uk
Feedback
SysAdmin 24x7

SysAdmin 24x7

Відкрити в Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

Показати більше
4 387
Підписники
+224 години
+17 днів
-530 день
Архів дописів
F5 Big-IP Vulnerable to Security-Bypass Bug The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. https://threatpost.com/f5-big-ip-security-bypass/165735/

Command injection flaw in PHP Composer allowed supply-chain attacks A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. https://securityaffairs.co/wordpress/117366/security/php-composer-flaw.html

Linux kernel vulnerability exposes stack memory, causes data leaks The bug could also be used as a conduit for more severe attacks https://www.zdnet.com/article/linux-kernel-vulnerability-exposes-stack-memory/

SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006 Project: SAML Authentication Date: 2021-April-28 Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Access bypass Description: The SAML Authentication module allows users to authenticate against a SAML identity provider to login to your Drupal site. The module doesn't sufficiently protect against unauthorized local access, by way of using the 'password reset' facility, for users who are supposed to only be able to log in through the identity provider. This creates a scenario where after such a user is blocked from logging in through the identity provider but not explicitly blocked in Drupal, they are still able to log in by sending themselves a Drupal 'password reset' e-mail. Solution: Install the latest version: for all versions of Drupal 8/9, upgrade to samlauth 8.x-3.1. for Drupal 7, upgrade to samlauth 7.x-1.1. https://www.drupal.org/sa-contrib-2021-006

K51213246: BIG-IP APM AD authentication vulnerability CVE-2021-23008 https://support.f5.com/csp/article/K51213246

Cisco Firepower Threat Defense Software Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-sipdos-GGwmMerC

NTLM Relay Attack Exploits Windows RPC Flaws SentineLabs published the details of a newly identified 'NTLM' on their website. https://www.ehackingnews.com/2021/04/ntlm-relay-attack-exploits-windows-rpc.html

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs https://securityaffairs.co/wordpress/117321/apt/naikon-apt-nebulae-backdoor.html

Control inadecuado de los recursos en Citrix ShareFile Fecha de publicación: 28/04/2021 Importancia: 5 - Crítica Recursos afectados: Citrix ShareFile controlador de zonas de almacenamiento, versiones: 5.7 anteriores a 5.7.3; 5.8 anteriores a 5.8.3; 5.9 anteriores a 5.9.3; 5.10 anteriores a 5.10.1; 5.11 anteriores a 5.11.18. Descripción: Citrix ha identificado una vulnerabilidad, de severidad crítica, de control inadecuado de recursos que afecta a ShareFile. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/control-inadecuado-los-recursos-citrix-sharefile

Omisión de autenticación en FortiWAN de Fortinet Fecha de publicación: 28/04/2021 Importancia: 5 - Crítica Recursos afectados: FortiWAN, versiones 4.5.7 y anteriores. Descripción: Una vulnerabilidad de limitación incorrecta de nombre de ruta relativa a un directorio restringido (Relative Path Traversal) podría permitir a un atacante remoto, no autenticado, eliminar archivos en el sistema. Solución: Actualizar a la próxima versión de FortiWAN 4.5.8 o superior. Actualizar a la versión 5.1.1 o superior de FortiWAN. Como medida de mitigación, en lugar de permitir el acceso administrativo desde cualquier fuente, restríngalo a los hosts internos de confianza. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-fortiwan

Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux https://thehackernews.com/2021/04/critical-rce-bug-found-in-homebrew.html

ToxicEye RAT exploits Telegram communications to steal data from victims https://securityaffairs.co/wordpress/117173/cyber-crime/toxiceye-rat-telegram.html

Backdoored password manager stole data from as many as 29K enterprises. https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/

Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation. https://unit42.paloaltonetworks.com/unsecured-kubernetes-instances/

'Sysrv' - New Crypto-Mining Botnet is Silently Expanding it's Reach https://www.ehackingnews.com/2021/04/sysrv-new-crypto-mining-botnet-is.html