Monthly Archives: April 2018

Potential Risk of CVE, Under our observation

VMware Releases Security Updates – especially cloud base users must staying alert! 12th Apr 2018

In java world, it has plenty of areas are allow hacker to do some tricks. VMware announced that found so called DOM Based Cross-site Scripting Vulnerability and Missing renewal of session tokens vulnerability. In regards to my comment, both vulnerabilities similar modern java applications security weakness, we are able to apply filter to do that. For example a regular expression solution. In short, please refer official announcement for reference.

vRealize Automation updates address multiple security issues

https://www.vmware.com/security/advisories/VMSA-2018-0009.html

Potential Risk of CVE, Under our observation

Juniper JunOS – The giant is sick! April 2018

Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&cat=SIRT_1&actp=LIST

Denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&cat=SIRT_1&actp=LIST

Crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies (CVE-2018-0018)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&cat=SIRT_1&actp=LIST

Denial-of-service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&cat=SIRT_1&actp=LIST

rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&cat=SIRT_1&actp=LIST

Eclipse Jetty information disclosure vulnerability (CVE-2015-2080)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10849&cat=SIRT_1&actp=LIST

Return of Bleichenbacher’s Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&cat=SIRT_1&actp=LIST

Multiple vulnerabilities resolved in OpenSSL

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851&cat=SIRT_1&actp=LIST

Multiple vulnerabilities in stunnel 5.38

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&cat=SIRT_1&actp=LIST

 

Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10853&cat=SIRT_1&actp=LIST

 

Short MacSec keys may allow man-in-the-middle attacks

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10854&cat=SIRT_1&actp=LIST

Mbuf leak due to processing MPLS packets in VPLS networks (CVE-2018-0022)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10855&cat=SIRT_1&actp=LIST

world writeable default configuration file permission (CVE-2018-0023)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10856&cat=SIRT_1&actp=LIST

 

 

Application Development

Why REST (API) is so popular? But how to hardening the API security features?

1 Comment

REST (API) is key component to building powerful, scalable web-based applications today. So how to enhance the security feature, since it is working with HTTP communication method. Thence:

1. We should ensure that the HTTP method is valid for the API key/session token and linked collection of resources, record, and action.

2. Authentication – It is better to deploy multi-factor authentication and token-based authentication.

3. Token validation errors should also be logged for audit purpose.

4. Input sanitization.

5. If the classification label of data is private or confidential. A symmetric cryptography will be used to encrypt the data transmitted.

6. Hardrening REST API status return codes instead of 404 (errors) and 200 (success).

Perhaps above items of enhancement not easy to fulfill. However the system developers should be fulfilled the standard requirements. Following the web server security best practice. Apart from that it compliance with HTTP security (RFC7230 – section 9).

Should you have interested of RFC7230 – section 9 standard. Please refer to below url for reference.

https://tools.ietf.org/html/rfc7230#section-9.1

Potential Risk of CVE, Under our observation

Microsoft security update – April 10, 2018 – KB4093112

1 Comment

The security update of Microsoft this week included provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715. Apart from that it also provides Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities. However I was wondering the mitigation plan coverage provided by AMD?

A insidiousness of the SIMD instruction extensions of ARM, MIPS, and x86? Does AMD cover this part because SIMD Instructions considered harmful?Any advice or we just ignore it?

For more details about the security update, please refer below url for references.

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities – https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

KB4093112 – https://www.catalog.update.microsoft.com/Search.aspx?q=KB4093112

 

Potential Risk of CVE, Under our observation

Allen Bradley – The design flaw of the programmable logic controller – system vulnerability

1 Comment

Traditional layer 2 communication system (without TCP/IP), proprietary OS system and without internet technology similar as a antibody protect the important facilities especially electricity power supply, water supply and natural gas facilities. But the element of civilization like a non stop vehicles moving forward. Whereby the man kind went through industrial revolution till today digital technology revolution. Our daily lifes support by electricity, water and natural gas. In order to maintain the stability and quality of those resources of supply. A analogue to digital (electronics) conversion was done, Thereby those facilities are under governance and control by PLC and SCADA today. However a design limitation was found since the components embedded Microsoft operation system and Linux opensource. So we heard power facilities encountered cyber attacks. This time the design flaw found in Allen Bradly PLC product. Regarding to the CVE reference number, we found that the vulnerabilities reported last year and believed that vulnerabilities has been fix. But a reminder to all of us is that vulnerabilities not limit to your office automation system and smartphone.The vulnerabilities are go with us daily.

Below url provides an overview of cyber attack on nuclear power facilities for reference.

Potential black force – digitize Godzilla

CVE-2017-12093

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445

CVE Number

CVE-2017-14462, CVE-2017-14463, CVE-2017-14464, CVE-2017-14465, CVE-2017-14466, CVE-2017-14467, CVE-2017-14468, CVE-2017-14469, CVE-2017-14470, CVE-2017-14471, CVE-2017-14472, CVE-2017-14473

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443

Potential Risk of CVE, Under our observation

Adobe Security Bulletin – PhoneGap Push plugin vulnerability and the other

Coin has two sides, the computer has vulnerabilities on the other hand show benefits. Why, it provides a influence effect causes people found out resolution.And such a way go to advanced technology zone.
Security announcement by Adobe urge adobe users following the requirement apply the fix. Since there are total 5 items of security update. The item which bring my attention is the phonegap push plugin vulnerability (CVE-2018-4943). PhoneGap Push plugin that brings support for Firebase Cloud Messaging (FCM) to Apache Cordova apps on iOS and Android since PhoneGap Push Plugin version 2.0.0.
Firebase Cloud Messaging (commonly referred to as FCM), formerly known as Google Cloud Messaging (GCM), is a cross-platform solution for messages and notifications for Android, iOS, and web applications, which currently can be used at no cost. If there is vulnerability encountered on phonegap push API. It merely effect not only a small group of persons! In short, please refer official articles for reference (see below):
Security update available for the Adobe PhoneGap Push Plugin | APSB18-15

https://helpx.adobe.com/security/products/phonegap/apsb18-15.html

There are few vulnerabilities not related to phonegap push API but need to aware!

Security Updates Available for Adobe Digital Editions | APSB18-13

https://helpx.adobe.com/security/products/Digital-Editions/apsb18-13.html

Security Update Available for InDesign | APSB18-11

https://helpx.adobe.com/security/products/indesign/apsb18-11.html

Security updates available for Adobe Experience Manager | APSB18-10

https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html

Security updates available for Flash Player | APSB18-08

https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

Ransomware

US-CERT Ransomware Guidance – 2018

An article issued by US-CERT with subject. Protecting Your Networks from Ransomware. Their aim is going to provide a guidance to fight against ransomware. Before you read the articles. There are few slogans are able to enhance your data protection framework. For instance:

1. Ransomware and Phishing Work Together

2. For whom who visiting online Gaming zone and Pornography web site in frequent are easy for encounter ransomware attack.

In order to avoid similar of cyber attack, enhance your awareness is the first priority. For more details, please refer below url for reference.

Protecting Your Networks from Ransomware:

https://www.us-cert.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf

Potential Risk of CVE

Cisco IOS XE Software CLI command injection vulnerabilities CVE-2018-0193

The design objective of the Command Line Parser is used to parse the command line arguments. The parser parsing a string and returns an object representing the values extracted. This is the the regular expression design objective. The Cisco IOS XE is a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS), introduced with the ASR 1000 series. IOS XE is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel. The goal of IOS SE aim to integrate the IOS feature set for routing and switching cope with modern business critical applications.  Vulnerability found daily we have not surprise. A CLI command injection vulnerability has been found on CISCO IOS XE this month. For more details, please find below url for reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj

 

Under our observation, Virus & Malware

Bank ATM Framework QUICK TOUR

Believe that ATM scammer or criminal activities will be signigicant dropped after ATM thief are under sentence. It looks that I am overlook the attraction of bank note since a new jackpotting malware is under development. I surprise to me that the malware originate country is in Hong Kong. We known that bank of China did the system update (perhaps including ATM machine) during easter Hoilday. The ATM infrastructure looks prefect under the custodiance of Hong Kong monetary authority. However there are system design bugs and limiations on both hardware and software so it lure the hacker interest. It bring misunderstanding of ATM technology to the IT people so far, ATM archiecture is old fashion. But the truth is that ATM system architecture has been line up with Microsoft client-server architecture for financial applications on the Microsoft Windows platform in last decade. Threat actors can appear all around the world. The highlight of this news incidentally let the world know that Hong Kong is also a technology development zone. It is not only limit to business financial area.

For more details about the headline news articles. Please refer below url for reference.

https://www.securityweek.com/new-strain-atm-jackpotting-malware-discovered

Potential Risk of CVE, Under our observation

A quick way to do the remediation (CVE-2018-0171(smart install vulnerability))

Headline news posted by Reuters report that Iran hit by global cyber attack that left U.S. flag on screens. As we know, this vulnerability will be conducted the following:

  1. Triggering a reload of the device.
  2. Allowing the attacker to execute arbitrary code on the device.
  3. Causing an indefinite loop on the affected device that triggers a watchdog crash.

Perhaps the side effect of this vulnerability looks dangerous especially allowing the attacker to execute arbitrary code on the device.

But there is quick way to do the remedation of this vulnerability.

a. Go to your router configuration mode and input no vstack command.

b. Since victim report that a special message show on the console screen. And therefore it is recommended to use your ios backup file to replace existing ios.

For more details about the headline news report by Reuters. Please following below url for reference.

https://www.reuters.com/article/us-iran-cyber-hackers/iran-hit-by-global-cyber-attack-that-left-u-s-flag-on-screens-idUSKBN1HE0MH