SysAdmin 24x7
Kanalga Telegram’da o‘tish
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Ko'proq ko'rsatish4 387
Obunachilar
+224 soatlar
+17 kunlar
-530 kunlar
Postlar arxiv
4 388
Cybereason released Logout4Shell, a vaccine for Log4Shell Apache Log4j RCE.
Cybereason researchers released a “vaccine” that mitigates the critical ‘Log4Shell’ Apache Log4j code execution vulnerability.
Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library.
https://securityaffairs.co/wordpress/125512/hacking/logout4shell-vaccine-log4j-flaw.html
4 388
Vulnerabilidad en Apache Log4j 2
Fecha de publicación: 10/12/2021
Nivel de peligrosidad: CRÍTICO
El Equipo de Respuesta a Incidentes del Centro Criptológico Nacional, CCN-CERT, alerta de la publicación de una vulnerabilidad que afecta a Apache Log4j 2.
Se ha hecho pública una vulnerabilidad que afecta a la librería de registro de Java Apache Log4j 2, herramienta desarrollada por Apache Foundation que ayuda a los desarrolladores de software a escribir mensajes de registro, cuyo propósito es dejar constancia de una determinada transacción en tiempo de ejecución, además, Log4j permite filtrar los mensajes en función de su importancia.
https://www.ccn-cert.cni.es/seguridad-al-dia/alertas-ccn-cert/11435-ccn-cert-al-09-21-vulnerabilidad-en-apache-log4j-2.html
4 388
Cisco Releases Security Advisory for Multiple Products Affected by Apache HTTP Server Vulnerabilities
Cisco has released a security advisory to address Cisco products affected by multiple vulnerabilities in Apache HTTP Server 2.4.48 and earlier releases. An unauthenticated remote attacker could exploit this vulnerability to take control of an affected system.
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/09/cisco-releases-security-advisory-multiple-products-affected-apache
4 388
SonicWall Releases Security Advisory for SMA 100 Series Appliances
SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. SMA 100 series appliances provide an organization’s employees with remote access to internal resources. Note: although there are currently no reports of these vulnerabilities being exploited in the wild, in July 2021, CISA warned of threat actors actively targeting a known, previously patched, vulnerability in SonicWall SMA 100 series appliances.
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/08/sonicwall-releases-security-advisory-sma-100-series-appliances
4 388
Thunderbird 91.4.0 Email Client has been released.
https://www.ghacks.net/2021/12/08/thunderbird-91-4-0-email-client-has-been-released/
4 388
Grafana releases security patch after exploit for severe bug goes public
Grafana Labs has released an emergency security update today to patch a critical vulnerability after security researchers released proof-of-concept code to exploit the issue over the weekend.
The vulnerability, tracked as CVE-2021-43798, impacts the company’s main product, the Grafana dashboard, used by companies across the globe to monitor and aggregate logs and other parameters from across their local or remote networks.
Described as a path traversal attack, the vulnerability can allow an attacker to read files outside the Grafana application’s folder.
https://therecord.media/grafana-releases-security-patch-after-exploit-for-severe-bug-goes-public/
https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/
https://nvd.nist.gov/vuln/detail/CVE-2021-43798
4 388
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in the wild.
https://us-cert.cisa.gov/ncas/current-activity/2021/12/06/zoho-releases-security-advisory-manageengine-desktop-central-and
4 388
ICS Advisory (ICSA-21-336-03)
Distributed Data Systems WebHMI
EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Distributed Data Systems
Equipment: WebHMI
Vulnerabilities: Authentication Bypass by Primary Weakness, Unrestricted Upload of File with Dangerous Type
AFFECTED PRODUCTS
The following versions of WebHMI, a SCADA system with built-in web server capability, are affected:
All versions prior to 4.1
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03
4 388
Mozilla Foundation Security
Advisory 2021-51
Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures
Announced December 1, 2021
Impact critical
Products NSS
Fixed in
NSS 3.68.1
NSS 3.73
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
4 388
Unraid through 6.8.0 allows Remote Code Execution
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5847
https://www.checkpoint.com/defense/advisories/public/2021/cpai-2020-3445.html
4 388
Vulnerabilidad de desbordamiento de búfer en múltiples productos HP
Fecha de publicación: 01/12/2021
Importancia: 5 - Crítica
Recursos afectados:
Ciertos modelos de impresoras LaserJet, LaserJet Managed, PageWide y PageWide Managed. Consultar el listado completo en la sección desplegable Affected products del aviso del fabricante.
Descripción:
Alexander Bolshev y Timo Hirvonen, investigadores de F-Secure LABS, han reportado una vulnerabilidad crítica que afecta a dispositivos HP de impresión.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-desbordamiento-bufer-multiples-productos-hp
4 388
https://twitter.com/malware_traffic/
2021-11-30 (Tuesday) - Got this #Emotet epoch 4 email, and everything's still active and able to infect my Windows lab host. Link from email already reported to URLhaus: https://urlhaus.abuse.ch/url/1838032/
Someone at Microsoft needs to shut down those windows dot net URLs used for this infection chain. They've been up for hours.
- https://urlhaus.abuse.ch/url/1838022/
- https://urlhaus.abuse.ch/url/1838023/
https://twitter.com/malware_traffic/status/1465885327831318529?t=XScCgdPgprISVQEruu9uvw&s=19
4 388
Google experts found 2 flaws in video conferencing software Zoom.
Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks.
https://securityaffairs.co/wordpress/125122/security/video-conferencing-software-zoom-flaws.html
4 388
Red Hat Security Advisory 2021-4829-04
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.22. Issues addressed include a bypass vulnerability.
https://packetstormsecurity.com/files/165101/RHSA-2021-4829-04.txt
4 388
Critical Printing Shellz flaws impact 150 HP multifunction printer models
Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs).
[...]
The two vulnerabilities are:
CVE-2021-39237 (CVSS score: 7.1) – An information disclosure vulnerability impacting certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers.
CVE-2021-39238 (CVSS score: 9.3) – A buffer overflow vulnerability impacting certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed products.
[...]
https://securityaffairs.co/wordpress/125140/hacking/printing-shellz-flaws-hp-printer-models.html
4 388
Múltiples vulnerabilidades en el cliente de Zoom
Fecha de publicación: 25/11/2021
Importancia: 4 - Alta
Descripción:
Zoom ha solucionado dos vulnerabilidades, una de criticidad alta y otra media, que podrían permitir a un ciberdelincuente interrumpir el servicio, la ejecución arbitraria de código o acceder a zonas arbitrarias de memoria del producto.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-el-cliente-zoom
4 388
Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
Advisory ID: cisco-sa-apache-httpd-2.4.49-VWL69sWQ
First Published: 2021 November 24 16:00 GMT
CVSS Score: Base 9.0
Affected Products
Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
4 388
VMSA-2021-0027
CVSSv3 Range:6.5-7.5
Issue Date:2021-11-23
CVE(s):CVE-2021-21980, CVE-2021-22049
Synopsis:VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)
Impacted Products
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
4 388
GoDaddy hack causes data breach affecting 1.2 million customers
In a data breach notification published today, GoDaddy said that the data of up to 1.2 million of its customers was exposed after hackers gained access to the company's Managed WordPress hosting environment.
https://www.bleepingcomputer.com/news/security/godaddy-hack-causes-data-breach-affecting-12-million-customers/
4 388
Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks.
JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.
Python packages:
pptest
ipboards
owlmoon
DiscordSafety
trrfab
10Cent10 / 10Cent11
yandex-yt
yiffparty
https://securityaffairs.co/wordpress/124861/hacking/malicious-pypi-python-packages.html
