SysAdmin 24x7

New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers The GoFetch vulnerability, which affects Apple's M series of chips, allows an attacker to steal secret keys from the Mac under certain conditions. Read tips on mitigating the GoFetch security threat. https://www.techrepublic.com/article/gofetch-vulnerability-apple-m-chips/ https://gofetch.fail/

Exposing a New BOLA Vulnerability in Grafana Executive Summary Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. Grafana is a popular open-source data observability and visualization platform with over 20 million users worldwide and almost 60,000 stars on GitHub. This vulnerability, assigned as CVE-2024-1313 with a CVSS score of 6.5 https://unit42.paloaltonetworks.com/new-bola-vulnerability-grafana/

170K+ Python Developers GitHub Accounts Hacked in Supply Chain Attack https://gbhackers.com/170k-user-accounts-hacked/

Microsoft confirma problema en Windows Server detrás de los bloqueos de controladores de dominio https://unaaldia.hispasec.com/2024/03/microsoft-confirma-problema-en-windows-server-detras-de-los-bloqueos-de-controladores-de-dominio.html?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-confirma-problema-en-windows-server-detras-de-los-bloqueos-de-controladores-de-dominio

Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry Release DateMarch 21, 2024 Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry https://www.cisa.gov/news-events/alerts/2024/03/21/ivanti-releases-security-updates-neurons-itsm-and-standalone-sentry https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry

Múltiples vulnerabilidades en el sistema CIGESv2 Fecha 20/03/2024 Importancia 5 - Crítica Recursos Afectados CIGESv2 https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-el-sistema-cigesv2

Múltiples vulnerabilidades en productos de Atlassian Fecha 20/03/2024 Importancia 5 - Crítica Recursos Afectados Bamboo Data Center and Server Bitbucket Data Center and Server Confluence Data Center and Server Jira Software Data Center and Server Descripción Atlassian ha publicado un boletín de seguridad para marzo de 2024 que incluye 1 vulnerabilidad de severidad crítica y 24 altas. La explotación de estas vulnerabilidades podría permitir a un atacante realizar inyección de SQL, denegación de servicio, acceder a directorios restringidos y ejecutar código remoto. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-de-atlassian-1

Critical RCE Vulnerability in Fortra FileCatalyst Workflow Threatens File Transfer Security (CVE-2024-25153) https://socradar.io/rce-vulnerability-fortra-filecatalyst-workflow/

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities Synopsis Multiple vulnerabilities exist in Arcserve Unified Data Protection (UDP) 9.2. CVE-2024-0799 - wizardLogin Authentication Bypass (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) An authentication bypass vulnerability exists in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin(). When a NULL password is passed to the method, a UUID is used for authentication https://www.tenable.com/security/research/tra-2024-07

Microsoft March 2024 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar

Vulnerabilidad de subida de ficheros sin restricción en ManageEngine Desktop Central Fecha 11/03/2024 Importancia 5 - Crítica Recursos Afectados ManageEngine Desktop Central, versión 9, build 90055. Descripción INCIBE ha coordinado la publicación de una vulnerabilidad de severidad critica que afecta a ManageEngine Desktop Central (ahora conocida como Endpoint Central), una solución de seguridad y gestión de endpoints unificada que ayuda a administrar equipos de escritorio, portátiles, servidores, dispositivos móviles y tablets desde una ubicación central, la cual ha sido descubierta por Rafael Pedrero. A esta vulnerabilidad se le ha asignado el siguiente código, puntuación base CVSS v3.1, vector del CVSS y tipo de vulnerabilidad CWE: CVE-2024-2370: 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-434. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-subida-de-ficheros-sin-restriccion-en-manageengine-desktop

Security ID : QSA-24-09 Multiple Vulnerabilities in QTS, QuTS hero, QuTScloud, and myQNAPcloud Release date : March 9, 2024 CVE identifier : CVE-2024-21899 | CVE-2024-21900 | CVE-2024-21901 Affected products: QTS 5.1.x, 4.5.x; QuTS hero h5.1.x, h4.5.x; QuTScloud c5.x; myQNAPcloud 1.0.x https://www.qnap.com/en/security-advisory/qsa-24-09

Critical Fortinet flaw may impact 150,000 exposed devices Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/

Cybersecurity and Infrastructure Security Agency (CISA) You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available. Apple Released Security Updates for Multiple Products 03/08/2024 01:00 PM EST Apple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4 macOS Sonoma 14.4 macOS Ventura 13.6.5 macOS Monterey 12.7.4 watchOS 10.4 tvOS 17.4 visionOS 1.1 https://www.cisa.gov/news-events/alerts/2024/03/08/apple-released-security-updates-multiple-products

VMSA-2024-0007 CVSSv3 Range: 4.3 Issue Date: 2024-03-07 CVE(s): CVE-2024-22256 Synopsis: VMware Cloud Director updates address a partial information disclosure vulnerability (CVE-2024-22256). Impacted Products VMware Cloud Director Introduction A partial information disclosure vulnerability in VMware Cloud Director was privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2024-0007.html

Múltiples vulnerabilidades 0day en productos de Apple Fecha 06/03/2024 Importancia 5 - Crítica Recursos Afectados iOS 16.7.6 y iPadOS 16.7.6 iOS 17.4 y iPadOS 17.4 Descripción Apple ha publicado 4 vulnerabilidades, 2 de ellas de tipo 0day, que podrían permitir a un atacante eludir las protecciones de la memoria del kernel. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-0day-en-productos-de-apple-1

VMSA-2024-0006.1 CVSSv3 Range: 7.1-9.3 Issue Date: 2024-03-05 CVE(s):CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) Impacted Products VMware ESXi VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) VMware Cloud Foundation (Cloud Foundation) Introduction Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. The individual vulnerabilities documented on this VMSA for ESXi have severity Important but combining these issues will result in Critical severity. https://www.vmware.com/security/advisories/VMSA-2024-0006.html

VMSA-2024-0006.1 CVSSv3 Range: 7.1-9.3 Issue Date: 2024-03-05 CVE(s): CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255 Synopsis: VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) Impacted Products VMware ESXi VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) VMware Cloud Foundation (Cloud Foundation) Introduction Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. The individual vulnerabilities documented on this VMSA for ESXi have severity Important but combining these issues will result in Critical severity. https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Múltiples vulnerabilidades en Secure Analytics de Juniper Fecha 29/02/2024 Importancia 5 - Crítica Recursos Afectados Estos problemas afectan a Juniper Networks Juniper Secure Analytics en todas las versiones anteriores a 7.5.0 UP7. Descripción Juniper ha publicado 14 vulnerabilidades de las cuales 2 de ellas son de severidad crítica y el resto altas y medias. Solución Actualizar a Juniper Secure Analytics en 7.5.0 UP7 IF05 a una versión posterior. Las actualizaciones de software están disponibles para descargar en https://support.juniper.net/support/downloads/ https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-secure-analytics-de-juniper