SysAdmin 24x7
Відкрити в Telegram
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Показати більше4 387
Підписники
+224 години
+17 днів
-530 день
Архів дописів
4 387
F5 Big-IP Vulnerable to Security-Bypass Bug
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.
https://threatpost.com/f5-big-ip-security-bypass/165735/
4 387
Command injection flaw in PHP Composer allowed supply-chain attacks
A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package.
https://securityaffairs.co/wordpress/117366/security/php-composer-flaw.html
4 387
Linux kernel vulnerability exposes stack memory, causes data leaks
The bug could also be used as a conduit for more severe attacks
https://www.zdnet.com/article/linux-kernel-vulnerability-exposes-stack-memory/
4 387
SAML Authentication - Moderately critical - Access bypass - SA-CONTRIB-2021-006
Project: SAML Authentication
Date: 2021-April-28
Security risk:
Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass
Description:
The SAML Authentication module allows users to authenticate against a SAML identity provider to login to your Drupal site.
The module doesn't sufficiently protect against unauthorized local access, by way of using the 'password reset' facility, for users who are supposed to only be able to log in through the identity provider. This creates a scenario where after such a user is blocked from logging in through the identity provider but not explicitly blocked in Drupal, they are still able to log in by sending themselves a Drupal 'password reset' e-mail.
Solution:
Install the latest version:
for all versions of Drupal 8/9, upgrade to samlauth 8.x-3.1.
for Drupal 7, upgrade to samlauth 7.x-1.1.
https://www.drupal.org/sa-contrib-2021-006
4 387
K51213246: BIG-IP APM AD authentication vulnerability CVE-2021-23008
https://support.f5.com/csp/article/K51213246
4 387
Microsoft releases new APIs for managing Windows Update
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-new-apis-for-managing-windows-update/
4 387
Cisco Firepower Threat Defense Software Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinj-vWY5wqZT
4 387
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD
4 387
Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-sipdos-GGwmMerC
4 387
NTLM Relay Attack Exploits Windows RPC Flaws
SentineLabs published the details of a newly identified 'NTLM' on their website.
https://www.ehackingnews.com/2021/04/ntlm-relay-attack-exploits-windows-rpc.html
4 387
Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs
https://securityaffairs.co/wordpress/117321/apt/naikon-apt-nebulae-backdoor.html
4 387
Control inadecuado de los recursos en Citrix ShareFile
Fecha de publicación: 28/04/2021
Importancia: 5 - Crítica
Recursos afectados:
Citrix ShareFile controlador de zonas de almacenamiento, versiones:
5.7 anteriores a 5.7.3;
5.8 anteriores a 5.8.3;
5.9 anteriores a 5.9.3;
5.10 anteriores a 5.10.1;
5.11 anteriores a 5.11.18.
Descripción:
Citrix ha identificado una vulnerabilidad, de severidad crítica, de control inadecuado de recursos que afecta a ShareFile.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/control-inadecuado-los-recursos-citrix-sharefile
4 387
Omisión de autenticación en FortiWAN de Fortinet
Fecha de publicación: 28/04/2021
Importancia: 5 - Crítica
Recursos afectados:
FortiWAN, versiones 4.5.7 y anteriores.
Descripción:
Una vulnerabilidad de limitación incorrecta de nombre de ruta relativa a un directorio restringido (Relative Path Traversal) podría permitir a un atacante remoto, no autenticado, eliminar archivos en el sistema.
Solución:
Actualizar a la próxima versión de FortiWAN 4.5.8 o superior.
Actualizar a la versión 5.1.1 o superior de FortiWAN.
Como medida de mitigación, en lugar de permitir el acceso administrativo desde cualquier fuente, restríngalo a los hosts internos de confianza.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-fortiwan
4 387
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/
4 387
Emotet malware nukes itself today from all infected computers worldwide.
https://www.bleepingcomputer.com/news/security/emotet-malware-nukes-itself-today-from-all-infected-computers-worldwide/
4 387
Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux
https://thehackernews.com/2021/04/critical-rce-bug-found-in-homebrew.html
4 387
ToxicEye RAT exploits Telegram communications to steal data from victims
https://securityaffairs.co/wordpress/117173/cyber-crime/toxiceye-rat-telegram.html
4 387
Backdoored password manager stole data from as many as 29K enterprises.
https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/
4 387
Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation.
https://unit42.paloaltonetworks.com/unsecured-kubernetes-instances/
4 387
'Sysrv' - New Crypto-Mining Botnet is Silently Expanding it's Reach
https://www.ehackingnews.com/2021/04/sysrv-new-crypto-mining-botnet-is.html
