SysAdmin 24x7
Open in Telegram
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Show more4 386
Subscribers
-224 hours
-77 days
+630 days
Posts Archive
4 386
Security Updates Released for #Adobe Bridge, Dreamweaver, and AEM
Adobe has published their monthly Patch Tuesday updates for the month of May 2019. These updates includes fixes for vulnerabilities in Adobe Bridge CC, Adobe Experience Manager, and Adobe Dreamweaver.
https://www.bleepingcomputer.com/news/security/security-updates-released-for-adobe-bridge-dreamweaver-and-aem/
4 386
Este nuevo ataque #phishing permite bypassear 2FA
https://www.seguridadapple.com/2019/07/este-nuevo-ataque-phishing-permite.html
4 386
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.
https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
4 386
Vulnerabilidad en 3PAR Service Processor de HPE
Fecha de publicación:09/07/2019
Importancia: Crítica
Recursos afectados:
HPE 3PAR Service Processor (SP), versiones desde la 4.1 hasta la 4.4.
Descripción:
HPE ha detectado una vulnerabilidad de severidad crítica en múltiples versiones de 3PAR Service Processor que podría permitir la interrupción de la confidencialidad, integridad y disponibilidad.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-3par-service-processor-hpe
4 386
Vulnerabilidad en UIoT de HPE
Fecha de publicación: 08/07/2019
Importancia: 4 - Alta
Recursos afectados:
HPE Universal Internet of Things (UIoT), versiones:
1.6;
1.5;
1.4.2;
1.4.1;
1.4.0;
1.2.4.2.
Descripción:
HPE ha detectado una vulnerabilidad de criticidad alta en múltiples versiones de UIoT.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-uiot-hpe
4 386
Ubuntu updates for TCP SACK Panic vulnerabilities
Issues have been identified in the way the Linux kernel’s TCP implementation processes Selective Acknowledgement (SACK) options and handles low Maximum Segment Size (MSS) values. These TCP SACK Panic vulnerabilities could expose servers to a denial of service attack, so it is crucial to have systems patched.
https://admin.insights.ubuntu.com/2019/07/05/mitigations-for-tcp-sack-panic-vulnerabilities
4 386
All-in-one #Mobile Security Frameworks including #Android and iOS Application Penetration Testing.
-static analysis
-reverse engineering
-dynamic analysis
-network tools
-bypass root & ssl pining
-server side testing
https://hackersonlineclub.com/mobile-security-penetration-testing/
4 386
#Microsoft #Outlook Security Feature Bypass (CVE-2017-11774)
Vulnerability Description
A security feature bypass vulnerability exists in Microsoft Outlook. The vulnerability is due to improper handling of objects in memory. A remote attacker may exploit this vulnerability by enticing a target user to load a specially crafted HTML file.
https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-0832.html
4 386
ACSC Releases Updated Essential Eight Maturity Model
The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model identifies three levels of maturity for each mitigation strategy.
https://www.us-cert.gov/ncas/current-activity/2019/07/05/acsc-releases-updated-essential-eight-maturity-model
4 386
#Sodinokibi #Ransomware Exploits Windows Bug to Elevate Privileges
The Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions.
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-exploits-windows-bug-to-elevate-privileges/
4 386
Godlua backdoor, the first #malware that abuses the #DNS over HTTPS (DoH)
Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems.
https://securityaffairs.co/wordpress/87976/malware/godlua-backdoor-abuses-doh.html
4 386
#Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
https://www.us-cert.gov/ncas/current-activity/2019/07/03/cisco-releases-security-updates-multiple-products
4 386
#Microsoft Defender #ATP alert categories are now aligned with #MITRE ATT&CK!
Microsoft Defender ATP alerts include analert category, which loosely identifies the kill chain stage associated with the alerted activity
https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-alert-categories-are-now-aligned-with/ba-p/732748
4 386
Old known issue in #Firefox allows HTML files to steal other files from victim’s system
Opening an HTML file on Firefox could allow attackers to steal files stored on a victim’s computer due to a weakness in the popular web browser.
https://securityaffairs.co/wordpress/87928/hacking/firefox-flaw-data-theft.html
4 386
RATs and stealers rush through “Heaven’s Gate” with new loader
#Talos
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html
4 386
#VMware Releases Security Advisory for Multiple Products
VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available.
https://www.us-cert.gov/ncas/current-activity/2019/07/02/vmware-releases-security-advisory-multiple-products
4 386
#LooCipher: The New Infernal #Ransomware
A new Ransomware appeared in the threat landscape, the malware began to threats the digital world. This time using a nice but scary name: LooCipher.
https://securityaffairs.co/wordpress/87857/malware/loocipher-ransomware.html
4 386
OceanLotus APT usa el RAT Ratsnif en sus ataques.
https://unaaldia.hispasec.com/2019/07/oceanlotus-apt-usa-el-rat-ratsnif-en-sus-ataques.html
Available now! Telegram Research 2025 — the year's key insights 
