SysAdmin 24x7

K51213246: BIG-IP APM AD authentication vulnerability CVE-2021-23008 https://support.f5.com/csp/article/K51213246

Microsoft releases new APIs for managing Windows Update https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-new-apis-for-managing-windows-update/

Cisco Firepower Threat Defense Software Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-sipdos-GGwmMerC

NTLM Relay Attack Exploits Windows RPC Flaws SentineLabs published the details of a newly identified 'NTLM' on their website. https://www.ehackingnews.com/2021/04/ntlm-relay-attack-exploits-windows-rpc.html

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs https://securityaffairs.co/wordpress/117321/apt/naikon-apt-nebulae-backdoor.html

Control inadecuado de los recursos en Citrix ShareFile Fecha de publicación: 28/04/2021 Importancia: 5 - Crítica Recursos afectados: Citrix ShareFile controlador de zonas de almacenamiento, versiones: 5.7 anteriores a 5.7.3; 5.8 anteriores a 5.8.3; 5.9 anteriores a 5.9.3; 5.10 anteriores a 5.10.1; 5.11 anteriores a 5.11.18. Descripción: Citrix ha identificado una vulnerabilidad, de severidad crítica, de control inadecuado de recursos que afecta a ShareFile. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/control-inadecuado-los-recursos-citrix-sharefile

Omisión de autenticación en FortiWAN de Fortinet Fecha de publicación: 28/04/2021 Importancia: 5 - Crítica Recursos afectados: FortiWAN, versiones 4.5.7 y anteriores. Descripción: Una vulnerabilidad de limitación incorrecta de nombre de ruta relativa a un directorio restringido (Relative Path Traversal) podría permitir a un atacante remoto, no autenticado, eliminar archivos en el sistema. Solución: Actualizar a la próxima versión de FortiWAN 4.5.8 o superior. Actualizar a la versión 5.1.1 o superior de FortiWAN. Como medida de mitigación, en lugar de permitir el acceso administrativo desde cualquier fuente, restríngalo a los hosts internos de confianza. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-fortiwan

Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/

Emotet malware nukes itself today from all infected computers worldwide. https://www.bleepingcomputer.com/news/security/emotet-malware-nukes-itself-today-from-all-infected-computers-worldwide/

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux https://thehackernews.com/2021/04/critical-rce-bug-found-in-homebrew.html

ToxicEye RAT exploits Telegram communications to steal data from victims https://securityaffairs.co/wordpress/117173/cyber-crime/toxiceye-rat-telegram.html

Backdoored password manager stole data from as many as 29K enterprises. https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/

Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation. https://unit42.paloaltonetworks.com/unsecured-kubernetes-instances/

'Sysrv' - New Crypto-Mining Botnet is Silently Expanding it's Reach https://www.ehackingnews.com/2021/04/sysrv-new-crypto-mining-botnet-is.html

¿Filtración de datos del SOC de Telefónica Chile y otras organizaciones? https://blog.segu-info.com.ar/2021/04/filtracion-de-datos-del-soc-de.html

Whatsapp vulnerable a ataques "Man in the Disk" https://blog.segu-info.com.ar/2021/04/whatsapp-vulnerable-ataques-man-in-disk.html

CocoaPods RCE exploit exposed keys to repo used by three million mobile apps. https://portswigger.net/daily-swig/cocoapods-rce-exploit-exposed-keys-to-repo-used-by-three-million-mobile-apps

REvil’s Big Apple Ransomware Gambit Looks to Pay Off. https://threatpost.com/revil-apple-ransomware-pay-off/165570/