SysAdmin 24x7
前往频道在 Telegram
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
显示更多4 388
订阅者
-224 小时
-37 天
+730 天
帖子存档
4 388
Actively Exploited StrandHogg Vulnerability Affects #Android OS
A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10.
https://www.bleepingcomputer.com/news/security/actively-exploited-strandhogg-vulnerability-affects-android-os/
4 388
SUPPORT COMMUNICATION - CUSTOMER BULLETIN
Document ID: a00092491en_us
Version: 1
Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation
Release Date: 2019-11-19
Last Updated: 2019-11-22
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
4 388
#OwnCloud version 8.1.8 (stable) are vulnerable to recovery all username login list.
https://packetstormsecurity.com/files/155499/owncloud818-disclose.txt
4 388
What’s new in #Volatility 3?
https://www.andreafortuna.org/2019/11/28/whats-new-in-volatility-3/
4 388
Tácticas CNA: una primera propuesta
https://www.securityartwork.es/2019/11/11/tacticas-cna-una-primera-propuesta/
4 388
#Adobe Hacked – Hackers Exploit The Bug in #Magento Marketplace & Gained Access To The Users Data
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
https://gbhackers.com/magento-marketplace/
4 388
#Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network
In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/
4 388
Múltiples vulnerabilidades en productos F5
Fecha de publicación: 27/11/2019
Importancia: 4 - Alta
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones:
15.0.0 - 15.0.1;
14.1.0 - 14.1.2;
14.0.0 - 14.0.1;
13.1.0 - 13.1.3.1;
12.1.0 - 12.1.5;
11.5.1 - 11.6.5.
Enterprise Manager, versión 3.1.1.
BIG-IQ Centralized Management, versiones:
6.0.0;
5.2.0 - 5.4.0.
F5 iWorkflow, versión 2.3.0.
Descripción:
Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la cuenta root.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-f5-5
4 388
Instagram’s updated security and privacy settings
How to protect your Instagram account and personal photos from prying eyes.
https://www.kaspersky.com/blog/keep-instagram-secure/11045/
4 388
How to get started with security response automation on #AWS
https://aws.amazon.com/es/blogs/security/how-get-started-security-response-automation-aws/
4 388
Kali Linux 2019.4 Release
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download.
2019.4 includes some exciting new updates:
A new default desktop environment, Xfce
New GTK3 theme (for Gnome and Xfce)
Introduction of “Kali Undercover” mode
Kali Documentation has a new home and is now Git powered
Public Packaging – getting your tools into Kali
Kali NetHunter KeX – Full Kali desktop on Android
BTRFS during setup
Added PowerShell
The kernel is upgraded to version 5.3.9
… Plus the normal bugs fixes and updates.
https://www.kali.org/news/kali-linux-2019-4-release/
4 388
Vulnerabilidad de omisión de autenticación en BIG-IP de F5
Fecha de publicación: 26/11/2019
Importancia: 5 - Crítica
Recursos afectados:
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), versiones:
15.x:
15.0.1.0.33.11-ENG Hotfix;
15.0.1.0.48.11-ENG Hotfix.
14.x:
14.1.0.3.0.79.6-ENG Hotfix;
14.1.0.3.0.97.6-ENG Hotfix;
14.1.0.3.0.99.6-ENG Hotfix;
14.1.0.5.0.15.5-ENG Hotfix;
14.1.0.5.0.36.5-ENG Hotfix;
14.1.0.5.0.40.5-ENG Hotfix;
14.1.0.6.0.11.9-ENG Hotfix;
14.1.0.6.0.14.9-ENG Hotfix;
14.1.0.6.0.68.9-ENG Hotfix;
14.1.0.6.0.70.9-ENG Hotfix;
14.1.2.0.11.37-ENG Hotfix;
14.1.2.0.18.37-ENG Hotfix;
14.1.2.0.32.37-ENG Hotfix;
14.1.2.1.0.46.4-ENG Hotfix;
14.1.2.1.0.14.4-ENG Hotfix;
14.1.2.1.0.16.4-ENG Hotfix;
14.1.2.1.0.34.4-ENG Hotfix;
14.1.2.1.0.97.4-ENG Hotfix;
14.1.2.1.0.99.4-ENG Hotfix;
14.1.2.1.0.105.4-ENG Hotfix;
14.1.2.1.0.111.4-ENG Hotfix;
14.1.2.1.0.115.4-ENG Hotfix;
14.1.2.1.0.122.4-ENG Hotfix.
NOTA: esta vulnerabilidad afecta únicamente a los hotfixes de BIG-IP Engineering obtenidos del soporte de F5. Las versiones major, minor, o maintenance obtenidas de la web de descargas de F5 no se ven afectadas.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-omision-autenticacion-big-ip-f5
4 388
Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit
https://www.kitploit.com/2019/11/antispy-free-but-powerful-anti-virus.html
4 388
Use attribute-based access control with AD FS to simplify IAM permissions management
#AWS
https://aws.amazon.com/es/blogs/security/attribute-based-access-control-ad-fs-simplify-iam-permissions-management/
4 388
FIDL: FLARE’s IDA Decompiler Library
IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays decompiler a powerful tool for reverse engineering. However, interacting with the HexRays API and its underlying data sources can be daunting, making the creation of generic analysis scripts difficult or tedious.
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html
4 388
Vulnerabilidad de inyección SQL en phpMyAdmin
Fecha de publicación: 25/11/2019
Importancia: 4 - Alta
Recursos afectados:
Versiones de phpMyAdmin anteriores a la 4.9.2, al menos tan antiguas como la 4.7.7.
Descripción:
William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL.
Solución:
Actualizar a la versión 4.9.2 o superior, o aplicar el parche correspondiente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin
4 388
RDP loves company: Kaspersky finds 37 security holes in #VNC remote desktop software
BlueKeep isn't the only bug in town, plenty to go round
https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/
4 388
ISC Releases Security Advisory for #BIND
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds.
https://www.us-cert.gov/ncas/current-activity/2019/11/21/isc-releases-security-advisory-bind
现已上线!2025 年 Telegram 研究 — 年度关键洞察 
