SysAdmin 24x7

The FBI is warning of a zero-day vulnerability in FatPipe products that has been under active exploitation since at least May 2021. FatPipe Software-Defined Wide Area Networking (SD-WAN) products provide solutions for an easy migration to Hybrid WAN. FatPipe delivers companies the ability to centrally manage their wide area network, manage branch office configurations, and deploy appliances with zero-touch installation. https://securityaffairs.co/wordpress/124742/security/zero-day-fatpipe.html

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-011 Project: Drupal core Date: 2021-November-17 Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross Site Scripting Description: The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal, along with a hotfix for that update. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access. https://www.drupal.org/sa-core-2021-011

Múltiples vulnerabilidades en productos de HPE Fecha de publicación: 18/11/2021 Importancia: 5 - Crítica Descripción: HPE ha publicado tres vulnerabilidades de severidad crítica y otra de severidad alta que podrían permitir a un atacante remoto descargar o modificar archivos arbitrarios, y causar un desbordamiento de búfer. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-hpe-8

Vulnerabilidades XSS en el core de Drupal Fecha de publicación: 18/11/2021 Importancia: 3 - Media Recursos afectados: Drupal versión 9.2; Drupal versión 9.1; Drupal versión 8.9. Descripción: El líder técnico de CKSource Jacek Bogdański ha reportado dos vulnerabilidades por las que si Drupal está configurado para permitir el uso de la biblioteca CKEditor para la edición WYSIWYG, un atacante que pudiera crear o editar contenido (incluso sin acceso al propio CKEditor) podría ser capaz de explotar una o más vulnerabilidades de Cross-Site Scripting (XSS). https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-xss-el-core-drupal

Azure Active Directory Information Disclosure Vulnerability CVE-2021-42306 Azure Migrate Azure Site Recovery Azure Active Directory Azure Automation https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42306 Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/

Server-side vulnerabilities in Concrete CMS put thousands of websites under threat. Web admins urged to apply patches now Multiple security vulnerabilities in a popular open source (CMS) could allow a malicious attacker to gain full control of the underlying web server. https://portswigger.net/daily-swig/server-side-vulnerabilities-in-concrete-cms-put-thousands-of-websites-under-threat

HTTP header smuggling attack against AWS API Gateway exposes systems to cache poisoning. New hacking technique may pave the way for other serious attacks A security researcher has explained how a weakness in the Amazon Web Services (AWS) API Gateway could be exploited via a HTTP header smuggling attack. https://portswigger.net/daily-swig/http-header-smuggling-attack-against-aws-api-gateway-exposes-systems-to-cache-poisoning

Múltiples vulnerabilidades en TIBCO PartnerExpress Fecha de publicación: 17/11/2021 Importancia: 5 - Crítica Recursos afectados: TIBCO PartnerExpress versión 6.2.1 y anteriores. Componentes afectados: Interior Server; Gateway Server. Descripción: TIBCO ha publicado 3 vulnerabilidades, 2 de severidad crítica y 1 alta por las que un atacante podría obtener acceso administrativo completo al sistema afectado o al sistema local de la víctima. Solución: Actualizar a la versión 6.2.2 o superior. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-tibco-partnerexpress

Reminder: End of servicing for Windows 10, version 2004 On December 14, 2021, all editions of Windows 10, version 2004 and Windows Server, version 2004 will reach end of servicing. After that date, devices running these editions will no longer receive monthly security and quality updates containing protections from the latest security threats. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/reminder-end-of-servicing-for-windows-10-version-2004/ba-p/2943891

FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands The U.S. Federal Bureau of Investigation (FBI) on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." [...] SpamHaus cited its own telemetry data to point out that the email blasts happened over two "spam" waves, one shortly before 5:00 a.m. UTC and another one shortly after 7:00 a.m. UTC. [...] https://thehackernews.com/2021/11/fbis-email-system-hacked-to-send-out.html

New Critical Vulnerabilities Found on Nucleus TCP/IP Stack. https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/

Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT. https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html

Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton. https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html

Microsoft won't extend Windows 7 Extended Security Updates. Server gets another year. Microsoft's popular Windows 7 operating system reached the end of its support lifecycle in January 2020. The company launched ESU, Extended Security Updates, for Windows 7 and Windows Server 2008 at the same time. Officially only available for businesses and Enterprise customers, ESU guaranteed a support extension by up to three years. https://www.ghacks.net/2021/11/10/microsoft-wont-extend-windows-7-extended-security-updates-server-gets-another-year/

BIOS Reference Code Advisory CVSS Base Score: 8.2 High Summary: Potential security vulnerabilities in the BIOS reference code for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Affected Products: Intel® Xeon® Processor E Family Intel® Xeon® Processor E3 v6 Family Intel® Xeon® Processor W Family 3rd Generation Intel® Xeon® Scalable Processors 11th Generation Intel® Core™ Processors 10th Generation Intel® Core™ Processors 7th Generation Intel® Core™ Processors Intel® Core™ X-series Processors Intel® Celeron® Processor N Series Intel® Pentium® Silver Processor Series https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00562.html

Citrix addresses a critical flaw in ADC, Gateway Citrix addressed two vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, one of them is a critical issue leading to DoS. https://securityaffairs.co/wordpress/124452/security/citrix-dos-adc-gateway.html

WordPress corrige un fallo de seguridad. ¡Actualiza! Fecha de publicación: 11/11/2021 Importancia: 4 - Alta Recursos afectados: WordPress, versiones anteriores a la 5.8.2 Descripción: WordPress ha publicado una actualización de seguridad y mantenimiento que soluciona dos errores y un fallo de seguridad. Se recomienda actualizar a la última versión disponible lo antes posible. Solución: Se recomienda actualizar WordPress a la versión 5.8.2 https://www.incibe.es/protege-tu-empresa/avisos-seguridad/wordpress-corrige-fallo-seguridad-actualiza

Múltiples vulnerabilidades en Jenkins Fecha de publicación: 05/11/2021 Importancia: 5 - Crítica Recursos afectados:  Jenkins weekly, versiones 2.318 y anteriores; Jenkins LTS, versiones 2.303.2 y anteriores; Subversion Plugin, versiones 2.15.0 y anteriores. Descripción:  Daniel Beck, investigador de CloudBees, Inc., ha informado de 14 vulnerabilidades en Jenkins, 13 de ellas afectan al core (11 con severidad crítica y 2 altas) y la restante al plugin Subversion (severidad media). https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-jenkins-10

CISA RELEASES DIRECTIVE ON REDUCING THE SIGNIFICANT RISK OF KNOWN EXPLOITED VULNERABILITIES https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities Listado: https://www.cisa.gov/known-exploited-vulnerabilities-catalog