Categorías
Ciberseguridad Corporativa GNU / LINUX Open Source Transformación Digital

 

 

ALE³.com

Acrobatic Linux Engineering³

 

 

   
 
 

  • El cliente de Zoom para Windows es vulnerable a ‘UNC path injection’, lo que en última instancia, permitiría a un atacante recibir las credenciales de usuario de Windows de la víctima. Zoom es un software para realizar reuniones a través de videoconferencia. Por desgracia, en estos momentos son muchos los que trabajan desde casa, lo […]
  • Apple ha publicado 7 boletines de seguridad que solucionan vulnerabilidades en los productos iOS, iPadOS, macOS, watchOS, tvOS, Safari, y Xcode. Entre todos los productos se corrigen 49 fallos de seguridad, de cuales 15 podrían permitir la ejecución de código.
  • Investigadores en ciberseguridad junto con el laboratorio técnico de Qihoo 360 han publicado los detalles de dos campañas de ataque basadas en zero days dirigidas contra dispositivos de red fabricados por la empresa con sede en Taiwán, DrayTek.
  • Durante el mes de febrero Microsoft lanzó parches para nada más y nada menos que 99 CVEs. Entre estas vulnerabilidades una de ellas destacó particularmente: la identificada con CVE-2020-0729, basada en la ejecución de código remoto. Uno de los aspectos que convierte a esta vulnerabilidad en algo tan llamativo es que, históricamente, los exploits para […]
  • Recientemente se ha encontrado una vulnerabilidad en el funcionamiento de las conexiones VPN en los dispositivos iOS que evita el cifrado de la información. La vulnerabilidad afecta a dispositivos con con una versión de iOS 13.3.1 o superior, y previene que la conexión VPN configurada cifre el tráfico que circula por ella, exponiendo los datos […]
  • Los autores responsables del malware bancario TrickBot han desarrolado TrickMo, una aplicación Android capaz de interceptar los códigos de autorización enviados por las entidades bancarias. Esta aplicación, bautizada como TrickMo por los investigadores de IBM X-Force, está en pleno desarrollo y ha tenido como objetivo, de momento, a usuarios alemanes que estaban previamente infectados con […]
  • Un investigador de ciberseguridad reveló hoy detalles técnicos y PoC de una vulnerabilidad crítica de ejecución remota de código que afecta a OpenWrt, un sistema operativo basado en Linux ampliamente utilizado para enrutadores, puertas de enlace residenciales y otros dispositivos integrados que enrutan el tráfico de red.
  • NetWalker, el malware de tipo ransomware empleado por los atacantes, se está usando contra hospitales de Estados Unidos, España y Francia
  • Se ha descubierto un nuevo 'zero-day' siendo explotado activamente en sistemas Windows. La vulnerabilidad permite a los atacantes ejecutar código arbitrario y tomar el control de la máquina.
  • En noviembre del pasado año ya hablábamos en nuestro blog de la funcionalidad añadida de la botnet Stantinko para el minado de criptomonedas, y asimismo, hacíamos mención a las avanzadas técnicas de ofuscación utilizadas en esta campaña, la cual permanece activa desde el año 2012. Ahora los investigadores de ESET han lanzado un nuevo estudio […]
  • Scope creep is a real pain in the real world, but for projects of passion it can have some interesting consequences. [rctestflight] was playing around with 3D printed rover gearboxes, which morphed into a 3D printed tank build. [rctestflight]’s previous autonomous rover project had problems with the cheap geared …read more
  • Keeping track of position is crucial in a lot of situations. On Earth, it’s usually relatively straight-forward, with systems having been developed over the centuries that would allow one to get at least a rough fix on one’s position on this planet. But for a satellite out in space, however, …read more
  • Whether your home Internet connection comes by ADSL, fibre, cable, or even satellite, at some point in the chain between your ISP and your computer will be a router in your home. For some of us it’s a model we’ve bought ourselves and loaded up with a custom distro, but …read more
  • When measuring air quality, particulate matter is an important metric to watch. The PM2.5 rating refers to particulate matter that has a diameter of less than 2.5 micrometers. While it’s often measured by authorities on a city-wide basis, [rabbitcreek] wanted a way to track down point sources indoors. The tool …read more
  • While Valve’s Steam Controller was ultimately a commercial failure, there’s no denying it’s an interesting piece of hardware. With dual trackpads, a wealth of buttons, and Bluetooth capability, it could be the ideal way to control your next build. Thanks to a recent project by [geggo], now you’ve even got …read more
  • Most often, humans and robots do not have to work directly together, instead working on different parts in a production pipeline or with the robot performing tasks instead of a human. In such cases any human-robot interaction (HRI) will be superficial. Yet what if humans and robots have to work …read more
  • You might assume that you need a lot of expensive stuff to make your own PCBs, but that isn’t the case: you can do it with a vinyl cutter and a few common chemicals and tools. [Emiliano Valencia] has laid out the entire process. While we’ve seen plenty of make …read more
  • ¡Hoy es mi cumple y éste es mi regalo! TeamPlatino Rookie. Un curso 100% gratis, gasto mínimo para comenzar y enfocado en novatos que empiezan en este mundillo 💪💪 REGÍSTRATE GRATIS: https://teamplatino.com/curso-rookie/ ¡Se agradece que compartas! Mucha gente en España está en cuarentena por el CoronaVirus, y quizás es el momento perfecto para aprender a monetizar, y… La entrada Mi nuevo curso para ganar dinero con nichos Adsense ¡GRATIS! aparece primero en Chuiso | El Blog Prohibido.
  • ¡Así de lamentable suena y así de cierto es! A menudo tengo que pagar por mi propio producto para infiltrarme en conjuntas que realizan para grabar y resubir los contenidos en los que enseño SEO y monetización. Un problema real en este mundillo que cada uno combate a su manera. Las vías legales a menudo… La entrada Me infiltré en una conjunta de mi curso TeamPlatino aparece primero en Chuiso | El Blog Prohibido.
  • ¡Buenas! En el vídeo de hoy mis paridas terminan en el minuto 4:25, así que corre directamente ahí si no quieres perder el tiempo. Hoy os hablaré del sector más popular y blackhatero en el mundo SEO hispano, y probablemente uno de los más populares también en otros idiomas (os animo a poner locksmith y… La entrada SEO, SEM y cerrajeros – Black Hat nivel Dios aparece primero en Chuiso | El Blog Prohibido.
  • ¡Muy buenas! Aprovecho un trayecto en coche para contaros esta experiencia que sufrí hace unos 3 años. Básicamente fue uno de los peores ataques DDoS que he visto en mi vida, y que lamentablemente me tocó sufrir en mis propias carnes. Una experiencia dura de la que salí muy reforzado, tanto yo como mi comunidad,… La entrada El peor ataque DDoS que he sufrido en un servidor aparece primero en Chuiso | El Blog Prohibido.
  • ¡SPOILER! Al final del vídeo el hacker me respondió al email. Sí, parece que los rusos, malayos, o de donde sean, nos traen otra nueva maravilla del fraude con aplicación de ingeniería social, neuromarketing… Llamadlo «X». Básicamente se hacen pasar por agencias de marketing que colaboran con influencers y youtubers para que promociones su programa… La entrada Hackers están inyectando troyanos con falsas colaboraciones en Youtube aparece primero en Chuiso | El Blog Prohibido.
  • TPfusion es una herramienta que debe combinarse con la versión de pago de Ahrefs (lo cierto es que no hay otra, jajaja) y que te va a permitir realizar una unificación y filtrado de keywords con unos pocos clicks. A continuación te voy a explicar cómo se emplea pero antes te dejo con el vídeo… La entrada Cómo hacer una búsqueda de palabras clave en 2020 aparece primero en Chuiso | El Blog Prohibido.
  • ¿Los nichos son escalables? ¿Técnicas Black Hat SEO en 2020? ¿Por qué vídeos en Youtube y no artículos en Chuiso? En este 2º vídeo de preguntas y respuestas responderé algunas de las muchas preguntas que me hicisteis por la comunidad de Youtube y por Twitter hace bastante tiempo :S Aún quedaría una tercera parte 😉… La entrada ¿Los nichos son escalables? PREGUNTAS Y RESPUESTAS PARTE 2 aparece primero en Chuiso | El Blog Prohibido.
  • Ayer tuve la oportunidad de hablar con Posonty a raíz de todo el revuelo causado por su tweet del 28 de Diciembre: Mr. @JohnMu there is hope that one day there will be a new update to end farms and businesses created to sell newspaper links? Here in Spain this has become a mini industry…. La entrada POSONTY Y LA POLÉMICA CON LA COMPRA DE ENLACES aparece primero en Chuiso | El Blog Prohibido.
  • ¿Lo harías si tuvieses el dinero? En el canal de Youtube he hablado en el pasado de Flippa en este vídeo. El flipping o compra-venta de sitios web es todo un arte establecido en Estados Unidos, siendo los 2 principales marketplaces existentes Flippa y Empireflippers. Existen otras muchas comunidades en las que se venden proyectos… La entrada ¿Gastarías 2,7 millones de dólares en una web generando 70k? aparece primero en Chuiso | El Blog Prohibido.
  • ¡Qué pasa cabroncetes! ¿Me echábais de menos? Hay gente a la que le gustan mis vídeos en Youtube, hay gente que prefiere los artículos que me marcaba en este blog… ¡Vaya, vaya, esta vez algunos estarán contentos! Hoy, después de mucho, mucho tiempo sin escribir posts largos en este blog, vuelvo con este artículo invitado… La entrada Guía para iniciados que quieren monetizar con Google Adsense aparece primero en Chuiso | El Blog Prohibido.
  • Version 5.4 "Adderley" of WordPress is available for download or update in your WordPress dashboard. This version brings you more ways to make content come alive with your best images and helps make your vision real by putting blocks in the perfect place.
  • The fifth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) […]
  • The fourth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) […]
  • The third release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
  • The second release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
  • In the March edition of our "People of WordPress" series, you'll find out how Mary Job grew from a timid, curious cat into a public speaker and organizer of WordPress Meetups and WordCamps.
  • The first release candidate for WordPress 5.4 is now available! This is an important milestone as we progress toward the WordPress 5.4 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.4 is currently […]
  • February 2020 was a busy month in the WordPress project! Most notably, there was an outpouring of sentiment in response to the unfortunate cancellation of WordCamp Asia. However, the team continues to work hard in the hopes of making WordCamp Asia 2021 happen. In addition, there were a number of releases and some exciting new […]
  • WordPress 5.4 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.4 beta in two ways: Try the WordPress Beta Tester plugin (choose “bleeding edge nightlies” […]
  • As mentioned in this post, Matt will host a livestream on February 22 during Bangkok daylight hours. He opened an invitation to any speaker who was affected by the cancellation, and the livestream will include the following fine people: Imran Sayed, Md Saif Hassan, Muhammad Muhsin, Nirav Mehta, Piccia Neri, Umar Draz, and Francesca Marano […]
  • By Vanja Svajcer. NEWS SUMMARY We are used to ransomware attacks and big game hunting making the headlines, but there is an undercurrent of other attack types that allow attackers to monetize their efforts in a less intrusive way.Here, we discuss a multi-pronged cyber criminal attack using a number of techniques that should alert blue team members with appropriate monitoring capability but are not immediately obvious to end-users.These threats demonstrate several techniques of the MITRE… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • By Chris Neal Executive Summary Trickbot remains one of the most sophisticated banking trojans in the landscape while constantly evolving.Highly modular, Trickbot can adapt to different environments with the help of its various modules.The group behind Trickbot has expanded their activities beyond credential theft into leasing malware to APT groups.OverviewIn recent years, the modular banking trojan known as Trickbot has evolved to become one of the most advanced trojans in the threat… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • The ongoing COVID-19 pandemic continues to yield new subject matter that bad actors can turn into fodder for enticing victims into clicking on malicious links and attachments. On March 27, the CARES Act was signed into law by the President, enacting a wide range of stimulus packages designed to aid Americans and businesses during the crisis. One such measure will authorize a supplemental stimulus check to American citizens. Along with the general increase in coronavirus and COVID-19-themed… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Executive Summary The COVID-19 pandemic is changing everyday life for workers across the globe. Cisco Talos continues to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns. Talos has not yet observed any new techniques during this event. Rather, we have seen malicious actors shift the subject matter of their attacks to focus on COVID themes. We continue to monitor the situation and… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 20 and March 27. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Just because we’re all still working from home doesn’t mean you can stop patching. We’ve been busy this week with a new wave of vulnerabilities we disclosed, including in Intel Web Raid Console, Videolabs and GStreamer. If you’re looking to fill some silence at home or just want to hear a friendly voice, we’re still uploading new… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Geoff Serrao of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered two denial-of-service vulnerabilities in the web API functionality of Intel RAID Web Console 3. The Raid Web Console is a web-based application that provides several configuration functions for the Intel RAID line of products, which includes controllers and storage expanders. The console monitors, maintains and troubleshoots these products. An attacker could exploit both of… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They also develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Peter Wang of Cisco ASIG discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in GStreamer, a pipeline-based multimedia framework. GStreamer contains gst-rtsp-server, an open-source library that allows the user to build RTSP servers. This function contains an exploit that an attacker could use to cause a null pointer deference, resulting in a denial of service. In accordance with our coordinated disclosure policy, Cisco Talos… [[ This is only the beginning! Please visit the blog for the complete entry ]]
  • Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 13 and March 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is… [[ This is only the beginning! Please visit the blog for the complete entry ]]