SysAdmin 24x7

Múltiples vulnerabilidades en IBM Application Gateway Fecha de publicación: 31/05/2021 Importancia: 5 - Crítica Recursos afectados: IBM Application Gateway, versión 1.0. Descripción: Diversos investigadores de IBM X-Force Ethical Hacking Team han publicado un aviso de seguridad con 1 vulnerabilidad de severidad crítica, 1 de severidad alta y 2 de severidad media. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-ibm-application-gateway

Vulnerabilidad grave en PLCs de Siemens https://unaaldia.hispasec.com/2021/05/vulnerabilidad-grave-en-plcs-de-siemens.html

Hackers Attack AnyDesk Using Malvertising Campaign With Evasion Technique https://gbhackers.com/hackers-attack-anydesk/

HPE Patches the Zero-Day Vulnerabiity in Systems Insight Manager Software for Windows Hewlett Packard Enterprise (HPE) has released a security update to patch critical zero-day remote code execution (RCE) vulnerability in its HPE Systems Insight Manager (SIM) software for Windows that it initially revealed in December 2020. https://www.ehackingnews.com/2021/05/hpe-patches-zero-day-vulnerabiity-in.html

Alert (AA21-148A) Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs https://us-cert.cisa.gov/ncas/alerts/aa21-148a

SonicWall urges customers to 'immediately' patch NSM On-Prem bug https://www.bleepingcomputer.com/news/security/sonicwall-urges-customers-to-immediately-patch-nsm-on-prem-bug/amp/

FBI Update on Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/05/28/fbi-update-exploitation-fortinet-fortios-vulnerabilities

Vulnerabilidad en el core de Drupal Fecha de publicación: 27/05/2021 Importancia: 3 - Media Recursos afectados: Versiones anteriores a: 9.1; 9.0; 8.9. Descripción: Descubierta en la librería CKEditor un error en el análisis de HTML que podría conducir a un ataque XSS. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-el-core-drupal-3

Múltiples vulnerabilidades en Data Grid de Red Hat Fecha de publicación: 27/05/2021 Importancia: 5 - Crítica Recursos afectados: Red Hat JBoss Data Grid Text-Only Advisories x86_64, versión 8.1.1. Descripción: Red Hat ha publicado un aviso de seguridad con una vulnerabilidad de severidad crítica, 8 de severidad alta y 9 de severidad media. Solución: Actualizar Red Hat Data Grid a la versión 8.2.0. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-data-grid-red-hat

[Actualización 27/05/2021] Vulnerabilidad de ejecución remota de código en HPE Systems Insight Manager (SIM) Fecha de publicación: 16/12/2020 Importancia: 5 - Crítica Recursos afectados: HPE Systems Insight Manager (SIM), versiones 7.6.x. Descripción: El investigador, Harrison Neal, a través de Trend Micro Zero Day Initiative, ha informado a Hewlett Packard Enterprise de una vulnerabilidad que podría permitir la ejecución remota de código en HPE Systems Insight Manager (SIM). https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-ejecucion-remota-codigo-hpe

Google experts discovered a new variant of Rowhammer attack against RAM memory cards that bypasses all current defenses https://securityaffairs.co/wordpress/118284/hacking/rowhammer-variant-dubbed-half-double.html

About the security content of watchOS 7.5 https://support.apple.com/es-es/HT212533

[RHSA-2021:2139-01] Critical: Red Hat Data Grid 8.2.0 security update https://listman.redhat.com/archives/rhsa-announce/2021-May/msg00123.html

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT Researchers discovered about 50,000 IPs across multiple Kubernetes clusters that were compromised by the TeamTNT.threat actors. Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group. https://securityaffairs.co/wordpress/118306/digital-id/kubernetes-clusters-teamtnt.html

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability Advisory ID: cisco-sa-pi-epnm-cmd-inj-YU5e6tB3 First Published: 2021 May 19 16:00 GMT Cisco Bug IDs: CSCvw07763 CSCvw67903 CVE-2021-1487 CWE-78 CVSS Score: Base 8.8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3

Know Your Enemy: Exploiting the Dell BIOS Driver Vulnerability to Defend Against It https://www.crowdstrike.com/blog/cve-2021-21551-learning-through-exploitation/

Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station. https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html

Using AI to Detect Malicious C2 Traffic. https://unit42.paloaltonetworks.com/c2-traffic/

Múltiples vulnerabilidades en dispositivos que soportan especificaciones Bluetooth Fecha de publicación: 25/05/2021 Importancia: 4 - Alta Recursos afectados: Las siguientes versiones de las especificaciones de Bluetooth: Mesh Profile, desde 1.0 hasta 1.0.1; Core: desde 1.0B hasta 5.2. Fabricantes afectados: Android Open Source Project, Cisco, Cradlepoint, Intel, Microchip Technology, Red Hat. El listado de fabricantes afectados se irá actualizando en el aviso publicado por el CERT Coordination Center. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-dispositivos-soportan-especificaciones

CVSSv3 Range: 6.5-9.8 Issue Date: 2021-05-25 Updated On: 2021-05-25 (Initial Advisory) CVE(s): CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities (CVE-2021-21985, CVE-2021-21986) https://www.vmware.com/security/advisories/VMSA-2021-0010.html