist Besides the software patches made available on the Cisco customer portal, device admins can remove the account by typing: no username cisco This command deletes the account. If they'd like to keep the accunt, admins can also log into their device via their regular admin user and utilize that account to change the cisco's account default password with one of their own choosing. [...] The bug can be exploited remotely This "backdoor" vulnerability (CVE-2018-0150) is considered critical and has a severity score of 9.8 out of 10. [...] https://www.bleepingcomputer.com/news/security/cisco-removes-backdoor-account-from-ios-xe-software/

PHP 7.2.4 Release Announcement The PHP development team announces the immediate availability of PHP 7.2.4. This is a security release with also contains several minor bug fixes. All PHP 7.2 users are encouraged to upgrade to this version. http://php.net/releases/7_2_4.php

"Fauxpersky" Credential Stealer Spreads via USB Drives A recently discovered credential stealing malware is masquerading as Kaspersky Antivirus and spreading via infected USB drives, according to threat detection firm Cybereason. https://www.securityweek.com/fauxpersky-credential-stealer-spreads-usb-drives

Hackers Distributing Dangerous Malware via YouTube to Steal Passwords [...]via YouTube videos comments section [...] The dangerous malware dubbed Trojan.PWS.Stealer.23012 was spotted by Dr.Web security researchers and it is written in python. https://gbhackers.com/dangerous-malware-via-youtube/amp/

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002 Project: Drupal core Date: 2018-March-28 Security risk:  Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Default Vulnerability:  Remote Code Execution Description:  CVE: CVE-2018-7600 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. The security team has written an FAQ about this issue. https://www.drupal.org/sa-core-2018-002

Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext Discovered by forensic analyst Sarah Edwards, the bug leaves encryption password for a newly created APFS volume (e.g., encrypting USB drive using Disk Utility) in the unified logs in plaintext, as well as while encrypting previously created but unencrypted volumes. [...] The password for an encrypted APFS volume can easily be retrieved by running following simple 'newfs_apfs' command in the terminal: log stream --info --predicate 'eventMessage contains "newfs_"' [...] https://thehackernews.com/2018/03/macos-apfs-password.html

Esta espeluznante aplicación espía a tus contactos de WhatsApp para averiguar con quién chatean. [...] Si el tema te preocupa, puedes hacer privada la “última conexión” en los ajustes de privacidad de WhatsApp, pero no te será posible desactivar el indicador de “en línea”. Por suerte, hay una fuerte barrera de entrada que evitará que tus contactos empiecen a espiarse mutuamente: el precio. Chatwatch vigilará a dos contactos a cambio de $1,99 por semana. https://es.gizmodo.com/esta-espeluznante-aplicacion-espia-a-tus-contactos-de-w-1824171446

Drupal 7 and 8 core highly critical release on March 28th, 2018 PSA-2018-001 Advisory ID: DRUPAL-PSA-2018-001Project: Drupal CoreVersion: 7.x, 8.xDate: 2018-March-21 Description There will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 - 19:30 UTC, one week from the publication of this document, that will fix a highly critical security vulnerability. https://www.drupal.org/psa-2018-001

Ejecución remota de código en el core de Drupal Fecha de publicación: 28/03/2018 Importancia: 5 - Crítica Recursos afectados:  Las versiones de Drupal afectadas son: 8.x 7.x 6.x Descripción:  El equipo de seguridad de Drupal ha publicado una actualización del core de drupal que corrige una posible ejecución remota de código considerada como muy crítica en versiones 7.x y 8.x, y también en versiones no soportadas como Drupal 6. https://www.certsi.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-el-core-drupal

rtl-entropy rtl-entropy is software using rtl-sdr to turn your DVB-T dongle into a high quality entropy source. It samples atmospheric noise, does Von-Neumann debiasing, runs it through the FIPS 140-2 tests, then optionally (-e) does Kaminsky debiasing if it passes the FIPS tests, then writes to the output. It can be run as a Daemon which by default writes to a FIFO, which can be read by rngd to add entropy to the system pool. https://github.com/pwarren/rtl-entropy

Cisco Releases Security Updates #Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cisco IOS XE Software Static Credential Vulnerability cisco-sa-20180328-xesc Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability cisco-sa-20180328-smi2 Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability cisco-sa-20180328-qos https://www.us-cert.gov/ncas/current-activity/2018/03/28/Cisco-Releases-Security-Updates

Meltdown Patch Opened Bigger Security Hole on Windows 7 (Now Patched) https://www.bleepingcomputer.com/news/microsoft/meltdown-patch-opened-bigger-security-hole-on-windows-7/

📃 "Hackean la cuenta de Twitter de Verge, la criptomoneda "segura y anónima"" https://www.genbeta.com/actualidad/hackean-la-cuenta-de-twitter-de-verge-la-criptomoneda-segura-y-anonima #Cracker #Criptomoneda #SeguridadInformática