SysAdmin 24x7
Kanalga Telegram’da o‘tish
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
Ko'proq ko'rsatish4 388
Obunachilar
-224 soatlar
-37 kunlar
+730 kunlar
Postlar arxiv
4 389
SCShell: movimientos laterales a través del service manager
https://www.hackplayers.com/2019/11/scshell-movimientos-laterales-sc.html
4 389
Cross-site scripting (XSS) en TIBCO EBX
Fecha de publicación: 13/11/2019
Importancia: 4 - Alta
Recursos afectados:
El servidor web de las siguientes versiones de TIBCO EBX:
5.8.1.fixR y anteriores
5.9.3, 5.9.4, 5.9.5 y 5.9.6
En el interfaz web del Digital Asset Manager de las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0, 4.2.0, 4.2.1 y 4.2.2
En el interfaz web del Data Exchange las siguientes versiones de los complementos (Add-ons) de TIBCO EBX:
3.20.13 y anteriores
4.1.0
Descripción:
TIBCO ha publicado 3 vulnerabilidades que afectan a varios de sus productos, que permitirían a un atacante realizar ataques cross-site scripting (XSS).
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/cross-site-scripting-xss-tibco-ebx
4 389
[SECURITY] [DLA 1991-1] libssh2 security update
Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562 In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server For Debian 8 "Jessie", this problem has been fixed in version 1.4.3-4.1+deb8u6.
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
4 389
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel
Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability exists in the component responsible for handling the “MicrosoftÆ Office HTML and XML” format introduced in Microsoft Office 2000. A specially crafted XLS file could lead to a user-after-free vulnerability and remote code execution.
https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html
4 389
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a user with a specially crafted QuickTime file to exploit this vulnerability.
https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html
4 389
Adobe Releases Security Updates
Original release date: November 12, 2019
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Animate CC 2019 APSB19-34
Illustrator CC APSB19-36
Media Encoder APSB19-52
Bridge CC APSB19-53
https://www.us-cert.gov/ncas/current-activity/2019/11/12/adobe-releases-security-updates
4 389
Intel Releases Security Updates
Original release date: November 12, 2019
Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
BMC Advisory INTEL-SA-00313
UEFI Advisory INTEL-SA-00280
SGX and TXT Advisory INTEL-SA-00220
Processor Security Advisory INTEL-SA-00240
CSME, Intel SPS, Intel TXE, Intel AMT, Intel PTT and Intel DAL Advisory INTEL-SA-00241
Graphics Driver for Windows Advisory INTEL-SA-00242
Ethernet 700 Series Controllers Advisory INTEL-SA-00255
SGX Advisory INTEL-SA-00293
Proset/Wireless Wifi Software Security Advisory INTEL-SA-00288
WIFI Drivers and Intel® PROSet/Wireless WiFi Software Extension DLL Advisory INTEL-SA-00287
For updates addressing medium severity vulnerabilities, see the Intel Security Advisories page.
https://www.us-cert.gov/ncas/current-activity/2019/11/12/intel-releases-security-updates
4 389
VMware Releases Security Updates
Original release date: November 12, 2019
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.
https://www.us-cert.gov/ncas/current-activity/2019/11/12/vmware-releases-security-updates
4 389
Debian Security Advisory
DSA-4565-1 intel-microcode -- security update
Date Reported:13 Nov 2019
https://www.debian.org/security/2019/dsa-4565
4 389
Boletín de seguridad de Microsoft de noviembre de 2019
Fecha de publicación: 13/11/2019
Importancia: 5 - Crítica
Recursos afectados:
Microsoft Windows,
Internet Explorer,
Microsoft Edge (Edge basado en HTML),
ChakraCore,
Microsoft Office y Microsoft Office Services y Web Apps,
Open Source Software,
Microsoft Exchange Server,
Visual Studio,
Azure Stack.
Descripción:
La publicación de actualizaciones de seguridad de Microsoft correspondiente al mes de noviembre consta de 75 vulnerabilidades, 13 clasificadas como críticas y 62 como importantes.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-microsoft-noviembre-2019
4 389
#Cisco Fixes High-Risk Vulnerabilities in Some Small Business RV Series #Routers
A number of Cisco Small Business RV Series Routers series were found to be vulnerable to a couple of attacks, and Cisco was quick to explain what the vulnerabilities were and that the patches were issued.
Cisco confirmed that command injection and arbitrary command execution vulnerabilities were found in routers series including RV016, RV042, RV042G, RV082, RV320, and RV325. Both vulnerabilities are considered high risk, which is the main reason for issuing patches so quickly.
https://securityboulevard.com/2019/11/cisco-fixes-high-risk-vulnerabilities-in-some-small-business-rv-series-routers/
4 389
Keylogging users via #Slack themes
Back in August I found a vulnerability in Slack which allowed me to keylog slack input via custom themes. I came across this vulnerability when we were having some discussions in my work’s slack regarding using CSS to change the font to comic-sans, as seen below:
#FFFFFF;}*{FONT-FAMILY:"COMIC SANS MS
https://fletchto99.dev/2019/november/slack-vulnerability/
4 389
#Adobe Patches Vulnerabilities in Design, Web Products
Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.
https://www.securityweek.com/adobe-patches-vulnerabilities-design-web-products
4 389
How to enable encryption in a browser with the #AWS Encryption SDK for JavaScript and Node.js
https://aws.amazon.com/es/blogs/security/how-to-enable-encryption-browser-aws-encryption-sdk-javascript-node-js/
4 389
Adaudit - Powershell Script To Do Domain Auditing Automation
https://www.kitploit.com/2019/11/adaudit-powershell-script-to-do-domain.html
4 389
Múltiples vulnerabilidades en Squid
Fecha de publicación: 11/11/2019
Importancia: 4 - Alta
Recursos afectados:
Las siguientes versiones de Squid:
desde la 2.x hasta la 2.7.STABLE9;
desde la 3.x hasta la 3.5.28;
desde la 4.x hasta la 4.8.
Descripción:
Se han detectado cinco vulnerabilidades en múltiples versiones del servidor proxy Squid.
Solución:
Actualizar a la versión 4.9.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-squid-0
4 389
Nvidia’s latest driver update also fixes security vulnerabilities
https://www.kitguru.net/tech-news/featured-tech-news/matthew-wilson/nvidias-latest-driver-update-also-fixes-security-vulnerabilities/
4 389
Fake Netflix Update Request by Text
https://isc.sans.edu/diary/Fake+Netflix+Update+Request+by+Text/25504
4 389
Spanish MSSP Targeted by #BitPaymer #Ransomware
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/spanish-mssp-targeted-by-bitpaymer-ransomware/
Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
