Month: abril 2018

Project: Drupal coreDate: 2018-April-25Security risk: Highly critical 20∕25 AC:Basic/A:User/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code ExecutionDescription: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code More info: https://www.drupal.org/sa-core-2018-004

Project: Drupal coreDate: 2018-April-25Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - More info: https://www.drupal.org/sa-core-2018-004

Project: Drupal coreDate: 2018-April-25Security risk: Highly critical 20∕25 AC:Basic/A:User/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code ExecutionDescription: CVE: CVE-2018-7602A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - More info: https://www.drupal.org/sa-core-2018-004

Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 5.9 LongLife.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2013-2929 More info: http://rhn.redhat.com/errata/RHSA-2018-1252.html

Red Hat Enterprise Linux: An update for apr is now available for Red Hat Enterprise Linux 6.4 AdvancedUpdate Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red HatEnterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 TelcoExtended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support,Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Servicesfor More info: http://rhn.redhat.com/errata/RHSA-2018-1253.html

More info: https://wpvulndb.com/vulnerabilities/9067

Red Hat Enterprise Linux: An update for rh-mysql56-mysql is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-2755, CVE-2018-2758, CVE-2018-2761, CVE-2018-2766, CVE-2018-2771, CVE-2018-2773, CVE-2018-2781, CVE-2018-2782, More info: http://rhn.redhat.com/errata/RHSA-2018-1254.html

More info: https://wpvulndb.com/vulnerabilities/9069

OpenSSL vulnerability CVE-2016-2177. Security Advisory. Security Advisory Description. OpenSSL through 1.0.2h incorrectly ... More info: https://support.f5.com/csp/article/K23873366

Symantec ha descubierto un nuevo grupo de atacantes que se dirige de forma agresiva a las empresas y organizaciones de salud con el fin de realizar espionaje corporativo.

Denominado Orangeworm, este grupo carga malware en dispositivos que alojan software empleado para controlar máquinas de rayos X, Resonancia Magnética Nuclear (RMN), así como dispositivos utilizados para ayudar a los pacientes a completar los formularios de consentimiento para procedimientos médicos.

El informe publicado por Symantec, revela que Orangeworm ha estado operando desde el año 2015 y su objetivo principal son las corporaciones internacionales con sede en Europa, Asia y Estados Unidos, enfocadas principalmente en el sector médico.

El ataque ocurre de la siguiente manera: una vez los atacantes acceden a la red de las víctimas, cargan un troyano llamado Kwampirs, que se encarga de abrir una puerta trasera en los ordenadores comprometidos, permitiendo acceder remotamente a ellos y robar los datos confidenciales de las organizaciones que los atacantes han estudiado previa y cuidadosamente.

Más información:

SEGU-INFO