SysAdmin 24x7

Thunderbird 91.4.0 Email Client has been released. https://www.ghacks.net/2021/12/08/thunderbird-91-4-0-email-client-has-been-released/

Grafana releases security patch after exploit for severe bug goes public Grafana Labs has released an emergency security update today to patch a critical vulnerability after security researchers released proof-of-concept code to exploit the issue over the weekend. The vulnerability, tracked as CVE-2021-43798, impacts the company’s main product, the Grafana dashboard, used by companies across the globe to monitor and aggregate logs and other parameters from across their local or remote networks. Described as a path traversal attack, the vulnerability can allow an attacker to read files outside the Grafana application’s folder. https://therecord.media/grafana-releases-security-patch-after-exploit-for-severe-bug-goes-public/ https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ https://nvd.nist.gov/vuln/detail/CVE-2021-43798

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in the wild. https://us-cert.cisa.gov/ncas/current-activity/2021/12/06/zoho-releases-security-advisory-manageengine-desktop-central-and

ICS Advisory (ICSA-21-336-03) Distributed Data Systems WebHMI EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Authentication Bypass by Primary Weakness, Unrestricted Upload of File with Dangerous Type AFFECTED PRODUCTS The following versions of WebHMI, a SCADA system with built-in web server capability, are affected: All versions prior to 4.1 https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

Mozilla Foundation Security Advisory 2021-51 Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures Announced December 1, 2021 Impact critical Products NSS Fixed in NSS 3.68.1 NSS 3.73 https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/

Unraid through 6.8.0 allows Remote Code Execution https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5847 https://www.checkpoint.com/defense/advisories/public/2021/cpai-2020-3445.html

Vulnerabilidad de desbordamiento de búfer en múltiples productos HP Fecha de publicación: 01/12/2021 Importancia: 5 - Crítica Recursos afectados:  Ciertos modelos de impresoras LaserJet, LaserJet Managed, PageWide y PageWide Managed. Consultar el listado completo en la sección desplegable Affected products del aviso del fabricante. Descripción:  Alexander Bolshev y Timo Hirvonen, investigadores de F-Secure LABS, han reportado una vulnerabilidad crítica que afecta a dispositivos HP de impresión. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-desbordamiento-bufer-multiples-productos-hp

https://twitter.com/malware_traffic/ 2021-11-30 (Tuesday) - Got this #Emotet epoch 4 email, and everything's still active and able to infect my Windows lab host. Link from email already reported to URLhaus: https://urlhaus.abuse.ch/url/1838032/ Someone at Microsoft needs to shut down those windows dot net URLs used for this infection chain. They've been up for hours. - https://urlhaus.abuse.ch/url/1838022/ - https://urlhaus.abuse.ch/url/1838023/ https://twitter.com/malware_traffic/status/1465885327831318529?t=XScCgdPgprISVQEruu9uvw&s=19

Google experts found 2 flaws in video conferencing software Zoom. Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. https://securityaffairs.co/wordpress/125122/security/video-conferencing-software-zoom-flaws.html

Red Hat Security Advisory 2021-4829-04 Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. Issues addressed include a bypass vulnerability. https://packetstormsecurity.com/files/165101/RHSA-2021-4829-04.txt

Critical Printing Shellz flaws impact 150 HP multifunction printer models Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs). [...] The two vulnerabilities are: CVE-2021-39237 (CVSS score: 7.1) – An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers. CVE-2021-39238 (CVSS score: 9.3) – A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products. [...] https://securityaffairs.co/wordpress/125140/hacking/printing-shellz-flaws-hp-printer-models.html

Múltiples vulnerabilidades en el cliente de Zoom Fecha de publicación: 25/11/2021 Importancia: 4 - Alta Descripción: Zoom ha solucionado dos vulnerabilidades, una de criticidad alta y otra media, que podrían permitir a un ciberdelincuente interrumpir el servicio, la ejecución arbitraria de código o acceder a zonas arbitrarias de memoria del producto. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-el-cliente-zoom

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 Advisory ID: cisco-sa-apache-httpd-2.4.49-VWL69sWQ First Published: 2021 November 24 16:00 GMT CVSS Score: Base 9.0 Affected Products Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ

VMSA-2021-0027 CVSSv3 Range:6.5-7.5 Issue Date:2021-11-23 CVE(s):CVE-2021-21980, CVE-2021-22049 Synopsis:VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049) Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) https://www.vmware.com/security/advisories/VMSA-2021-0027.html

GoDaddy hack causes data breach affecting 1.2 million customers In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. https://www.bleepingcomputer.com/news/security/godaddy-hack-causes-data-breach-affecting-12-million-customers/

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks. Python packages: pptest ipboards owlmoon DiscordSafety trrfab 10Cent10 / 10Cent11 yandex-yt yiffparty https://securityaffairs.co/wordpress/124861/hacking/malicious-pypi-python-packages.html

NUCLEUS:13 – Host of vulnerabilities shatter Nucelus TCP/IP stack defenses. Worst security flaw can lead to remote code execution Researchers have disclosed 13 vulnerabilities in the Nucleus TCP/IP stack, the worst of which can be used to remotely execute code. https://portswigger.net/daily-swig/nucleus-13-host-of-vulnerabilities-shatter-nucelus-tcp-ip-stack-defenses

New Windows zero-day with public exploit lets you become an admin https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/

Microsoft Exchange servers hacked in internal reply-chain attacks https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-in-internal-reply-chain-attacks/

Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/11/19/updated-apt-exploitation-manageengine-adselfservice-plus