System

AWS S3 Misconfigurations how to Avoid?

Leave a comment

Preface:
AWS cloud business keep running strong in the market. Amazon S3 or Amazon Simple Storage Service is a “simple storage service” offered by Amazon Web Services (AWS) that provides object storage through a web service interface.

Synopsis:
S3 buckets can be configured with public access. But S3 looks like a burden for AWS reputation. Since the access permission is similar do it yourself service type.
So, AWS customer must be confirm the access permission themselves in order to cope with their business function access permission policy.
However if customer apply the services with mistaken permission setup. It will be jeopardizing AWS company reputation as well.

Former records:
Alteryx S3 leak leaves 123m American households exposed1 – Dec 19, 2017
Open AWS S3 bucket exposes private info on thousands of Fedex customers2 – Feb 15, 2018
Sensitive medical records on AWS bucket found to be publicly accessible3 – Jan 22, 2018
Domain Name Registrar was exposed Online (31,000 GoDaddy servers) – Aug 2018

How to avoid?
Hints can find in the following document (Identifying Public Buckets Using Bucket Permissions Check).

https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html

Application Development, System, Under our observation

SWIFT Customer Security Controls Framework

Leave a comment

 

Preface:

All SWIFT users must comply with the mandatory security controls by the end of 2018.

Objective:

Introduction of new controls or guidelines will take account of strong cybersecurity practices that address the currently known new and arising threats in order to pragmatically raise the security bar.

Technical details:

Mandatory Security Controls
1. Restrict Internet Access and Protect Critical Systems from General IT Environment
2. Reduce Attack Surface and Vulnerabilities
3. Physically Secure the Environment
4. Prevent Compromise of Credentials
5. Manage Identities and Segregate Privileges
6. Detect Anomalous Activity to Systems or Transaction Records
7. Plan for Incident Response and Information Sharing

Observation:
Swift system is on the way do the enhancement continuously. But do you think such continuous program will be effectively avoided cyber security attack? For instance Bangladesh heist.
It is hard to tell what is the next cyber attack challenge in the moment. Let’s keep our eye open. Stay tuned!

Reference:

Bank Negara Malaysia (Bank) detected and foiled a cybersecurity incident involving attempted unauthorized fund transfers using falsified SWIFT messages.

Potential Risk of CVE

Security Focus (Microsoft Edge) – Critical vulnerabilities fixed in November 2018 Patch Tuesday

Leave a comment

Preface:
Chakra is a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. It is a fork of the JScript engine used in Internet Explorer.

Description:
The technical details issued by patch Tuesday not describe explicitly (see below).

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..

Speculation:
Remote attacker to execute arbitrary code on the system caused by a ballout error in the JavaScript JIT compiler when inling ‘Array.prototype.push’ with multiple arguments.
Remark: The push() method adds oneor more elements to the end of an array and returns the new length of the array.

Remedy:

CVE-2018-8541
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541
CVE-2018-8542
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8542
CVE-2018-8543
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543
CVE-2018-8551
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8551
CVE-2018-8555
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555
CVE-2018-8556
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556
CVE-2018-8557
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8557
CVE-2018-8588
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588

Potential Risk of CVE

Adobe Releases Security Updates – 13th Nov 2018

Leave a comment

Preface:
Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. This is the standard authentication algorithm for Microsoft products.

Design weakness:
Hacker steal the NTLM Credentials via PDF Files. They exploit NTLM hash leaks stealing a Windows user’s NTLM hashes.

Official announcement:
Updates for Photoshop CC for Windows and macOS
https://helpx.adobe.com/security/products/photoshop/apsb18-43.html

Security updates for Adobe Acrobat and Reader for Windows
https://helpx.adobe.com/security/products/acrobat/apsb18-40.html

Security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

Potential Risk of CVE

Node.js third-party modules vulnerability – Nov 2018

Leave a comment

Preface:
Node.js is an open source, cross-platform built on Chrome’s JavaScript runtime for fast and scalable server-side and networking applications.

Known technical concerns:
Node.js has a set of built-in modules which you can use without any further installation.
In order to enhance the function and effectiveness, the 3rd party modules are available to operate with node.js framework. Since node.js is a runtime environment for the JavaScript-based applications. JavaScript is built into your browser software (IE, Chrome, Firefox, and Safari). JavaScript is used by HTML code to provide two-way communication between your browser and the web server without you needing to refresh the web page.
So, in certain circumstances, it is bring out the security concerns.

Known vulnerability modules:

Prototype Pollution Vulnerability in cached-path-relative Package
https://hackerone.com/reports/390847

[tianma-static] Stored xss on filename
https://hackerone.com/reports/403692

[takeapeek] Path traversal allow to expose directory and files
https://hackerone.com/reports/403736

Potential Risk of CVE, Under our observation

Security Updates for SIPROTEC and SICAM Products (Oct 2018)

Leave a comment

Preface:

SIPROTEC and SICAM – Siemens products and solutions for protection engineering, station automation, power quality, and measurement – can be connected directly and easily to MindSphere and other cloud-based platforms.

What is MindSphere?
MindSphere is an open cloud platform or “IoT operating system” developed by Siemens for applications in the context of the Internet of Things. MindSphere stores operational data and makes it accessible through digital applications to allow industrial customers to make decisions based on valuable factual information.

Product Updates:
SICAM Q200 V2.40 firmware released with security-relevant updates
SICAM Q100 V1.30 firmware released with security-relevant updates

Question?
OpenSSL sources modified by Siemens issued on 11th Sep 2018.
However OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack (use variations in the signing algorithm recover the private key).
Above vulnerability with reference number CVE-2018-0734 announced on 30th Oct 2018.
It looks that there is a gap in between version. But it cannot confirm whether there is an impact?
Regarding to above technical details. Do you have any doubt?

Public safety

What is the situation of Edward Snowden (whistle blower)? Do you still remember him?

Leave a comment

Preface:
The samurai (or bushi) were the warriors of premodern Japan.Lone Wolf and Cub is a manga created by Japanese comics writer.Samurai respected justice.

Synopsis:
Justice is the legal or philosophical theory by which fairness is administered. It is the fundamental of human nature. But the concept of justice differs in every countries and culture.

Who is he?
Edward Snowden, an American contract employee at the National Security Agency, is the whistleblower behind significant revelations that surfaced in June 2013 about the US government’s top secret, extensive domestic surveillance programmes. Snowden flew to Hong Kong from Hawaii in May 2013, and supplied confidential US government documents to media outlets including the Guardian.

What’s the situation now?
He is on exile. His most recent interview in Moscow Russia on September 2018. (Refer below url)
https://www.youtube.com/watch?v=wimHE6SNddc

Why Edward Snowden should be pardoned?(Refer below url)
https://www.amnesty.org.uk/edward-snowden-nsa-whistleblower-pardon

 

Potential Risk of CVE

VMware Releases Security Updates – November 09, 2018

Leave a comment

Subject: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

Technical background:
VMXNET3 (VMXNET Generation 3) is a virtual network adapter designed to deliver high performance in virtual machines (VMs) running on the VMware vSphere platform.
How to enable it?
1. Power off your Virtual Appliance in the VMWare Console.
2. Right click the Virtual Appliance, go to Settings.
3. Select Network Adapter 1 and click Remove.
4. Click Add and choose Network Adapter.
5. Choose VMXNET3 under type.

Design weakness:
The uninitialized stack memory vulnerability will be present if vmxnet3 is enabled.
In computing, an uninitialized variable is a variable that is declared but is not set to a definite known value before it is used. It will have some value, but not a predictable one. As such, it is a programming error and a common source of bugs in software.

Remedy:

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

IoT, Potential Risk of CVE

Does CUJO IoT firewall will be affected by U-Boot vulnerabilities? Nov 2018

Leave a comment

Preface:
CUJO is the most adorable home firewall on the Market. Meanwhile if a threat is detected, CUJO smart firewall will tell the cloud what it has blocked so you can receive a notification on your mobile app to confirm it.

Technical background:
Cujo product working with U-boot.
U-Boot is the bootloader. Meanwhile, it provides the basic infrastructure to bring up a board to a point where it can load a linux kernel and start booting the operating system.

Synopsis:
Vulnerabilities found on U-Boot (CVE-2018-18439, CVE-2018-18440)
CVE-2018-18439: U-Boot filesystem image load buffer overflow
CVE-2018-18440: U-Boot insufficient boundary checks in filesystem image load

Observation: No technical information provided by Vendor (CUJO AI) in the moment. We keep our eye open whether a remedy will be issued by vendor soon.

 

Potential Risk of CVE

Cisco Releases Security Updates – November 07, 2018

Leave a comment

Cisco Releases Security Updates – November 07, 2018

Cisco Stealthwatch Management Console Authentication Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Cisco Small Business Switches Privileged Access Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc

Cisco Unity Express Arbitrary Command Execution Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue

Cisco Meraki Local Status Page Privilege Escalation Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meraki%20Local%20Status%20Page%20Privilege%20Escalation%20Vulnerability&vs_k=1

antihackingonline.com