Archivos mensuales: mayo 2023

Red Team services can perform ransomware simulations to test whether an organization is prepared to withstand a ransomware attack The exploitation of a zero-day vulnerability, supply chain attack and use of ransomware… These three dangerous elements came together in an attack launched by a Russian cybercriminal group against GoAnywhere, a secure file transfer software that Fortra supplies to thousands of organizations. What was the result? More than 100 companies and institutions suffered data theft. Financial sector entities, healthcare organizations, pension funds, educational platforms and even the city of Toronto were among the victims of this perfect storm. These security incidents [...]

Information about a new critical vulnerability affecting Gitlab software has been disclosed. This vulnerability would allow a remote attacker to exploit a path traversal problem to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. N+1 groups are needed to be able to scale N directories. In a default installation, 11 groups would be needed to reach the server root directory, as the uploaded files are stored in the following path: /var/opt/gitlab/gitlab-rails/uploads/@hashed///// Gitlab Inc. is an open source company and is the leading provider of GitLab software, a version [...]

Del mismo modo que la inteligencia artificial (IA) está ayudando a muchas empresas y profesionales a ser más productivos, sus avances también proporcionan nuevas «armas» a los ciberdelincuentes que intentan vulnerar las medidas de seguridad de particulares y compañías de todos los tamaños. Correos falsos cada vez más creíbles, identidades fake y suplantaciones son algunos de los próximos retos para los que hay que prepararse.   Solicita una propuesta personalizada de ciberseguridad   En esta lista de potenciales riesgos de ciberseguridad crecientes entran en juego varios factores: El surgimiento y mejora de nuevas técnicas de IA que hasta ahora se [...]

Through DNS Water Torture, attackers send an avalanche of requests to saturate the capacities of DNS servers and cause a denial of service Companies are the main target of many cybercriminals. And in many cases, DNS servers are the yellow circle at which they aim their arrows. Thus, through denial-of-service attacks such as DNS Water Torture, attackers try to deny DNS service and prevent access to web services, among others. DDoS attacks attempt to disrupt the activity of websites and organisations’ systems by launching vast volumes of requests. Also known as distributed denial-of-service attacks, they seek to saturate server capacities, [...]

Recently, a user-after-free vulnerability (CVE-2023-32233) has been published that would allow unprivileged local users to obtain root permissions on Linux Kernel versions 6.3.1 and earlier. The issue, which was reported by researchers Patryk Sondej and Piotr Krysiuk, is due to improper handling of anonymous sets in the Netfilter nf_tables module that can be exploited to execute read and write actions in the kernel memory space. It should be noted that the affected nf_tables module is enabled by default in many Linux distributions, so the number of potentially affected systems is high. Although the vulnerability was reported on 8 May 2023, [...]

Following the initial announcement of a critical vulnerability (CVE-2023-27363) which allows remote code execution in Foxit Reader, a functional proof-of-concept has recently been released that shows the exploitation of the vulnerability through the creation of a specially crafted PDF document. The following GIF published on Github shows the PoC execution: Foxit Reader is a free popular PDF document reader that is widely used, and is often chosen as an alternative to Adobe’s PDF document reader. The vulnerability CVE-2023-27363, which was initially reported by the researcher Andrea Micalizzi, exploits a problem in the handling of certain JavaScript code when validating the [...]

The EPSS indicator quantifies the probability of exploiting a given vulnerability in the next 30 days Every day, new vulnerabilities emerge that, if exploited, can lead to security incidents affecting companies, administrations, and citizens around the world. Common Vulnerabilities and Exposures (CVE), a dictionary that compiles, systematizes, and standardizes the way of naming all vulnerabilities, currently includes more than 200,000. Of these, 10% are considered critical by the Common Vulnerability Scoring System (CVSS). Moreover, the number of vulnerabilities is increasing year by year. In 1999, 894 vulnerabilities were detected, while in 2022, the record was broken with the discovery of [...]

Hace poco más de un mes sufrimos en Sarevoz un fallo de unas 2 horas de duración (uno de los cortes más grandes de los últimos años), y como me encanta leer los post morterms de distintos servicios como reddit, gitlab o flickr, voy a hacer uno de lo ocurrido y explicar qué hemos hecho para solucionarlo, acompañado de una pequeña explicación de cómo funciona la infraestructura que tenemos montada para el servicio. Espero que te gusten las gráficas. Jueves, 30 de marzo, llego a la oficina más tarde de lo habitual al estar de guardia y, al haber realizado [...]

Conti, SaveTheQueen, Quantum, Samas, Maze, Bublebee… In recent years, various ransomware have been used to attack companies’ Active Directory and spread through their systems. This has allowed cybercriminals to carry out actions such as hijacking confidential information. This trend has highlighted the need for Attack Path Management processes to detect possible attack paths, strengthen security layers and secure a critical asset for companies such as AD. Without going any further, the possibility of attacking Kerberos, an authentication protocol widely used in Active Directory, has brought to the forefront the need to implement security mechanisms to prevent cyber-attacks against AD from [...]

Internet es vital en el día a día de las personas y empresas. Cada vez hay más servicios que se prestan a través de la red, con la contrapartida de que a medida que crece se está volviendo un entorno más hostil en materia de ciberseguridad. Ya es habitual escuchar todas las semanas acerca de ciberataques a entidades de todo tipo, lo que se traduce en una gran pérdida de tiempo, producción, reputación y, por consiguiente, de dinero.   Consigue una conexión fiable y segura   En materia de ciberseguridad muchas veces se toman decisiones tardías, bien por desconocimiento o [...]