SysAdmin 24x7

رفتن به کانال در Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

نمایش بیشتر

إسبانيا12 243 فناوری و برنامه‌ها20 503

4 392

مشترکین

+224 ساعت

+27 روز

+1930 روز

636

نمایش های پست

اطلاعاتی وجود ندارد24 ساعت

اطلاعاتی وجود ندارد48 ساعت

14.48%

نرخ مشارکت

اطلاعاتی وجود ندارد

پست های در روز

Ads index

beta

آرشیو پست ها

4 391

Synology-SA-21:22 DSM Publish Time: 2021-08-17 10:25:46 UTC+8 Severity: Important Abstract Multiple vulnerabilities allow remote authenticated users to execute arbitrary commands, or remote attackers to write arbitrary files via a susceptible version of DiskStation Manager (DSM). Affected Products Product Severity Fixed Release Availability DSM 7.0 Important Ongoing DSM 6.2 Important Upgrade to 6.2.4-25556-2 or above. DSM UC Moderate Pending SkyNAS Important Pending VS960HD Moderate Pending Mitigation: None https://www.synology.com/en-global/security/advisory/Synology_SA_21_22

4 391

Supply Chain Attacks Using Container Images The researchers identified five container images on Docker Hub that could be used as part of a supply chain attack. https://www.ehackingnews.com/2021/08/supply-chain-attacks-using-container.html

4 391

Nueva vulnerabilidad en Moodle https://unaaldia.hispasec.com/2021/08/nueva-vulnerabilidad-en-moodle.html

4 391

SynAck ransomware gang releases master decryption keys for old victims The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. https://securityaffairs.co/wordpress/121116/malware/synack-ransomware-decryption-keys.html

4 391

Disponible software de desencriptado para Prometheus https://unaaldia.hispasec.com/2021/08/disponible-software-desencriptado-prometheus.html

4 391

Drupal Releases Security Updates Original release date: August 12, 2021 Last revised: August 13, 2021 https://us-cert.cisa.gov/ncas/current-activity/2021/08/12/drupal-releases-security-updates

4 391

Mozilla Releases Security Updates for Thunderbird Mozilla has released security updates to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 91 and apply the necessary updates. https://us-cert.cisa.gov/ncas/current-activity/2021/08/12/mozilla-releases-security-updates-thunderbird

4 391

Advisory ID: VMSA-2021-0016.1 CVSSv3 Range: 3.7-8.6 Issue Date: 2021-08-05 Updated On: 2021-08-12 CVE(s): CVE-2021-22002, CVE-2021-22003 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003) Impacted Products VMware Workspace ONE Access (Access) VMware Identity Manager (vIDM) VMware vRealize Automation (vRA) VMware Cloud Foundation vRealize Suite Lifecycle Manager https://www.vmware.com/security/advisories/VMSA-2021-0016.html

4 391

Windows Print Spooler Remote Code Execution Vulnerability Security Vulnerability Released: Aug 11, 2021 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958

4 391

Microsoft confirms another Windows print spooler zero-day bug https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/

4 391

Actualización de seguridad de SAP de agosto de 2021 Fecha de publicación: 11/08/2021 Importancia: 5 - Crítica Recursos afectados: SAP Business One, versión 10.0; SAP BusinessObjects Business Intelligence Platform (Crystal Report, SAPUI5), versiones 420 y 430; SAP S/4HANA, versiones SAPSCORE 125, S4CORE 102, 102, 103, 104 y 105; SAP NetWeaver Enterprise Portal (Application Extensions), versiones 7.30, 7.31, 7.40 y 7.50; SAP NetWeaver Enterprise Portal, versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50; SAP NetWeaver Development Infrastructure (Component Build Service), versiones 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50; SAP NetWeaver Development Infrastructure (Notification Service), versiones 7.31, 7.40 y 7.50; SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT), versiones 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 y 755 ; SAP NetWeaver (Knowledge Management), versiones 7.30, 7.31, 7.40 y 7.50; SAP Fiori Client Native Mobile para Android, versión 3.2; SAP Cloud Connector, versión 2.0; DMIS Mobile Plug-In, versiones DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752 y 2020. Descripción: SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual correspondiente al mes de agosto de 2021. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-agosto-2021

4 391

Múltiples vulnerabilidades en Dell PowerScale OneFS Fecha de publicación: 11/08/2021 Importancia: 4 - Alta Recursos afectados: Dell EMC PowerScale OneFS, versiones 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0 y 9.2.1.x. Descripción: Se han publicado múltiples vulnerabilidades en Dell PowerScale OneFS que podrían permitir a un atacante comprometer el sistema afectado. Solución: Desde PowerScale Download Area: para las versiones 8.2.x, 9.0.0.x y 9.2.0, actualizar la versión de OneFS; para las versiones 8.2.2, 9.1.0.x y 9.2.1.x, instalar la última versión de RUP. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-dell-powerscale-onefs-0

4 391

Ejecución remota de código en Analytics On-Prem de SonicWall Fecha de publicación: 11/08/2021 Importancia: 5 - Crítica Recursos afectados: Analytics On-Prem, versión 2.5.2518 y anteriores. Descripción: Se ha publicado una vulnerabilidad de severidad crítica que podría permitir a un atacante la ejecución remota de código. Solución: Actualizar a la versión 2.5.2519 u otra posterior. Detalle: La configuración incorrecta de la interfaz Java Debug Wire Protocol (JDWP) en el producto afectado podría permitir a un atacante no autenticado la ejecución remota de código arbitrario. Se ha asignado el identificador CVE-2021-20032 para esta vulnerabilidad. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-analytics-prem-sonicwall

4 391

Kaseya's universal REvil decryption key leaked on a hacking forum. https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/

4 391

Breaking the Android Bootloader on the Qualcomm. https://www.pentestpartners.com/security-blog/breaking-the-android-bootloader-on-the-qualcomm-snapdragon-660/

4 391

NicheStack embedded TCP/IP has vulnerabilities Vulnerability Note VU#608209 HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT" CVE IDs: CVE-2020-25767 CVE-2020-25926 CVE-2020-25927 CVE-2020-25928 CVE-2020-35683 CVE-2020-35684 CVE-2020-35685 CVE-2021-27565 CVE-2021-31226 CVE-2021-31227 CVE-2021-31228 CVE-2021-31400 CVE-2021-31401 CVE-2021-36762 https://kb.cert.org/vuls/id/608209

4 391

Citrix Releases Security Update for ShareFile Storage Zones Controller https://us-cert.cisa.gov/ncas/current-activity/2021/08/10/citrix-releases-security-update-sharefile-storage-zones-controller

4 391

Microsoft's August 2021 Patch Tuesday: 44 flaws fixed, seven critical including Print Spooler vulnerability The latest Patch Tuesday sees Microsoft release fixes for 44 different vulnerabilities, including the much-discussed Print Spooler flaw. https://www.zdnet.com/article/microsofts-august-2021-patch-tuesday-45-flaws-fixed-seven-critical-including-print-spooler-vulnerability/

4 391

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. https://securityaffairs.co/wordpress/120994/cyber-crime/ech0raix-ransomware-qnap-synology.html

4 391

Un fallo crítico en el generador de números aleatorios afecta a millones de dispositivos IoT https://unaaldia.hispasec.com/2021/08/un-fallo-critico-en-el-generador-de-numeros-aleatorios-afecta-a-millones-de-dispositivos-iot.html