uk
Feedback
SysAdmin 24x7

SysAdmin 24x7

Відкрити в Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

Показати більше
4 386
Підписники
+124 години
-17 днів
+130 день
Архів дописів
Actualización de seguridad de SAP de diciembre de 2022 Fecha de publicación: 14/12/2022 Identificador: INCIBE-2022-1055 Importancia: 5 - Crítica Recursos afectados: SAP Business Client, versiones 6.5, 7.0 y 7.70; SAP BusinessObjects Business Intelligence Platform, versiones 420 y 430; SAP NetWeaver Process Integration, versión 7.50; SAP Commerce, versiones 1905, 2005, 2105, 2011 y 2205; SAP NetWeaver Process Integration, versión 7.50; SAPBASIS, versiones 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790 y 791; SAP Business Planning y Consolidation, versiones SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300 y CPMBPC 810; SAP BusinessObjects Business Intelligence Platform (Program Objects) versiones 420 y 430; SAP Commerce Webservices 2.0 (Swagger UI), versiones 1905, 2005, 2105, 2011 y 2205; SAPUI5, versiones 754, 755, 756, 757 y CLIENT RUNTIME, versiones –600, 700, 800, 900 y 1000; El resto de productos afectados se pueden consultar en SAP Security Patch Day – Diciembre 2022. Descripción: SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-diciembre-2022 https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible: iCloud for Windows 14.1 Safari 16.2 macOS Monterey 12.6.2 macOS Big Sur 11.7.2 tvOS 16.2 watchOS 9.2 iOS 15.7.2 and iPadOS 15.7.2 iOS 16.2 and iPadOS 16.2 macOS Ventura 13.1 https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/apple-releases-security-updates-multiple-products

Microsoft Releases December 2022 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec

VMSA-2022-0031 CVSSv3 Range: 7.5-9.8 Issue Date: 2022-12-13 CVE(s): CVE-2022-31702, CVE-2022-31703 Synopsis: VMware vRealize Network Insight (vRNI) updates address command injection and directory traversal security vulnerabilities (CVE-2022-31702, CVE-2022-31703) Impacted Products VMware vRealize Network Insight (vRNI) Introduction Multiple vulnerabilities in VMware vRealize Network Insight (vRNI)were privately reported to VMware. Patches and updates are available to remediate these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2022-0031.html

VMSA-2022-0033 CVSSv3 Range: 5.9-9.3 Issue Date: 2022-12-13 CVE(s): CVE-2022-31705 Synopsis: VMware ESXi, Workstation, and Fusion updates address a heap out-of-bounds write vulnerability (CVE-2022-31705) Impacted Products VMware ESXi VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) VMware Cloud Foundation Introduction A heap out-of-bounds write vulnerability in VMware ESXi, Workstation, and Fusion was privately reported to VMware. Updates and workarounds are available to remediate this vulnerability in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2022-0033.html

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory APT5: Citrix ADC Threat Hunting Guidance for detection and mitigation guidance against tools employed by a malicious actor targeting vulnerable Citrix ADC systems. https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/citrix-releases-security-updates-citrix-adc-citrix-gateway

Desbordamiento de búfer en productos Fortinet Fecha de publicación: 13/12/2022 Identificador: INCIBE-2022-1050 Importancia: 5 - Crítica Recursos afectados: FortiOS, versiones: desde 7.2.0 hasta 7.2.2; desde 7.0.0 hasta 7.0.8; desde 6.4.0 hasta 6.4.10; desde 6.2.0 hasta 6.2.11. FortiOS-6K7K, versiones: desde 7.0.0 hasta 7.0.7; desde 6.4.0 hasta 6.4.9; desde 6.2.0 hasta 6.2.11; desde 6.0.0 hasta 6.0.14. Descripción: Fortinet ha reportado una vulnerabilidad crítica de desbordamiento de búfer en FortiOS SSL-VPN, que podría permitir a un atacante remoto, no autenticado, ejecutar código o comandos arbitrarios a través de solicitudes maliciosas. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/desbordamiento-bufer-productos-fortinet

Sophos fixed a critical flaw in its Sophos Firewall version 19.5. Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues. Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary code execution bugs. The most severe issue addressed by the security vendor is a critical code injection vulnerability tracked as CVE-2022-3236. https://securityaffairs.co/wordpress/139362/security/sophos-firewall-critical-flaw.html

SafeBreach Labs Researcher Discovers Multiple Zero-Day Vulnerabilities in Leading Endpoint Detection and Response (EDR) and Antivirus (AV) Solutions. The vulnerabilities were used to develop an undetectable, next-generation wiper—dubbed the Aikido Wiper—with the potential to impact hundreds of millions of endpoints worldwide. The SafeBreach Labs team is committed to conducting original research to uncover new threats and ensure our Hacker’s Playbook provides the most comprehensive collection of attacks. As part of my recent research, I uncovered multiple zero-day vulnerabilities that I was able to use to turn endpoint detection and response (EDR) and antivirus (AV) tools into next-generation wipers with the potential to impact hundreds of millions of endpoints all around the world. https://www.safebreach.com/resources/blog/safebreach-labs-researcher-discovers-multiple-zero-day-vulnerabilities/

Trojanized OneNote Document Leads to Formbook Malware. Cybercriminals have long used Microsoft documents to pass along malware and they are always experimenting with new ways to deliver malicious packages. As defenders, Trustwave SpiderLabs’ researchers are always looking out for new or unusual file types, and through this ongoing research, we uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service. Formbook malware can steal data from various web browsers and from other applications. This malware also has keylogging functionality and can take screenshots. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/

NodeBB prototype pollution flaw could lead to account takeover. ‘Not a prototype pollution vulnerability as you might normally understand it’ NodeBB, a Node.js platform for creating forum applications, has patched a prototype pollution vulnerability that could allow attackers to impersonate other users and take over administrator accounts. The vulnerability was caused by the mishandling of JavaScript’s flexibility in changing object prototypes at runtime. https://portswigger.net/daily-swig/nodebb-prototype-pollution-flaw-could-lead-to-account-takeover

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html

VMSA-2021-0025.5 CVSSv3 Range: 7.1 Issue Date: 2021-11-10 Updated On: 2022-12-08 CVE(s): CVE-2021-22048 Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048) Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) Introduction A privilege escalation vulnerability in VMware Center Server was privately reported to VMware. Workarounds are available to remediate this vulnerability in the affected VMware products. https://www.vmware.com/security/advisories/VMSA-2021-0025.html

VMSA-2022-0030 CVSSv3 Range: 4.2-7.5 Issue Date: 2022-12-08 Updated On: 2022-12-08 (Initial Advisory) CVE(s): CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, CVE-2022-31699 Synopsis: VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, CVE-2022-31699) Impacted Products VMware ESXi VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) Introduction Multiple vulnerabilities in VMware ESXi and vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2022-0030.html

Vulnerabilidad en el cliente web de TIBCO Nimbus Fecha de publicación: 07/12/2022 Identificador: INICBE-2022-1042 Importancia: 5 - Crítica Recursos afectados: El cliente web de TIBCO Nimbus versión 10.5.0 Descripción: TIBCO Nimbus ha comunicado una vulnerabilidad que permite que un atacante no autenticado con acceso a la red aproveche una vulnerabilidad de tipo redirección abierta en el sistema afectado. Solución: TIBCON Nimbus ha publicado la actualización 10.5.1 o posterior, que soluciona el problema. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-el-cliente-web-tibco-nimbus

Bulletin (SB22-339) Vulnerability Summary for the Week of November 28, 2022 https://www.cisa.gov/uscert/ncas/bulletins/sb22-339

Múltiples vulnerabilidades en Lansweeper Fecha de publicación: 02/12/2022 Identificador: INCIBE-2022-1040 Importancia: 5 - Crítica Recursos afectados: Lansweeper 10.1.1.0. Descripción: Marcin ‘Icewall’ Noga, investigador de Cisco Talos, ha descubierto 6 vulnerabilidades de severidad crítica en Lansweeper, cuya explotación podría permitir lectura y subida de archivos aleatorios o inyección de código JavaScript. Solución: Actualizar Lansweeper a una versión superior a 10.1.1.0. Las reglas de SNORT 59990-59992, 59999-60000, 60001-60002, 60054-60056, 60142-60144 y 60219 detectan intentos de explotación contra estas vulnerabilidades. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lansweeper-0

VMSA-2022-0029 CVSSv3 Range: 3.3 Issue Date: 2022-11-29 CVE(s): CVE-2022-31693 Synopsis: VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2021-31693) https://www.vmware.com/security/advisories/VMSA-2022-0029.html

Múltiples vulnerabilidades en HPE Cloudline Fecha de publicación: 23/11/2022 Identificador: INCIBE-2022-1026 Importancia: 5 - Crítica Recursos afectados: HPE Cloudline CL2200/CL2100 Gen10 Server, versiones anteriores a BMC 12.77.04. Descripción: Se han identificado 4 vulnerabilidades: 1 de severidad crítica, 2 altas y 1 media, en distintos modelos de HPE Cloudline https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-hpe-cloudline