SysAdmin 24x7

SonicWall ‘Botches’ October Patch for Critical VPN Bug. https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE. https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/

VMSA-2021-0012 CVSSv3 Range: 9.4 Synopsis: VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998) Description The VMware Carbon Black App Control management server has an authentication bypass. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.4. Known Attack Vectors A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate. https://www.vmware.com/security/advisories/VMSA-2021-0012.html

D3FEND™ A knowledge graph of cybersecurity countermeasures https://d3fend.mitre.org/

MITRE adds D3FEND defensive cybersecurity techniques to ATT&CK Framework D3FEND is a new project promoted by MITRE Corporation to add defensive cybersecurity techniques to the ATT&CK Framework https://securityaffairs.co/wordpress/119263/security/mitre-d3fend-project.html

VMSA-2021-0013 CVSSv3 Range:7.8 Issue Date:2021-06-22 CVE(s): CVE-2021-21999 Synopsis: VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability (CVE-2021-21999) 1. Impacted Products VMware Tools for Windows VMware Remote Console for Windows (VMRC for Windows) VMware App Volumes 2. Introduction A local privilege escalation vulnerability in VMware Tools for Windows, VMRC for Windows and VMware App Volumes was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2021-0013.html

South Korea's Nuclear Research agency hacked using VPN flaw. https://www.bleepingcomputer.com/news/security/south-koreas-nuclear-research-agency-hacked-using-vpn-flaw/

Security News This Week: A Bug in the Android Google App Put Privacy at Risk. https://www.wired.com/story/google-app-bug-airbnb-safety-security-news/

Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices. https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/

Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions. https://www.trendmicro.com/en_us/research/21/f/bash-ransomware-darkradiation-targets-red-hat--and-debian-based-linux-distributions.html

This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New. https://hackaday.com/2021/06/18/this-week-in-security-updates-leaks-hacking-old-hardware-and-making-new/

XSS flaw in Wire messaging app allowed attackers to ‘fully control’ user accounts. https://portswigger.net/daily-swig/xss-flaw-in-wire-messaging-app-allowed-attackers-to-fully-control-user-accounts

Múltiples vulnerabilidades en productos de NETGEAR Fecha de publicación: 18/06/2021 Importancia: 5 - Crítica Descripción: Los investigadores aircut, wtbw, nerdwell y peanuts han reportado 4 vulnerabilidades, todas de severidad crítica, por las que un atacante podría comprometer los equipos afectados. Solución: Descargar la versión de firmware más reciente desde la página web de soporte de NETGEAR. Detalle: Los tipos de vulnerabilidades publicadas, todas ellas críticas, se corresponden con los siguientes: inyección de comandos previa a la autenticación, omisión de autenticación, falta de control de acceso a nivel de función. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-15

VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2021-21997) Advisory ID: VMSA-2021-0011 CVSSv3 Range: 3.3 Issue Date: 2021-06-17 https://www.vmware.com/security/advisories/VMSA-2021-0011.html

Hiding your syscalls https://passthehashbrowns.github.io/hiding-your-syscalls

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. https://securityaffairs.co/wordpress/119051/cyber-crime/unc2465-supply-chain-attack.html

Cisco Releases Security Updates for Multiple Products https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products

Synology-SA-21:21 Audio Station Abstract A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Audio Station. https://www.synology.com/en-global/security/advisory/Synology_SA_21_21

CVE-2021-33516 Description A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data confidentiality and integrity. https://access.redhat.com/security/cve/CVE-2021-33516

Apple lanza actualizaciones para dos 0-day en iOS 12.5.3 Fecha de publicación: 16/06/2021 Importancia: 4 - Alta Recursos afectados:  iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, iPod touch (6th generation) Descripción:  Apple ha publicado una actualización que corrige tres fallos de seguridad en dispositivos con iOS 12.5.3, dos de ellos considerados 0-day que estarían siendo explotados para ejecutar código remoto. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/apple-lanza-actualizaciones-dos-0-day-ios-1253