SysAdmin 24x7

Dozens of web apps vulnerable to DNS cache poisoning via ‘forgot password’ feature https://portswigger.net/daily-swig/dozens-of-web-apps-vulnerable-to-dns-cache-poisoning-via-forgot-password-feature

Obtaining password hashes of Windows systems with PetitPotam attack A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. https://securityaffairs.co/wordpress/120489/hacking/windows-petitpotam-attack.html

📢 Nuevo #Informe de Código Dañino. En este recogemos el análisis de #DarkSide, un #ransomware que emplea técnicas de escalado de privilegios, detiene y desinstala servicios, elimina los Shadow Copies del sistema y no requiere conexión a internet 👉 https://t.co/rYOetOrrkJ https://t.co/m7JEiKsXU7

Kaseya Obtains Universal Decryptor for REvil Ransomware. https://threatpost.com/kaseya-universal-decryptor-revil-ransomware/168070/

Power BI Remote Code Execution Vulnerability CVE-2021-31984 Released: Jul 13, 2021 Last updated: Jul 22, 2021 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31984

 Cisco Releases Security Updates Original release date: July 22, 2021 https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/cisco-releases-security-updates

Windows Elevation of Privilege Vulnerability CVE-2021-36934 Workarounds Restrict access to the contents of %windir%\system32\config Command Prompt (Run as administrator): icacls %windir%\system32\config\*.* /inheritance:e Windows PowerShell (Run as administrator): icacls $env:windir\system32\config\*.* /inheritance:e Delete Volume Shadow Copy Service (VSS) shadow copies Delete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config. Create a new System Restore point (if desired). Impact of workaround Deleting shadow copies could impact restore operations, including the ability to restore data with third-party backup applications. For more information on how to delete shadow copies, see KB5005357- Delete Volume Shadow Copies. Note You must restrict access and delete shadow copies to prevent exploitation of this vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

Jira Data Center user? Here's a critical Ehcache vulnerability to spoil your day Update now – and maybe firewall the thing off while you're at it "Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialisation due to a missing authentication vulnerability," the company continued. https://www.theregister.com/2021/07/22/jira_data_center_ehcache_vulnerability

Jira Data Center And Jira Service Management Data Center Security Advisory 2021-07-21 Summary CVE-2020-36239 - Missing Authentication for Ehcache RMI Advisory Release Date 21 Jul 2021 10 AM PDT (Pacific Time, UTC -7 hours) https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html

Vulnerabilidad de librería Archive_Tar de PEAR en Drupal Fecha de publicación: 22/07/2021 Importancia: 5 - Crítica Recursos afectados: Librería Archive_Tar de Drupal. Descripción: Drew Webber, del equipo de seguridad de Drupal, ha reportado una vulnerabilidad de severidad crítica, que podría permitir a un atacante utilizar la librería para extraer archivos que provengan de fuentes no confiables. Solución: Instalar la última versión: Drupal 9.2, actualizar a Drupal 9.2.2; Drupal 9.1, actualizar a Drupal 9.1.11; Drupal 8.9, actualizar a Drupal 8.9.17; Drupal 7, actualizar a Drupal 7.82. Las versiones de Drupal 8, anteriores a la 8.9.x, y de Drupal 9, anteriores a la 9.1.x, finalizan su ciclo de vida. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-libreria-archivetar-pear-drupal

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909) The Qualys Research Team has discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909

New Linux kernel bug lets you get root on most modern distros https://www.bleepingcomputer.com/news/security/new-linux-kernel-bug-lets-you-get-root-on-most-modern-distros/

Adobe Patches 21 Vulnerabilities Across Seven Products. https://www.securityweek.com/adobe-patches-21-vulnerabilities-across-seven-products

Fallo de seguridad en controlador de impresoras HP, Samsung y Xerox oculto durante 16 años https://unaaldia.hispasec.com/2021/07/fallo-de-seguridad-en-controlador-de-impresoras-hp-samsung-y-xerox-oculto-durante-16-anos.html

Actualizaciones críticas en Oracle (julio 2021) Fecha de publicación: 21/07/2021 Importancia: 5 - Crítica Descripción: Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos. Solución: Aplicar los parches correspondientes según los productos afectados. La información para descargar las actualizaciones puede obtenerse del boletín de seguridad publicado por Oracle. Detalle: Esta actualización resuelve un total de 342 vulnerabilidades, algunas de las cuales son críticas. El detalle de las vulnerabilidades resueltas se puede consultar en el enlace de Oracle de la sección de ‘Referencias’. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-julio-2021

New Windows 10 vulnerability allows anyone to get admin privileges https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/

Microsoft Windows 10 gives unprivileged user access to SAM, SYSTEM, and SECURITY files Vulnerability Note VU#506989 https://www.kb.cert.org/vuls/id/506989

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines. https://www.bleepingcomputer.com/news/security/16-year-old-bug-in-printer-software-gives-hackers-admin-rights/

The Android apps on your phone each have, on average, 39 security vulnerabilities. https://www.zdnet.com/article/the-android-apps-on-your-phone-each-have-on-average-39-security-vulnerabilities/

Some URL shortener services distribute Android malware, including banking or SMS trojans. https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/