SysAdmin 24x7

Thunderbird 91.0.3 is a small bug fix release. https://www.ghacks.net/2021/08/26/thunderbird-91-0-3-is-a-small-bug-fix-release/

New Campaign Sees LokiBot Delivered Via Multiple Methods We recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older vulnerabilities. https://www.trendmicro.com/en_us/research/21/h/new-campaign-sees-lokibot-delivered-via-multiple-methods.html

Ethereum urges Go devs to fix severe chain-split vulnerability Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol. Such flaws can cause corruption in blockchain services, and lead to massive outages, like the Ethereum network outage from last year. https://www.bleepingcomputer.com/news/security/ethereum-urges-go-devs-to-fix-severe-chain-split-vulnerability/

Synology-SA-21:24 OpenSSL CVE-2021-3711 Severity: Important CVSS3 Base Score: 8.1 https://www.synology.com/en-global/security/advisory/Synology_SA_21_24

Advisory ID: VMSA-2021-0019 CVSSv3 Range: 6.5 Issue Date: 2021-08-24 Updated On: 2021-08-24 (Initial Advisory) CVE(s): CVE-2021-22021 Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability (CVE-2021-22021) Impacted Products VMware vRealize Log Insight VMware Cloud Foundation https://www.vmware.com/security/advisories/VMSA-2021-0019.html

K50974556: Overview of F5 vulnerabilities (August 2021) Security Advisory Description On August 24, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated security advisory. https://support.f5.com/csp/article/K50974556

New Evidence Shows Strong Connection Between Diavol Ransomware and TrickBot Gang. https://heimdalsecurity.com/blog/new-evidence-shows-strong-connection-between-diavol-ransomware-and-trickbot-gang/

Samsung can remotely disable their TVs worldwide using TV Block. https://www.bleepingcomputer.com/news/security/samsung-can-remotely-disable-their-tvs-worldwide-using-tv-block/

Actualización de seguridad de Joomla! 4.0.2 Fecha de publicación: 25/08/2021 Importancia: 4 - Alta Recursos afectados: Joomla! CMS, versión 4.0.0. Solución: Actualizar a la versión 4.0.2. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-joomla-402

How to automate forensic disk collection in AWS https://aws.amazon.com/es/blogs/security/how-to-automate-forensic-disk-collection-in-aws/

CVE-2021-3711 in OpenSSL can allow to change an application’s behavior The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711, that can allow an attacker to change an application’s behavior or cause the app to crash. The OpenSSL Project released the OpenSSL 1.1.1l version that addresses a high-severity buffer overflow flaw, tracked as CVE-2021-3711, that could allow an attacker to change an application’s behavior or cause the app to crash. https://securityaffairs.co/wordpress/121426/hacking/cve-2021-3711-openssl-flaws.html

Advisory ID: VMSA-2021-0018 CVSSv3 Range: 4.4 - 8.6 Issue Date: 2021-08-24 Updated On: 2021-08-24 (Initial Advisory) CVE(s): CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026, CVE-2021-22027 Synopsis: VMware vRealize Operations updates address multiple security vulnerabilities (CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026, CVE-2021-22027) Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager https://www.vmware.com/security/advisories/VMSA-2021-0018.html

Advisory ID: VMSA-2021-0014.1 CVSSv3 Range: 5.3-7.0 Issue Date: 2021-07-13 Updated On: 2021-08-24 CVE(s): CVE-2021-21994, CVE-2021-21995 Synopsis: VMware ESXi updates address authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995) Impacted Products VMware ESXi VMware Cloud Foundation (Cloud Foundation) https://www.vmware.com/security/advisories/VMSA-2021-0014.html

La Botnet Mozi se actualiza con nuevos objetivos https://unaaldia.hispasec.com/2021/08/la-botnet-mozi-se-actualiza-con-nuevos-objetivos.html

Kubescape helps admins manage Kubernetes securely Kubescape is an open-source tool for testing if Kubernetes is deployed securely, as defined in the recently released Kubernetes Hardening Guidance by NSA and CISA. https://www.helpnetsecurity.com/2021/08/24/kubescape-manage-kubernetes-securely/

Realtek SDK flaws exploited to deliver Mirai bot variant Researchers warn that threat actors are actively exploiting Realtek SDK vulnerabilities since their technical details were publicly disclosed. https://securityaffairs.co/wordpress/121400/cyber-crime/realtek-sdk-flaws-mirai-bot.html

Zoom RCE from Pwn2Own 2021 On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the bugs we exploited and how we found them. https://sector7.computest.nl/post/2021-08-zoom/

Microsoft Power Apps misconfiguration exposes 38 million data records The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City, says Upguard. https://www.zdnet.com/article/microsoft-power-apps-misconfiguration-exposes-38-million-data-records/

IntelCon by Ginseg Congreso Online gratuito de #Ciberinteligencia 30 de Agosto al 3 de Septiembre    100% online https://intelcon.ginseg.com/2021/ Inscripciones: https://intelcon.ginseg.com/inscripciones http://t.me/ThreatIntelligence

HoneyCON 2021 Guadalajara, Spain Noviembre 8 a 13, 2021 10 Charlas Técnicas 6 Talleres Técnicos Hack and Beers Actividades en familia Talleres Privados https://honeycon.eu/ Call for Papers: https://www.papercall.io/honeycon21 CFP closes at October 15, 2021 10:00 UTC October 15, 2021 12:00 hdvdEc (Local) ¿Quien es HoneySec? https://honeysec.blogspot.com/ https://t.me/Honey_SEC