Security Focus – Critical Path Update contains 3 new security fixes for the Oracle Database Server – 15th Jan 2019

Preface: Computer system vulnerability wreak havoc, IT life not easy!

Background: Oracle’s revolutionary cloud database features autopilot, self-protection, and self-healing capabilities designed to eliminate error-prone manual data management. But the Core RDBMS vulnerability still exists!

Security focus – CVE-2019-2444:
Since it did not provide the details. We supculated that even if you revoke the CREATE SESSION privilege from a user they would still be able to log in to the database by using a ROLE that has this privilege.

For instance:
DB contains a role with the create session privilege:
SQL> CREATE ROLE hidden_privileges;
SQL> GRANT create session TO hidden_privileges;

schema/batch user
SQL> CREATE USER user1 IDENTIFIED BY admin;
SQL> GRANT create session TO user1;

If someone has an alternative way for connecting to the database
SQL> GRANT hidden_privileges TO user1;

Then vulnerability occurs.

For remaining vulnerabilities, please refer official announcement. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Jackson is very popular choice for processing JSON data in Java but has critical vulnerabilities occurred. Developer must staying alert(Jan 2019)

Preface: In Java development, software developers will often need to read in JSON data, or provide JSON data as an output. But Java JSON Processing API is not very user friendly and doesn’t provide features for automatic transformation from Json to Java object.

Jackson technical background: Jackson is a suite of data-processing tools for Java (and the JVM platform), including the flagship streaming JSON parser / generator library, matching data-binding library (POJOs to and from JSON) and additional data format modules to process data encoded in Avro, BSON, CBOR, CSV, Smile, (Java) Properties, Protobuf, XML or YAML.

Remark: com.fasterxml.jackson.databind.ObjectMapper is the most important class in Jackson API that provides readValue() and writeValue() methods to transform JSON to Java Object and Java Object to JSON.

Vulnerabilities found on FasterXML jackson-databind:

FasterXML jackson-databind slf4j-ext Class Arbitrary Code Execution Vulnerability – A successful exploit could allow the attacker to execute arbitrary code.

FasterXML jackson-databind Blaze-ds-Opt and Blaze-ds-Core Classes Arbitrary Code Execution Vulnerability – A successful exploit could allow the attacker to execute arbitrary code.

FasterXML jackson-databind Polymorphic Deserialization External XML Entity Vulnerability – A successful exploit could allow the attacker to conduct an XXE attack, which could be used to access sensitive information, bypass security restrictions, or cause a denial of service (DoS) condition on the targeted system.

Vendor Announcements:
https://github.com/FasterXML/jackson-databind/releases



Linux Kernel mincore() Implementation Information Disclosure Vulnerability – 12th Jan 2019

Preface: Hard drives are slower and they affect loading and saving (read and write) times only.

Technical overview:
The mincore() function requests a vector describing which pages of a file are in core and can be read without disk access.

Vulnerability occurred:
A vulnerability in the mincore() function in the Linux Kernel could allow a local attacker to access sensitive information on a targeted system.

Design weakness:
The vulnerability occured in the mincore() function implementation in the mm/mincore.c source code file. The design weakness allow an attacker exploit this vulnerability to conduct a page-cache side-channel attack (allowing the attacker to view page-cache access patterns of other processes on the system).

Official announcement : https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e

CVE-2019-0246 Multiple Vulnerabilities in SAP Cloud Connector – January 2019

Preface: Using both private and public clouds in parallel allows company to pick and choose which data and services they want to keep in the private cloud for added security, and which in the public cloud. This is so called a hybrid cloud concept.

Vulnerability found on SAP cloud connector:
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. As a result it might happen unknown malicious action.

Synopsis: Attacker will be exploit Java code through scripting API or dynamic JSP do the injection .

Official announcement shown as below:
SAP Security Patch Day – January 2019 – https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985

Has the extraterrestrial (E.T.) established a hydrogen line to observe our planet since ancient times?

Preface:

Principle in the detection of radio signals from space is the Hydrogen atom. The hydrogen atom comprises a proton and an electron. It emits radioenergy at a wavelength of 21 cm or a frequency of 1420 MHz.

Background:

The Egyptian pyramids are ancient pyramid-shaped masonry structures located in Egypt. But the archaeologist found that a sightly difference of Pyramid of Khufu compared to other.

Synopsis:

There are three known chambers inside the Great Pyramid. The lowest chamber is cut into the bedrock upon which the pyramid was built and was unfinished. The so-called Queen’s Chamber and King’s Chamber are higher up within the pyramid structure. But it did not found emperor mummies in placed.

Sea Salt found in the Pyramids guide to scientist expose the secret and possibilities.

The material of pyramid – The Pyramids at Giza have more than 5 million blocks of limestone, until now believed to be CARVED stones, new evidences shows they were CAST with agglomerated limestone concrete. But the King’s Chamber, sarcophagus and relieving chambers were made of granite. Don Holeman (biochemical engineer) found that Queen’s Chamber is the only chamber that has salt discovered on the walls and ceiling.

The archaeologist found the location of Subterranean Chamber is equivalent the location below water level of river Nile. Meanwhile the causeway from the Great Pyramid leading down to the location of the ancient Nile River. For more details, please refer below picture.

Technical point of view

The result found by scientist and Archaeologist sightly indicated that Great Pyramid of Giza might not only for recall or condolence of the late Egyptian emperor. From technical point of view, it is advance technology facilities instead of Imperial Tombs. As a matter of fact, the tombs is located in The Valley of the Kings. The valley stands on the west bank of the Nile, opposite Thebes (modern Luxor), within the heart of the Theban Necropolis. 

The speculation by Don Holeman was that the design objective of the Great Pyramid goal to reproduce hydrogen as a gas transformation technique. A scientific way has possibilities to reproduce above concept. The chemical engineer told Don that a diluted hydrochloric acid coming in from one shaft and hydrated zinc feeding in from the other when combined would produced hydrogen. Meanwhile the consultant also affirmed that the boiling off of hydrogen when the chemicals mixed would create salts on the limestone (calcium carbonate) walls and ceiling of the chamber. Besides, the subterranean chamber equivalent with a hydraulic ram pump function to balance the pressure inside the Pyramid. And avoid the leakage of the liquid. Should you have interest of the technology, please see below diagram.

Technology architecture – advanced technology of Pyramid

Motivation – So, what is the goal for designer produce the hydrogen gas? Perhaps we can conduct the reasoning to trace the answer.

What is the hydrogen line, and why are radio or RF transmissions prohibited at this frequency?

Quote: The hydrogen line (1420.40575 MHz) is the precession frequency of neutral hydrogen atoms, the most abundant substance in space. It happens to fall in the quietest part of the radio spectrum, what’s known as the Microwave Window. Although there may not seem to be a lot of loose hydrogen atoms about (there’s perhaps one per cubic centimeter of interstellar space), the interstellar medium contains a lot of cubic centimeters. So these individual atoms chirping away at 1420 MHz make a powerful chorus, which is readily detected by even small radio telescopes. (http://www.setileague.org)

Principle in the detection of radio signals from space is the Hydrogen atom. Whereas Radio Astronomers listen to the Earth Universe at 78 MHz with Dipole and Custom SDR. The goal of SDR is to provide a hardware that enables radio astronom to perform astronomical measurements.

Our situation not E.T. phone home. Few thousand years ago, they know where we are?

For my speculation, seems few thousand years ago, the extraterrestrial teach the Egypt person build the Pyramid is for merely for their objective (may be they are not the invader). Just let their race know where are they. Strongly believe that they encountered problem so stay in our planet). And the they are formulate a solution. Build the pyramid emit the hydrogen atom let their Radio telescope know their location because their planet far away from our galaxy. When they left our planet, it looks that the Pyramid not operate again. As a matter of fact, ancient Egyptian civilization lost the advance technology in that moment. As times goes by, it is hard to know or proof the truth of this issue. 

The dangers of humankind meeting alien civilizations

I agree with Professor Hawking opinion. He urge the world that the dangers of humankind meet with alien civilizations. Perhaps they have nomads. As a result, they will try to conquer another civilization (weak than him) thus colonize to our planet.

Quote: “Such advanced aliens would perhaps become nomads, looking to conquer and colonize whatever planets they could reach,” said Professor Hawking.

For the details of the comments by Professor Stephen Hawking, please refer below url: https://news.nationalgeographic.com/2018/03/stephen-hawking-controversial-physics-black-holes-bets-science/

Summary: Pyramid not operate again. But it alert human being what is our situation. We heard that people experiences Close Encounters of the Third Kind. We do not know the truth. As a matter of fact, extraterrestrial know where we are.

Appendix:

We can also RASDR, RASDR is an Open Hardware project undertaken by members of the Society of Amateur Radio Astronomers (SARA) to develop a low cost, high performance software defined receiver for use by SARA members.

RASDR2 block diagram as below:

Simple and powerful evasion technique – Threat actor will be exploit MS word document.

Preface: Preface: Threat Intelligence vendor (FireEye) alert that Global DNS Hijacking Campaign rapidly growth. This storm affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.

Synopsis: More information about the impact of this cyber attack.. Please refer to below url for reference. https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html

Reflection – The attack method:

Let us think that this kind of attack seems to happen in our daily lives. Perhaps sometime even though Defense mechanism not aware. Microsoft Office documents containing built-in macros is very useful and can become a Swiss army knife to hurt you. Macros are essentially bits of computer code, and historically they’ve been vehicles for malware. Should you have interest of this topic, attach diagram can provide high level overview for your reference.

Remark: Seems the SIEM endpoint event monitoring will be the effective remedy solution. However it might have involves confidential data label. So this part requires management review and separation of duties.

9th Jan 2019 – Security Focus (Juniper Networks)

Preface: Historically, telecommunications companies have been the largest customer segment for Juniper. Juniper has provided them with on-premises hardware — routers and switches — for the purpose.

Background of XML C parser:
Libxml2 is the XML C parser and toolkit developed for the Gnome project. Libxml2 is made of multiple components; some of them are optional, and most of the block interfaces are public.SAX is an event-driven interface. The programmer specifies an event that may happen and, if it does, SAX gets control and handles the situation. SAX works directly with an XML parser.

Multiple vulnerabilities in libxml2:
The xz_decomp function in xzlib.c in libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Solution:
For more details, please refer below url:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST

Remark: Companies are moving more of their IT needs to the cloud. Traditional IT appliance business life not easy!

Cisco Releases Security Updates Published Wednesday, January 9, 2019

Preface: Crimes that use computer networks or devices to advance other ends includes Phishing scams and Spam.

S/MIME technical background:
S/MIME is based on asymmetric cryptography to protect your emails from unwanted access. It also allows you to digitally sign your emails to verify you as the legitimate sender of the message, making it an effective weapon against many phishing attacks out there. That’s basically the gist of what S/MIME is all about.

Technical limitation:
Because S/⁠MIME takes into account interoperation in non-MIME environments, several different mechanisms are employed to carry the type information, and it becomes a bit difficult to identify S/⁠MIME messages.

Vulnerabilities:
Vulnerabilities found on Cisco Email Security Appliance

Impact: A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos

Apple IntelHD5000 Graphics Process Token Privilege Escalation Vulnerability – CVE-2018-4421

Preface: A third of people have a virus on their device from porn, said Dailymail.co.uk

Description: If you like watch the adult movie online and you are Mac book air user. Please staying alert! Hacker Jeopardize your Mac Book Air by Adult movie.

Impact: An application may be able to execute arbitrary code with kernel privileges.
OS X provides a kernel extension mechanism as a means of allowing dynamic loading of code into the kernel, without the need to recompile or relink. Because these kernel extensions (KEXTs) provide both modularity and dynamic loadability, they are a natural choice for any relatively self-contained service that requires access to internal kernel interfaces. A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory access in the context of the kernel. This can be used for privilege escalation.

Official announcement: https://support.apple.com/en-il/HT209341

Microsoft Patch Tue – Security Focus CVE 2019-0556 | Microsoft Office SharePoint XSS vulnerability

Preface:
SharePoint is unquestionably one of the best and most significant enterprise productivity tools for user. It similar OneDrive for Business and Apps functions.

Vulnerability found on SharePoint – 2019 Jan
CVE 2019-0556 | Microsoft Office SharePoint XSS vulnerability

The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

Example:

  1. Exploit go through email attach with graphic file. The graphic file embedded malicious code simultaneously. This way will have high possibility to evade malware detection.
  2. It can exploit the vulnerability (CVE-2019-0556) when hunt the victim.
  3. Assume sharepoint application user will be the target since they are focus on operation instead of cyber security awareness.
  4. Assume computer compromised by attacker.
  5. I assume that the attacker’s ultimate goal is to steal the victim’s cookies by exploiting an XSS vulnerability in sharepoint. This can be done by having the victim’s browser parse the HTML code.
  6. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. For more detail, please refer to attached diagram


Official announcement:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556

antihackingonline.com