SysAdmin 24x7

PackageDNA This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, if currently supported, possible backdoors (malicious embedded code), typosquatting analysis, the history of versions and reported vulnerabilities (CVEs) of the package. https://github.com/Telefonica/packagedna

Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software. https://securityaffairs.co/wordpress/121316/security/bind-dns-dos-flaw.html

How to proactively defend against Mozi IoT botnet https://www.microsoft.com/security/blog/2021/08/19/how-to-proactively-defend-against-mozi-iot-botnet/

 Cisco Releases Security Updates for Multiple Products Original release date: August 19, 2021 https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

Advisory ID: VMSA-2021-0017 CVSSv3 Range: 5.3 Issue Date: 2021-08-19 CVE(s): CVE-2021-22029 Synopsis: VMware Workspace ONE UEM console patches address a denial of service vulnerability (CVE-2021-22029) https://www.vmware.com/security/advisories/VMSA-2021-0017.html

Breaking the NFC chips in tens of millions of smart phones, and a few PoS systems. https://www.pentestpartners.com/security-blog/breaking-the-nfc-chips-in-tens-of-millions-of-smart-phones-and-a-few-pos-systems/

US Census Bureau hacked in January 2020 using Citrix exploit US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. https://www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/

Nueva vulnerabilidad crítica en Linux denominada Sequoia https://unaaldia.hispasec.com/2021/08/nueva-vulnerabilidad-critica-en-linux-denominada-sequoia.html

Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers [...] "Cisco has not released and will not release software updates to address the vulnerability described in this advisory," the company says. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process." According to an announcement on Cisco's website, the last day these RV Series routers were available for order was December 2, 2019. [...] https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/

Denegación de servicio en routers Cisco Small Business Fecha de publicación: 19/08/2021 Importancia: 5 - Crítica Recursos afectados: Cisco Small Business RV Series Routers, con UPnP activado: RV110W Wireless-N VPN Firewalls, RV130 VPN Routers, RV130W Wireless-N Multifunction VPN Routers, RV215W Wireless-N VPN Routers. El servicio UPnP está activado por defecto en las interfaces LAN y desactivado por defecto en las interfaces WAN. Si UPnP está deshabilitado tanto en las interfaces LAN como en las WAN, el dispositivo no se considera vulnerable. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-routers-cisco-small-business

BadAlloc Vulnerability Affecting Devices Incorporating Older BlackBerry QNX Products https://us-cert.cisa.gov/ncas/current-activity/2021/08/17/badalloc-vulnerability-affecting-devices-incorporating-older

Adobe Releases Multiple Security Updates Original release date: August 18, 2021 Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. https://us-cert.cisa.gov/ncas/current-activity/2021/08/18/adobe-releases-multiple-security-updates

High-Severity Command Injection Vulnerability Found in Fortinet Firewall. https://www.securityweek.com/high-severity-command-injection-vulnerability-found-fortinet-firewall

XSS vulnerability in popular WordPress plugin SEOPress could enable complete site takeover. https://portswigger.net/daily-swig/xss-vulnerability-in-popular-wordpress-plugin-seopress-could-enable-complete-site-takeover

This document describes the security content of iCloud for Windows 12.5. https://support.apple.com/en-us/HT212607

Apple Releases Security Update Original release date: August 17, 2021 Apple has released a security update to address vulnerabilities in iCloud for Windows 12.5. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. https://us-cert.cisa.gov/ncas/current-activity/2021/08/17/apple-releases-security-update

Patch released for Fortinet command injection vulnerability A Rapid7 researcher discovered the issue, which was addressed in a recent Fortinet update. https://www.zdnet.com/article/patch-released-for-fortinet-command-injection-vulnerability/

Trickbot Leads Up to Fake 1Password Installation. https://thedfirreport.com/2021/08/16/trickbot-leads-up-to-fake-1password-installation/

How hackers can use message mirroring apps to see all your SMS texts — and bypass 2FA security. https://theconversation.com/how-hackers-can-use-message-mirroring-apps-to-see-all-your-sms-texts-and-bypass-2fa-security-165817

Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain At least 65 vendors affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege. https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/