David Lara

Esta mañana se han registrado 13 sismos costa afuera (zona de subducción), con tres eventos M≥5,3 — y el mayor (M5,5) fue el más reciente. Este patrón no es una secuencia normal de réplicas. La actividad no decae, lo que exige atención. El escenario más probable es que se agote sin mayores consecuencias. Pero su ubicación — la brecha sísmica de Atacama — nos obliga a estar preparados. ✅ Revisa tu kit de emergencia ✅ Identifica tus zonas seguras ✅ Mantente informado por canales oficiales La preparación no es alarmismo. Es responsabilidad. #GestiónDelRiesgo #Atacama #Sismología #Preparación

🛡️ Una herramienta preinstalada puede tirar equipos de trabajo Dell confirmó que SupportAssist está causando pantallas azules y reinicios en algunos equipos Windows. SupportAssist es una herramienta que viene instalada en muchas computadoras Dell para diagnóstico, soporte y recuperación del sistema. Para una empresa, esto puede parecer “falló la laptop”. Pero en realidad puede afectar ventas, administración, soporte, producción y atención a clientes. ⚠️ ¿Qué pasó? Dell confirmó que la versión 5.5.16.0 de SupportAssist Remediation puede causar errores BSOD en Windows. BSOD es la pantalla azul de Windows, cuando el equipo se bloquea y reinicia por una falla crítica. Dell recomendó desactivar o desinstalar temporalmente el servicio afectado mientras trabaja en una solución. El detalle importante es operativo. Muchas empresas compran equipos con software de fábrica y nunca revisan qué servicios quedan activos. Esas herramientas pueden ayudar al soporte. Pero también pueden causar fallas, consumir recursos o introducir riesgos si no se administran. El problema no aplica solo a Dell. Cualquier marca puede traer software preinstalado que requiere control, actualización y pruebas antes de llegar a usuarios clave. 💡 ¿Qué deben hacer? Pidan a TIC identificar equipos Dell con SupportAssist Remediation 5.5.16.0. Desactiven o desinstalen el servicio afectado en equipos con pantallas azules. Prueben actualizaciones de fabricante en un grupo pequeño antes de liberarlas a toda la empresa. Mantengan un inventario de software preinstalado en laptops y PCs. Prioricen equipos de ventas, dirección, finanzas, soporte y operación.

🚨 🇨🇱 CYBER INTELLIGENCE ALERT: MASSIVE CAMPAIGN AGAINST DIGITAL INFRASTRUCTURE IN CHILE ⚠️ MORE THAN 120 DOMAINS COMPROMISED The Pharaoh's Team threat group has published a massive list of more than 120 compromised targets, almost all belonging to the Chilean domain name space (.cl). The attackers are offering for sale direct access to control panels (cPanel) and WordPress admin privileges (WP-admin), granting them complete control over the websites and their associated databases. 🎯 Affected Sectors: Government, Education, Legal, Transportation, and Commercial in Chile. 👤 Threat Actor: Pharaoh's Team 🛠️ Access Vectors: cPanel and WordPress Admin Credentials. 📅 Detection Date: May 2026 📊 ANALYSIS OF COMPROMISED ENTITIES 🕵️‍♂️ THREAT SUMMARY The Pharaoh's Team threat group has published a massive inventory of compromised access points targeting almost exclusively Chilean digital infrastructure. The attackers gain complete control through cPanel and WP-admin credentials, allowing them to manipulate files, databases, and institutional emails. These are the entities with the greatest institutional and social impact: 🏛️ Government and Municipal Sector Municipality of Palmilla: https://t.co/HOlQj2TaYO. The compromise of municipal data subdomains represents a critical risk to citizens' privacy and the integrity of local public services. 🎓 Education Sector (Institutions and Schools) San Viator School of Macul: https://t.co/heR1KK1x4f Hispano Americano School: https://t.co/m6d0kf4uw5 Portales School: https://t.co/ogFog5onzb La Igualdad High School: https://t.co/dMsgdpyVWO GRC High School: https://t.co/XuX1X09Yfc Prince of Asturias School (Valdivia): https://t.co/8pJe2wNhcP ⚖️ Notary and Legal Sector (Public Faith Services) Julio Abuyeres Notary Office: https://t.co/TVuAVyAmHQ Renata González Notary Office: https://t.co/bJHWqt7N1X Villalobos Notary Office: https://t.co/z7HYDtFl3Q CEP Abogados: https://t.co/AgdTwOVZsG IP Abogados: https://t.co/X6RLhGHe5W 🚌 Transportation, Unions, and Health Narbus: https://t.co/L5X7dLTvma (Intercity bus company). Starbucks Union: https://t.co/YDUqSKDyLb. Arrayán Mental Health: https://t.co/X3Rd1PKDRo. 💼 Unions and Associations: https://t.co/YDUqSKDyLb (Starbucks Chile Workers' Union). [RISK ANALYSIS]: By gaining access to cPanel, the attacker not only controls the website's visible content (via WP-admin), but also has the ability to intercept institutional emails, load phishing emails, deploy malware to infect visitors, and access databases containing Personally Identifiable Information (PII) of citizens and clients. 🛡️ MITIGATION AND RECOMMENDATIONS 🛑 Credential Reset: Administrators of the listed domains are urged to immediately change passwords at all levels (cPanel, Database, FTP, and WordPress Users). ⚠️ File Audit: Review the root directory for recently uploaded suspicious .php files (Webshells) that could allow the attacker to persist. 🔒 MFA Implementation: Mandatory Multi-Factor Authentication (2FA) must be enabled for access to control panels and content management. 💻 Plugin Audit: Update all WordPress components, as the exploit often stems from vulnerabilities in unpatched plugins. ⚡ MONITORING 🌐 Monitoring System: https://t.co/wk9bZJ3laQ #Cybersecurity #Chile #DataBreach #cPanel #WordPress #PharaohsTeam #CriticalInfrastructure #VECERT #CyberAlert #InfosecChile

Multiple security vulnerabilities affecting React Server Components and Next.js have been disclosed. We strongly recommend updating your applications immediately. Cloudflare WAF managed rules already mitigate the disclosed denial-of-service vulnerabilities, and we are investigating additional coverage for several other CVEs. https://t.co/mT9ujk1H7c

🚨 UPDATE: INFRASTRUCTURE AND DATA – CHILE 🇨🇱🏛️📱 Persistent and critical activity targeting major telecommunications and public service entities in Chile has been detected. The threat actor "rutify" has published records suggesting the leakage of sensitive data over the past 48 hours. 📅 Detected Today (04/30/2026): https://t.co/aQpz6XhvkR: Initially classified as "Unclassified," suggesting a breach within the operator's portals or databases. https://t.co/eBxO5M5Thu: Incident categorized under the "Technology" sector, indicating a compromise of the company's infrastructure. 📅 Detected Yesterday (04/29/2026): REGISTRO CIVIL, CORREO, CLAVEÚNICA: This finding is of the utmost severity, as it alleges the compromise of citizen identity systems (ClaveÚnica), civil registries, and mail servers. ⚠️ Risk Implications (VECERT Intelligence) Compromise of National Identity: The alleged compromise of the *ClaveÚnica* (Unique Key) system could allow malicious actors to impersonate citizens in order to conduct legal, banking, and healthcare-related procedures on government portals. Exposure of Telecommunications Data: The breaches at Claro and WOM expose the private information of millions of users, facilitating SIM swapping attacks, extortion, and telephone fraud. 🛡️ Immediate Response Recommendations 🔒 Urgent *ClaveÚnica* Password Change: Citizens are advised to update their passwords on the official *ClaveÚnica* portal and enable additional authentication methods if available. 🔑 Telco System Audit: Claro and WOM are urged to conduct a forensic review of their customer databases and internal system access logs. 👁️ Email Monitoring: Due to the mention of "CORREO" (Mail), users should remain alert for highly sophisticated phishing attempts that leverage actual leaked data. Monitor: https://t.co/wk9bZJ3laQ #CyberSecurity #Chile #RegistroCivil #ClaveUnica #ClaroChile #WOM #DataBreach #CSIRT #VECERT #InfoSec #SinVerificador 🇨🇱🛡️⚠️🚨🔐

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

Russian General Staff Main Intelligence Directorate (GRU) cyber actors are exploiting vulnerable routers worldwide to intercept and steal sensitive military, government, and critical infrastructure information. The U.S. Department of Justice and the FBI recently disrupted a GRU network of compromised small-office home-office (SOHO) routers used to facilitate malicious DNS hijacking operations. The FBI and the following partners are releasing this announcement to warn the public and encourage network defenders and device owners to take actions to remediate and reduce the attack surface of similar edge devices: U.S. National Security Agency (NSA) and international partners from Canada, Czech Republic, Denmark, Estonia, Finland, Germany, Italy, Latvia, Lithuania, Norway, Poland, Portugal, Romania, Slovakia, and Ukraine. Understanding the DNS Hijacking Operations Since at least 2024, Russian GRU 85th Main Special Service Center (85th GTsSS) cyber actors — also known as APT28, Fancy Bear, and Forest Blizzard — have been collecting credentials and exploiting vulnerable routers worldwide, including compromising TP-Link routers using CVE-2023-50224. The GRU actors changed the devices' dynamic host configuration protocol (DHCP) / domain name system (DNS) settings to introduce actor-controlled DNS resolvers. Connected devices, including laptops and phones, inherit these modified settings. The actor-controlled infrastructure resolves and captures lookups for all domain names. The GRU provides fraudulent DNS answers for specific domains and services — including Microsoft Outlook Web Access — enabling adversary-in-the-middle (AitM) attacks against encrypted traffic if users navigate through a certificate error warning. These AitM attacks would allow the actors to see the traffic unencrypted. The GRU has harvested passwords, authentication tokens, and sensitive information including emails and web browsing information normally protected by secure socket layer (SSL) and transport layer security (TLS) encryption. The GRU has indiscriminately compromised a wide pool of U.S. and global victims and then filtered down impacted users, especially targeting information related to military, government, and critical infrastructure. Tips to Protect Yourself The FBI and partners have released relevant guidance and technical indicators, including NCSC-UK cybersecurity advisory "APT28 exploit routers to enable DNS hijacking operations" on 7 April 2026 and CISA's Edge Device Security webpage. Users of SOHO routers are encouraged to upgrade end-of-support devices, update to latest firmware versions, change default usernames and passwords, and disable remote management interfaces from the Internet. All users should carefully consider certificate warnings in web browsers and email clients. Organizations that allow remote work should review relevant policies regarding how employees access sensitive data, such as using VPNs and hardened application configurations. Additionally, organizations may consider incentivizing employees to upgrade outdated personal devices involved in remote access. Report It If you suspect you have been targeted or compromised by a Russian GRU cyber intrusion, report the activity to your local FBI field office or file a complaint with the IC3. Be sure to provide details about your router, including device type and DHCP configurations. Visit https://t.co/bgnGBinpGB for additional details.