SysAdmin 24x7
رفتن به کانال در Telegram
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
نمایش بیشتر4 391
مشترکین
+124 ساعت
+37 روز
-330 روز
آرشیو پست ها
4 391
#navegador #utilidades DWService: acceso remoto a otros sistemas desde el navegador:
https://lamiradadelreplicante.com/2018/01/03/dwservice-acceso-remoto-a-otros-sistemas-desde-el-navegador
4 391
Actualización de seguridad de SAP de enero de 2018
Fecha de publicación: 10/01/2018
Importancia: 3 - Media
Recursos afectados:
SAP Netweaver
SAP Solution Manager
SAP Startup Service
SAP HANASAP Plant
Connectivity (PCo)
https://www.certsi.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-enero-2018
4 391
Echa un vistazo al Tweet de @JohnLaTwC: https://twitter.com/JohnLaTwC/status/950780973494419456?s=09
4 391
CPU Side-Channel Information Disclosure Vulnerabilities
Network Application, Service, and Acceleration
Cisco Cloud Services Platform 2100
Cisco vBond Orchestrator
Cisco vEdge 1000
Cisco vEdge 100
Cisco vEdge 2000
Cisco vEdge 5000
Cisco vEdge Cloud
Cisco vManage NMS
Cisco vSmart Controller
Routing and Switching - Enterprise and Service Provider
ASR9000 XR64bit Series Routers
Cisco 4000 Series Integrated Services Routers (IOS XE Open Service Containers)
Cisco 4000 Series Integrated Services Routers (IOx feature)
Cisco 500 Series WPAN Industrial Routers (IOx feature)
Cisco ASR 1000 Series Aggregation Services Routers with RP2 or RP3 (IOS XE Open Service Containers)
Cisco CGR 1000 Compute Module (IOx feature)
Cisco Catalyst 3650 Series Switches (IOx feature)
Cisco Catalyst 3850 Series Switches (IOx feature)
Cisco Catalyst 9300 Series Switches (IOx feature)
Cisco Catalyst 9400 Series Switches (IOx feature)
Cisco Catalyst 9500 Series Switches (IOx feature)
Cisco Industrial Ethernet 4000 Series Switches (IOx feature)
Cisco NCS 1000 Series Routers
Cisco NCS 5000 Series Routers
Cisco NCS 5500 Series Routers
Cisco Nexus 3000 Series Switches
Cisco Nexus 4000 Series Blade Switches
Cisco Nexus 5000 Series Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9000 Series Fabric Switches - ACI mode
Cisco Nexus 9000 Series Switches - Standalone, NX-OS mode
XRv9000 Series Routers
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Meeting Server
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
4 391
Múltiples vulnerabilidades en IBM Security Key Lifecycle Manager
Fecha de publicación: 08/01/2018
Importancia: 4 - Alta
Recursos afectados:
IBM Security Key Lifecycle Manager v2.5 - 2.5.0.8, v2.6 - 2.6.0.3 y v2.7 - 2.7.0.2
https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-security-key-lifecycle-manager
4 391
Corregidas graves vulnerabilidades en EMC y VMware vSphere Data Protection
http://unaaldia.hispasec.com/2018/01/corregidas-graves-vulnerabilidades-en.html
4 391
Linux app to detect CPUs vulnerable to Meltdown
https://github.com/raphaelsc/Am-I-affected-by-Meltdown
4 391
[local] VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/43449/
4 391
Echa un vistazo al Tweet de @SunnyHoi: https://twitter.com/SunnyHoi/status/949353602669199360?s=09
4 391
Echa un vistazo al Tweet de @PandaComunica: https://twitter.com/PandaComunica/status/949298282005745665?s=09
4 391
Cómo actualizar todos tus sistemas operativos y navegadores para frenar a Meltdown y Spectre
https://m.xataka.com/seguridad/como-actualizar-todos-tus-sistemas-operativos-y-navegadores-para-frenar-a-meltdown-y-spectre
4 391
Multiples vulnerabilidades en productos IBM WebSphere MQ y WebSphere Application Server
Fecha de publicación: 05/01/2018
Importancia: 4 - Alta
Recursos afectados:
IBM WebSphere MQ 7.0.1.0 – 7.0.1.14
IBM WebSphere MQ 7.1.0.0 – 7.1.0.8
IBM WebSphere MQ 7.5.0.0 – 7.5.0.8
IBM MQ 8.0.0.0 – 8.0.0.7
IBM MQ (LTS) 9.0.0.0 – 9.0.0.1
IBM MQ (CD) 9.0.1.0 – 9.0.3.0
IBM WebSphere Application Server Versiones: Liberty, 9.0, 8.5 y 8.0
https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-ibm-websphere-mq-y-websphere
4 391
Mozilla Releases Security Update
https://www.us-cert.gov/ncas/current-activity/2018/01/04/Mozilla-Releases-Security-Update
4 391
Vulnerabilidades en los procesadores de varios fabricantes
https://www.ccn-cert.cni.es/seguridad-al-dia/noticias-seguridad/5512-vulnerabilidades-en-los-procesadores-de-intel-y-varios-fabricantes.html
4 391
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
4 391
You can use a powershell tool to query the status of Windows mitigations for CVE-2017-5715 (branch target injection) and CVE-2017-5754 (rogue data cache load), more information here:
Server:
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
Client:
https://support.microsoft.com/en-us/help/4073119/windows-client-guidance-for-it-pros-to-protect-against-speculative-exe
4 391
Alert (TA18-004A)
Meltdown and Spectre Side-Channel Vulnerability Guidance
https://www.us-cert.gov/ncas/alerts/TA18-004A
4 391
Vulnerabilidades críticas en múltiples CPUs. Meltdown y Spectre
Fecha de publicación: 04/01/2018
Importancia: 5 - Crítica
En la página hay enlaces a muchos fabricantes y sus recomendaciones.
https://www.certsi.es/alerta-temprana/avisos-seguridad/vulnerabilidades-criticas-multiples-cpus-meltdown-y-spectre
4 391
Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) speculation-free information:
Website:
https://meltdownattack.com/
Project Zero blogpost:
https://googleprojectzero.blogspot.ch/2018/01/reading-privileged-memory-with-side.html
CERT advisory:
https://www.kb.cert.org/vuls/id/584653
