uz
Feedback
SysAdmin 24x7

SysAdmin 24x7

Kanalga Telegram’da o‘tish

Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat

Ko'proq ko'rsatish
4 387
Obunachilar
+224 soatlar
+17 kunlar
-530 kunlar
Postlar arxiv
Cybereason released Logout4Shell, a vaccine for Log4Shell Apache Log4j RCE. Cybereason researchers released a “vaccine” that mitigates the critical ‘Log4Shell’ Apache Log4j code execution vulnerability. Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library. https://securityaffairs.co/wordpress/125512/hacking/logout4shell-vaccine-log4j-flaw.html

Vulnerabilidad en Apache Log4j 2 Fecha de publicación: 10/12/2021 Nivel de peligrosidad: CRÍTICO El Equipo de Respuesta a Incidentes del Centro Criptológico Nacional, CCN-CERT, alerta de la publicación de una vulnerabilidad que afecta a Apache Log4j 2. Se ha hecho pública una vulnerabilidad que afecta a la librería de registro de Java Apache Log4j 2, herramienta desarrollada por Apache Foundation que ayuda a los desarrolladores de software a escribir mensajes de registro, cuyo propósito es dejar constancia de una determinada transacción en tiempo de ejecución, además, Log4j permite filtrar los mensajes en función de su importancia. https://www.ccn-cert.cni.es/seguridad-al-dia/alertas-ccn-cert/11435-ccn-cert-al-09-21-vulnerabilidad-en-apache-log4j-2.html

Cisco Releases Security Advisory for Multiple Products Affected by Apache HTTP Server Vulnerabilities Cisco has released a security advisory to address Cisco products affected by multiple vulnerabilities in Apache HTTP Server 2.4.48 and earlier releases. An unauthenticated remote attacker could exploit this vulnerability to take control of an affected system. https://www.cisa.gov/uscert/ncas/current-activity/2021/12/09/cisco-releases-security-advisory-multiple-products-affected-apache

SonicWall Releases Security Advisory for SMA 100 Series Appliances SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. SMA 100 series appliances provide an organization’s employees with remote access to internal resources. Note: although there are currently no reports of these vulnerabilities being exploited in the wild, in July 2021, CISA warned of threat actors actively targeting a known, previously patched, vulnerability in SonicWall SMA 100 series appliances. https://www.cisa.gov/uscert/ncas/current-activity/2021/12/08/sonicwall-releases-security-advisory-sma-100-series-appliances

Grafana releases security patch after exploit for severe bug goes public Grafana Labs has released an emergency security update today to patch a critical vulnerability after security researchers released proof-of-concept code to exploit the issue over the weekend. The vulnerability, tracked as CVE-2021-43798, impacts the company’s main product, the Grafana dashboard, used by companies across the globe to monitor and aggregate logs and other parameters from across their local or remote networks. Described as a path traversal attack, the vulnerability can allow an attacker to read files outside the Grafana application’s folder. https://therecord.media/grafana-releases-security-patch-after-exploit-for-severe-bug-goes-public/ https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ https://nvd.nist.gov/vuln/detail/CVE-2021-43798

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in the wild. https://us-cert.cisa.gov/ncas/current-activity/2021/12/06/zoho-releases-security-advisory-manageengine-desktop-central-and

ICS Advisory (ICSA-21-336-03) Distributed Data Systems WebHMI EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Authentication Bypass by Primary Weakness, Unrestricted Upload of File with Dangerous Type AFFECTED PRODUCTS The following versions of WebHMI, a SCADA system with built-in web server capability, are affected: All versions prior to 4.1 https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

Mozilla Foundation Security Advisory 2021-51 Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures Announced December 1, 2021 Impact critical Products NSS Fixed in NSS 3.68.1 NSS 3.73 https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/

Vulnerabilidad de desbordamiento de búfer en múltiples productos HP Fecha de publicación: 01/12/2021 Importancia: 5 - Crítica Recursos afectados:  Ciertos modelos de impresoras LaserJet, LaserJet Managed, PageWide y PageWide Managed. Consultar el listado completo en la sección desplegable Affected products del aviso del fabricante. Descripción:  Alexander Bolshev y Timo Hirvonen, investigadores de F-Secure LABS, han reportado una vulnerabilidad crítica que afecta a dispositivos HP de impresión. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-desbordamiento-bufer-multiples-productos-hp

https://twitter.com/malware_traffic/ 2021-11-30 (Tuesday) - Got this #Emotet epoch 4 email, and everything's still active and able to infect my Windows lab host. Link from email already reported to URLhaus: https://urlhaus.abuse.ch/url/1838032/ Someone at Microsoft needs to shut down those windows dot net URLs used for this infection chain. They've been up for hours. - https://urlhaus.abuse.ch/url/1838022/ - https://urlhaus.abuse.ch/url/1838023/ https://twitter.com/malware_traffic/status/1465885327831318529?t=XScCgdPgprISVQEruu9uvw&s=19

Google experts found 2 flaws in video conferencing software Zoom. Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. https://securityaffairs.co/wordpress/125122/security/video-conferencing-software-zoom-flaws.html

Red Hat Security Advisory 2021-4829-04 Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. Issues addressed include a bypass vulnerability. https://packetstormsecurity.com/files/165101/RHSA-2021-4829-04.txt

Critical Printing Shellz flaws impact 150 HP multifunction printer models Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs). [...] The two vulnerabilities are: CVE-2021-39237 (CVSS score: 7.1) – An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers. CVE-2021-39238 (CVSS score: 9.3) – A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products. [...] https://securityaffairs.co/wordpress/125140/hacking/printing-shellz-flaws-hp-printer-models.html

Múltiples vulnerabilidades en el cliente de Zoom Fecha de publicación: 25/11/2021 Importancia: 4 - Alta Descripción: Zoom ha solucionado dos vulnerabilidades, una de criticidad alta y otra media, que podrían permitir a un ciberdelincuente interrumpir el servicio, la ejecución arbitraria de código o acceder a zonas arbitrarias de memoria del producto. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-el-cliente-zoom

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 Advisory ID: cisco-sa-apache-httpd-2.4.49-VWL69sWQ First Published: 2021 November 24 16:00 GMT CVSS Score: Base 9.0 Affected Products Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ

VMSA-2021-0027 CVSSv3 Range:6.5-7.5 Issue Date:2021-11-23 CVE(s):CVE-2021-21980, CVE-2021-22049 Synopsis:VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049) Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) https://www.vmware.com/security/advisories/VMSA-2021-0027.html

GoDaddy hack causes data breach affecting 1.2 million customers In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment. https://www.bleepingcomputer.com/news/security/godaddy-hack-causes-data-breach-affecting-12-million-customers/

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks. Python packages: pptest ipboards owlmoon DiscordSafety trrfab 10Cent10 / 10Cent11 yandex-yt yiffparty https://securityaffairs.co/wordpress/124861/hacking/malicious-pypi-python-packages.html