SysAdmin 24x7

Відкрити в Telegram

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

Іспанія12 243 Технології та додатки20 503

4 392

Підписники

+224 години

+27 днів

+1930 день

636

Перегляди допису

Немає даних24 години

Немає даних48 годин

14.48%

Коефіцієнт залучення

Немає даних

Дописів на день

Ads index

beta

Архів дописів

4 391

Threat actors are actively scanning for the Microsoft Exchange ProxyShell RCE flaws after technical details were released at the Black Hat conference. Threat actors started actively scanning for the Microsoft Exchange ProxyShell remote code execution flaws after researchers released technical details at the Black Hat hacking conference. https://securityaffairs.co/wordpress/120931/hacking/microsoft-exchange-proxyshell-flaws.html

4 391

Go, Rust "net" library affected by critical IP address validation vulnerability. https://www.bleepingcomputer.com/news/security/go-rust-net-library-affected-by-critical-ip-address-validation-vulnerability/

4 391

Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/

4 391

Linux version of BlackMatter ransomware targets VMware ESXi servers. https://www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/

4 391

New DNS vulnerability allows 'nation-state level spying' on companies. https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/

4 391

Múltiples vulnerabilidades en Pulse Connect Secure Fecha de publicación: 06/08/2021 Importancia: 5 - Crítica Recursos afectados: Pulse Connect Secure, versiones anteriores a 9.1R12. Descripción: Diversos investigadores, incluyendo a Richard Warren de NCC Group, han notificado 6 vulnerabilidades, 2 críticas y 4 altas, que afectan a Pulse Connect Secure. Solución: Actualizar Pulse Connect Secure a la versión 9.1R12. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-pulse-connect-secure

4 391

Advisory ID: VMSA-2021-0016 CVSSv3 Range: 3.7-8.6 Issue Date: 2021-08-05 CVE(s): CVE-2021-22002, CVE-2021-22003 Synopsis: VMware Workspace One Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003) Impacted Products VMware Workspace One Access (Access) VMware Identity Manager (vIDM) VMware vRealize Automation (vRA) VMware Cloud Foundation vRealize Suite Lifecycle Manager https://www.vmware.com/security/advisories/VMSA-2021-0016.html

4 391

Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks https://thehackernews.com/2021/08/unpatched-security-flaws-expose.html

4 391

New Robocall Bot on Telegram can Trick Targets Into Giving Up Their Password Researchers at CyberNews have identified a new form of automated social engineering tool that can harvest one-time passwords (OTPs) from users in the United States, the United Kingdom, and Canada. https://www.ehackingnews.com/2021/08/new-robocall-bot-on-telegram-can-trick.html

4 391

Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors. https://www.securityweek.com/vulnerabilities-nichestack-tcpip-stack-affect-many-ot-device-vendors

4 391

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms. https://threatpost.com/security-bugs-takeover-capsule-hotel/168376/

4 391

Vulnerability Spotlight: Use-after-free vulnerability in tinyobjloader. https://blog.talosintelligence.com/2021/08/vuln-spotlight-.html

4 391

Google Releases Security Updates for Chrome Google has released Chrome version 92.0.4515.131 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. https://us-cert.cisa.gov/ncas/current-activity/2021/08/04/google-releases-security-updates-chrome

4 391

Several Malware Families Targeting IIS Web Servers With Malicious Modules https://thehackernews.com/2021/08/several-malware-families-targeting-iis.html

4 391

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability CVSS Score: Base 8.2 Vulnerable Products This vulnerability affects the following Cisco Small Business RV Series Routers if they are running firmware releases earlier than 1.0.01.04: RV160 VPN Routers RV160W Wireless-AC VPN Routers RV260 VPN Routers RV260P VPN Router with PoE RV260W Wireless-AC VPN Routers https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4

4 391

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities CVSS Score: Base 9.8 CVE-2021-1609: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Remote Code Execution and Denial of Service Vulnerability CVE-2021-1610: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Command Injection Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy

4 391

Cisco fixes critical, high severity pre-auth flaws in VPN routers Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices. CVE-2021-1609 (rated 9.8/10) CVE-2021-1602 (8.2/10) https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-high-severity-pre-auth-flaws-in-vpn-routers/

4 391

Un nuevo grupo APT compromete servidores Microsoft IIS utilizando exploits ASP.NET https://unaaldia.hispasec.com/2021/08/un-nuevo-grupo-apt-compromete-servidores-microsoft-iis-utilizando-exploits-asp-net.html

4 391

Vulnerabilidad CSRF en productos NETGEAR Fecha de publicación: 04/08/2021 Importancia: 5 - Crítica Recursos afectados: EX3700, EX3800, EX6120, EX6130 Descripción: El investigador, Joel St. John, de Include Security, ha reportado a NETGEAR una vulnerabilidad de severidad crítica que podría permitir a un atacante comprometer los productos afectados. Solución: Actualizar EX3700, a la versión 1.0.0.90; EX3800, a la versión 1.0.0.90; EX6120, a la versión 1.0.0.64; EX6130, a la versión 1.0.0.44. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-csrf-productos-netgear

4 391

Múltiples vulnerabilidades en FortiPortal de Fortinet Fecha de publicación: 04/08/2021 Importancia: 5 - Crítica Recursos afectados: FortiPortal, versiones: 6.0.4 y anteriores, 5.3.5 y anteriores, 5.2.5 y anteriores, 5.1.2 y anteriores, 5.0.3 y anteriores, 4.2.4 y anteriores, 4.1.2 y anteriores, 4.0.4 y anteriores, 3.2.2 y anteriores, 5.0.x, 5.1.x. Descripción: Ben Knight, de CyberCX New Zealand, y Giuseppe Cocomazzi, del equipo Fortinet Product Security, han reportado 2 vulnerabilidades, ambas de severidad crítica, que podrían permitir a un atacante omitir la autenticación, ejecutar comandos como root, ejecutar código arbitrario o divulgar información. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-fortiportal-fortinet