SysAdmin 24x7
Open in Telegram
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Show more4 387
Subscribers
-224 hours
-17 days
-230 days
Posts Archive
4 387
Taller de pivoting: Metasploit
http://www.hackplayers.com/2018/04/taller-de-pivoting-metasploit.html
4 387
USB-stick-of-death, o dejar K.O. a Windows insertando una memoria USB
http://unaaldia.hispasec.com/2018/04/usb-stick-of-death-o-dejar-ko-windows.html
4 387
Thank you, each and every one of the 12,000+ people who stood up to support the freedom of internet and Telegram today in central Moscow.
https://goo.gl/fEFtQb
4 387
Vulnerabilidad XXE en Dell EMC ECOM
http://unaaldia.hispasec.com/2018/04/vulnerabilidad-xxe-en-dell-emc-ecom.html
4 387
Múltiples vulnerabilidades en PHP
Fecha de publicación: 27/04/2018
Importancia: 4 - Alta
Recursos afectados:
PHP versiones 7.2.x
PHP versiones 7.1.x
PHP versiones 7.0.x
PHP versiones 5.6.x
Descripción:
Se han publicado diferentes versiones de PHP que solucionan múltiples vulnerabilidades de seguridad.
https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-php
4 387
Advisory (ICSA-18-116-01)
Delta Electronics PMSoft
https://ics-cert.us-cert.gov/advisories/ICSA-18-116-01
4 387
Vulnerabilidad de ejecución remota de código en el core de Drupal
Fecha de publicación: 26/04/2018
Importancia: 5 - Crítica
Recursos afectados:
Las versiones afectadas de Drupal son:
7.x
8.x
https://www.certsi.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-el-core-drupal
4 387
IT must patch against Total Meltdown now: The source code is on GitHub
A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it's freely available.
https://www.zdnet.com/google-amp/article/it-must-patch-against-total-meltdown-now-the-source-code-is-on-github/
https://gist.github.com/xpn/bdb99cee8895bab4b1a0671696570d94
4 387
Exploit para escalar privilegios en Windows 7 y Server 2008 R2 x64 mediante CVE-2018-1038 - Total Meltdown
http://www.hackplayers.com/2018/04/exploit-total-meltdown-privesc.html
4 387
Mysterious “double kill” IE zero-day allegedly in the wild
https://nakedsecurity.sophos.com/2018/04/25/mysterious-double-kill-ie-zero-day-allegedly-in-the-wild/
4 387
Third Critical Drupal Flaw Discovered—Patch Your Sites Immediately
Vulnerability: Remote Code Execution
https://thehackernews.com/2018/04/drupal-vulnerability-exploit.html
4 387
Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004
Project: Drupal core
Date: 2018-April-25
Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:Default
Vulnerability: Remote Code Execution
https://www.drupal.org/sa-core-2018-004
4 387
New MikroTik zero day attack patched yesterday installs mips malware that appears related to Luabot, fetches next stage from two hardcoded C2s.
https://twitter.com/craiu/status/989052729480876032
4 387
Advisory: Vulnerability exploiting the Winbox port [SOLVED]
How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file.
Versions affected: 6.29 to 6.43rc3 (included). Updated versions in all release chains coming ASAP. Edit: v6.42.1 and v6.43rc4 have been released!
https://forum.mikrotik.com/viewtopic.php?f=21&t=133533
Also, previously abused by the Hajime botnet :
https://blog.netlab.360.com/quick-summary-port-8291-scan-en/
4 387
Police Shut Down World's Biggest 'DDoS-for-Hire' Service–Admins Arrested
https://thehackernews.com/2018/04/ddos-for-hire-hacker.html
4 387
AMSI, un paso más allá de la detección de malware en Windows
http://blog.elevenpaths.com/2018/04/amsi-deteccion-malware-ciberseguridad.html
4 387
More details about mitigations for the CPU Speculative Execution issue
https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html
