ch
Feedback
SysAdmin 24x7

SysAdmin 24x7

前往频道在 Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

显示更多
4 387
订阅者
+124 小时
-47
无数据30
帖子存档
Malware Analysis Report (AR18-275A) MAR-10201537 – HIDDEN COBRA FASTCash-Related Malware https://www.us-cert.gov/ncas/analysis-reports/AR18-275A

New iPhone Passcode Bypass Hack Exposes Photos and Contacts https://amp.thehackernews.com/thn/2018/10/iphone-passcode-bypass-hack.html

En este artículo el investigador: Lukas Stefanko (Laboratorios Eset), ha descubierto un nuevo troyano bancario dentro de la tienda de aplicaciones de Google, que al parecer ha ido afectando a diferentes usuarios. Este troyano en cuestión lo que hacía era hacerse pasar por una aplicación que grababa llamadas entrantes y salientes, cuando realmente lo que hacía era recolectar nuestros datos y enviarlos a sus atacantes. https://www.muyseguridad.net/2018/09/28/troyano-bancario-android-pasar-app-grabacion/amp/ Aporte realizado por: Rafa (Closer).

Some tech media reported that the Telegram Desktop app wasn’t secure because it “leaked IP addresses” when used to accept a voice call. The reality is much less sensational – Telegram Desktop was at least as secure as other encrypted VoIP apps even before we improved it by adding an option to disable peer-to-peer calls. As for Telegram calls on mobile, they were always more secure than the competition, because they had this setting since day one. During a peer-to-peer (P2P) call, voice traffic flows directly from one participant of a call to the other without relying on an intermediary server. P2P routing allows to achieve higher quality calls with lower latency, so the current industry standard is to have P2P switched on by default. However, there’s a catch: by definition, both devices participating in a P2P call have to know the IP addresses of each other. So if you make or accept a call, the person on the other side may in theory learn your IP address. That’s why, unlike WhatsApp or Viber, Telegram always gave its users the ability to switch off P2P calls and relay them through a Telegram server. Moreover, in most countries we switched off P2P by default. Telegram Desktop, which is used in less than 0.01% of Telegram calls, was the only platform where this setting was missing. Thanks to a researcher who pointed that out, we made the Telegram Desktop experience consistent with the rest of our apps. However, it is important to put this into perspective and realize that this is about one Telegram app (Telegram Desktop) being somewhat less secure than other Telegram apps (e.g. Telegram for iOS or Android). If you compare Telegram with other popular messaging services out there, unfortunately, they are not even close to our standards. Using the terminology from the flashy headlines, WhatsApp, Viber and the rest have been “leaking your IP address” in 100% of calls. They are still doing this, and you can't opt out. The only way to stop this is to have all your friends switch to Telegram.

Free for dev, a list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev. #resources #li
Free for dev, a list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev. #resources #list #coding @thedevs https://kutt.it/zPVjNS

Ell @CCNCERT se une al #CyberSecMonth y realizará numerosas acciones de concienciación en ciberseguridad: cursos, guías, informes de buenas prácticas... Puedes verlas ya: https://cybersecuritymonth.eu/activities#c5=sortable_title&c4=2018-01-01&c4=2019-01-01&b_start=0&c3=ES

DNSSEC Key Signing Key Rollover On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions (DNSSEC) protocol. https://www.us-cert.gov/ncas/current-activity/2018/09/27/DNSSEC-Key-Signing-Key-Rollover

Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit https://thehackernews.com/2018/09/linux-kernel-exploit.html

VPNFilter Router Malware Adds 7 New Network Exploitation Modules https://thehackernews.com/2018/09/vpnfilter-router-hacking.html

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild https://thehackernews.com/2018/09/uefi-rootkit-malware.html

Múltiples vulnerabilidades en Cisco IOS e IOS XE Múltiples vulnerabilidades en Cisco IOS e IOS XE Fecha de publicación: 27/09/2018 Importancia: 4 - Alta Descripción:  Cisco ha publicado 12 avisos de seguridad que describen 13 vulnerabilidades en Cisco IOS, todas ellas de criticidad alta. Solución:  Cisco recomienda actualizar a las versiones más recientes de los productos afectados https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cisco-ios-e-ios-xe-0

Múltiples vulnerabilidades en Jenkins Fecha de publicación: 26/09/2018 Importancia: 4 - Alta Recursos afectados:  Arachni Scanner Plugin versión 0.9.7 y anteriores. Argus Notifier Plugin versión 1.0.1 y anteriores. Artifactory Plugin versión 2.16.1 y anteriores. Chatter Notifier Plugin versión 2.0.4 y anteriores. Config File Provider Plugin versión 3.1 y anteriores. Crowd 2 Integration Plugin versión 2.0.0 y anteriores. Dimensions Plugin versión 0.8.14 y anteriores. Email Extension Template Plugin versión 1.0 y anteriores. Git Changelog Plugin versión 2.6 y anteriores. HipChat Plugin versión 2.2.0 y anteriores. JIRA Plugin versión 3.0.1 y anteriores. Job Configuration History Plugin versión 2.18 y anteriores. JUnit Plugin versión 1.25 y anteriores. mesos Plugin versión 0.17.1 y anteriores. Metadata Plugin versión 1.1.0b y anteriores. Monitoring Plugin versión 1.73.1 y anteriores. MQ Notifier Plugin versión 1.2.6 y anteriores. PAM Authentication Plugin versión 1.3 y anteriores. Publish Over Dropbox Plugin versión 1.2.4 y anteriores. Rebuilder Plugin versión 1.28 y anteriores. SonarQube Scanner Plugin versión 2.8 y anteriores. https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-jenkins-2

La Organización de las Naciones Unidas deja expuestas por accidente contraseñas y documentos confidenciales http://unaaldia.hispasec.com/2018/09/la-organizacion-de-las-naciones-unidas.html