SysAdmin 24x7

Predictable ID disclosures in IPv4 and IPv6 NetBSD-current: affected NetBSD 9.1: affected NetBSD 8.2: affected Severity: Possible data exfiltration from firewalled or NATed networks Fixed: NetBSD-current: March 9, 2021 NetBSD-9 branch: March 9, 2021 NetBSD-8 branch: March 9, 2021 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2021-001.txt.asc

K02566623: Overview of F5 critical vulnerabilities (March 2021) Security Advisory Description On March 10th, 2021, F5 announced four critical CVEs, along with three related CVEs (two high and one medium). This document is intended to serve as an overview of these vulnerabilities to help you determine the impact on your F5 devices. The details of each issue can be found in the associated security advisory. CVE-2021-22986 Critical 9.8 CVE-2021-22987 Critical 9.9 CVE-2021-22989 High 8.0 CVE-2021-22990 Medium 6.6 CVE-2021-22991 Critical 9.0 CVE-2021-22992 Critical 9.0 https://support.f5.com/csp/article/K02566623

OVH cloud datacenter destroyed by fire https://blog.malwarebytes.com/malwarebytes-news/2021/03/ovh-cloud-datacenter-destroyed-by-fire/

Actualización de seguridad de SAP de marzo de 2021 Fecha de publicación: 10/03/2021 Importancia: 5 - Crítica Solución: Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-marzo-2021

Actualizaciones de seguridad de Microsoft de marzo de 2021 Fecha de publicación: 10/03/2021 Importancia: 5 - Crítica Recursos afectados: Application Virtualization; Azure; Azure DevOps; Azure Sphere; Internet Explorer; Microsoft ActiveX; Microsoft Exchange Server; Microsoft Edge (Chromium-based); Microsoft Graphics Component; Microsoft Office; Microsoft Office Excel; Microsoft Office PowerPoint; Microsoft Office SharePoint; Microsoft Office Visio; Microsoft Windows Codecs Library; Power BI; Role: DNS Server; Role: Hyper-V; Visual Studio; Visual Studio Code; Windows Admin Center; Windows Container Execution Agent; Windows DirectX; Windows Error Reporting; Windows Event Tracing; Windows Extensible Firmware Interface; Windows Folder Redirection; Windows Installer; Windows Media; Windows Overlay Filter; Windows Print Spooler Components; Windows Projected File System Filter Driver; Windows Registry; Windows Remote Access API; Windows Storage Spaces Controller; Windows Update Assistant; Windows Update Stack; Windows UPnP Device Host; Windows User Profile Service; Windows WalletService; Windows Win32K. Descripción: La publicación de actualizaciones de seguridad de Microsoft, correspondiente al mes de marzo, consta de 89 vulnerabilidades, clasificadas 14 como críticas y 75 como importantes. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-seguridad-microsoft-marzo-2021

Múltiples vulnerabilidades en Aruba Instant Fecha de publicación: 10/03/2021 Importancia: 5 - Crítica Recursos afectados: Aruba Instant, versiones: branch 6.4.x: 6.4.4.8-4.2.4.19 y anteriores; branch 6.5.x: 6.5.4.18 y anteriores; branch 8.3.x: 8.3.0.14 y anteriores; branch 8.4.x: 8.4.0.5 y anteriores; branch 8.5.x: 8.5.0.11 y anteriores; branch 8.6.x: 8.6.0.7 y anteriores; branch 8.7.x: 8.7.1.1 y anteriores. Descripción: Varios investigadores han notificado 19 vulnerabilidades, 3 de severidad crítica, 8 altas y 8 medias, que afectan a múltiples versiones de Aruba Instant. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-aruba-instant

El escáner de seguridad de Microsoft es actualizado para detectar ataques ProxyLogon https://unaaldia.hispasec.com/2021/03/el-escaner-de-seguridad-de-microsoft-es-actualizado-para-detectar-ataques-proxylogon.html

Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/

Critical 0-day that targeted security researchers gets a patch from Microsoft [...] Microsoft on Tuesday patched the vulnerability. CVE-2021-26411, as the security flaw is tracked, is rated critical and requires only low-complexity attack code to exploit. [...] https://arstechnica.com/gadgets/2021/03/microsoft-patches-critical-0day-that-north-korea-used-to-target-researchers/

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. https://securityaffairs.co/wordpress/115403/hacking/unityminer-qnap-nas-devices.html

Synology-SA-21:10 Media Server Publish Time: 2021-03-09 08:27:59 UTC+8 Last Updated: 2021-03-09 08:27:59 UTC+8 Severity Moderate Status Resolved https://www.synology.com/en-global/security/advisory/Synology_SA_21_10

Synology-SA-21:11 Download Station Publish Time: 2021-03-09 08:28:24 UTC+8 Last Updated: 2021-03-09 08:28:24 UTC+8 Severity Important Status Resolved https://www.synology.com/en-global/security/advisory/Synology_SA_21_11

Microsoft Cloud App Security: The Hunt in a multi-stage incident https://techcommunity.microsoft.com/t5/microsoft-365-defender/microsoft-cloud-app-security-the-hunt-in-a-multi-stage-incident/ba-p/2193484

GitHub Informs Users of 'Potentially Serious' Authentication Bug GitHub on Monday informed users that it had discovered what it described as an “extremely rare, but potentially serious” security bug related to how some authenticated sessions were handled. https://www.securityweek.com/github-informs-users-potentially-serious-authentication-bug

Microsoft Exchange Server Vulnerabilities Mitigations https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws https://securityaffairs.co/wordpress/115324/security/microsoft-exchange-server-audit-tool.html

Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability Advisory ID: cisco-sa-3000-9000-fileaction-QtLzDRy2 First Published: 2021 February 24 16:00 GMT Last Updated: 2021 March 5 22:02 GMT CVSS Score: Base 9.8 Summary A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2

CVE-2021-3033 Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console Description An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11; Prisma Cloud Compute 20.04 versions Prisma Cloud Compute 20.04.177 and earlier; Prisma Cloud Compute 20.09 versions Prisma Cloud Compute 20.09.365 and earlier; Prisma Cloud Compute 20.12 versions Prisma Cloud Compute 20.12.535 and earlier. Prisma Cloud Compute SaaS version is not impacted by this vulnerability. https://security.paloaltonetworks.com/CVE-2021-3033

Microsoft Exchange Server Spoofing Vulnerability Released: Feb 9, 2021 Last updated: Feb 24, 2021 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1730