SysAdmin 24x7

pfSense CE 2.5.2-RELEASE Now Available We are excited to announce the release of pfSense® Community Edition (CE) software version 2.5.2, now available for new installations and upgrades! This version of pfSense CE software contains several new features and enhancements, along with numerous bug fixes. pfSense software Community Edition version 2.5.2-RELEASE updates and installation images are available for download now. https://www.netgate.com/blog/pfsense-ce-2.5.2-release-now-available

Proxmox VE 7.0 released https://www.proxmox.com/en/news/listid-1/mailid-178-proxmox-virtual-environment-7-0-released

Western Digital Users Face Another RCE. https://threatpost.com/rce-0-day-western-digital-users/167547/

Understanding REvil: The Ransomware Gang Behind the Kaseya Attack https://unit42.paloaltonetworks.com/revil-threat-actors/

Actualización de seguridad de Joomla! 3.9.28 Fecha de publicación: 07/07/2021 Importancia: 4 - Alta Recursos afectados: Joomla! CMS, versiones: desde la 3.0.0, hasta la 3.9.27; desde la 2.5.0, hasta la 3.9.27. Descripción: Joomla! ha publicado una nueva versión que soluciona 5 vulnerabilidades que afectan a su núcleo, de los tipos validación inadecuada de campos, falta de validación de los datos de entrada, cierre de sesión inadecuado tras un cambio de contraseña y ausencia de comprobaciones ACL. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla-3928

Windows Update An Out-of-band update has been released to address a remote code execution exploit in the Windows Print Spooler service. We recommend you update your device as soon as possible. https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#1646

SonicWall addresses critical CVE-2021-20026 flaw in NSM devices Positive Technologies experts provide details about potential impact of a recently fixes command injection flaw in SonicWall NSM devices. Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product. https://securityaffairs.co/wordpress/119767/security/sonicwall-fixes-cve-2021-20026-flaw.html

QNAP fixes critical bug in NAS backup, disaster recovery app https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-bug-in-nas-backup-disaster-recovery-app/

Updates Regarding VSA Security Incident July 3, 2021 - 9:00 PM EDT https://www.kaseya.com/potential-attack-on-kaseya-vsa/

REvil ransomware hits 1,000+ companies in MSP supply-chain attack https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/

America tops ITU's Global Cyber Security Index, UK in tie for second with Saudi Arabia https://www.theregister.com/2021/06/30/america_global_cyber_security_index_2020/

Spanish telecom giant MasMovil hit by Revil ransomware gang. https://www.hackread.com/revil-ransomware-gang-hits-masmovil-telecom/

#Generalitat Cae toda la red informática de la Generalitat de Cataluña El fallo se ha producido entre las 9:15 y las 10:00 y todavía están investigando su causa. Los sistemas de ciudadanía no se han visto afectados, pero no era posible para empleados públicos conectarse a Internet durante ese tiempo. Fuente: https://cronicaglobal.elespanol.com/politica/cae-red-informatica-generalitat_501879_102.html

Update PowerShell versions 7.0 and 7.1 to protect against a vulnerability Published date: July 01, 2021 https://azure.microsoft.com/en-us/updates/update-powershell-versions-70-and-71-to-protect-against-a-vulnerability/

Security Advisory for Multiple HTTPd Authentication Vulnerabilities on DGN2200v1. https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1

Fix for PrintNightmare CVE-2021-34527 exploit to keep your Print Servers running while a patch is not available https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/

Vulnerabilidad 0day de RCE en el servicio Print Spooler de Microsoft Windows Fecha de publicación: 01/07/2021 Importancia: 5 - Crítica Recursos afectados: Windows Server 2016; Windows Server 2019; Windows Server 2012 (incluyendo R2); Windows Server 2008 (incluyendo R2, R2 SP1 y R2 SP2); Windows 7, 8.1 y 10 (incluyendo versión 1909); Windows Server, versión 2004; Windows Server, versión 20H2. Descripción: Un equipo de investigadores de Sangfor ha notificado una vulnerabilidad 0day crítica denominada PrintNightmare, de tipo ejecución remota de código (RCE), que afecta al servicio Print Spooler de Microsoft Windows. Previamente, los investigadores, Zhipeng Huo (Tencent), Piotr Madej (AFINE) y Zhang Yunhai (NSFOCUS TIANJI LAB) habían notificado una vulnerabilidad de escalada local de privilegios (LPE), que también afectaba al servicio Print Spooler de Microsoft Windows, y a la que se asignó el identificador CVE-2021-1675. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-0day-rce-el-servicio-print-spooler-microsoft-windows

PrintNightmare, Critical Windows Print Spooler Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability [...] Update — There are now indications that the fix released by Microsoft for the critical remote code execution vulnerability in the Windows Print spooler service in June does not completely remediate the root cause of the bug, according to the CERT Coordination Center, raising the possibility that it's a zero-day flaw in need of a patch. [...] https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground. https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/