End-of-Day report
Timeframe: Freitag 18-01-2019 18:00 - Montag 21-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
News
Beware the man in the cloud: How to protect against a new breed of cyberattack
One malicious tactic that has become quite prevalent in recent years is known as a -man in the cloud- (MitC) attack. This attack aims to access victims- accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack?
https://www.helpnetsecurity.com/2019/01/21/mitc-attack/
Warnung vor angeblichen Microsoft-Anrufen
Vermehrt gehen Meldungen zu Anrufen angeblicher Microsoft-Mitarbeiter/innen bei der Watchlist Internet ein. Die Betrüger/innen behaupten, Probleme am Computer der Betroffenen gefunden zu haben. Die angebotene Hilfe entpuppt sich schlussendlich als Datendiebstahl! Wer einen derartigen Anruf erhält, darf den Anweisungen nicht folgen und sollte umgehend auflegen.
https://www.watchlist-internet.at/news/warnung-vor-angeblichen-microsoft-anrufen/
Vulnerabilities
Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
A default configuration allows full admin access to unauthenticated attackers.
https://threatpost.com/critical-unpatched-cisco-flaw/141010/
Xen Security Advisory 289 v2 - Spectre V1 gadgets exploitable with L1TF
A number of specific exploitable gadgets have been identified. There are no new vulnerabilities. There is only new information about existing vulnerabilities: specifically, confirmation that existing, previously disclosed, vulnerabilities, can be exploited in specific ways.
...
As discussed in XSA-273, disabling SMT / hyperthreading will avoid the L1TF vulnerability. It will therefore prevent the use of the exploitable code patterns discussed in this advisory.
https://lists.xenproject.org/archives/html/xen-announce/2019-01/msg00006.html
[Pdns-announce] PowerDNS Recursor 4.1.9 Released
This release fixes the following security issues:
- PowerDNS Security Advisory 2019-01 (CVE-2019-3806): Lua hooks are not called over TCP
- PowerDNS Security Advisory 2019-02 (CVE-2019-3807): DNSSEC validation is not performed for AA=0 responses
https://mailman.powerdns.com/pipermail/pdns-announce/2019-January/001101.html
Security updates for Monday
Security updates have been issued by Fedora (gitolite3, gvfs, php, radare2, and syslog-ng), Mageia (libssh, php, python-django16, and rdesktop), openSUSE (podofo), and SUSE (libraw, openssh, PackageKit, and wireshark).
https://lwn.net/Articles/777250/
IBM Security Bulletin: Financial Transaction Manager for ACH Services: Information Leakage in configuration listing (CVE-2018-1670)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-information-leakage-in-configuration-listing-cve-2018-1670/