SysAdmin 24x7

Ejecución remota de código en MSHTML de Microsoft Fecha de publicación: 08/09/2021 Importancia: 4 - Alta Recursos afectados: Distintas versiones, service pack y arquitecturas de: Windows 7. 8.1 y 10; Windows Server 2012, 2008, 2016. 20H2, 2004, 2022 y 2019. Descripción: Los investigadores, Rick Cole, de MSTIC; Dhanesh Kizhakkinan, Bryce Abdo y Genwei Jiang, de Mandiant; y Haifei Li, de EXPMON; han reportado a Microsoft una vulnerabilidad de severidad alta que podría permitir a un atacante la ejecución remota de código. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-mshtml-microsoft

A researcher published the PoC exploit code for a Ghostscript zero-day vulnerability that could allow completely compromise a server. Security researcher Nguyen The Duc published on GitHub the proof-of-concept exploit code for a Ghostscript zero-day vulnerability. The vulnerability is a remote code execution (RCE) issue that could allow an attacker to completely compromise a server. https://securityaffairs.co/wordpress/121940/hacking/ghostscript-poc-exploit.html

Microsoft shares temp fix for ongoing Office 365 zero-day attacks Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. The flaw is in MSHTML, the browser rendering engine that is also used by Microsoft Office documents. https://www.bleepingcomputer.com/news/security/microsoft-shares-temp-fix-for-ongoing-office-365-zero-day-attacks/

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released. https://thehackernews.com/2021/09/critical-auth-bypass-bug-affect-netgear.html

Over 60,000 parked domains were vulnerable to AWS hijacking. https://www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-vulnerable-to-aws-hijacking/

Evasión de autenticación en Enterprise NFVIS de Cisco Fecha de publicación: 02/09/2021 Importancia: 5 - Crtica Recursos afectados: Cisco Enterprise NFVIS, versión 4.5.1, cuando el método de autenticación externo TACACS está habilitado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/evasion-autenticacion-enterprise-nfvis-cisco

Phishing Attack Used Spoofed COVID-19 Vaccination Forms. https://www.bankinfosecurity.com/phishing-attack-used-spoofed-covid-19-vaccination-forms-a-17399

Múltiples vulnerabilidades en ArubaOS de HPE Fecha de publicación: 01/09/2021 Importancia: 5 - Crítica Recursos afectados: ArubaOS, versiones anteriores a la 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13, 8.3.0.16, 6.5.4.20 y 6.4.4.25; Software y pasarelas SD-WAN, versiones anteriores a la 8.7.0.0-2.3.0.0 y 8.6.0.4-2.2.0.6. Los siguientes productos también están afectados al haber llegado al final de su vida útil: ArubaOS 8.0.xx, ArubaOS 8.1.xx, ArubaOS 8.2.xx, ArubaOS 8.4.xx, SD-WAN 1.0.xx, SD-WAN 2.0.xx, SD-WAN 2.1.xx, https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-arubaos-hpe

Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution. https://portswigger.net/daily-swig/deserialization-bug-in-tensorflow-machine-learning-framework-allowed-arbitrary-code-execution

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform. https://threatpost.com/hpe-sudo-bug-aruba-platform/169038/

DNS Rebinding Attack: How Malicious Websites Exploit Private Networks. https://unit42.paloaltonetworks.com/dns-rebinding/

New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes [...] Microsoft addressed the issue as part of its Patch Tuesday updates for July 2021. [...] [...] "With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users," the ZDI said Monday. "As an illustration of the impact, this can be used to copy all emails addressed to a target and account and forward them to an account controlled by the attacker." [...] https://thehackernews.com/2021/08/new-microsoft-exchange-proxytoken-flaw.html

Opt-In L1 Cache Flushing To Try For Linux 5.15 To Help With The Paranoid, Future CPU Vulnerabilities https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.15-L1d-Flushing-Mech

Boffins show PIN bypass attack Mastercard and Maestro contactless payments Boffins from the Swiss ETH Zurich university demonstrated PIN bypass attack on contactless cards from Mastercard and Maestro. https://securityaffairs.co/wordpress/121571/hacking/pin-bypass-attack-mastercard-maestro.html

Microsoft Azure Cosmos DB Guidance Original release date: August 27, 2021 CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. Although the misconfiguration appears to have been fixed within the Azure cloud, CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate keys and to review Microsoft’s guidance on how to Secure access to data in Azure Cosmos DB. https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance Secure access to data in Azure Cosmos DB https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data?tabs=using-primary-key#primary-keys

FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia. https://www.zdnet.com/article/fbi-releases-alert-about-hive-ransomware-after-attack-on-hospital-system/

Ragnarok ransomware releases master decryptor after shutdown Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware. The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files. https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/

Vulnerabilidad de inyección OGNL en productos Confluence de Atlassian Fecha de publicación: 27/08/2021 Importancia: 5 - Crítica Recursos afectados: Confluence Server y Confluence Data Center, versiones: anteriores a la 6.13.23; de la 6.14.0 a la 7.4.11; de la 7.5.0 a la 7.11.6; de la 7.12.0 a la 7.12.5. Descripción: El investigador Benny Jacob (SnowyOwl) ha reportado a Atlassian una vulnerabilidad de severidad crítica que podría permitir a un atacante, autenticado o no, la ejecución de código arbitrario. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-ognl-productos-confluence-atlassian

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. https://thehackernews.com/2021/08/kaseya-issues-patches-for-two-new-0-day.html

FBI shares technical details for Hive ransomware https://www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/