SysAdmin 24x7

Troyano se hace pasar por la aplicación de Clubhouse para Android https://unaaldia.hispasec.com/2021/03/troyano-se-hace-pasar-por-la-aplicacion-de-clubhouse-para-android.html

Computer giant Acer hit by $50 million ransomware attack https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

Múltiples vulnerabilidades en productos de NETGEAR Fecha de publicación: 19/03/2021 Importancia: 5 - Crítica https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-14

Alert (AA21-077A) Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool https://us-cert.cisa.gov/ncas/alerts/aa21-077a

New ZHtrap botnet uses honeypot to find more victims Netlab 360 experts discovered a new Mirai-based botnet dubbed ZHtrap that implements honeypot to find more victims. [...] ZHtrap prapagates using the following Nday vulnerability: JAWS_DVR_RCE NETGEAR CCTV_DVR_RCE CVE-2014-8361 ZHtrap supports multiple architectures, including x86, ARM, and MIPS. [...] https://securityaffairs.co/wordpress/115684/cyber-crime/zhtrap-botnet-honeypot.html

Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability First Published: 2021 March 17 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvw65031 CSCvw65032 CVE-2021-1287 CWE-121 CVSS Score: Base 7.2 Summary: A vulnerability in the web-based management interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites https://thehackernews.com/2021/03/flaws-in-two-popular-wordpress-plugins.html

Múltiples vulnerabilidades en varios productos de NETGEAR Fecha de publicación: 16/03/2021 Importancia: 5 - Crítica Recursos afectados: Los siguientes switches que ejecuten cualquier versión de firmware anterior a la 2.6.0.48: JGS516PE; GS116Ev2; JGS524PE; JGS524Ev2. Descripción: NCCgroup ha notificado a NETGEAR 1 vulnerabilidad de severidad crítica, otra de severidad alta y 2 de severidad media, por las que un atacante podría comprometer los equipos. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-varios-productos-netgear-0

Ejecución remota de código en SimpliVity OmniStack y en OmniCube de HPE Fecha de publicación: 16/03/2021 Importancia: 5 - Crítica Recursos afectados: HPE SimpliVity 2600 Gen10, depende de la versión ESXi, consulte la guía de interoperabilidad; HPE SimpliVity 380 Gen10, depende de la versión ESXi, consulte la guía de interoperabilidad; HPE SimpliVity 380 Gen10 G, depende de la versión ESXi, consulte la guía de interoperabilidad; HPE SimpliVity 380 Gen10 H, depende de la versión ESXi, consulte la guía de interoperabilidad; HPE SimpliVity 380 Gen9, depende de la versión ESXi, consulte la guía de interoperabilidad; HPE SimpliVity 325, depende de la versión ESXi, consulte la guía de interoperabilidad; SimpliVity OmniStack for Cisco, HPE OmniStack 3.7.10 U1 o anterior; SimpliVity OmniStack for Dell, HPE OmniStack 3.7.10 U1 o anterior; SimpliVity OmniStack for Lenovo, HPE OmniStack 3.7.10 U1 o anterior; SimpliVity OmniCube, HPE OmniStack 3.7.10 U1 o anterior. Descripción: Se ha publicado una vulnerabilidad crítica que afecta a varios productos de HPE y que podría permitir a un atacante la ejecución remota de código. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-simplivity-omnistack-y-omnicube-hpe

Múltiples vulnerabilidades en IBM Security Privileged Identity Manager Fecha de publicación: 16/03/2021 Importancia: 5 - Crítica Recursos afectados: IBM Security Privileged Identity Manager (ISPIM), versiones: 2.1.1; 2.1.0; 2.0.2. Descripción: El fabricante ha publicado 2 vulnerabilidades, ambas de severidad crítica y de tipo ejecución remota de código, que afectan a varias versiones de IBM Security Privileged Identity Manager. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-security-privileged-identity-manager

Múltiples vulnerabilidades en Moodle Fecha de publicación: 15/03/2021 Importancia: 5 - Crítica Recursos afectados: Las versiones de Moodle que se ven afectadas son las siguientes: de la 3.10 a la 3.10.1; de la 3.9 a la 3.9.4; de la 3.8 a la 3.8.7; de la 3.5 a la 3.5.16; versiones anteriores no soportadas. Descripción: Se han publicado 7 vulnerabilidades en Moodle, 2 de severidad crítica y 5 de severidad baja, que podrían permitir a un atacante realizar ataques de tipo XSS almacenado o SSRF ciego. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-13

Debian Security Advisory DLA-2557-1 linux-4.19 -- LTS security update Date Reported:12 Feb 2021 Affected Packages:linux-4.19 https://www.debian.org/lts/security/2021/dla-2557

Debian Security Advisory DLA-2593-1 ca-certificates -- LTS security update Date Reported: 14 Mar 2021 Affected Packages: ca-certificates https://www.debian.org/lts/security/2021/dla-2593

Eliminados miles de paquetes de Python subidos con contenido «fraudulento» https://unaaldia.hispasec.com/2021/03/eliminados-miles-de-paquetes-de-python-subidos-con-contenido-fraudulento.html

A Trio of Vulnerabilities in the Linux Kernel Can Give Attackers Root Privileges https://www.ehackingnews.com/2021/03/a-trio-of-vulnerabilities-in-linux.html

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in its JGS516PE Ethernet switch, including an unauthenticated remote code execution flaw rated as critical. https://securityaffairs.co/wordpress/115586/hacking/netgear-soho-flaws.html

RedXOR, a new powerful Linux backdoor in Winnti APT arsenal https://securityaffairs.co/wordpress/115491/apt/redxor-backdoor-winnti-apt.html

There’s a vexing mystery surrounding the 0-day attacks on Exchange servers A half-dozen groups exploiting the same 0-days is unusual, if not unprecedented. https://arstechnica.com/gadgets/2021/03/security-unicorn-exchange-server-0-days-were-exploited-by-6-apts/

Reproducing the Microsoft Exchange Proxylogon Exploit Chain https://www.praetorian.com/blog/reproducing-proxylogon-exploit/

OVH data center fire likely caused by faulty UPS power supply https://www.bleepingcomputer.com/news/security/ovh-data-center-fire-likely-caused-by-faulty-ups-power-supply/