SysAdmin 24x7

USN-4989-2: BlueZ vulnerabilities Several security issues were fixed in BlueZ. https://ubuntu.com/security/notices/USN-4989-2

Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv

Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-hMhyDfb8

Schneider Electric Security Notification PowerLogic EGX100 and PowerLogicEGX300 Vulnerabilities discovered in some older Schneider Electric PowerLogic products can allow hackers to remotely take control of devices or disrupt them. https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03

Vulnerability in Microsoft Teams granted attackers access to emails, messages, and personal files. https://portswigger.net/daily-swig/vulnerability-in-microsoft-teams-granted-attackers-access-to-emails-messages-and-personal-files https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138

Una vulnerabilidad en Microsoft Power Apps permite el robo de credenciales en Microsoft Teams https://unaaldia.hispasec.com/2021/06/una-vulnerabilidad-en-microsoft-power-apps-permite-el-robo-de-credenciales-en-microsoft-teams.html

[Actualización 14/06/2021] Vulnerabilidad en el core de Drupal Fecha de publicación: 27/05/2021 Importancia: 3 - Media Recursos afectados: Versiones anteriores a: 9.1; 9.0; 8.9. Descripción: Descubierta en la librería CKEditor un error en el análisis de HTML que podría conducir a un ataque XSS. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-el-core-drupal-3

Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC A trio of security flaws open the door to remote-code execution and a malware tsunami. https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/

Linux system service bug lets you get root on most modern distros https://www.bleepingcomputer.com/news/security/linux-system-service-bug-lets-you-get-root-on-most-modern-distros/

ALPACA: New TLS Attack Allows User Data Extraction, Code Execution. https://www.securityweek.com/alpaca-new-tls-attack-allows-user-data-extraction-code-execution

McDonald’s latest company to be hit by a data breach. https://apnews.com/article/technology-business-b020bd79e428ae0005884beb40c85475

New DDoS extortion attacks detected as Fancy Lazarus group returns. https://www.csoonline.com/article/3621669/new-ddos-extortion-attacks-detected-as-fancy-lazarus-group-returns.html

Hackers can exploit bugs in Samsung pre-installed apps to spy on users. https://www.bleepingcomputer.com/news/security/hackers-can-exploit-bugs-in-samsung-pre-installed-apps-to-spy-on-users/

Microsoft warns of cryptomining attacks on Kubernetes clusters https://www.bleepingcomputer.com/news/security/microsoft-warns-of-cryptomining-attacks-on-kubernetes-clusters/

Summary of June 8 outage https://www.fastly.com/blog/summary-of-june-8-outage

Google fixes sixth Chrome zero-day exploited in the wild this year https://www.bleepingcomputer.com/news/security/google-fixes-sixth-chrome-zero-day-exploited-in-the-wild-this-year/

Spotify, PayPal, GitHub, and other major websites down due to Fastly CDN outage A large number of popular websites including Reddit, Spotify, PayPal, GitHub, gov.uk, CNN, and the BBC are currently facing problems due to a glitch at Fastly CDN provider. https://securityaffairs.co/wordpress/118732/breaking-news/fastly-cdn-outage.html

Adobe issues security updates for 41 vulnerabilities in 10 products https://www.bleepingcomputer.com/news/security/adobe-issues-security-updates-for-41-vulnerabilities-in-10-products/

Microsoft June 2021 Patch Tuesday fixes 6 exploited zero-days, 50 flaws https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2021-patch-tuesday-fixes-6-exploited-zero-days-50-flaws/