SysAdmin 24x7

Critical ForgeRock Access Management Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/07/12/critical-forgerock-access-management-vulnerability

Trickbot Malware Returns with a new VNC Module to Spy on its Victims https://thehackernews.com/2021/07/trickbot-malware-returns-with-new-vnc.html

How to create auto-suppression rules in AWS Security Hub https://aws.amazon.com/es/blogs/security/how-to-create-auto-suppression-rules-in-aws-security-hub/

SolarWinds fixes critical Serv-U zero-day exploited in the wild SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it. SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively exploited in the wild by a single threat actor. https://securityaffairs.co/wordpress/120020/security/solarwinds-serv-u-zero-day.html

Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack https://threatpost.com/critical-vulnerability-rce-forgerock-openam/167679/

Azure Sphere version 21.07 Update 1 is now available for evaluation https://azure.microsoft.com/en-us/updates/azure-sphere-version-2107-update-1-is-now-available-for-evaluation/

Insurance giant CNA reports data breach after ransomware attack CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. https://www.bleepingcomputer.com/news/security/insurance-giant-cna-reports-data-breach-after-ransomware-attack/

Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files https://thehackernews.com/2021/07/hackers-use-new-trick-to-disable-macro.html

Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 Security Vulnerability Released: Jul 1, 2021 Last updated: Jul 8, 2021 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Microsoft: PrintNightmare security updates work, start patching! https://www.bleepingcomputer.com/news/security/microsoft-printnightmare-security-updates-work-start-patching/

IT Management Platform Kaseya Hit With Sodinokibi/REvil Ransomware Attack https://www.trendmicro.com/en_us/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html

McAfee's @sisoma2 provides a technical overview of Ryuk ransomware and its new functionalities. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-ryuk-ransomware-targeting-webservers.pdf

Critical Sage X3 RCE Bug Allows Full System Takeovers. Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data. Four vulnerabilities afflict the popular Sage X3 enterprise resource planning (ERP) platform, researchers found – including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with potential supply-chain ramifications, they said. Sage X3 is targeted at mid-sized companies – particularly manufacturers and distributors – that are looking for all-in-one ERP functionality. The system manages sales, finance, inventory, purchasing, customer-relationship management and manufacturing in one integrated ERP software solution. https://threatpost.com/critical-sage-x3-rce-bug-allows-full-system-takeovers/167612/

Vulnerability Spotlight: Information disclosure, privilege escalation vulnerabilities in IOBit Advanced SystemCare Ultimate. https://blog.talosintelligence.com/2021/07/vuln-spotlight-iobit0-.html

Dell Wyse Management Suite subject to database exposure, session hijacking. https://portswigger.net/daily-swig/dell-wyse-management-suite-subject-to-database-exposure-session-hijacking

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html

Cisco Releases Security Updates for Multiple Products [...] Cisco Web Security Appliance Privilege Escalation Vulnerability cisco-sa-scr-web-priv-esc-k3HCGJZ Cisco Business Process Automation Privilege Escalation Vulnerabilities cisco-sa-bpa-priv-esc-dgubwbH4 https://us-cert.cisa.gov/ncas/current-activity/2021/07/08/cisco-releases-security-updates-multiple-products

Lectura arbitraria en varios productos de GitLab Fecha de publicación: 08/07/2021 Importancia: 5 - Crítica Recursos afectados: GitLab Community Edition (CE), todas las versiones desde la 13.11, 13.12 y 14.0; GitLab Enterprise Edition (EE), todas las versiones desde la 13.11, 13.12 y 14.0. Descripción: El investigador, vakzz, ha reportado al programa HackerOne bug bounty de GitLab una vulnerabilidad de severidad crítica, que podría permitir a un atacante leer archivos de forma arbitraria en el servidor. Solución: Actualizar los productos afectados a la versión 14.0.4, 13.12.8 o 13.11.7, según corresponda, a través de la web del fabricante. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/lectura-arbitraria-varios-productos-gitlab

Inyección SQL en FortiMail Fecha de publicación: 08/07/2021 Importancia: 5 - Crítica Recursos afectados: FortiMail versiones: 6.4.3 y anteriores; 6.2.6 y anteriores; 6.0.10 y anteriores; 5.4.12 y anteriores. Descripción: Giuseppe Cocomazzi, del Fortinet PSIRT Team, ha reportado múltiples vulnerabilidades críticas que podrían permitir a un atacante la ejecución de código. Solución: Actualizar a las versiones: 6.4.4 o superior; 6.2.7 o superior; 6.0.11 o superior; Pendiente de confirmación la actualización 5.4. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/inyeccion-sql-fortimail

Microsoft's incomplete PrintNightmare patch fails to fix vulnerability Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. https://www.bleepingcomputer.com/news/microsoft/microsofts-incomplete-printnightmare-patch-fails-to-fix-vulnerability/