Seguridad

Information has been disclosed about a new high criticality vulnerability that affects the Apple iTunes software in Windows environments. This vulnerability would allow an attacker who had access as a non-privileged user on a machine to escalate privileges to local administrator. This vulnerability is caused by incorrectly setting permissions on one of the folders created during the installation of the software: C:ProgramDataApple ComputeriTunesSC Info This folder would have write permissions for any user, so an unprivileged user could delete it, and create a symbolic link pointing to any system folder such as c:Windows. Subsequently, using the repair function of the [...]

Introduction When we talk about Microsoft SQL Server linked servers, we usually think of links to another SQL Server instances. However, this is only one of the multiple available options, so today we are going to delve into the Active Directory Service Interfaces (ADSI) provider, which allows querying the AD using the LDAP protocol. After discussing its inner workings, we are presenting a new technique to retrieve cleartext linked login passwords and, in some cases, the password of the current security context. This has proven useful in several of our Red Team engagements. ADSI Through the ADSI provider we can [...]

OWASP Top 10 Privacy Risks serves as a guide to comprehensive data privacy management and securing data against criminals At the end of April, the Spanish Data Protection Agency (AEPD) fined the fast food multinational KFC €25,000 for not having a data protection officer and for having problems related to the privacy policy of its applications and users’ consent to data processing. This case shows that privacy risks have acquired great social, economic, and legal relevance and that companies must manage risks, both technical and operational, continuously and effectively to avoid penalties and severe financial and reputational consequences. For this [...]

Throughout the week, a tool called «Terminator» has been discussed in the media, which would allow attackers to disable antivirus, EDR, and XDR platforms. Terminator utilizes a well-known technique called «Bring Your Own Vulnerable Driver» (BYOVD). This technique abuses legitimate drivers that, due to vulnerabilities, can be interacted with by malicious programs, forcing them to execute malicious code in Ring 0 (Kernel). This approach is particularly useful for attacking systems with robust user-level defenses. The BYOVD technique is based on the premise that, although modern operating systems have improved their security to prevent user-level privilege escalation, they are still vulnerable [...]

Red Team services can perform ransomware simulations to test whether an organization is prepared to withstand a ransomware attack The exploitation of a zero-day vulnerability, supply chain attack and use of ransomware… These three dangerous elements came together in an attack launched by a Russian cybercriminal group against GoAnywhere, a secure file transfer software that Fortra supplies to thousands of organizations. What was the result? More than 100 companies and institutions suffered data theft. Financial sector entities, healthcare organizations, pension funds, educational platforms and even the city of Toronto were among the victims of this perfect storm. These security incidents [...]

Information about a new critical vulnerability affecting Gitlab software has been disclosed. This vulnerability would allow a remote attacker to exploit a path traversal problem to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. N+1 groups are needed to be able to scale N directories. In a default installation, 11 groups would be needed to reach the server root directory, as the uploaded files are stored in the following path: /var/opt/gitlab/gitlab-rails/uploads/@hashed///// Gitlab Inc. is an open source company and is the leading provider of GitLab software, a version [...]

Del mismo modo que la inteligencia artificial (IA) está ayudando a muchas empresas y profesionales a ser más productivos, sus avances también proporcionan nuevas «armas» a los ciberdelincuentes que intentan vulnerar las medidas de seguridad de particulares y compañías de todos los tamaños. Correos falsos cada vez más creíbles, identidades fake y suplantaciones son algunos de los próximos retos para los que hay que prepararse.   Solicita una propuesta personalizada de ciberseguridad   En esta lista de potenciales riesgos de ciberseguridad crecientes entran en juego varios factores: El surgimiento y mejora de nuevas técnicas de IA que hasta ahora se [...]

Through DNS Water Torture, attackers send an avalanche of requests to saturate the capacities of DNS servers and cause a denial of service Companies are the main target of many cybercriminals. And in many cases, DNS servers are the yellow circle at which they aim their arrows. Thus, through denial-of-service attacks such as DNS Water Torture, attackers try to deny DNS service and prevent access to web services, among others. DDoS attacks attempt to disrupt the activity of websites and organisations’ systems by launching vast volumes of requests. Also known as distributed denial-of-service attacks, they seek to saturate server capacities, [...]

Recently, a user-after-free vulnerability (CVE-2023-32233) has been published that would allow unprivileged local users to obtain root permissions on Linux Kernel versions 6.3.1 and earlier. The issue, which was reported by researchers Patryk Sondej and Piotr Krysiuk, is due to improper handling of anonymous sets in the Netfilter nf_tables module that can be exploited to execute read and write actions in the kernel memory space. It should be noted that the affected nf_tables module is enabled by default in many Linux distributions, so the number of potentially affected systems is high. Although the vulnerability was reported on 8 May 2023, [...]

Following the initial announcement of a critical vulnerability (CVE-2023-27363) which allows remote code execution in Foxit Reader, a functional proof-of-concept has recently been released that shows the exploitation of the vulnerability through the creation of a specially crafted PDF document. The following GIF published on Github shows the PoC execution: Foxit Reader is a free popular PDF document reader that is widely used, and is often chosen as an alternative to Adobe’s PDF document reader. The vulnerability CVE-2023-27363, which was initially reported by the researcher Andrea Micalizzi, exploits a problem in the handling of certain JavaScript code when validating the [...]

The EPSS indicator quantifies the probability of exploiting a given vulnerability in the next 30 days Every day, new vulnerabilities emerge that, if exploited, can lead to security incidents affecting companies, administrations, and citizens around the world. Common Vulnerabilities and Exposures (CVE), a dictionary that compiles, systematizes, and standardizes the way of naming all vulnerabilities, currently includes more than 200,000. Of these, 10% are considered critical by the Common Vulnerability Scoring System (CVSS). Moreover, the number of vulnerabilities is increasing year by year. In 1999, 894 vulnerabilities were detected, while in 2022, the record was broken with the discovery of [...]

Hace poco más de un mes sufrimos en Sarevoz un fallo de unas 2 horas de duración (uno de los cortes más grandes de los últimos años), y como me encanta leer los post morterms de distintos servicios como reddit, gitlab o flickr, voy a hacer uno de lo ocurrido y explicar qué hemos hecho para solucionarlo, acompañado de una pequeña explicación de cómo funciona la infraestructura que tenemos montada para el servicio. Espero que te gusten las gráficas. Jueves, 30 de marzo, llego a la oficina más tarde de lo habitual al estar de guardia y, al haber realizado [...]

Conti, SaveTheQueen, Quantum, Samas, Maze, Bublebee… In recent years, various ransomware have been used to attack companies’ Active Directory and spread through their systems. This has allowed cybercriminals to carry out actions such as hijacking confidential information. This trend has highlighted the need for Attack Path Management processes to detect possible attack paths, strengthen security layers and secure a critical asset for companies such as AD. Without going any further, the possibility of attacking Kerberos, an authentication protocol widely used in Active Directory, has brought to the forefront the need to implement security mechanisms to prevent cyber-attacks against AD from [...]

Internet es vital en el día a día de las personas y empresas. Cada vez hay más servicios que se prestan a través de la red, con la contrapartida de que a medida que crece se está volviendo un entorno más hostil en materia de ciberseguridad. Ya es habitual escuchar todas las semanas acerca de ciberataques a entidades de todo tipo, lo que se traduce en una gran pérdida de tiempo, producción, reputación y, por consiguiente, de dinero.   Consigue una conexión fiable y segura   En materia de ciberseguridad muchas veces se toman decisiones tardías, bien por desconocimiento o [...]

The rise of Ransomware as a Service has multiplied the number of potential attackers that companies and public administrations face Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)… The Cloud era has brought numerous services that companies can contract, without physical infrastructure, since they are hosted in the cloud. The AAS (as a service) model brings numerous advantages in economics, agility and flexibility, so much so that criminals have not been slow to join this dynamic. How? Employing Ransomware as a Service (RaaS). A business model in which ransomware developers make their malicious [...]

When we build a house, we want security to be considered by evaluating the ground on which it is built and how its foundations are planted. Otherwise, cracks will start to appear sooner rather than later. The same applies to the cybersecurity of companies. That is why ensuring security from design and throughout its lifecycle is essential. How can this task be accomplished? Threat modeling is a process that structures and systematises the assessment of threats, risks and mitigation measures of an application, system or IoT device. Threat modeling allows building a data flow to observe all the information related [...]

Pentesting and Red Team services differ in scope, how objectives are met, the need for concealment and execution time In a field as complex and constantly evolving as cybersecurity, it is normal for conceptual confusion to arise. However, one of the most common confusions revolves around two key services to help companies protect themselves against the malicious actions of cybercriminals: pentesting and Red Team. While cybersecurity specialists know the difference between one service and the other, many decision-makers need clarification about the differences between pentesting and Red Team. Why is this important? The decision as to whether a company hires [...]

Blue Team proactively looks for threats that could put an organisation’s assets at risk and intervenes in detecting, responding to, and analysing incidents 6 billion a day. The CERT in Israel, one of the countries hardest hit by cyberattacks, estimates that security incidents cost companies around the world this amount daily. This economic loss is detrimental to companies’ profitability, impacting their business model and negatively affecting their reputation. This estimate shows that companies must place the security of their IT assets at the centre of their strategy, providing cybersecurity services that help them to protect themselves against threats, such as [...]

On March 5, a ransomware attack managed to hijack patient data at the Hospital Clínic in Barcelona, one of Spain’s most important medical centers. This led to the cancellation of thousands of tests and consultations, the de-scheduling of hundreds of surgeries and the referral of many patients to other hospitals in the city. This targeted cyber-attack, the work of the Ransom House group, took the Clínic back to the analog era for days. In exchange for returning the data, the criminals demanded 4.25 million euros from the Generalitat. How could the attack have succeeded? We would have to know precisely [...]

Spain has been targeted by several APT (Advanced Persistent Threat) recently [1], amongst which we can find APT-28, also known as Fancy Bear. This group has many different names, depending on the researched referring to them. Some of those names are: Sofacy, Group 74, Pawn Storm, Sednit and Strontium. Here we will refer to this group as Fancy Bear. Who is Fancy Bear? Fancy Bear is a Russian APT group, which is supposedly related to the GRU (Russian Chief Intelligence Office). They started acting between 2004 and 2004 and their main goal is espionage and information theft. They are specially [...]

Security is not merely a one-time issue but an ongoing one. For example, a house may be secure at the time of its construction, but if, over the years, it is not diligently cared for and improvements are not implemented to protect it, it may cease to be so. This everyday example can be transferred to cybersecurity and software protection. That’s why NIST has developed the Secure Software Development Framework (SSDF), a guide to help companies implement secure practices throughout the software lifecycle. The U.S. National Institute of Standards and Technology (NIST) has become a true benchmark in cybersecurity. Its [...]

Hay actividades que en principio pueden parecer inocuas pero que ponen en riesgo los negocios, dado que suponen un riesgo difícil de medir o se arrancan sin ningún tipo de prevención ante posibles peligros. ¿Quieres saber 4 problemas típicos en relación al peligro que suponen? Entonces sigue leyendo y, además, te contamos también cómo evitar que supongan un gran riesgo.   Solicita asesoramiento tecnológico personalizado     1. La importancia de proteger sistemas críticos ante ataques DDoS   Los ataques DDoS han causado estragos en organizaciones de todo tipo, tanto privadas como públicas o las dependientes de la administración. Tras [...]

OWASP SCVS is a useful methodology for preventing supply chain attacks throughout the software lifecycle At the end of January, the LockBit ransomware successfully impacted ION Trading UK. This company supplies financial software to some of the leading companies in the City of London and other banks and financial institutions in the United States and Europe. The cyber-attack meant that several ION applications could not be used and had to operate manually in the financial market. This incident checked the operation of one of the most important financial markets in the world and made visible how serious a supply chain [...]

 La Ciberseguridad o Seguridad Informática, se está convirtiendo en un pilar principal y necesario en multitud de puestos de trabajo, tanto técnicos, desarrolladores, administradores de sistemas, pentesters, … y esto afecta a gran cantidad de empresas independientemente de a qué se dediquen, si tienen alguna conexión con internet o página web, pueden ser atacados por Ciberdelincuentes, y, para prevenir este tipo de ataques, debemos estar preparados.   El Curso de Seguridad Informática Ofensiva, por sus siglas CSIO que impartimos en HBS Hacking Academy, es una formación orientada al aprendizaje del Ethical Hacking, no solo de las bases, si no de [...]