[CERT-daily] Tageszusammenfassung - 21.01.2019
Daily end-of-shift report
team at cert.at
Mon Jan 21 18:03:48 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 18-01-2019 18:00 − Montag 21-01-2019 18:00
Handler: Dimitri Robl
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ Beware the man in the cloud: How to protect against a new breed of cyberattack ∗∗∗
---------------------------------------------
One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack?
---------------------------------------------
https://www.helpnetsecurity.com/2019/01/21/mitc-attack/
∗∗∗ Warnung vor angeblichen Microsoft-Anrufen ∗∗∗
---------------------------------------------
Vermehrt gehen Meldungen zu Anrufen angeblicher Microsoft-Mitarbeiter/innen bei der Watchlist Internet ein. Die Betrüger/innen behaupten, Probleme am Computer der Betroffenen gefunden zu haben. Die angebotene Hilfe entpuppt sich schlussendlich als Datendiebstahl! Wer einen derartigen Anruf erhält, darf den Anweisungen nicht folgen und sollte umgehend auflegen.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-angeblichen-microsoft-anrufen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open ∗∗∗
---------------------------------------------
A default configuration allows full admin access to unauthenticated attackers.
---------------------------------------------
https://threatpost.com/critical-unpatched-cisco-flaw/141010/
∗∗∗ Xen Security Advisory 289 v2 - Spectre V1 gadgets exploitable with L1TF ∗∗∗
---------------------------------------------
A number of specific exploitable gadgets have been identified. There are no new vulnerabilities. There is only new information about existing vulnerabilities: specifically, confirmation that existing, previously disclosed, vulnerabilities, can be exploited in specific ways.
...
As discussed in XSA-273, disabling SMT / hyperthreading will avoid the L1TF vulnerability. It will therefore prevent the use of the exploitable code patterns discussed in this advisory.
---------------------------------------------
https://lists.xenproject.org/archives/html/xen-announce/2019-01/msg00006.html
∗∗∗ [Pdns-announce] PowerDNS Recursor 4.1.9 Released ∗∗∗
---------------------------------------------
This release fixes the following security issues:
- PowerDNS Security Advisory 2019-01 (CVE-2019-3806): Lua hooks are not called over TCP
- PowerDNS Security Advisory 2019-02 (CVE-2019-3807): DNSSEC validation is not performed for AA=0 responses
---------------------------------------------
https://mailman.powerdns.com/pipermail/pdns-announce/2019-January/001101.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (gitolite3, gvfs, php, radare2, and syslog-ng), Mageia (libssh, php, python-django16, and rdesktop), openSUSE (podofo), and SUSE (libraw, openssh, PackageKit, and wireshark).
---------------------------------------------
https://lwn.net/Articles/777250/
∗∗∗ IBM Security Bulletin: Financial Transaction Manager for ACH Services: Information Leakage in configuration listing (CVE-2018-1670) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-information-leakage-in-configuration-listing-cve-2018-1670/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list