SysAdmin 24x7

15 Jan 2024 15:11

Múltiples vulnerabilidades en WIC1200 de Full Compass Systems

Fecha 15/01/2024
Importancia 4 - Alta

Recursos Afectados
WIC1200, versión 1.1.

Descripción
INCIBE ha coordinado la publicación de 3 vulnerabilidades de severidad alta que afectan a WIC1200 versión 1.1, un dispositivo hardware para administración de sitios web, las cuales han sido descubiertas por HADESS.
A estas vulnerabilidades se le han asignado los siguientes códigos, puntuación base CVSS v3.1, vector del CVSS y el tipo de vulnerabilidad CWE de cada vulnerabilidad:
CVE-2024-0554: 5.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L | CWE-79.
CVE-2024-0555: 4.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L | CWE-352.
CVE-2024-0556: 7.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N | CWE-261.

Solución
No hay solución reportada por el momento.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-wic1200-de-full-compass-systems

SysAdmin 24x7

12 Jan 2024 20:53

Cisco Releases Security Advisory for Cisco Unity Connection

Release DateJanuary 11, 2024

Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system.

https://www.cisa.gov/news-events/alerts/2024/01/11/cisco-releases-security-advisory-cisco-unity-connection

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD

SysAdmin 24x7

11 Jan 2024 00:03

Microsoft Releases January 2024 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

SysAdmin 24x7

09 Jan 2024 19:10

Actualizaciones que corrigen vulnerabilidades en productos TP-Link

Fecha 09/01/2024
Importancia 4 - Alta

Recursos Afectados
Archer AX3000, versiones anteriores a Archer AX3000(JP)_V1_1.1.2 Build 20231115;
Archer AX5400, versiones anteriores a Archer AX5400(JP)_V1_1.1.2 Build 20231115;
Archer AXE75, versiones anteriores a Archer AXE75(JP)_V1_231115;
Deco X50, versiones anteriores a Deco X50(JP)_V1_1.4.1 Build 20231122;
Deco XE200, versiones anteriores a Deco XE200(JP)_V1_1.2.5 Build 20231120.

Descripción
Se han detectado múltiples vulnerabilidades en productos TP-Link. De ser explotadas con éxito, las vulnerabilidades podrían permitir a un ciberdelincuente ejecutar comandos arbitrarios del sistema operativo.

Solución
Se recomienda actualizar el firmware lo antes posible a la última versión disponible de acuerdo con la información proporcionada por el desarrollador.

Para evitar cualquier tipo de incidente deberías contar con un plan de respuesta para mitigar el impacto. Además, las actualizaciones de software, incluyen mejoras y nuevas funcionalidades, corrigen fallos de seguridad y vulnerabilidades. Infórmate en este artículo: minimiza los riesgos de un ataque: ¡actualiza el software!

https://www.incibe.es/empresas/avisos/actualizaciones-que-corrigen-vulnerabilidades-en-productos-tp-link

SysAdmin 24x7

05 Jan 2024 11:37

Critical Remote Code Execution Vulnerability in Ivanti’s Endpoint Management Software
January 4, 2024

Ivanti has issued a warning and fix for a critical remote code execution (RCE) vulnerability found in its Endpoint Management software (EPM). The vulnerability, identified as CVE-2023-39366, could have allowed unauthenticated attackers to gain control over devices enrolled in the EPM or the core server itself.

https://vulnera.com/newswire/critical-remote-code-execution-vulnerability-in-ivantis-endpoint-management-software/

SysAdmin 24x7

04 Jan 2024 05:35

Hacker hijacks Orange Spain RIPE account to cause BGP havoc

Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.

The routing of traffic on the internet is handled by Border Gateway Protocol (BGP), which allows organizations to associate their IP addresses with autonomous system (AS) numbers and advertise them to other routers they are connected to, known as their peers.

These BGP advertisements create a routing table that propagates to all other edge routers on the internet, allowing networks to know the best route to send traffic to a particular IP address.

https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/

SysAdmin 24x7

02 Jan 2024 20:57

Juniper Releases Security Advisory for Juniper Secure Analytics
Release DateJanuary 02, 2024

Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper advisory JSA75636 and apply the necessary updates.

https://www.cisa.gov/news-events/alerts/2024/01/02/juniper-releases-security-advisory-juniper-secure-analytics

https://supportportal.juniper.net/s/article/2023-12-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved

SysAdmin 24x7

29 Dec 2023 14:29

Múltiples vulnerabilidades en Juniper Secure Analytics

Fecha 29/12/2023
Importancia 5 - Crítica

Recursos Afectados
Juniper Secure Analytics, versiones hasta 7.5.0 UP7.

Descripción
Se han reportado 18 vulnerabilidades en Juniper Secure Analytics, de las cuales: 2 son de severidad baja, 7 de severidad media, 7 de severidad alta, y 2 de severidad crítica.

Solución
Se han resuelto las vulnerabilidades reportadas en Juniper Secure Analytics versión 7.5.0 UP7 IF03.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-juniper-secure-analytics

SysAdmin 24x7

23 Dec 2023 09:25

Google addressed a new actively exploited Chrome zero-day

Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser.

https://securityaffairs.com/156231/security/google-addressed-a-new-actively-exploited-chrome-zero-day.html

SysAdmin 24x7

23 Dec 2023 09:24

Windows CLFS and five exploits used by ransomware operators

https://securelist.com/windows-clfs-exploits-ransomware/111560/

SysAdmin 24x7

22 Dec 2023 13:55

Múltiples vulnerabilidades en Unified OSS Console de HPE

Fecha 22/12/2023
Importancia 5 - Crítica

Recursos Afectados
HPE Unified OSS Console (UOC), versiones anteriores a v3.1.0.

Descripción
El equipo de respuesta de seguridad de productos de HPE ha informado que, una vulnerabilidad de severidad crítica y dos vulnerabilidades de severidad alta ya reportadas, afectan a uno de sus productos. La explotación de estas vulnerabilidades podría permitir a un atacante remoto evadir las restricciones de acceso, realizar una ejecución arbitraria de código, evadir la autenticación, comprometer la integridad del sistema, y desbordar el búfer.

Solución
HPE ha resuelto las vulnerabilidades reportadas en la versión 3.1.0.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-unified-oss-console-de-hpe

SysAdmin 24x7

20 Dec 2023 11:37

Múltiples vulnerabilidades en Ivanti

Fecha 19/12/2023
Importancia 5 - Crítica

Recursos Afectados
Ivanti Avalanche v6.4.1

Descripción
[Actualización 20/12/2023]

Ivanti ha publicado 20 vulnerabilidades de severidad crítica y alta que podrían provocar daños en la memoria, lo que daría lugar a una denegación de servicio (DoS) o la ejecución de código.

Solución
Actualizar a la versión Ivanti Avalanche 6.4.2 o posteriores.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-ivanti

SysAdmin 24x7

19 Dec 2023 17:28

Múltiples vulnerabilidades en Ivanti

Fecha 19/12/2023
Importancia 4 - Alta

Recursos Afectados
Ivanti Avalanche v6.4.1

Descripción
Ivanti ha publicado 3 vulnerabilidades de severidad alta con un factor de riesgo crítico que podrían provocar un desbordamiento de búfer.

Solución
Actualizar a la versión Ivanti Avalanche 6.4.2 o posteriores.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-ivanti

SysAdmin 24x7

17 Dec 2023 19:49

Actively Exploited Vulnerability in QNAP VioStor NVR: Fixed, Patches Available

Need to know

As part of our InfectedSlurs research, the SIRT uncovered a vulnerability in QNAP VioStor network video recorder (NVR) devices that is being actively exploited in the wild. The NVR device is a high-performance network surveillance solution for network-based monitoring of IP cameras, video recording, playback, and remote data access. The vulnerability has been given the CVE ID of CVE-2023-47565 with a CVSS v3 score of 8.0.

The vulnerability allows an authenticated attacker to achieve OS command injection with a payload delivered via a POST request to the management interface. In its current configuration, it is utilizing device default credentials in the captured payloads.

https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched

SysAdmin 24x7

15 Dec 2023 08:19

Google Forms como elemento clave en ataques de Phishing

https://unaaldia.hispasec.com/2023/12/google-forms-como-elemento-clave-en-ataques-de-phishing.html?utm_source=rss&utm_medium=rss&utm_campaign=google-forms-como-elemento-clave-en-ataques-de-phishing

SysAdmin 24x7

12 Jan 2024 20:56

Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved

Release DateJanuary 11, 2024

Juniper Networks has released a security advisory to address a vulnerability (CVE-2024-21611) in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.

https://www.cisa.gov/news-events/alerts/2024/01/11/juniper-networks-releases-security-bulletin-junos-os-and-junos-os-evolved

https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611

SysAdmin 24x7

12 Jan 2024 20:47

Múltiples vulnerabilidades en GitLab

Fecha 12/01/2024
Importancia 5 - Crítica

Recursos Afectados
Las siguientes versiónes de GitLab están afectadas:
16.1 anterior a 16.1.5;
16.2 anterior a 16.2.8;
16.3 anterior a 16.3.6;
16.4 anterior a 16.4.4;
16.5 anterior a 16.5.6;
16.6 anterior a 16.6.4;
16.7 anterior a 16.7.2.

Descripción
Asterion04 ha reportado 5 vulnerabilidades: 2 de severidad crítica, una de severidad alta, una de severidad media y una de severidad baja.
La explotación de las vulnerabilidades críticas podría permitir a un atacante la adquisición de una cuenta de usuario mediante restablecimiento de contraseña sin interacción del usuario, o abusar de las integraciones Slack/Mattermost para ejecutar comandos de barra como otro usuario.

Solución
Las vulnerabilidades han sido resultas en las versiones 16.7.2, 16.6.4 y 16.5.6.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-gitlab

SysAdmin 24x7

10 Jan 2024 23:59

CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Created Date
10-Jan-2024 17:48:05

https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways

SysAdmin 24x7

09 Jan 2024 19:09

Vulnerabilidad de ruta trasversal en

OpManager de ManageEngine
Fecha 09/01/2024
Importancia 5 - Crítica

Recursos Afectados
Versiones afectadas hasta la 127259 de los siguientes productos:
OpManager;
OpManager Plus;
OpManager MSP;
Administrador de configuración de red;
Analizador de NetFlow;
Analizador de firewall;
OpUtils.

Descripción
Marcin 'Icewall' Noga de Cisco Talos, ha descubierto una vulnerabilidad de severidad crítica que podría provocar un cruce de directorio en la funcionalidad uploadMib.

Solución
Actualizar a la última versión.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-de-ruta-trasversal-en-opmanager-de-manageengine

SysAdmin 24x7

05 Jan 2024 10:15

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices

Affected platforms: Linux
Affected parties: Linux users that have these malicious packages installed
Impact: Latency in device performance
Severity level: High

[...]
Fortinet Protections
FortiGuard AntiVirus detects the malicious files identified in this report as

unmi.sh: Linux/Agent.4EFF!tr
modularseven-1.0/modularseven/processor.py: Python/Agent.5337!tr
driftme-1.0/driftme/processor.py: Python/Agent.5337!tr
catme-1.0/catme/processor.py: Python/Agent.5337!tr
tmp/X: Riskware/CoinMiner
[...]

https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices

SysAdmin 24x7

03 Jan 2024 02:51

Descubierta nueva vulnerabilidad Terrapin que pone en riesgo la seguridad de las conexiones SSH

https://unaaldia.hispasec.com/2024/01/descubierta-nueva-vulnerabilidad-terrapin-que-pone-en-riesgo-la-seguridad-de-las-conexiones-ssh.html?utm_source=rss&utm_medium=rss&utm_campaign=descubierta-nueva-vulnerabilidad-terrapin-que-pone-en-riesgo-la-seguridad-de-las-conexiones-ssh

SysAdmin 24x7

29 Dec 2023 14:30

Comunicación del servidor no autenticada en D-Link D-View 8

Fecha 29/12/2023
Importancia 5 - Crítica

Recursos Afectados
D-View 8, versiones 2.0.2.89 y anteriores.

Descripción
El equipo de investigación de Tenable ha publicado una vulnerabilidad crítica que afecta al software de administración de red D-View 8 del fabricante D-Link.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/comunicacion-del-servidor-no-autenticada-en-d-link-d-view-8

SysAdmin 24x7

28 Dec 2023 15:47

Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes

This article examines two specific issues in Google Kubernetes Engine (GKE). While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. This article serves as a crucial resource for Kubernetes users and administrators, offering insights on safeguarding their clusters from potential attacks.

https://unit42.paloaltonetworks.com/google-kubernetes-engine-privilege-escalation-fluentbit-anthos/

SysAdmin 24x7

23 Dec 2023 09:24

[CA8562] ESET Customer Advisory: Improper following of a certificate's chain of trust in ESET security products fixed

Summary

ESET was made aware of a vulnerability in its SSL/TLS protocol scanning feature, which is available in ESET products listed in the Affected products section below. This vulnerability would cause a browser to trust a site with a certificate signed with an obsolete algorithm that should not be trusted.

https://support.eset.com/en/ca8562-eset-customer-advisory-improper-following-of-a-certificates-chain-of-trust-in-eset-security-products-fixed

SysAdmin 24x7

23 Dec 2023 09:01

Apple releases macOS 14.2.1 Sonoma and iOS 17.2.1 updates

Apple has released the macOS 14.2.1 Sonoma and iOS 17.2.1 updates. The new software with bug fixes, and one security fix for Macs.
macOS 14.2.1 Sonoma update

macOS 14.2.1 fixes a loophole that is related to WindowServer. The security vulnerability, which has been tracked under CVE-2023-42940, contained an exploit that may share incorrect content when a user shares their screen. The bug, which has been described as a session rendering issue, was addressed with improved session tracking. Apple has credited software developer Craig Hockenberry for reporting the bug to it.

https://www.ghacks.net/2023/12/20/apple-releases-macos-14-2-1-sonoma-and-ios-17-2-1-updates/

SysAdmin 24x7

20 Dec 2023 23:48

Apple Releases Security Updates for Multiple Products

Release Date December 20, 2023

Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information.

https://www.cisa.gov/news-events/alerts/2023/12/20/apple-releases-security-updates-multiple-products

SysAdmin 24x7

19 Dec 2023 17:32

Akamai discloses zero-click exploit for Microsoft Outlook

During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit.

https://www.techtarget.com/searchsecurity/news/366563449/Akamai-discloses-zero-click-exploit-for-Microsoft-Outlook

SysAdmin 24x7

19 Dec 2023 17:27

Múltiples vulnerabilidades en OpenSSH

Fecha 19/12/2023
Importancia 4 - Alta

Recursos Afectados
OpenSSH, versiones anteriores a 9.6.

En las referencias se enlaza una herramienta para escanear servidores o clientes SSH vulnerables a Terrapin Attack.

Descripción
Se ha publicado la versión 9.6 de OpenSSH, que contiene una serie de correcciones de seguridad, destacando 3 vulnerabilidades descubiertas por los investigadores Fabian Bäumer, Marcus Brinkmann y Jörg Schwenk, de la Universidad Ruhr de Bochum, y que se ha denominado Terrapin Attack. La explotación de estas vulnerabilidades podría permitir un ataque MitM que rompiese la integridad del canal seguro de SSH.

Solución
Actualizar OpenSSH a la versión 9.6.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-openssh

SysAdmin 24x7

16 Dec 2023 00:15

Fortinet Releases Security Updates for Multiple Products

Release DateDecember 14, 2023

Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

https://www.cisa.gov/news-events/alerts/2023/12/14/fortinet-releases-security-updates-multiple-products

SysAdmin 24x7

15 Dec 2023 08:19

UniFi devices broadcasted private video to other users’ accounts

https://arstechnica.com/security/2023/12/unifi-devices-broadcasted-private-video-to-other-users-accounts/