uk
Feedback
SysAdmin 24x7

SysAdmin 24x7

Відкрити в Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

Показати більше
4 387
Підписники
+124 години
-17 днів
+130 день
Архів дописів

CloudGoat: The ‘Vulnerable-by-Design’ AWS Environment https://rhinosecuritylabs.com/aws/cloudgoat-vulnerable-design-aws-environment/

BYOB (Build Your Own Botnet) Disclaimer: This project should be used for authorized testing or educational purposes only. https://github.com/colental/byob

Tens of flaws in Samsung SmartThings Hub expose smart home to attack https://securityaffairs.co/wordpress/74888/hacking/samsung-smartthings-hub-flaws.html

RHSA-2018:2286 - Security Advisory https://access.redhat.com/errata/RHSA-2018:2286

#VPNFilter Known Affected Devices The following devices are known to be affected by this threat. Based on the scale of this research, much of our observations are remote and not on the device, so it is difficult to determine specific version numbers and models in many cases. Given our observations with this threat, we assess that this list may still be incomplete and other devices may be affected. ASUS DEVICES: RT-AC66U (new) RT-N10 (new) RT-N10E (new) RT-N10U (new) RT-N56U (new) RT-N66U (new) D-LINK DEVICES: DES-1210-08P (new) DIR-300 (new) DIR-300A (new) DSR-250N (new) DSR-500N (new) DSR-1000 (new) DSR-1000N (new) HUAWEI DEVICES: HG8245 (new) LINKSYS DEVICES: E1200 E2500 E3000 (new) E3200 (new) E4200 (new) RV082 (new) WRVS4400N MIKROTIK DEVICES: CCR1009 (new) CCR1016 CCR1036 CCR1072 CRS109 (new) CRS112 (new) CRS125 (new) RB411 (new) RB450 (new) RB750 (new) RB911 (new) RB921 (new) RB941 (new) RB951 (new) RB952 (new) RB960 (new) RB962 (new) RB1100 (new) RB1200 (new) RB2011 (new) RB3011 (new) RB Groove (new) RB Omnitik (new) STX5 (new) NETGEAR DEVICES: DG834 (new) DGN1000 (new) DGN2200 DGN3500 (new) FVS318N (new) MBRN3000 (new) R6400 R7000 R8000 WNR1000 WNR2000 WNR2200 (new) WNR4000 (new) WNDR3700 (new) WNDR4000 (new) WNDR4300 (new) WNDR4300-TN (new) UTM50 (new) QNAP DEVICES: TS251 TS439 Pro Other QNAP NAS devices running QTS software TP-LINK DEVICES: R600VPN TL-WR741ND (new) TL-WR841N (new) UBIQUITI DEVICES: NSM2 (new) PBE M5 (new) UPVEL DEVICES: Unknown Models* (new) ZTE DEVICES: ZXHN H108N (new) * Malware targeting Upvel as a vendor has been discovered, but we are unable to determine which specific device it is targeting.

VPNFilter Update - #VPNFilter exploits endpoints, targets new devices. https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

D-Link, Dasan Routers Under Attack In Yet Another Assault Dasan and D-Link routers running GPON firmware are being targeted by hackers in an attempt to create a botnet. Researchers observed on Thursday a massive uptick in exploit attempts from over 3,000 different source IPs targeting model D-Link 2750B and Dasan GPON routers running a version of the GPON firmware. https://threatpost.com/d-link-dasan-routers-under-attack-in-yet-another-assault/134255/ https://www.esentire.com/news-and-events/security-advisories/increase-in-attacks-on-gpon-routers/ https://twitter.com/360Netlab/status/992111707416915969

Photon, el web crawler capaz de extraer grandes cantidades de información de aplicaciones web Photon emplea la recursividad para poder extraer rápidamente los datos de la página web pudiendo hacerse con: - PDFs - URLs con parámetros susceptibles de aplicar fuzzing. - Ficheros - Scripts - Enlaces Dentro de la entrada del blog tenemos más detalles de dicha herramienta junto a un tutorial de instalación y uso. #Photon #WebCrawler Entrada: https://www.fwhibbit.es/photon-mas-alla-que-un-webcrawler

Intel parchea 3 vulnerabilidades graves de Smart Sound Technology Intel Smart Sound Technology es un procesador de señal digital (DSP) integrado desarrollado para manejar sonido, voces y diálogos. Las vulnerabilidades que estaban presentes permitían a un atacante local ejecutar código en procesadores de PCs basados en Intel Core y Atom. Los fallos de seguridad vienen atados a sus versiones del propio Intel Smart Sound Technology, usadas para procesar tareas de audio como comandos de voz o interacciones con Cortana, Dragon, Skype y Nuance. CVE-2018-3666 lleva a un modulo de un driver usado antes de la versión 9.21.00.3541 que podía permitir a un atacante ejecutar código como un administrador gracias a un ataque non-paged pool overflow. Este tipo de ataque consiste en explotar una corrupción de vulnerabilidades del pool del kernel, siendo similar a un "heap" de Microsoft Windows. El propósito es ejecutar el código malicioso en ring 0, que sería equivalente al kernel. CVE-2018-3670 permite ejecutar código mediante el ataque buffer overflow. Este problema está presente siempre que el programa lea datos de alguna fuente y los asigne a un buffer interno, siendo un problema increiblemente viejo. Se encuentra en versiones anteriores a 9.21.00.3541. CVE-2018-3672 se identifica en versiones 9.21.00.3541 y posteriores. Este permite al atacante ejecutar código a través de llamadas del sistema. #IntelSmartSoundTech Fuente en inglés: https://threatpost.com/intel-smart-sound-tech-vulnerable-to-three-high-severity-bugs/134395/ Paper de explotación de pool de kernel en inglés: https://media.blackhat.com/bh-dc-11/Mandt/BlackHat_DC_2011_Mandt_kernelpool-wp.pdf

Recopilatorio de herramientas para seguridad de AWS https://blog.segu-info.com.ar/2018/07/recopilatorio-de-herramientas-para.html

Executing Meterpreter in Memory on Windows 10 and Bypassing AntiVirus https://www.n00py.io/2018/06/executing-meterpreter-in-memory-on-windows-10-and-bypassing-antivirus/

Cómo un Open Redirect puede usarse para robar credenciales en la app en Electron de Hangouts http://unaaldia.hispasec.com/2018/07/como-un-open-redirect-puede-usarse-para.html

PureBlood v2: Penetration Testing Framework created for Hackers/Pentester/Bug Hunter https://securityonline.info/pureblood/ https://github.com/cr4shcod3/pureblood