Categorías
Ciberseguridad Corporativa GNU / LINUX Open Source Transformación Digital

 

 

ALE³.com

Acrobatic Linux Engineering³

 

 

   
 
 

  • Google ha lanzado recientemente una actualización que corrige una vulnerabilidad crítica en la implementación Bluetooth de Android. Identificada con el CVE-2020-0022, dicha vulnerabilidad afecta principalmente a dispositivos con las versiones Oreo (8.0 y 8.1) y Pie (9.0) del sistema operativo. La versión Nougat (10) no es explotable, pero sí susceptible a un ataque por denegación de servicio.
  • Liberada ayer la edición de febrero del Patch Tuesday de Microsoft que resuelve 99 fallos de seguridad. Según la comunicación, 12 de esos 99 fallos han sido marcados como críticos, mientras que los 87 restantes han sido catalogados como importantes.
  • Descubiertas varias aplicaciones en Google Play utilizadas para descargar y ejecutar malware en los dispositivos de la víctima.
  • Se ha descubierto un nuevo módulo del troyano Emotet que se conecta a redes wifi cercanas y trata de infectar los dispositivos conectados a ellas. En los últimos días, los investigadores de Binary Defense han detectado una muestra del troyano Emotet que incluye un módulo para buscar redes wifi cercanas al dispositivo infectado e infectar […]
  • Más de 2 300 sistemas de acceso a edificios han podido ser secuestrados debido a una grave vulnerabilidad aún por solucionar. La compañía SonicWall informó de que los atacantes buscan activamente en Internet dispositivos IoT de edificios inteligentes para emplearlos en ataques DDoS. Estos ataques estarían siendo dirigidos contra el producto Linear eMerge E3, de […]
  • Recientemente se ha publicado un estudio sobre las tablets de la marca Wacom en el que se confirma que éstas recolectan datos de todas las aplicaciones que se abren desde el dispositivo. Este estudio ha sido publicado por el ingeniero Robert Heaton (@robjheaton) en su propia página web, en la que ha descrito la investigación […]
  • Varias implementaciones del protocolo permiten la ejecución remota de código sin requerir la interacción del usuario
  • Facebook ha parcheado una vulnerabilidad crítica que permitiría leer ficheros alojados en el sistema de archivos del usuario. A través de un mensaje especialmente manipulado, un atacante remoto podía aprovechar una vulnerabilidad de «cross-site scripting» que permitía acceder a ficheros alojados en la máquina de la víctima. La vulnerabilidad afectaba a las versiones de escritorio […]
  • La tecnológica admitió en una nota de seguridad que se produjo una filtración accidental que expuso vídeos privados alojados en sus servidores. La filtración hizo accesible estos archivos a otros usuarios de la plataforma no legitimados para el acceso.
  • Twitter acaba de publicar sus nuevas reglas para la administración de medios manipulados. La compañía dice que ya no se pueden «compartir engañosamente» falsificaciones que sean «susceptibles de causar daño«, y puede etiquetar los Tweets que contengan falsificaciones para ayudar a la gente a entender lo que es real y lo que ha sido alterado. […]
  • There’s hardly any piece of test equipment more fundamental than a volt ohm meter. Today you’re likely to have a digital one, but for most of history, these devices had real needle meters. The AVOmeter Model 8 Mark III that [Jeff Tranter] shows off had an odd banana-shaped meter. Maybe …read more
  • The student radio society in Trondhjem owns a Flex 6500-radio, with its associated Maestro panel peripheral. This is a software defined radio, and the Maestro is a computer containing just enough of an embedded version of Windows to run its front-end software. Unfortunately for our Norwegian radio amateur friends it …read more
  • Have you heard the exciting news about Betelgeuse? It’s been hard to miss these days, with reports of the red supergiant star suddenly dimming, and speculation growing that the star will go supernova sometime in the next 10,000 years. But the exciting part is that astronomers have gotten together and …read more
  • When doing surface-mount assembly you can certainly use a soldering iron in the traditional way, but it’s far more convenient to cover the pads with solder paste, place the components, and bake the board in a reflow oven. If you’re lucky enough to have a precut stencil this can be …read more
  • Launching model rockets is fun, but the real meat of the hobby lies in what you do next. Some choose to instrument their rockets or carry other advanced payloads. [seamster] likes to film his flights, and built a nosecone camera package to do so.  A GoPro is the camera of …read more
  • [electronupdate] has done a lot of LED light bulb teardowns over the years, witnessing a drive towards ever-cheaper and ever-simpler implementations, and suspects that LED light bulb design has finally reached its ultimate goal. This teardown of a recent dollar store example shows that cost-cutting has managed to shave even …read more
  • There are a variety of ways to enjoy your audio, of which headphones are one. Making a set of headphones is a straightforward enough project, but [madaeon] has taken the art to a new level by building the headphone drivers from scratch rather than using an off-the-shelf pair. The result …read more
  • ¡SPOILER! Al final del vídeo el hacker me respondió al email. Sí, parece que los rusos, malayos, o de donde sean, nos traen otra nueva maravilla del fraude con aplicación de ingeniería social, neuromarketing… Llamadlo «X». Básicamente se hacen pasar por agencias de marketing que colaboran con influencers y youtubers para que promociones su programa… La entrada Hackers están inyectando troyanos con falsas colaboraciones en Youtube aparece primero en Chuiso | El Blog Prohibido.
  • TPfusion es una herramienta que debe combinarse con la versión de pago de Ahrefs (lo cierto es que no hay otra, jajaja) y que te va a permitir realizar una unificación y filtrado de keywords con unos pocos clicks. A continuación te voy a explicar cómo se emplea pero antes te dejo con el vídeo… La entrada Cómo hacer una búsqueda de palabras clave en 2020 aparece primero en Chuiso | El Blog Prohibido.
  • ¿Los nichos son escalables? ¿Técnicas Black Hat SEO en 2020? ¿Por qué vídeos en Youtube y no artículos en Chuiso? En este 2º vídeo de preguntas y respuestas responderé algunas de las muchas preguntas que me hicisteis por la comunidad de Youtube y por Twitter hace bastante tiempo :S Aún quedaría una tercera parte 😉… La entrada ¿Los nichos son escalables? PREGUNTAS Y RESPUESTAS PARTE 2 aparece primero en Chuiso | El Blog Prohibido.
  • Ayer tuve la oportunidad de hablar con Posonty a raíz de todo el revuelo causado por su tweet del 28 de Diciembre: Mr. @JohnMu there is hope that one day there will be a new update to end farms and businesses created to sell newspaper links? Here in Spain this has become a mini industry…. La entrada POSONTY Y LA POLÉMICA CON LA COMPRA DE ENLACES aparece primero en Chuiso | El Blog Prohibido.
  • ¿Lo harías si tuvieses el dinero? En el canal de Youtube he hablado en el pasado de Flippa en este vídeo. El flipping o compra-venta de sitios web es todo un arte establecido en Estados Unidos, siendo los 2 principales marketplaces existentes Flippa y Empireflippers. Existen otras muchas comunidades en las que se venden proyectos… La entrada ¿Gastarías 2,7 millones de dólares en una web generando 70k? aparece primero en Chuiso | El Blog Prohibido.
  • ¡Qué pasa cabroncetes! ¿Me echábais de menos? Hay gente a la que le gustan mis vídeos en Youtube, hay gente que prefiere los artículos que me marcaba en este blog… ¡Vaya, vaya, esta vez algunos estarán contentos! Hoy, después de mucho, mucho tiempo sin escribir posts largos en este blog, vuelvo con este artículo invitado… La entrada Guía para iniciados que quieren monetizar con Google Adsense aparece primero en Chuiso | El Blog Prohibido.
  • ¡Hola! ¿Se puede ganar dinero con una web, simplemente vendiendo {enlaces|reseñas|posts patrocinados}? ¿Qué haces si Google Adsense discrimina a los gallegos? Antes de Nochebuena os quiero traer esta entrevista con Borja García, este crack gallego CEO del periódico NoticiasVigo y un gran amigo. Borja gana dinero con este medio de prensa y nos contará en… La entrada Ganar dinero vendiendo posts patrocinados en periódicos aparece primero en Chuiso | El Blog Prohibido.
  • ¡Muy buenas! En el vídeo de hoy responderé a este tweet del gran Cráneo Privilegiado, César Aparicio: Si solo tuvieras 5000 euros y quisieras empezar una idea desde cero en internet ¿dónde lo harías? 🙂 — César Aparicio (@eCesarAparicio) October 16, 2019 En realidad su tweet iba enfocado a emprender desde cero con una idea,… La entrada VIVIR DE INTERNET SIN EXPERIENCIA Y CON 5.000€ ¿ES POSIBLE? aparece primero en Chuiso | El Blog Prohibido.
  • ¡Muy buenas! ¿Es buena idea invertir tus ganancias online en otros sectores, como bienes inmuebles, o quizás es mejor reinvertir ese dinero en el sector del futuro, que sin duda es la tecnología e Internet? ¿Cualquiera que quiera invertir un dinero que no necesita y que le sobre necesita contratar a un experto para hacerlo,… La entrada Cómo invierto mis ganancias por Internet aparece primero en Chuiso | El Blog Prohibido.
  • 1. ¿Cuáles son las claves para que un vídeo de 1.000 visitas haya generado 8 o 9 dólares (o euros) y otro no llegue a medio dólar? 2. ¿Qué similitudes hay entre el RPM de webs Adsense y el eCPM de los vídeos en Youtube? 3. ¿Cómo puedo lograr que un vídeo de Youtube genere… La entrada Cómo ganar más con las visitas de Youtube aparece primero en Chuiso | El Blog Prohibido.
  • You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. The beginning In 1998, Kori created her very first HTML website. Her dad […]
  • I’ve arrived at the difficult decision to cancel the inaugural WordCamp Asia event, which was planned to take place in Bangkok on February 21st. The excitement and anticipation around this event have been huge, but there are too many unknowns around the health issues unfolding right now in the region to explicitly encourage a large […]
  • WordPress 5.4 Beta 1 is now available for testing! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.4 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” […]
  • Following an action-packed December, 2020 is off to a fine start with some new releases and announcements. Read on to find out what happened in the WordPress project in January. Release of Gutenberg 7.2 & 7.3 Gutenberg 7.2, the first Gutenberg release of 2020, was deployed on January 8th and included over 180 pull requests […]
  • You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Robert Cheleuka Robert is a self-taught graphic and motion designer turned web […]
  • Two members of the WordPress leadership team were nominated for excellent work in their field in the first ever Community Industry Awards. Andrea Middleton is nominated for Executive Leader of a Community Team and Josepha Haden Chomphosy is nominated for Community Professional of the Year. CMX is one of the largest professional organizations dedicated to […]
  • As 2019 draws to a close and we look ahead to another exciting year let’s take a moment to review what the WordPress community achieved in December. WordPress 5.3.1 and 5.3.2 Releases The WordPress 5.3.1 security and maintenance release was announced on December 13. It features 46 fixes and enhancements. This version corrects four security […]
  • WordPress 5.3.2 is now available! This maintenance release features 5 fixes and enhancements. WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now. If you have sites that support […]
  • Curious about the Gutenberg powered slides used during State of the Word? This post uncovers some technical and design aspects of the project!
  • WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, […]
  • Beers with Talos (BWT) Podcast episode No. 72 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Recorded Jan. 31, 2020When a vulnerability is released, regardless if it has a website and logo or not, we need to understand the risk to the network and what defense options are possible before the patch is ready for production. Can you defend against the vulnerability or do you go straight for known exploits? What happens if an exploit occurs? Also discussed: Talos begins releasing Threat Assessment Reports based on IR engagement data […]
  • Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 7 and Feb. 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a […]
  • By Nick Biasini and Edmund Brumaghin.Coronavirus is dominating the news and threat actors are taking advantage.Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants.Executive SummaryUsing the news to try and increase clicks and drive traffic is nothing new for malicious actors. We commonly see actors leveraging current news stories or events to try and increase the likelihood of infection. The biggest news currently is focused on the new virus affecting the world, with a focus on China: the coronavirus. There are countless news articles and email-based marketing campaigns […]
  • Newsletter compiled by Jon Munshaw.Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.This month’s Microsoft Patch Tuesday was particularly hefty, with the company disclosing nearly 100 vulnerabilities — three of which Talos researchers discovered. For our complete wrapup, check out the blog post here, and be sure to update your Microsoft products now if you haven’t already.Over on our YouTube page, we have a new video series we’re debuting called “Stories from the Field” with the Cisco Talos Incident Response Team. In each video, one of […]
  • By Jon Munshaw.Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There are also two bugs that were not assigned a severity.This month's patches include updates to the Windows kernel, the Windows scripting engine and Remote Desktop Procol, among other software and features. Microsoft also provided a critical advisory covering updates to Adobe Flash Player.Talos released a new set of SNORTⓇ rules today that provide coverage for some of these vulnerabilities, which you can see here.Critical vulnerabilitiesMicrosoft […]
  • By Chris Neal.Over the past several months, Cisco Talos has observed a malware campaign that utilizes websites hosting a new version of Loda, a remote access trojan (RAT) written in AutoIT. These websites also host malicious documents that begin a multi-stage infection chain which ultimately serves a malicious MSI file. The second stage document exploits CVE-2017-11882 to download and run the MSI file, which contains Loda version 1.1.1.This campaign appears to be targeting countries in South America and Central America, as well as the U.S.What's New?Talos has observed several changes in this version of Loda. The obfuscation technique used within […]
  • Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.The Apple Safari web browser contains a remote code execution vulnerability in its Fonts feature. If a user were to open a malicious web page in Safari, they could trigger a type confusion, resulting in memory corruption and possibly arbitrary code execution. An attacker would need to trick the user into visiting the web page by some means to trigger this vulnerability.In accordance with our coordinated disclosure policy, Cisco Talos worked with Apple to ensure that these issues are resolved and that an update is available for affected customers.Vulnerability […]
  • Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos is releasing the details of a use-after-free vulnerability in Windows 10. An attacker could exploit this vulnerability to gain the ability to execute arbitrary code in the kernel context. Microsoft disclosed this vulnerability in this month’s Patch Tuesday. For more on the updates Microsoft released, read Talos’ full blog here.In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.Vulnerability detailsWindows 10 win32kbase HMMarkObjectDestroy arbitrary code execution vulnerability (TALOS-2019-0970/CVE-2020-0731)A use after […]
  • Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Microsoft Media Foundation’s framework contains a code execution vulnerability. This specific bug lies in Media Foundations’ MPEG4 DLL. An attacker could provide a user with a specially crafted ASF file to exploit this vulnerability. Microsoft disclosed this vulnerability in this month’s Patch Tuesday. For more on the updates Microsoft released, read Talos’ full blog here.In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.Vulnerability detailsMicrosoft Media Foundation IMFASFSplitter::Initialize code execution vulnerability […]
  • Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Microsoft Excel contains a code execution vulnerability. This specific bug lies in the component of Excel that handles the Microsoft Office HTML and XML file types, first introduced in Office 2000. Microsoft disclosed this vulnerability in this month’s Patch Tuesday. For more on the updates Microsoft released, read Talos’ full blog here.In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.Vulnerability detailsMicrosoft Office Excel Ordinal43 code execution vulnerability (TALOS-2019-0968/CVE-2020-0759)An exploitable use-after-free vulnerability exists in […]