Multiple vulnerabilities in Rsync Jue, 16/01/2025 - 10:29 Notice Affected Resources Rsync: Versions 3.3.0 and previous. Description Several researchers have reported 6 Vulnerabilities: 1 of critical severity, 1 of high severity and the rest of medium severity, the exploitation of which could allow an attacker to execute arbitrary code, leak sensitive information and even take control of affected systems. Identifier INCIBE-2025-0024 5 - Critical Solution Users are advised to immediately update their Rsync installations to the latest available version. Detail The critical severity vulnerability consists of improper handling of attacker-controlled checksum lengths, causing a heap buffer overflow (heap-buffer-overflow). Exploiting this vulnerability allows attackers to write out of bounds, which could lead to remote code execution. The Read More
Multiple vulnerabilities in SimpleHelp in Horizon3.ai Thu, 16/01/2025 - 09:55 Notice Affected Resources SimpleHelp: versions prior to 5.5.8, 5.4.10 and 5.3.9. Description Horizon3.ai has published 3 vulnerabilities of which at least one could be of critical severity. If exploited, they could lead to a disclosure of information, Privilege escalation and remote code execution. Identifier INCIBE-2025-0023 5 - Critical Solution Update as soon as possible to the latest version of SimpleHelp: 5.5.8 or 5.4.10 or 5.3.9. CVE-2024-57727 Detail: Path Path Vulnerability, Unauthenticated, that could allow an attacker to download arbitrary files from the SimpleHelp server, including the serverconfig.xml file that contains hashed passwords for the SimpleHelpAdmin account and other local technician accounts. CVE-2024-57728: arbitrary file upload vulnerability that could allow an attacker with SimpleHelpAdmin privileges (or as a technician with administrator privileges) carry Read More
A critical vulnerability has recently been discovered in Aviatrix Controller, A widely used cloud networking platform. This flaw, identified as CVE-2024-50603, with a CVSS severity score of 10.0, has been actively exploited by cybercriminals to infiltrate systems, deploy backdoors and cryptocurrency miners. The Critical Vulnerability entry in Aviatrix Controller: Active attacks and security recommendations was first published in Una Al Día. Read More
The U.S. Department of Justice. USA. has announced that an operation conducted by the FBI led to the removal of PlugX malware from more than 4.250 infected computers in an operation that lasted several months. PlugX, also known as Korplug, is a remote access trojan (RAT) used by criminals associated with the Republic […] The post FBI removes PlugX malware in 4.250 infected computers in an operation that has lasted several months was first published in Una Al Día. Read More
Multiple vulnerabilities in Ivanti Mié products, 15/01/2025 - 11:13 Notice Affected Resources Versions 6.4.6 and earlier versions of Ivanti Application Control:2023.3 and previous;2024.1 and previous;2024.3 and previous;The versions 2024.4.1 and earlier versions of Ivanti Security Controls.Ivanti Endpoint Manager versions:November Update for 2024 and earlier. November Update for 2022 SU6 and earlier. Description Trend Micro Zero Day Initiative Researchers, Horizon3.ai and Megacorp have reported to Ivanti 20 Vulnerabilities, of which 4 are of critical severity and 16 High. Exploiting these vulnerabilities could allow an attacker to escalate privileges, Execute remote code, access information and bypass the authentication process on the affected device, among other actions. Identifier INCIBE-2025-0018 5 - Critical Solution Update Ivanti Avalanche to version 6.4.7.Update to Ivanti Application Control versions to:2024.3 HF1;2024.1 HF4;2023.3 HF3;Upgrade Ivanti Read More
Multiple vulnerabilities in Fortinet Mié products, 15/01/2025 - 08:45 Notice FortiOS Affected Resources:since 7.00 up to 7.0.16.FortiProxy:since 7.0.0 up to 7.0.19.from 7.2.0 up to 7.2.12.FortiSwitch:since 6.0.0 up to 6.0.7.from 6.2.0 up to 6.2.7.from 6.4.0 up to 6.4.13.from 7.0.0 up to 7.0.7.from 7.2.0 until 7.2.5.7.4.0 Description Fortinet has published 2 Critical Severity Vulnerabilities Affecting FortiOS, FortiProxy and FortiSwitch, and whose exploitation could allow a remote attacker to gain privileges or execute unauthorized code. At the time of disclosure of this notice, the manufacturer is aware that the critical vulnerability CVE-2024-55591 is being exploited. Identifier INCIBE-2025-0017 5 - Critical FortiOS Solution:Update to version 7.0.17 or higher. FortiProxy:Update to version 7.0.20 or higher.upgrade to version 7.2.13 or higher. FortiSwitch:Migrate to a corrective version.Update to the version 6.2.8 or higher.upgrade to version 6.4.14 or higher.upgrade to version 7.0.8 or higher.upgrade to version Read More
Microsoft security updates January 2025 Wed, 15/01/2025 - 08:43 Notice Affected Resources .NET.NET and Visual Studio.NET, .NET Framework, Visual StudioActive Directory Domain ServicesActive Directory Federation ServicesAzure Marketplace SaaS ResourcesBranchCacheInternet ExplorerIP HelperLine Printer Daemon Service (LPD)Microsoft AutoUpdate (MAU)Microsoft Azure Gateway ManagerMicrosoft Brokering File SystemMicrosoft Digest AuthenticationMicrosoft Graphics ComponentMicrosoft OfficeMicrosoft Office AccessMicrosoft Office ExcelMicrosoft Office OneNoteMicrosoft Office OutlookMicrosoft Office Outlook for MacMicrosoft Office SharePointMicrosoft Office VisioMicrosoft Office WordMicrosoft PurviewMicrosoft Windows Search ComponentPower AutomateReliable Multicast Transport Driver (RMCAST)Visual StudioWindows BitLockerWindows Boot LoaderWindows Boot ManagerWindows Client-Side Caching (CSC) ServiceWindows Cloud Files Mini Filter DriverWindows COMWindows Connected Devices Platform ServiceWindows Cryptographic ServicesWindows Digital MediaWindows Direct ShowWindows DWM Core LibraryWindows Event TracingWindows Geolocation ServiceWindows HelloWindows Hyper-V NT Kernel Integration VSPWindows InstallerWindows KerberosWindows Kernel MemoryWindows MapUrlToZoneWindows Mark of the Web (MOTW)Windows Message QueuingWindows NTLMWindows OLEWindows PrintWorkflowUserSvcWindows Recovery Environment AgentWindows Remote Desktop ServicesWindows Security Read More
Moxa, Taiwan-based company, has warned about two security vulnerabilities affecting its mobile routers, Secure routers and network security devices. These vulnerabilities could allow for privilege escalation and unauthorized command execution. The post Moxa warns about serious vulnerabilities in its industrial network devices was published first in Una Al Día. Read More
Multiple vulnerabilities in the PMB Mar platform, 14/01/2025 - 13:20 Notice Affected Resources The following versions of the PMB platform are affected:Versions 4.2.13 and below;Versions 4.0.10 and above. Description INCIBE has coordinated the publication of 3 Vulnerabilities: 1 of critical severity, 1 of high severity and 1 of medium severity affecting the PMB platform, which have been discovered by Pau Valls Peleteiro.These vulnerabilities have been assigned the following codes, CVSS Base Score v3.1, CVSS vector and the CWE vulnerability type of each vulnerability:CVE-2025-0471: CVSS v3.1: 9.9 | CVSS AV:N/AC:L/PR:L/UI:N/S:C.A.:H/I:H/A:H | CWE-434. CVE-2025-0472: CVSS v3.1: 7.5 | CVSS AV:N/AC:L/PR:N/IU:N/S:U/C:H/I:N/A:N | CWE-200. CVE-2025-0473: CVSS v3.1: 6.5 | CVSS AV:N/AC:L/PR:L/UI:N/S:U/C:N/A:N/A:H | CWE-459. Identifier INCIBE-2025-0012 5 - Critical Solution No solution reported at the moment. CVE-2025-0471 Detail: Unrestricted file upload vulnerability in the PMB platform, Read More
SAP Security Update January 2025 Sea, 14/01/2025 - 12:27 Notice Affected Resources SAP NetWeaver Application Server for ABAP and ABAP Platform, Versions: KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, 8.04, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 7.97, 8.04, 9.12, 9.13 and 9.14;SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework), Versions: SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 912, SAP_BASIS 913 and SAP_BASIS 914;SAP BusinessObjects Business Intelligence Platform, Versions: ENTERPRISE 420, 430 and 2025; SAPSetup, Version: LMSAPSETUP 9.0. Description SAP has published its monthly newsletter which includes 13 Vulnerabilities, 2 of critical severity, 3 high and the rest medium and low. These vulnerabilities affect several of your Read More
Authentication bypass vulnerability on Netgear Mar routers, 14/01/2025 - 10:28 Notice Affected Resources The vulnerability affects the following Netgear routers:NETGEAR DGN1000: firmware versions prior to 1.1.00.48.NETGEAR DGN2200 v1: All firmware versions (not currently supported).Other NETGEAR devices and firmware versions may also be vulnerable, although extensive testing has not been carried out. Description Netgear has published a critical severity vulnerability, the exploitation of which could allow a remote attacker to gain unauthorized access and control over devices. Identifier INCIBE-2025-0011 5 - Netgear Solution Release Firmware Version 1.1.00.48 for the routers DGN1000, that fixes this vulnerability. Users of affected routers are advised to update their firmware to the latest version as soon as possible. For DGN2200 v1 routers, Netgear has discontinued support and has not Read More
Researchers have revealed a critical vulnerability in Monkey's Audio set-top box (APE) present in Samsung smartphones, that could allow remote execution of malicious code. Identified as CVE-2024-49415 and with a CVSS score of 8.1, this flaw affects Samsung devices that operate with Android 12, 13 and 14. The Critical Alert entry: Vulnerability in Samsung devices allows remote code execution was published first in Una Al Día. Read More
Recently, different vulnerabilities have been detected in Sonicwall products, four of which stand out for their criticality. CVE-2024-40762 – Using a Pseudorandom Number Generator (PRNG) weak, which could allow the prediction of authentication tokens in the SSL-VPN mechanism. CVE-2024-53704 – Critical Improper Authentication Vulnerability in SSL-VPN, allowing a remote attacker to bypass authentication. […] The post Multiple critical vulnerabilities detected in SonicWall products was published first in Una Al Día. Read More
Multiple vulnerabilities in SonicWall Vie products, 10/01/2025 - 10:34 Notice Affected Resources The products affected by the critical vulnerability CVE-2024-53704 are:Gen7 Series Firewalls, TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, Nsa 2700, NSa 3700,NSa 4700, Nsa 5700, Nsa 6700, NSsp 10700, NSsp 11700, NSsp 13700 and Shadow Shaman 15700: Versions 7.1.x (7.1.1-7058 Previous), and version 7.1.2-7019.Gen7 NSv, NSv 270, NSv 470 and NSv 870: Versions 7.1.x (7.1.1-7058 Previous), and version 7.1.2-7019.TZ80: version 8.0.0-8035.All other products affected by non-critical severity vulnerabilities, Can be found in the references. Description Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Security via Trend Micro (Zero Day Initiative), They have reported 4 Vulnerabilities: 1 of critical severity, 2 of high severity and 1 stocking, the exploitation of which could allow an attacker to bypass authentication mechanisms, elevate Read More
Multiple vulnerabilities in MediaTek Jue products, 09/01/2025 - 09:59 Notice Affected Resources The Critical Vulnerability, that affects software versions of LR12A Modem, LR13, NR15, NR16.R1.MP, NR16.R1.MP1MP2.MP, NR16.R2.MP, is present in the following chipsets:MT2735;MT6767;MT6768;MT6769;MT6769K;MT6769S;MT6769T;MT6769Z;MT6779;MT6781;MT6783;MT6785;MT6785T;MT6785U;MT6789;MT6833P;MT6853;MT6853T;MT6855;MT6855T;MT6873;MT6875;MT6875T;MT6877;MT6877T;MT6877TT;MT6880;MT6880T;MT6880U;MT6883;MT6885;MT6889;MT6890;MT6891;MT6893;MT8666;MT8673;MT8675;MT8765;MT8766;MT8768;MT8771;MT8781;MT8786;MT8788;MT8788E;MT8789;MT8791T;MT8795T;MT8797;MT8798. Description The release of MediaTek security updates, corresponding to the month of January, consists of 13 Vulnerabilities, Qualified: 1 as a critique, 7 Discharges and 5 Half. Identifier INCIBE-2025-0006 5 - Critical Solution The vulnerabilities have been resolved in the latest available software version. Detail The Critical Vulnerability, is caused by an out-of-bounds write caused by a skipped bounds check. This could lead to remote code execution. Exploiting this vulnerability does not require additional execution privileges or user interaction. The identifier CVE-2024-20154 has been assigned for this vulnerability. The CVE codes assigned Read More
Researchers from security firm Wiz have identified a high-severity vulnerability in Nuclei, A widely used open-source tool for vulnerability scanning. This flaw, listed as CVE-2024-43405 with a CVSS score of 7.4, affects all versions of Nuclei after the 3.0.0. The vulnerability originates from […] The post Critical vulnerability discovered in Nuclei that allows execution of malicious code was published first in Una Al Día. Read More
Stolen 5.6 millions of Ascension Health patient data 19/12/2024 Vie, 27/12/2024 - 10:52 Ascension Health is a not-for-profit organization operating in 140 hospitals and 40 Nursing homes in 19 states of the United States and receives 16 million doctor visits a year. The organization has confirmed in a statement the 19 de diciembre, have suffered a cybersecurity incident in May, in which the records of 5.6 millions of patients were abducted. The 8 May, The organization suffered a ransomware attack, in which access to computer systems was difficult or impossible, forcing its hospitals to use paper and pen in their procedures, cancel non-urgent services and even, had problems with ambulance routes and delays in obtaining test results. Although the incident was Read More
Mirai Botnet Attacks Session Smart Router Devices 17/12/2024 Thu, 26/12/2024 - 12:07 Last Wednesday 11 In December, some users reported malicious activity on their Session Smart Network platforms (SSN). These cases were related to a small detail, And it is that, they used pre-set factory passwords. To exploit this vulnerability, Cybercriminals have developed a new variant of Mirai malware, in charge of searching Juniper Networks routers that have this configuration for, then access the system, execute malicious code and carry out successive malicious activities, including DDoS attacks.Juniper Networks has limited itself to urging users to follow security guidelines and recommendations such as not using factory credentials, review logs to find potential suspicious activity and keep software always up to date References 17/12/2024 supportportal.juniper.net 2024-12 Reference Advisory: Session Smart Router: Mirai malware Read More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning related to a critical vulnerability affecting BeyondTrust Privileged Remote Access products (PRA) and Remote Support (RS). The Failure, listed as CVE-2024-12356, allows arbitrary commands to be executed without the need for authentication, Exposing organizations to a high risk of compromises in their environments. The post CISA warns about critical vulnerability in BeyondTrust and urges immediate patching was published first in Una Al Día. Read More
Data Breach at Texas Tech University System 16/12/2024 Lun, 23/12/2024 - 12:09 The Health Sciences Study Centre (HSC) from the University of Texas at El Paso, suffered a cyberattack last September that caused the loss of some computer services and applications temporarily. The university's cybersecurity teams were immediately involved, confirming that it was an incident where files and folders had been accessed or deleted from the HSC network between the 17 and the 24 of September. After the investigation, It has been reported that the data of 1,465 Millions of people have been exposed during the incident. Such data includes the full name, date of birth, Social Security Number, financial and health information among others. For the moment, the attack has been Read More
The company SHARP has recently published an urgent advisory related to multiple critical vulnerabilities affecting a number of models of its routers. These vulnerabilities pose a significant risk to users, as they could be exploited by attackers to carry out malicious activities, including executing commands with administrator privileges (Root), Unauthorized access to sensitive information and the possibility of denial-of-service attacks (Two). The post SHARP launches critical update to mitigate vulnerabilities in its routers was published first in Una Al Día. Read More
Factory infected IoT devices neutralized 12/12/2024 Thu, 19/12/2024 - 09:27 The German Federal Office for Information Security (BSI) has managed to neutralize 30.000 IoT devices including digital frames, Media Players, streamers and, potentially, Smartphones and tablets. who were infected with the BadBox malware, factory. Badbox, Also known as Badbox Loader, is a backdoor Trojan malware that comes pre-installed on Android devices during the manufacturing process and allows attackers to perform malicious activities, as well as provide them with a backdoor with which to include the device as part of a botnet. The BSI managed to use the sinkholing technique to redirect the DNS requests of the devices to servers controlled by the police instead of the Command and Control servers (C2). Although the manufacturer has not been made public Read More
A cyberthreat campaign has leveraged Microsoft Teams as a vector to distribute malware known as DarkGate, Using advanced social engineering tactics. The post Microsoft Teams used in social engineering campaigns for DarkGate malware distribution was published first in Una Al Día. Read More
Vishing scam organization dismantled 12/12/2024 Wed, 18/12/2024 - 09:33 The National Police has carried out an operation to put an end to a criminal organisation that was dedicated to carrying out scams using vishing techniques and that obtained more than 3 million euros by defrauding more than 10.000 people. The organization was largely made up of relatives who were divided between Peru, where they had three call centers, and Spain that were distributed among several cities such as Madrid, Vigo, Barcelona, Mallorca and Salamanca. Through mass calls and using information from databases and established scripts to gain the trust of victims, they masked their trail and obtained information from users through social engineering techniques. This work was carried out by the members of the call centers in Peru, while on foot Read More
BT Group suffers ransomware attack from Black Basta group 04/12/2024 Sea, 17/12/2024 - 11:50 BT Group, formerly known as British Telecom, is a multinational business group that is mainly engaged in telecommunications, being the leader in the United Kingdom and providing ICT services and infrastructure in 180 Countries. In a post on a Dark Web forum, Cybercriminals claimed to have stolen up to 500 GB of data from this company, including financial and organizational data, User data and personal documents, NDA documents, Confidential Information, etc. Related to this information, the company has confirmed that its BT Conferencing division has suffered a cyberattack following a breach caused by the Black Basta ransomware, but its impact has been limited to some functionalities and has not affected the business. BT Group has claimed that they stopped several servers to Read More
The German cybersecurity agency, has dismantled a malicious operation that affected more than 30.000 IoT devices with the malware known as BadBox. This malware was pre-installed on devices sold in Germany, including digital frames, Media Players, streamers and possibly phones and tablets. Germany neutralizes BadBox, The malware hidden in 30.000 Android IoT devices was first published in Una Al Día. Read More
Election rerun in Romania due to cyberattacks 06/12/2024 Lun, 16/12/2024 - 11:01 At a press conference on 6 de diciembre, Romania's Constitutional Court unanimously announced the annulment of the first round of the presidential elections, according to the article 146 (f) of the Constitution, due to interference by cybercriminals and threat actors during the electoral process, accounting for more than 85.000 cyberattacks against the computer systems in charge of regulating the electoral process, being responsible for the irregularities detected. This information has been revealed in several reports published by Romania's security and intelligence agencies, that target a series of aggressive hybrid attacks from at least 2022 and until the day of the elections. Reports point to the creation of accounts on TikTok and Telegram, at least one million Read More
Europol dismantles the MATRIX courier service 03/12/2024 Vie, 13/12/2024 - 12:35 Europol has carried out a joint operation to take down MATRIX, An encrypted instant messaging app used by criminals. The German police forces have cooperated in the operation, France, Netherlands, Italy, Lithuania and Spain and arrests have been made, Registrations and cessation of servers in the latter 4 Countries, while in Germany only the servers have been closed. Interventions have been carried out, In addition, more than 2,3 millions of messages in 33 Different languages, 145.000 euros in cash and 500.000 euros in cryptocurrencies, 4 vehicles and 974 mobile devices. The MATRIX application used a more complex infrastructure than other previously detected and intervened platforms such as Ghost, Sky ECC or EncroChat, and had 40 servers distributed between France and Germany, A service Read More
ENGlobal suffers ransomware cyberattack 02/12/2024 Thu, 12/12/2024 - 11:55 ENGlobal Corporation is a U.S. energy contractor, based in Oklahoma, founded in 1985 and which is dedicated to the instrumentalization and automation of systems for the North American defense industry. On a Form 8-k submitted to the Securities and Exchange Commission (SEC) the company acknowledged having detected in the preliminary investigation that an unknown threat actor had illegally accessed IT systems and encrypted some of their files. The company shut down all computer systems except those that were critical to the development of the business, with the aim of containing and investigating the incident. In addition, It hired external cybersecurity experts to investigate the incident. As of the date of publication, The company has not determined whether or from what data has been stolen Read More
Xiaomi TVs without HDMI through the Atresplayer app 28/11/2024 Sea, 03/12/2024 - 12:18 From the past 26 and after an update to the A3player app, Some Xiaomi TVs are having problems with their HDMI connections. Likewise,, in Xiaomi devices the Android TV operating system is used and in the most modern Google TV, that use the Live TV application for the playback of DTT channels. This app has also been affected and has not allowed users to access it. As you can read on Xiaomi forums, users comment that uninstalling the A3player app, HDMI connections can be recovered. The incident has also affected Xiaomi's customer service, who has placed a locution that is reproduced when his service is called to inform Read More