SysAdmin 24x7

New Snort rule addresses critical vulnerability in F5 BIG-IP https://blog.talosintelligence.com/2020/07/snort-rule-f5-rce-critical-vuln.html

Canon hit by Maze Ransomware attack, 10TB data allegedly stolen ​Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability First Published: 2020 August 5 16:00 GMT Cisco Bug IDs: CSCvu14943 CVE-2020-3433 CWE-427 CVSS Score:Base 7.8 [...] The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. [...] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW

Microsoft releases Windows 10 Version 2004 security baseline https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-10-version-2004-security-baseline/

Microsoft adds Windows 10 DNS over HTTPS settings section Microsoft has announced that Windows 10 customers can now configure DNS over HTTPS (DoH) directly from the Settings app starting with the release of Windows 10 Insider Preview Build 20185 to Windows Insiders in the Dev Channel. https://www.bleepingcomputer.com/news/security/microsoft-adds-windows-10-dns-over-https-settings-section/

Hacker leaks passwords for 900+ enterprise VPN servers EXCLUSIVE: The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs. https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/

Extending the Exploration and Analysis of Windows RPC Methods Calling other Functions with Ghidra 🐉, Jupyter Notebooks 📓 and Graphframes 🔗! https://medium.com/threat-hunters-forge/extending-the-exploration-and-analysis-of-windows-rpc-methods-calling-other-functions-with-ghidra-e4cdaa9555bd

Newsletter plugin bugs let hackers inject backdoors on 300K sites https://www.bleepingcomputer.com/news/security/newsletter-plugin-bugs-let-hackers-inject-backdoors-on-300k-sites/

Kodachi 7.2 The Secure OS Linux Kodachi operating system is based on Xubuntu 18.04 LTS it will provide you with a secure, anti forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. https://www.digi77.com/linux-kodachi/

Vulnerabilidad de inyección de comandos en NETGEAR R8300 Fecha de publicación: 03/08/2020 Importancia: 5 - Crítica Recursos afectados:  Router NETGEAR R8300, versiones de firmware anteriores a 1.0.2.134. Descripción:  Un investigador independiente ha reportado a NETGEAR una vulnerabilidad, de severidad crítica, de tipo inyección de comandos, que afecta al router NETGEAR R8300. Solución:  Descargar la útltima versión disponible de firmware del producto afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-comandos-netgear-r8300

Confirmed: Garmin received decryptor for WastedLocker ransomware https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-decryptor-for-wastedlocker-ransomware/

Feliz #SysAdminDay a tod@s https://sysadminday.com/

Múltiples vulnerabilidades en productos de Cisco Fecha de publicación: 30/07/2020 Importancia: 5 - Crítica Recursos afectados:  Todos los modos de implementación de todos los dispositivos Cisco DCNM que se instalaron utilizando archivos de tipo .ova o .iso; Cisco DCNM, versiones 11.0(1), 11.1(1), 11.2(1) y11.3(1); dispositivos Cisco que estén ejecutando una versión vulnerable de Cisco SD-WAN vManage; los siguientes productos de Cisco, si están ejecutando una versión vulnerable de Cisco SD-WAN Solution Software: IOS XE SD-WAN Software, SD-WAN vBond Orchestrator Software, SD-WAN vEdge Cloud Routers, SD-WAN vEdge Routers, SD-WAN vManage Software, SD-WAN vSmart Controller Software. Descripción:  Se han identificado 3 vulnerabilidades de severidad crítica que afectan a múltiples productos de Cisco. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-72

Vulnerabilidades en GRUB2 y UEFI Secure Boot Fecha de publicación: 30/07/2020 Importancia: 4 - Alta Recursos afectados:  Se encuentran afectados por esta vulnerabilidad aquellos sistemas que hagan uso de GRUB2. Descripción:  Investigadores de seguridad de la empresa Eclypsium han descubierto una vulnerabilidad de desbordamiento de buffer en GRUB2, denominada BootHole, que permitiría a un atacante obtener persistencia en el sistema y controlar el proceso de arranque del mismo antes de cargar el sistema operativo. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-grub2-y-uefi-secure-boot

Doki, el nuevo malware de Linux fija como objetivo las APIs de contenedores docker mal configurados https://unaaldia.hispasec.com/2020/07/doki-el-nuevo-malware-de-linux-fija-como-objetivo-las-apis-de-contenedores-docker-mal-configurados.html

ICS Advisory (ICSA-20-210-03) HMS Industrial Networks eCatcher 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: HMS Industrial Networks AB Equipment: eCatcher Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution with highest privileges. https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03

ICS Advisory (ICSA-20-210-02) Softing Industrial Automation OPC 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Softing Industrial Automation, GmbH Equipment: OPC Vulnerabilities: Heap-based Buffer Overflow, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code execution. https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02

ICS Advisory (ICSA-20-210-01) Secomea GateManager 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Secomea Equipment: GateManager Vulnerabilities: Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote code execution on the device. https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01

Emotet malware now steals your email attachments to attack contacts https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/

Limitación incorrecta de la ruta a un directorio restringido en Dell EMC OMSA Fecha de publicación: 28/07/2020 Importancia: 5 - Crítica Recursos afectados: Dell EMC OpenManage Server Administrator (OMSA), versiones 9.4 y anteriores. Descripción: David Yesland, de Rhino Security Labs, ha notificado a Dell EMC una vulnerabilidad, con severidad crítica, de limitación incorrecta del nombre de la ruta a un directorio restringido (path traversal), que afecta al producto OpenManage Server Administrator (OMSA). https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/limitacion-incorrecta-ruta-directorio-restringido-dell-emc-omsa