SysAdmin 24x7
前往频道在 Telegram
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
显示更多4 387
订阅者
+124 小时
-47 天
无数据30 天
帖子存档
4 387
Malware Analysis Report (AR18-275A)
MAR-10201537 – HIDDEN COBRA FASTCash-Related Malware
https://www.us-cert.gov/ncas/analysis-reports/AR18-275A
4 387
Torii es la nueva botnet IoT multiplataforma
http://unaaldia.hispasec.com/2018/10/torii-es-la-nueva-botnet-iot.html
4 387
New iPhone Passcode Bypass Hack Exposes Photos and Contacts
https://amp.thehackernews.com/thn/2018/10/iphone-passcode-bypass-hack.html
4 387
En este artículo el investigador: Lukas Stefanko (Laboratorios Eset), ha descubierto un nuevo troyano bancario dentro de la tienda de aplicaciones de Google, que al parecer ha ido afectando a diferentes usuarios.
Este troyano en cuestión lo que hacía era hacerse pasar por una aplicación que grababa llamadas entrantes y salientes, cuando realmente lo que hacía era recolectar nuestros datos y enviarlos a sus atacantes.
https://www.muyseguridad.net/2018/09/28/troyano-bancario-android-pasar-app-grabacion/amp/
Aporte realizado por: Rafa (Closer).
4 387
Some tech media reported that the Telegram Desktop app wasn’t secure because it “leaked IP addresses” when used to accept a voice call.
The reality is much less sensational – Telegram Desktop was at least as secure as other encrypted VoIP apps even before we improved it by adding an option to disable peer-to-peer calls. As for Telegram calls on mobile, they were always more secure than the competition, because they had this setting since day one.
During a peer-to-peer (P2P) call, voice traffic flows directly from one participant of a call to the other without relying on an intermediary server. P2P routing allows to achieve higher quality calls with lower latency, so the current industry standard is to have P2P switched on by default.
However, there’s a catch: by definition, both devices participating in a P2P call have to know the IP addresses of each other. So if you make or accept a call, the person on the other side may in theory learn your IP address.
That’s why, unlike WhatsApp or Viber, Telegram always gave its users the ability to switch off P2P calls and relay them through a Telegram server. Moreover, in most countries we switched off P2P by default.
Telegram Desktop, which is used in less than 0.01% of Telegram calls, was the only platform where this setting was missing. Thanks to a researcher who pointed that out, we made the Telegram Desktop experience consistent with the rest of our apps.
However, it is important to put this into perspective and realize that this is about one Telegram app (Telegram Desktop) being somewhat less secure than other Telegram apps (e.g. Telegram for iOS or Android). If you compare Telegram with other popular messaging services out there, unfortunately, they are not even close to our standards.
Using the terminology from the flashy headlines, WhatsApp, Viber and the rest have been “leaking your IP address” in 100% of calls. They are still doing this, and you can't opt out. The only way to stop this is to have all your friends switch to Telegram.
4 387
Free for dev, a list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev.
#resources #list #coding
@thedevs
https://kutt.it/zPVjNS
4 387
Ell @CCNCERT se une al #CyberSecMonth y realizará numerosas acciones de concienciación en ciberseguridad: cursos, guías, informes de buenas prácticas... Puedes verlas ya:
https://cybersecuritymonth.eu/activities#c5=sortable_title&c4=2018-01-01&c4=2019-01-01&b_start=0&c3=ES
4 387
DNSSEC Key Signing Key Rollover
On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions (DNSSEC) protocol.
https://www.us-cert.gov/ncas/current-activity/2018/09/27/DNSSEC-Key-Signing-Key-Rollover
4 387
Facebook reveals data breach affecting 50 million users
https://thenextweb.com/facebook/2018/09/28/facebook-reveals-data-breach-affecting-50-million-users/
4 387
Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit
https://thehackernews.com/2018/09/linux-kernel-exploit.html
4 387
VPNFilter Router Malware Adds 7 New Network Exploitation Modules
https://thehackernews.com/2018/09/vpnfilter-router-hacking.html
4 387
Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild
https://thehackernews.com/2018/09/uefi-rootkit-malware.html
4 387
Múltiples vulnerabilidades en Cisco IOS e IOS XE
Múltiples vulnerabilidades en Cisco IOS e IOS XE
Fecha de publicación: 27/09/2018
Importancia: 4 - Alta
Descripción:
Cisco ha publicado 12 avisos de seguridad que describen 13 vulnerabilidades en Cisco IOS, todas ellas de criticidad alta.
Solución:
Cisco recomienda actualizar a las versiones más recientes de los productos afectados
https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-cisco-ios-e-ios-xe-0
4 387
Múltiples vulnerabilidades en Jenkins
Fecha de publicación: 26/09/2018
Importancia: 4 - Alta
Recursos afectados:
Arachni Scanner Plugin versión 0.9.7 y anteriores.
Argus Notifier Plugin versión 1.0.1 y anteriores.
Artifactory Plugin versión 2.16.1 y anteriores.
Chatter Notifier Plugin versión 2.0.4 y anteriores.
Config File Provider Plugin versión 3.1 y anteriores.
Crowd 2 Integration Plugin versión 2.0.0 y anteriores.
Dimensions Plugin versión 0.8.14 y anteriores.
Email Extension Template Plugin versión 1.0 y anteriores.
Git Changelog Plugin versión 2.6 y anteriores.
HipChat Plugin versión 2.2.0 y anteriores.
JIRA Plugin versión 3.0.1 y anteriores.
Job Configuration History Plugin versión 2.18 y anteriores.
JUnit Plugin versión 1.25 y anteriores.
mesos Plugin versión 0.17.1 y anteriores.
Metadata Plugin versión 1.1.0b y anteriores.
Monitoring Plugin versión 1.73.1 y anteriores.
MQ Notifier Plugin versión 1.2.6 y anteriores.
PAM Authentication Plugin versión 1.3 y anteriores.
Publish Over Dropbox Plugin versión 1.2.4 y anteriores.
Rebuilder Plugin versión 1.28 y anteriores.
SonarQube Scanner Plugin versión 2.8 y anteriores.
https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-jenkins-2
4 387
La Organización de las Naciones Unidas deja expuestas por accidente contraseñas y documentos confidenciales
http://unaaldia.hispasec.com/2018/09/la-organizacion-de-las-naciones-unidas.html
