Con el nombre Wicked-Mirai los expertos de Seguridad de la Empresa Fortinet identificaron a esta nueva variante de la famosa botnet Mirai. Esta nueva variante incluye al menos 3 nuevos exploit en comparación a la versión original.
El equipo de Laboratorio de Fortiguard ha visto incrementar el número de variantes de Mirai, y esto gracias a que el código fuente del botnet se hizo público hace dos años. Se lee en el analisis publicado por Fortinet.
Usualmente los módulos que están dentro del bot Mirai son 3: Attack, Killer, y Scanner. En el analisis que realizó Fortiguard, esta nueva variante "Wicked" se centro en el mecanismo de distribución del malware. La versión original de Mirai utilizaba intentos de fuerza bruta para ganar acceso a los dispositivos Iot, pero la versión nueva viene con algunos exploit ya conocidos para realizar los ataques.
Wicked utiliza los puertos 8080, 8443 80 y 81 para intentar realizar la detección de los dispositivos.
Si la conexión es exitosa este intentara utilizar el exploit y descargar la carga util.
Más información:
Seguridad y Firewall
Today, VMware has released the following new security advisory: “VMSA-2018-0013 – VMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities” This documents the remediation of an important severity issue (CVE-2018-6962) in VMware Fusion and moderate severity issues (CVE-2018-6963) in VMware Workstation and Fusion. Issue (a) CVE-2018-6962 is signature bypass vulnerability which may […]The post New VMware Security
More info:
https://blogs.vmware.com/security/2018/05/new-vmware-security-advisory-vmsa-2018-0013.html
More info:
https://wpvulndb.com/vulnerabilities/9088
https://wpvulndb.com/vulnerabilities/9087
More info:
https://wpvulndb.com/vulnerabilities/9087
Java Bouncy Castle vulnerability CVE-2015-7940. Security Advisory. Security Advisory Description. The Bouncy Castle Java ...
More info:
https://support.f5.com/csp/article/K10105323
https://blog.threatpress.com/clean-hacked-wordpress-site/WordPress sites are sadly big targets for hacks. Their popularity is both good and bad. However, there is a grain of hope when your site is hacked. It’s happened often enough that people have put together a checklist of things that you can do to clean out the site and make it safe to use. […]
More info:
https://blog.threatpress.com/clean-hacked-wordpress-site/
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 7.4 ExtendedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-3639
More info:
http://rhn.redhat.com/errata/RHSA-2018-1635.html
https://wpvulndb.com/vulnerabilities/9088
More info:
https://wpvulndb.com/vulnerabilities/9088
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 7.3 ExtendedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2018-3639
More info:
http://rhn.redhat.com/errata/RHSA-2018-1636.html
Matthias Gerstner discovered that PackageKit, a DBus abstraction layerfor simple software management tasks, contains an authentication bypassflaw allowing users without privileges to install local packages.
More info:
https://www.debian.org/security/2018/dsa-4207
