Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19702PUBLISHED: 2019-12-10
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML do...
CVE-2019-19703PUBLISHED: 2019-12-10In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
CVE-2012-1577PUBLISHED: 2019-12-10lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVE-2012-5620PUBLISHED: 2019-12-10** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2013-1689PUBLISHED: 2019-12-10Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
User Rank: Apprentice
3/14/2014 | 11:16:26 AM
However, all of this presents new types of targets. So, we have a few scenarios here...
There are a number of different types of cloud-based attacks that can and do happen. These include port attacks, DDoS, application-specific threats, database attacks and much more.
So the answer really depends on the attack and who it's against. Let's look at this example - According to a recent Arbor Networks report, DDoS attacks originally targeted Spamhaus on 16th March, 2013. Spamhaus engaged the services of CloudFlare (http://blog.cloudflare.com/) who were able to mitigate the initial attacks successfully. The attacks then escalated between 19th and 21st March exhausting the capabilities of CloudFlare. The report goes on to say that the attacks also moved on to target next-hop addresses at IX's around the world (AMS-IX, DEC-IC, HK-IX, Equinix and LINX) causing congestion and a perceived Internet slow down in some geographies. ISPs around the world have worked to deploy filters to mitigate the impact of the attacks.
In this case, it was a scramble to halt this type of congestion and attack.
In other cases, very specific attacks may target a service or an application. During this attack a malicious piece of software or user continue to run and operate on the system. In these cases you still need to isolate the application or data point to identify and quantify the ramifications of the attack. If it's a VM, snapshotting it will allow you to see present-state metrics around the attack. Of course, governance and compliance play a big role as well.
Basically, there will be cases where a security professional will want to regain control, monitor, and remediate a potential attack.