SysAdmin 24x7

Vulnerabilidad en firewalls de Zyxel Fecha de publicación: 28/06/2021 Importancia: 4 - Alta Recursos afectados: VPN, ZyWALL, USG, ATP y USG FLEX Series en el modo On-Premise: versiones de firmware FCS / date codes / weekly version. Descripción: El equipo de Zyxel ha reportado una vulnerabilidad que podría permitir a un atacante, que pueda acceder a un dispositivo a través de la WAN, omitir la autenticación y establece túneles SSL VPN con cuentas de usuario desconocidas, para manipular la configuración del dispositivo. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-firewalls-zyxel

Debian Security Advisory DSA-4934-1 intel-microcode -- security update https://www.debian.org/security/2021/dsa-4934

Hackers target Cisco ASA devices after a PoC exploit code was published online Experts warn of attacks against Cisco ASA devices after researchers have published a PoC exploit code on Twitter for a known XSS vulnerability. https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html

Microsoft signed a malicious Netfilter rootkit https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit

Microsoft admits to signing rootkit malware in supply-chain fiasco Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. https://www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/

SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers. https://www.theregister.com/2021/06/26/in_brief_security/

Huawei dev flamed for 'useless' Linux kernel code contributions. https://www.theregister.com/2021/06/26/linux_kernel_contributor_from_huawei/

An Unusual File Attachment Is Being Used in Phishing Attacks. https://heimdalsecurity.com/blog/an-unusual-file-attachment-is-being-used-in-phishing-attacks/

Múltiples vulnerabilidades en BIOSConnect y HTTPS Boot de Dell Client BIOS Fecha de publicación: 25/06/2021 Importancia: 4 - Alta Recursos afectados: El problema afecta a 129 modelos diferentes de portátiles, tabletas y ordenadores de sobremesa Dell, y al menos a 30 millones de dispositivos individuales. El listado completo de productos afectados puede encontrarse en la sección "Información adicional" del aviso de Dell. Descripción: Mickey Shkatov y Jesse Michael, investigadores de Eclypsium, han reportado 4 vulnerabilidades: 3 de severidad alta y 1 media, que afectan a las funcionalidades BIOSConnect y HTTPS Boot incluídas en Dell Client BIOS, que podrían permitir a un atacante ejecutar código arbitrario en el nivel BIOS/UEFI del dispositivo afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-biosconnect-y-https-boot-dell-client

Tulsa warns residents that police citations and reports leaked to Dark Web after Conti ransomware attack. https://www.zdnet.com/article/tulsa-warns-residents-that-police-citations-and-reports-leaked-to-dark-web-after-conti-ransomware-attack/

WD My Book NAS devices are being remotely wiped clean worldwide. https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/

30M Dell Devices at Risk for Remote BIOS Attacks, RCE. https://threatpost.com/dell-bios-attacks-rce/167195/

Hackers Use Fake Call Center to Trick Victims Into Installing Ransomware. https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware

DSA-2021-106: Dell Client Platform Security Update for Multiple Vulnerabilities in the BIOSConnect and HTTPS Boot features as part of the Dell Client BIOS Resumen: Dell is releasing remediations for multiple security vulnerabilities affecting the BIOSConnect and HTTPS Boot features. https://www.dell.com/support/kbdoc/es-es/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature

One-click account takeover vulnerabilities in Atlassian domains patched Research was conducted in light of the increasing threat of supply-chain attacks. https://www.zdnet.com/google-amp/article/one-click-account-takeover-vulnerability-in-atlassian-patched/

Zyxel warns customers of attacks on its enterprise firewall and VPN devices Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. https://securityaffairs.co/wordpress/119351/hacking/zyxel-firewall-vpn-attacks.html

Plataforma secreta de la OTAN ha sido hackeada https://unaaldia.hispasec.com/2021/06/plataforma-secreta-de-la-otan-ha-sido-hackeada.html

Vulnerabilidad en Cortex XSOAR de Palo Alto Networks Fecha de publicación: 23/06/2021 Importancia: 5 - Crítica Recursos afectados: Cortex XSOAR versiones: 6.1.0, builds posteriores a 1016923 y anteriores a 1271064; 6.2.0, builds anteriores a 1271065. Descripción: Palo Alto ha reportado esta vulnerabilidad que podría permitir a un atacante realizar acciones no autorizadas a través de la API REST. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-cortex-xsoar-palo-alto-networks

Múltiples vulnerabilidades en productos VMware Fecha de publicación: 23/06/2021 Importancia: 5 - Crítica Recursos afectados: VMware Carbon Black App Control (AppC), VMware Tools para Windows, VMware Remote Console para Windows (VMRC para Windows), VMware App Volumes. Descripción: VMware ha reportado varias vulnerabilidades, de severidades crítica y alta, que podrían permitir a un atacante la omisión de la autenticación o la escalada de privilegios. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-22