CISCO fixes bugs in DCMN & SD-WAN

Cisco data center flaws

Cisco Data Center Network Manager flaws
Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center.

These latest updates fix:

One critical authentication bypass vulnerability (CVE-2020-3382) in the solution’s REST API that could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device

Five high-risk flaws that could allow an authenticated, remote attacker to inject arbitrary commands on the affected device, write arbitrary files in the system with the privileges of the logged-in user, perform arbitrary actions through the REST API with administrative privileges, and interact with and use certain functions within the Cisco DCNM

Three medium-risk bugs (XSS, SQL injection, information disclosure)

The vulnerabilities affect various versions of the Cisco Data Center Network Manager software and their exploitability occasionally depends on how the Cisco DCNM appliances were installed. But the fixes are all included in the latest Cisco DCNM software releases: 11.4(1) and later.

The flaws were either reported by security researchers or found by Cisco during internal security testing, and there is no indication that any of them are actively exploited.

The Cisco SD-WAN Solution software flaws
Cisco SD-WAN gives users the ability to manage connectivity across their WAN from a single dashboard: the Cisco vManage console.

The company has found:

A critical buffer overflow vulnerability (CVE-2020-3375) affecting Cisco SD-WAN Solution software that could be exploited by sending crafted traffic to an affected device and could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user

A critical vulnerability (CVE-2020-3374) in the web-based management interface of Cisco SD-WAN vManage Software that could be exploited by sending crafted HTTP requests to it and could allow the attacker to access sensitive information, modify the system configuration, or impact the availability of the affected system.

What private browsing do and dont

Many people look for more privacy when they browse the web by using their browsers in privacy-protecting modes, called “Private Browsing” in Mozilla Firefox, Opera, and Apple Safari; “Incognito” in Google Chrome; and “InPrivate” in Microsoft Edge.

A common misconception is that these browser modes allow you to browse the web anonymously, surfing the web without websites identifying you, and without your internet service provider or your employer knowing what websites you visit. The tools actually provide much more limited protections.

Other studies conducted by the Pew Research Center and the privacy-protective search engine company DuckDuckGo have similar findings. In fact, a recent lawsuit against Google alleges that internet users are not getting the privacy protection they expect when using Chrome’s Incognito mode.

HOW IT WORKS

While the exact implementation varies from browser to browser, what private browsing modes have in common is that once you close your private browsing window, your browser no longer stores the websites you visited, cookies, user names, passwords, and information from forms you filled out during that private browsing session.

Essentially, each time you open a new private browsing window you are given a “clean slate” in the form of a brand-new browser window that has not stored any browsing history or cookies. When you close your private browsing window, the slate is wiped clean again and the browsing history and cookies from that private browsing session are deleted. However, if you bookmark a site or download a file while using private browsing mode, the bookmarks and file will remain on your system.

Although some browsers, including Safari and Firefox, offer some additional protection against web trackers, private browsing mode does not guarantee that your web activities cannot be linked back to you or your device. Notably, private browsing mode does not prevent websites from learning your internet address, and it does not prevent your employer, school, or internet service provider from seeing your web activities by tracking your IP address

REASONS TO USE IT

People often used private browsing to visit websites or conduct searches that they did not want other users of their device to see, such as those that might be embarrassing or related to a surprise gift. In addition, private browsing is an easy way to log out of websites when borrowing someone else’s device—so long as you remember to close the window when you are done.

Private browsing provides some protection against cookie-based tracking. Since cookies from your private browsing session are not stored after you close your private browsing window, it’s less likely that you will see online advertising in the future related to the websites you visit while using private browsing.

Additionally, as long as you have not logged in to your Google account, any searches you make will not appear in your Google account history and will not affect future Google search results. Similarly, if you watch a video on YouTube or other service in private browsing, as long as you are not logged in to that service, your activity does not affect the recommendations you get in normal browsing mode.

WHAT IT DOESN’T DO

Private browsing does not make you anonymous online. Anyone who can see your internet traffic—your school or employer, your internet service provider, government agencies, people snooping on your public wireless connection—can see your browsing activity. Shielding that activity requires more sophisticated tools that use encryption, like virtual private networks.

Private browsing also offers few security protections. In particular, it does not prevent you from downloading a virus or malware to your device. Additionally, private browsing does not offer any additional protection for the transmission of your credit card or other personal information to a website when you fill out an online form.

It is also important to note that the longer you leave your private browsing window open, the more browsing data and cookies it accumulates, reducing your privacy protection. Therefore, you should get in the habit of closing your private browsing window frequently to wipe your slate clean.

Defender now bins CCleaner

Microsoft’s Windows Defender antivirus software is—perhaps ironically—flagging CCleaner, a junk file remover, as a “Potentially Unwanted Application.”

The alerts occur when Windows Defender scans certain installers for the free and 14-day trial versions of CCleaner. The same installers can bundle third-party software from CCleaner’s parent company, antivirus provider Avast.

But according to Microsoft, these other applications are not required to install and run the junk file removing program. “While the bundled applications themselves are legitimate, bundling of software, especially products from other providers, can result in unexpected software activity that can negatively impact user experiences,” Redmond says in its notice.

The other applications CCleaner can try to install include Avast Free Antivirus, AVG AntiVirus—which Avast also owns—along with Google Chrome and Google Toolbar.

“While the CCleaner installers do provide an option to opt out, some users can easily inadvertently install these bundled applications,” Microsoft says in the notice.

The company also provided screenshots that illustrate how the bundling works. On install, CCleaner uses a plugin to contact Avast.com and download an additional file called Microstub.exe. “When it is launched, it provides a preselected option to install Avast Free Antivirus,” Microsoft says.

“If users choose to continue, the bundled antivirus product installs in the background. Existing antivirus software, including Microsoft Defender Antivirus, might be turned off or uninstalled during this process,” the company added.

Being classified as a Potentially Unwanted Application (PUA) doesn’t mean CCleaner is malware. However, the Windows Defender flag is still not a great look for the cleaning utility app, and may prompt some users to remove the product from their computers.

In response, a CCleaner spokesperson said: “Our products and our partners’ products are genuine and so we are in discussions with Microsoft to resolve this issue as soon as we can.”

We downloaded CCleaner today, and noticed the installer was not bundling other applications during the setup process.

Deceptikons for Hire !

Russian cyber-security firm Kaspersky said today in a webinar that it discovered a new hacker-for-hire mercenary group that appears to have been active for almost a decade.

The group, which Kaspersky codenamed Deceptikons, has primarily targeted law firms and fintech companies, according to Kaspersky malware analyst.

Most of the group’s targets are located in Europe, and occasionally some Middle East countries like Israel, Jordan, and Egypt.

The Deceptikons’ group most recent attacks included a 2019 spear-phishing campaign against a set of European law firms, where the group deployed malicious PowerShell scripts to infect hosts.

Deceptikons doesn’t use zero-days

“The group is not technically sophisticated and has not, to our knowledge, deployed zero-day exploits,” Kaspersky said in a post

Kaspersky described the group’s infrastructure and malware as “clever, rather than technically advanced” and with a focus on gaining persistence on infected hosts.

Most attacks seem to follow a similar patter, starting with a spear-phishing email that carries a malicious modified LNK (shortcut) file.

If the victims download and interact with the file (such as clicking it), the shortcut downloads and runs a PowerShell-based backdoor trojan.

Diaz said Kaspersky would be publishing a more complete technical report on Deceptikons activities in the coming weeks.

Second hacker-for-hire group exposed this year

This is the second major hacker-for-hire mercenary group that came to light this year after Belltroxinfotech  as the group behind the Dark Basin APT.

Kaspersky did not link Deceptikons to any real-world entity, for now