SysAdmin 24x7
Відкрити в Telegram
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Показати більше4 386
Підписники
+124 години
-57 днів
Немає даних30 день
Архів дописів
4 386
REvil ransomware's servers mysteriously come back online.
https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/
4 386
Hackers leak passwords for 500,000 Fortinet VPN accounts
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
4 386
CVE-2020-10188 PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
Description
A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code.
The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is disabled.
This issue does not impact SSH or HTTPS management interfaces. This issue does not affect Prisma Access.
https://security.paloaltonetworks.com/CVE-2020-10188
4 386
Ejecución remota de código en MSHTML de Microsoft
Fecha de publicación: 08/09/2021
Importancia: 4 - Alta
Recursos afectados:
Distintas versiones, service pack y arquitecturas de:
Windows 7. 8.1 y 10;
Windows Server 2012, 2008, 2016. 20H2, 2004, 2022 y 2019.
Descripción:
Los investigadores, Rick Cole, de MSTIC; Dhanesh Kizhakkinan, Bryce Abdo y Genwei Jiang, de Mandiant; y Haifei Li, de EXPMON; han reportado a Microsoft una vulnerabilidad de severidad alta que podría permitir a un atacante la ejecución remota de código.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-mshtml-microsoft
4 386
A researcher published the PoC exploit code for a Ghostscript zero-day vulnerability that could allow completely compromise a server.
Security researcher Nguyen The Duc published on GitHub the proof-of-concept exploit code for a Ghostscript zero-day vulnerability. The vulnerability is a remote code execution (RCE) issue that could allow an attacker to completely compromise a server.
https://securityaffairs.co/wordpress/121940/hacking/ghostscript-poc-exploit.html
4 386
Microsoft shares temp fix for ongoing Office 365 zero-day attacks
Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10.
The flaw is in MSHTML, the browser rendering engine that is also used by Microsoft Office documents.
https://www.bleepingcomputer.com/news/security/microsoft-shares-temp-fix-for-ongoing-office-365-zero-day-attacks/
4 386
Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released.
https://thehackernews.com/2021/09/critical-auth-bypass-bug-affect-netgear.html
4 386
Over 60,000 parked domains were vulnerable to AWS hijacking.
https://www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-vulnerable-to-aws-hijacking/
4 386
Evasión de autenticación en Enterprise NFVIS de Cisco
Fecha de publicación: 02/09/2021
Importancia: 5 - Crtica
Recursos afectados:
Cisco Enterprise NFVIS, versión 4.5.1, cuando el método de autenticación externo TACACS está habilitado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/evasion-autenticacion-enterprise-nfvis-cisco
4 386
Phishing Attack Used Spoofed COVID-19 Vaccination Forms.
https://www.bankinfosecurity.com/phishing-attack-used-spoofed-covid-19-vaccination-forms-a-17399
4 386
Múltiples vulnerabilidades en ArubaOS de HPE
Fecha de publicación: 01/09/2021
Importancia: 5 - Crítica
Recursos afectados:
ArubaOS, versiones anteriores a la 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13, 8.3.0.16, 6.5.4.20 y 6.4.4.25;
Software y pasarelas SD-WAN, versiones anteriores a la 8.7.0.0-2.3.0.0 y 8.6.0.4-2.2.0.6.
Los siguientes productos también están afectados al haber llegado al final de su vida útil:
ArubaOS 8.0.xx,
ArubaOS 8.1.xx,
ArubaOS 8.2.xx,
ArubaOS 8.4.xx,
SD-WAN 1.0.xx,
SD-WAN 2.0.xx,
SD-WAN 2.1.xx,
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-arubaos-hpe
4 386
Deserialization bug in TensorFlow machine learning framework allowed arbitrary code execution.
https://portswigger.net/daily-swig/deserialization-bug-in-tensorflow-machine-learning-framework-allowed-arbitrary-code-execution
4 386
HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform.
https://threatpost.com/hpe-sudo-bug-aruba-platform/169038/
4 386
DNS Rebinding Attack: How Malicious Websites Exploit Private Networks.
https://unit42.paloaltonetworks.com/dns-rebinding/
4 386
New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes
[...]
Microsoft addressed the issue as part of its Patch Tuesday updates for July 2021.
[...]
[...]
"With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users," the ZDI said Monday. "As an illustration of the impact, this can be used to copy all emails addressed to a target and account and forward them to an account controlled by the attacker."
[...]
https://thehackernews.com/2021/08/new-microsoft-exchange-proxytoken-flaw.html
4 386
Opt-In L1 Cache Flushing To Try For Linux 5.15 To Help With The Paranoid, Future CPU Vulnerabilities
https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.15-L1d-Flushing-Mech
4 386
Boffins show PIN bypass attack Mastercard and Maestro contactless payments
Boffins from the Swiss ETH Zurich university demonstrated PIN bypass attack on contactless cards from Mastercard and Maestro.
https://securityaffairs.co/wordpress/121571/hacking/pin-bypass-attack-mastercard-maestro.html
4 386
Microsoft Azure Cosmos DB Guidance
Original release date: August 27, 2021
CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. Although the misconfiguration appears to have been fixed within the Azure cloud, CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate keys and to review Microsoft’s guidance on how to Secure access to data in Azure Cosmos DB.
https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance
Secure access to data in Azure Cosmos DB
https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data?tabs=using-primary-key#primary-keys
4 386
FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia.
https://www.zdnet.com/article/fbi-releases-alert-about-hive-ransomware-after-attack-on-hospital-system/
4 386
Ragnarok ransomware releases master decryptor after shutdown
Ragnarok ransomware gang appears to have called it quits and released the master key that can decrypt files locked with their malware.
The threat actor did not leave a note explaining the move; all of a sudden, they replaced all the victims on their leak site with a short instruction on how to decrypt files.
https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/
