ru
Feedback
SysAdmin 24x7

SysAdmin 24x7

Открыть в Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

Больше
4 388
Подписчики
-224 часа
-37 дней
+730 день
Архив постов
Actively Exploited StrandHogg Vulnerability Affects #Android OS A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10. https://www.bleepingcomputer.com/news/security/actively-exploited-strandhogg-vulnerability-affects-android-os/

SUPPORT COMMUNICATION - CUSTOMER BULLETIN Document ID: a00092491en_us Version: 1 Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation Release Date: 2019-11-19 Last Updated: 2019-11-22 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us

#OwnCloud version 8.1.8 (stable) are vulnerable to recovery all username login list. https://packetstormsecurity.com/files/155499/owncloud818-disclose.txt

#Adobe Hacked – Hackers Exploit The Bug in #Magento Marketplace & Gained Access To The Users Data Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information. https://gbhackers.com/magento-marketplace/

#Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform. https://www.bleepingcomputer.com/news/security/ryuk-ransomware-forces-prosegur-security-firm-to-shut-down-network/

Múltiples vulnerabilidades en productos F5 Fecha de publicación: 27/11/2019 Importancia: 4 - Alta Recursos afectados:  BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), versiones: 15.0.0 - 15.0.1; 14.1.0 - 14.1.2; 14.0.0 - 14.0.1; 13.1.0 - 13.1.3.1; 12.1.0 - 12.1.5; 11.5.1 - 11.6.5. Enterprise Manager, versión 3.1.1. BIG-IQ Centralized Management, versiones: 6.0.0; 5.2.0 - 5.4.0. F5 iWorkflow, versión 2.3.0. Descripción:  Se han publicado múltiples vulnerabilidades en productos F5 que podrían permitir a un atacante configurar el proxy para interceptar el tráfico, denegar el servicio o acceder a los archivos de la cuenta root. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-f5-5

Instagram’s updated security and privacy settings How to protect your Instagram account and personal photos from prying eyes. https://www.kaspersky.com/blog/keep-instagram-secure/11045/

How to get started with security response automation on #AWS https://aws.amazon.com/es/blogs/security/how-get-started-security-response-automation-aws/

Kali Linux 2019.4 Release We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4, which is available immediately for download. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme (for Gnome and Xfce) Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now Git powered Public Packaging – getting your tools into Kali Kali NetHunter KeX – Full Kali desktop on Android BTRFS during setup Added PowerShell The kernel is upgraded to version 5.3.9 … Plus the normal bugs fixes and updates. https://www.kali.org/news/kali-linux-2019-4-release/

Vulnerabilidad de omisión de autenticación en BIG-IP de F5 Fecha de publicación: 26/11/2019 Importancia: 5 - Crítica Recursos afectados:  BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM), versiones: 15.x: 15.0.1.0.33.11-ENG Hotfix; 15.0.1.0.48.11-ENG Hotfix. 14.x: 14.1.0.3.0.79.6-ENG Hotfix; 14.1.0.3.0.97.6-ENG Hotfix; 14.1.0.3.0.99.6-ENG Hotfix; 14.1.0.5.0.15.5-ENG Hotfix; 14.1.0.5.0.36.5-ENG Hotfix; 14.1.0.5.0.40.5-ENG Hotfix; 14.1.0.6.0.11.9-ENG Hotfix; 14.1.0.6.0.14.9-ENG Hotfix; 14.1.0.6.0.68.9-ENG Hotfix; 14.1.0.6.0.70.9-ENG Hotfix; 14.1.2.0.11.37-ENG Hotfix; 14.1.2.0.18.37-ENG Hotfix; 14.1.2.0.32.37-ENG Hotfix; 14.1.2.1.0.46.4-ENG Hotfix; 14.1.2.1.0.14.4-ENG Hotfix; 14.1.2.1.0.16.4-ENG Hotfix; 14.1.2.1.0.34.4-ENG Hotfix; 14.1.2.1.0.97.4-ENG Hotfix; 14.1.2.1.0.99.4-ENG Hotfix; 14.1.2.1.0.105.4-ENG Hotfix; 14.1.2.1.0.111.4-ENG Hotfix; 14.1.2.1.0.115.4-ENG Hotfix; 14.1.2.1.0.122.4-ENG Hotfix. NOTA: esta vulnerabilidad afecta únicamente a los hotfixes de BIG-IP Engineering obtenidos del soporte de F5. Las versiones major, minor, o maintenance obtenidas de la web de descargas de F5 no se ven afectadas. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-omision-autenticacion-big-ip-f5

Antispy - A Free But Powerful Anti Virus And Rootkits Toolkit https://www.kitploit.com/2019/11/antispy-free-but-powerful-anti-virus.html

Use attribute-based access control with AD FS to simplify IAM permissions management #AWS https://aws.amazon.com/es/blogs/security/attribute-based-access-control-ad-fs-simplify-iam-permissions-management/

FIDL: FLARE’s IDA Decompiler Library IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a higher-level representation of binary code makes the Hex-Rays decompiler a powerful tool for reverse engineering. However, interacting with the HexRays API and its underlying data sources can be daunting, making the creation of generic analysis scripts difficult or tedious. https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html

Vulnerabilidad de inyección SQL en phpMyAdmin Fecha de publicación: 25/11/2019 Importancia: 4 - Alta Recursos afectados:  Versiones de phpMyAdmin anteriores a la 4.9.2, al menos tan antiguas como la 4.7.7. Descripción:  William Desportes, del equipo de phpMyAdmin, ha descubierto una vulnerabilidad de inyección SQL. Solución:  Actualizar a la versión 4.9.2 o superior, o aplicar el parche correspondiente. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-phpmyadmin

RDP loves company: Kaspersky finds 37 security holes in #VNC remote desktop software BlueKeep isn't the only bug in town, plenty to go round https://www.theregister.co.uk/2019/11/23/kaspersky_vnc_bugs/

ISC Releases Security Advisory for #BIND The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for more information and to apply the necessary updates and workarounds. https://www.us-cert.gov/ncas/current-activity/2019/11/21/isc-releases-security-advisory-bind