Categorías
Ciberseguridad Corporativa GNU / LINUX Open Source Transformación Digital

 

 

ALE³.com

Acrobatic Linux Engineering³

 

 

   
 
 

  • El grupo de ciberdelincuentes REvil llevó un ataque de ransomware con sustracción de información al buffet de abogados Grubman Shire Meiselas & Sack. Este buffet de abogados trabaja con personas famosas como Madonna, LeBron James, Lady Gaga y Mariah Carey. El valor mediático de la información sustraída ha llevado a estos ciberdelincuentes a pedir 21 […]
  • Alrededor de una docena de supercomputadores de diferentes instituciones de investigación europeas han sido hackeados en un misterioso ciberataque. Los supercomputadores infectados permitían a investigadores de diversos campos realizar sus investigaciones. Se han detectado infectados en Alemania, Reino Unido y Suiza. Se ha comprobado que algunas de las infecciones se realizaron en enero de este […]
  • Ramsay, descubierto por los investigadores de ESET, es un malware utilizado para extraer y recolectar documentos con información confidencial y es capaz de operar aprovechándose de las redes aisladas. Los investigadores señalan que el conjunto de herramientas que supone este malware se encuentra en fase de desarrollo, y que sus vectores de distribución están siendo […]
  • Las versiones que se han visto afectadas por esta vulnerabilidad van desde la lanzada en 1996 hasta el actual Windows 10. PrintDemon (Windows Print Spooler) permite obtener permisos de administrador aprovechando una vulnerabilidad en el sistema de impresión. Alex Ionescu y Yarden Shafir, ambos investigadores de seguridad, han sido los responsables de encontrar la misma. […]
  • Se ha detectado una nueva variante del troyano de acceso remoto (RAT) COMpfun que utiliza como comandos los códigos de error HTTP que el servidor de control le devuelve. Esta familia de troyanos de acceso de remoto fue detectada por G-Data en 2014. Kaspersky detecto en 2019 otro troyano que mostraba muchas similitudes a nivel […]
  • Al menos 4000 aplicaciones que utilizan la base de datos Firebase están, inadvertidamente, exponiendo información sensible de sus usuarios, como direcciones de email, contraseñas, geolocalización y conversaciones. Firebase es una plataforma de Google para el desarrollo de aplicaciones web y móvil, e incluye, entre otros, servicios de base de datos, autenticación de usuarios, notificaciones, etc. […]
  • Se cancela la asistencia presencial de las ediciones de Black Hat USA, DEF CON y BSIDES Las Vegas
  • Se ha descubierto una nueva vulnerabilidad en el conector Thunderbolt que permitiría el acceso a todos los datos disponibles en el ordenador. Thunderbolt, conocido también como ‘Light Peak’, es un conector diseñado por Intel que utiliza tecnología óptica para dotarlo de una tasa de velocidad muy alta, pudiendo llegar hasta los 20 gigabits. La vulnerabilidad […]
  • El troyano bancario Zeus Sphinx ha visto un reciente resurgimiento en los Estados Unidos, con algunas modificaciones y usando spam de COVID-19 como señuelo.
  • DigitalOcean, una de las plataformas de hosting más grande, ha sufrido una filtración de datos de sus clientes debido a la exposición de un documento con información confidencial. Durante el día de hoy, un par de usuarios afectados han publicado [1,2] emails que la empresa DigitalOcean les ha enviado previniéndolos de la posible filtración de […]
  • At DC and low frequency, we can pretend wires are perfect conductors. At radio frequencies, though, there are many effects that you need to take into account for wires and cables. One of these is characteristic impedance. If you have a marked cable, you can look it up on the …read more
  • Let’s face it, we probably all sit at our computers for way too long without getting up. Yes, there’s work to be done, games to be played, and the internet abounds with people who are wrong and must be down-voted and/or corrected. We totally get and respect all that. However, …read more
  • Earlier this month, we posted coverage of an ingenious calculator hack that took a Casio calculator and put an ESP8266 module and an OLED display in the space occupied by its solar cell. Controlled by a pair of unobtrusive Hall effect devices, the calculator could have been used as an …read more
  • If you’re going to ditch work, you might as well go big. A 1,024-pixel thermochromic analog clock is probably on the high side of what most people would try, but apparently [Daniel Valuch] really didn’t want to go to work that day. The idea here is simple: heat up a …read more
  • Earrings have been a hackers’ target for electronic attachment for quite a while, but combining the needed components into a package small enough to wear in that finicky location is quite a challenge. If [Sawaiz Syed]’s Art Deco Earrings are anything to go by, ear computers have a bright …read more
  • If you think you need fancy parts to build a giant robot drawing machine, think again! [Cory Collins] shows you how he built his Big-Ass Wall Plotter v.2 out of stuff around the house or the hardware store, including electrical conduit, gang boxes, scrap wood, and skateboard bearings, alongside the …read more
  • We’ve all been there. A big bag of resistors all mixed up. Maybe you bought them cheap. Maybe your neatly organized drawers spilled. Of course, you can excruciatingly read the color codes one by one. Or use a meter. But either way, it is a tedious job. [Ishann’s] solution was …read more
  •  ¡Dios! Un artículo largo en este blog… Qué ha pachao aquí!!! Qué buenos recuerdos cuando desde mi cutre-silla y mi PC en Santo Domingo, Rep. Dominicana, me tiraba horas escribiendo esos artículos tan chulos que traía a este blog. Y no es coña, el otro día revisando fotos antiguas me encontré con una en la… La entrada ¿Decepción o realismo? Así funciona este sector aparece primero en Chuiso | El Blog Prohibido.
  • ¡Hoy es mi cumple y éste es mi regalo! TeamPlatino Rookie. Un curso 100% gratis, gasto mínimo para comenzar y enfocado en novatos que empiezan en este mundillo 💪💪 REGÍSTRATE GRATIS: https://teamplatino.com/curso-rookie/ ¡Se agradece que compartas! Mucha gente en España está en cuarentena por el CoronaVirus, y quizás es el momento perfecto para aprender a monetizar, y… La entrada Mi nuevo curso para ganar dinero con nichos Adsense ¡GRATIS! aparece primero en Chuiso | El Blog Prohibido.
  • ¡Así de lamentable suena y así de cierto es! A menudo tengo que pagar por mi propio producto para infiltrarme en conjuntas que realizan para grabar y resubir los contenidos en los que enseño SEO y monetización. Un problema real en este mundillo que cada uno combate a su manera. Las vías legales a menudo… La entrada Me infiltré en una conjunta de mi curso TeamPlatino aparece primero en Chuiso | El Blog Prohibido.
  • ¡Buenas! En el vídeo de hoy mis paridas terminan en el minuto 4:25, así que corre directamente ahí si no quieres perder el tiempo. Hoy os hablaré del sector más popular y blackhatero en el mundo SEO hispano, y probablemente uno de los más populares también en otros idiomas (os animo a poner locksmith y… La entrada SEO, SEM y cerrajeros – Black Hat nivel Dios aparece primero en Chuiso | El Blog Prohibido.
  • ¡Muy buenas! Aprovecho un trayecto en coche para contaros esta experiencia que sufrí hace unos 3 años. Básicamente fue uno de los peores ataques DDoS que he visto en mi vida, y que lamentablemente me tocó sufrir en mis propias carnes. Una experiencia dura de la que salí muy reforzado, tanto yo como mi comunidad,… La entrada El peor ataque DDoS que he sufrido en un servidor aparece primero en Chuiso | El Blog Prohibido.
  • ¡SPOILER! Al final del vídeo el hacker me respondió al email. Sí, parece que los rusos, malayos, o de donde sean, nos traen otra nueva maravilla del fraude con aplicación de ingeniería social, neuromarketing… Llamadlo «X». Básicamente se hacen pasar por agencias de marketing que colaboran con influencers y youtubers para que promociones su programa… La entrada Hackers están inyectando troyanos con falsas colaboraciones en Youtube aparece primero en Chuiso | El Blog Prohibido.
  • TPfusion es una herramienta que debe combinarse con la versión de pago de Ahrefs (lo cierto es que no hay otra, jajaja) y que te va a permitir realizar una unificación y filtrado de keywords con unos pocos clicks. A continuación te voy a explicar cómo se emplea pero antes te dejo con el vídeo… La entrada Cómo hacer una búsqueda de palabras clave en 2020 aparece primero en Chuiso | El Blog Prohibido.
  • ¿Los nichos son escalables? ¿Técnicas Black Hat SEO en 2020? ¿Por qué vídeos en Youtube y no artículos en Chuiso? En este 2º vídeo de preguntas y respuestas responderé algunas de las muchas preguntas que me hicisteis por la comunidad de Youtube y por Twitter hace bastante tiempo :S Aún quedaría una tercera parte 😉… La entrada ¿Los nichos son escalables? PREGUNTAS Y RESPUESTAS PARTE 2 aparece primero en Chuiso | El Blog Prohibido.
  • Ayer tuve la oportunidad de hablar con Posonty a raíz de todo el revuelo causado por su tweet del 28 de Diciembre: Mr. @JohnMu there is hope that one day there will be a new update to end farms and businesses created to sell newspaper links? Here in Spain this has become a mini industry…. La entrada POSONTY Y LA POLÉMICA CON LA COMPRA DE ENLACES aparece primero en Chuiso | El Blog Prohibido.
  • ¿Lo harías si tuvieses el dinero? En el canal de Youtube he hablado en el pasado de Flippa en este vídeo. El flipping o compra-venta de sitios web es todo un arte establecido en Estados Unidos, siendo los 2 principales marketplaces existentes Flippa y Empireflippers. Existen otras muchas comunidades en las que se venden proyectos… La entrada ¿Gastarías 2,7 millones de dólares en una web generando 70k? aparece primero en Chuiso | El Blog Prohibido.
  • April continued to be a challenging time for the WordPress community, with many under stay-at-home recommendations. However, it was also an exciting month in which we created new ways to connect with and inspire each other! This month, amazing contributors moved more WordCamps online and shipped new releases for WordPress and Gutenberg. For the latest, […]
  • WordPress 5.4.1 is now available! This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.4.1 is a short-cycle security and maintenance release. The next […]
  • In the April edition of our "People of WordPress" series, you'll find out how Mario Peshev went from self-taught developer to teaching basic digital literacy.
  • The month of March was both a tough and exciting time for the WordPress open-source project. With COVID-19 declared a pandemic, in-person events have had to adapt quickly – a challenge for any community. March culminated with the release of WordPress 5.4, an exhilarating milestone only made possible by dedicated contributors. For all the latest, […]
  • Version 5.4 "Adderley" of WordPress is available for download or update in your WordPress dashboard. This version brings you more ways to make content come alive with your best images and helps make your vision real by putting blocks in the perfect place.
  • The fifth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) […]
  • The fourth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) […]
  • The third release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
  • The second release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
  • In the March edition of our "People of WordPress" series, you'll find out how Mary Job grew from a timid, curious cat into a public speaker and organizer of WordPress Meetups and WordCamps.
  • Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Beers with Talos chugs on during quarantine with the latest episode of “The In-Between.” Once again, the hosts talk about everything but security, answering listener questions from Twitter. The most pressing threat we have this week is WolfRAT, a variant of the DenDroid Android malware. WolfRAT is attempting to exploit users on… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could trick a user into opening a specifically crafted web page, which would allow the attacker to bypass authentication and giving them full read/write configuration access. Cisco Talos is disclosing this vulnerability… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and external environments. These sensors provide drivers with real-time information, connect the vehicle to the global fleet network and, in some cases, actively use and interpret this telemetry data to drive the… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Our main focus this week is on Astaroth. This is a malware family that has been targeting Brazil with a variety of lures, including COVID-19-themed documents, for the past nine to 12 months. Astaroth implements a robust series of anti-analysis/evasion techniques, among the most thorough we've seen recently. We have the full rundown of… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • By Warren Mercer, Paul Rascagneres and Vitor Ventura.  News summaryThai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line.We assess with high confidence that this modified version is operated by the infamous Wolf Research.This actor has shown a surprising level of amateur actions, including code overlaps, open-source project copy/paste, classes never being… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Beers with Talos (BWT) Podcast episode No. 81 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded May 1, 2020 Sammi is back and the rest of the crew is here to hang out and chat. As is The In-Between Way — we avoid discussing security at all. These episodes are all about just keeping in touch and having some fun. Despite Joel forgetting his one job on this podcast, we are taking your (sometimes crazy)… [[ This is only the beginning! Please visit the blog for […]
  • Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to carry out a variety of actions. In accordance with our coordinated disclosure policy, Cisco Talos worked with… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 8 and May 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • By Joe Marshall (@ImmortanJo3) There have recently been several high-profile ransomware campaigns utilizing Maze and Snake malware. From critical medical supply companies, to large logistics firms, many businesses of all sizes have fallen victim to this cybercrime wave. When an organization falls victim to a ransomware attack, it is only the final stage in an otherwise lengthy compromise process on the adversary’s part. The public often only sees the outcome that makes the news headlines… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • By Jon Munshaw.  Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each. Cisco Talos specifically disclosed CVE-2020-0901, a code execution vulnerability in Excel. This month’s… [[ This is only the beginning! Please visit the blog for the complete entry ]]