Be alert! Vulnerability in the Java SE, Java SE Embedded and JRockit component of Oracle Java SE (subcomponent: Serialization). 

The security concerns on CVE-2018-2815, please staying alert. For more details, please see below:

  1. The Java Security Architecture (JSA) defines ways for unprivileged code to perform privileged operations using

AccessController.doPrivileged().

2. The method includes create a new PrivilegedIntrospectHelper.

3. The new PrivilegedIntrospectHelper will be executed on a privileged block. This block will all internalIntrospecthelper(bean,prop,value,request,param,ignoreMethodNF) which will allow to invoke encapsulation (setter).

4. Result:

With encapsulation we pretend that nothing is revealed about the internal representation of an object, and we interact with our components only through their public interfaces; a desirable attribute that we usually exploit later when we want to change the internal representation of data in a component without breaking any code from its users.

Official security update show as below url:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

 

 

Hackers jailbreak MyEtherWallet Infrastructure (Apr 2018)

ISPs tend to restrict what an end customer can advertise. However, any ISP do not filter customer advertisements.
A possible factor let’s hacker compromise the customer router thus advertise errant information into the global routing table.

An attackers stolen at least $13,000 in Ethereum within two hours.

Security expert speculate that it is a DNS attack. But many attack method can be used. For example: BGP hijacking. The scenario displayed on above diagram.

Headline news shown as below:

https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum

 

 

 

 

 

 

Apple security updates (Apr 2018)

My speculation on iOS 11.3.1 show on picture.This is the moment when silence is more expressive than all words ever spoken. For more details about official announcement. Please see below url for references:

About the security content of iOS 11.3.1

About the security content of Safari 11.1

https://support.apple.com/en-us/HT208741

About the security content of Security Update 2018-001

https://support.apple.com/en-us/HT208742

Schneider Electric Important Security Notification – Mar & Apr 2018

 

A flaws found in Schneider Electric’s Modicon M340 PLC Station P34 Module human machine interface (HMI) software since 2015. An official announcement by vendor since last month till now. From techincal point of view, Modicon product series programmable logic controller has large usage in electric, gas and oil supply industry. So related party must stay alert!

CVE-2018-7758: https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=SEVD-2018-074-04+MiCOM+Px4x+Rejuvenated.pdf&p_Doc_Ref=SEVD-2018-074-04

CVE-2018-7762: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7759: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7242: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7760 & CVE-2018-7761: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7240 & CVE-2018-7241: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

Cisco Firepower vulnerabilities – Apr 2018

The content filter features enhance the firewall defense function. At the same time it is hard to avoid the design limitation occurs in this place. And therefore vulnerabilities occurs!

Vulnerabilities  details shown as below:

CVE-2018-0233: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort

CVE-2018-0272: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower

CVE-2018-0254: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2

CVE-2018-0244: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1

CVE-2018-0243: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss

CVE-2018-0230: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100

Realistic threats exists in NFC. Are they all secure?

The mobile payment is aggressive in some sort of area. As seen, it fully utilized in China market. From the economey point of view, this new payment design driven the retail business in parallel. The traditional banknote concept convert to digitalization silently.Is this a prelude of digital currency? The people doubt of the NFC (near field communcation) technology embedded in Visa payment earlier. As times goes by, it is popular today. The new smartphone market similar pushing the NFC techonology into next phase. The new form of payment method integrated both smartphone (iPhone and Android) and payment card with near field communication. How Secure Are NFC Payments? NFC technology comes with a range of security features that help protect financial data from stolen. But are they capable to avoid modern cyber attack? Perhaps if the computer product contains Java programming element. It is hard to avoid vulnerability. As a matter of fact, Java bytecode Verification is a key element in Java world. If this feature applied in the overalll design. It will significant reduce the malware infection because it is not easy to execute the malicious code. Do you have doubt after this discussion?

What is your privacy today? – Apr 2018

We are concerning about data privacy! Whereby we are scare of the surveillance program. As a matter of fact we are always under custodian.When you apply the loan or you have credit card. The financial instition will know your credit details. Your trustee will be categorized by score. Since this is the verification check and therefore we do not have negative comment. But it looks that the authorized agencies data custodian power become bigger and bigger. So a doubt occured after Equifax cyber security incident in 2017 causes data breach? Equifax is one of the credit report acency. There are total number of three company at this time. They are Equifax, Experian and TransUnion. Experian also offer INTERNET SURVEILLANCE,SOCIAL NETWORK MONITORING and anti-IDENTITY THEFT SERVICES. As far as I know, SunTrust Bank now offering identity protection for all current and new consumer clients at no cost on an ongoing basis because a former Employee Stole Details on 1.5 Million Customers. The identity protection services provider is Experian. Their power is bigger and no one aware. From technical point of view, their power similar government. But how we can do?

SunTrust 1.5 M client info stolen news – Apr 2018 (see below)

https://www.usatoday.com/story/tech/2018/04/20/many-1-5-million-accounts-may-have-been-compromised-suntrust-banks/535687002/

Nuclear headache – It is better stores the older warheads (old plutonium) on moon or other planet.

As a world justice leader it is hard to avoid to enhance the military setup. From the cold war till today, international atmosphere not significant change the protection definition. This circumstances match the logic since that man kind will be protect himself and his belongs. However a problem encountered was that how to despose or handle the big power killer weapons especially outdate nuclear bomb. Headline news (REUTERS) yesterday said that America’s has nuclear headache. For more details, please refer below url for reference.

https://www.reuters.com/article/us-usa-nukes-plutonium-specialreport/americas-nuclear-headache-old-plutonium-with-nowhere-to-go-idUSKBN1HR1KC

Remark: Send that radioactive stuffs to moon and other planet looks a possible solution. However it is hard to avoid incident occurs during transportation. A reminder is that Plutonium has a radioactive half-life of 24,000 years. So where can they go?

The next page of cyber attack – After European allies did the justice action (bombard Syria chemical facilities).

Preface

I can’t hold the tears back!

Rest in peace to victims who were killed in a suspected chemical attack on the rebel-held town of Khan Sheikhoun in north-western Syria on 4 April, 2018.

 International Law

About Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and on their Destruction

Reference :

  • Australia Group of countries and the European Commission that helps member nations identify exports which need to be controlled so as not to contribute to the spread of chemical and biological weapons
  • 1990 US-Soviet Arms Control Agreement
  • General-purpose criterion, a concept in international law that broadly governs international agreements with respect to chemical weapons
  • Geneva Protocol, a treaty prohibiting the first use of chemical and biological weapons

Prelude

United state of America is the leader keen to fight against of the evils. As a result their country possibly will be receive high volume of cyber attack after completed the justice military action.

UK a member of the alliance. As a result the situation will be similar.

Predict the target (Healthcare and clinic)

Per observation so far, the ransomware activities are wreak havoc in between 2017 to present. Retrospective that the UK healthcare and clinical areas suffered such attack last  year.  Below table of chart showing the (Ransomware) attack vector to specific industry.

In additional of UK joined the military action. The terrorist will spend the efford to find out the weakness of the healtcare system infrastructre. In logic point of view the healthcare and clinic will become the attack target because the terrorist will buy out the details from the criminal group. As a result a complete understanding of the design weakness on those area. Whereby it have high possibilities to engage the 2nd round of attack similar a revenge action.

Earlier last week an article issued by US-CERT with subject. Protecting Your Networks from Ransomware. Their aim is going to provide a guidance to fight against ransomware. Before you read the articles. There are few slogans are able to enhance your data protection framework. For instance:

1. Ransomware and Phishing Work Together

2. For whom who visiting online Gaming zone and Pornography web site in frequent are easy for encounter ransomware attack.

In order to avoid similar of cyber attack, enhance your awareness is the first priority. For more details, please refer below url for reference.

Protecting Your Networks from Ransomware

Predict the target – Pathway (router and network switch)

Since the market share of Cisco in both network switch and router are in big portion (see below diagram)

From technical point of view,  it is not easy to identify the product design in perfect way in modern technology business market. And therefore the threat actors will be make use of vulnerabilities to engage the cyber attack. In regards to the view point of security expert , hacker now keen to compromise the network switch nowadays. As a matter of fact hacker will prefer to compromise a hardware switch or router because he can control the traffic and retrieve the information. So the Cisco end users must be stay alert of security update announce by Cisco in this period of time. Below informative diagram will provides hints to you in this regards.

Cisco IOS is a monolithic operating system running directly on the hardware while IOS XE is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel. Attacker executing code remotely using system vulnerabilities. It is common type of attack and hard to avoid.

Perhaps a medium vulnerability found on IT product not a shock. However the medium vulnerability co-exists with known critical vulnerabilities created multiple vulnerabilities are unable to foreseen what is the level of damage. Cisco IOS XE fundamental design integrate to open system. The severity of vulnerability CVE-2018-0196 is medium level. End user is allow to disable the http services to avoid the vulnerability. But the default state of the HTTP Server feature is version-dependent. A significant signal alert Cisco customer that corrective control is not enough. The efficient way is enhance your preventive and detective control. That is the implementation of managed security services.

The design objective of the Command Line Parser is used to parse the command line arguments. The parser parsing a string and returns an object representing the values extracted. This is the the regular expression design objective. The Cisco IOS XE is a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS), introduced with the ASR 1000 series. IOS XE is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel. The goal of IOS SE aim to integrate the IOS feature set for routing and switching cope with modern business critical applications. The CLI command injection vulnerability has been found on CISCO IOS XE. Stay alert.

US-cert encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. For more details, please see below:

Predict the target – Electricity power facility, water supply and Gas supply facilities

SCADA system are popular and pay a major role in modern industrial automation including manufacturing production control, building facilities electricity devices control, etc. I believe that these areas do not lure the hacker interest. As usual, threat actors will remain unchanged focusing in the following critical public faciliteis.

Electricity power facility, water supply and Gas supply facilities.

In regards to vendor announcement last few month. The popular brand name of SCADA major supplier has vulnerabilities occured. Perhaps the SCADA owner applied the patch and completed the remediation. However the SCADA kernel more relies on Microsoft product based operating system. So we must consider is there any new security announcement by vendor. Below details are the vulnerabilities encountered last few months.

Allen Bradley – The design flaw of the programmable logic controller – system vulnerability

Oil refinery industry security alert! CVE-2018-4841

SCADA manufacturer security awareness awaken – ABB

Vulnerability in SCADA CODESYS Web Server CVE-2018-5440

Predict the target – logistic delivery (marine)

Hacker might interrupt the maritime bandwidth management system relies on vulnerabilities if it did not complete the patch. The specify vulnerability causes shipping traffic jam or suspend the logistic delivery. Whereby the marine industry especially container shipping company must stayed alert.

Navarino Infinity web interface is affected by multiple vulnerabilities

About situation of France

France under terrorist attack in frequent. The terrorist attack on 2017 are happened 8 times. The most recent of attack causes 5 people dead. Perhaps there is less hit rate of cyber attack shown on top of newspaper. Even though the overall situation is unkown. However the similar cirtical level of cyber attack will be happened in that place.

At the end, I wishing that justice will be win the battle. “In God We Trust“.

— End —

antihackingonline.com