Monthly Archives: April 2018

country cyber law

Russian regulator moves to ban messaging app Telegram – 2018

The Fall of the Berlin Wall on November 9, 1989. A physical wall who goal to isolate the culture and humanity looks never appears in the world again. However we are living in the modern of ages. We unintend to transform our culture and daily life to a digital world. Furthermore the operation of the world also under digital mainbrain custodian. If you looking around, seems Berlin has not falling down. Don’t be childish! Perhaps Berlin wall disappeared, but another wall has been established around the world!

We are focusing censorship policy especially the China great firewall ban VPN and external parties communications. May be we overlook Russia! Russia’s Supreme Court orders telegram to hand over keys this month. Should you have interested of the headline news, please refer below url for reference.

Financial Times – Russian regulator moves to ban messaging app Telegram

https://www.ft.com/content/66062614-397c-11e8-8b98-2f31af407cc8

Potential Risk of CVE, Under our observation

Ruby – CVE-2018-3740,CVE-2018-3741 & CVE-2018-8048

 

There are total 2,149,836 web sites deployed Ruby On Rails framework.Ruby on Rails, or Rails, is a server-side web application framework written in Ruby under the MIT License. RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries. There are 3 items of vulnerabilities found on Ruby. Per my investigation, if hacker combining those 3 items of vulnerabilities can transform as a powerful hacking strategy. System administrator must check your environment see whether it requires for update.

Technical references shown as below:

CVE-2018-3740 – https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e

CVE-2018-3741 – https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae

CVE-2018-8048 – https://github.com/flavorjones/loofah/issues/144

2018, Blockchain, cyber security incident news highlight

Verge Is Forced to Fork After Suffering a 51% Attack

Blockchain technology contains advanced security features fundamentally. However the heist occurs in such secure platform are in frequent. The questions of a retrospective and why was hacked? It proof that the problem not given by blockchain technology design flaw. Most likely the root causes are given by end point (client side), operation management (show the privilesge credential in the system event log). Rumors happened yesterday, verge user feared the attacker might use his dominant network position to siphon funds from their accounts. Verge technical team announce that it is a hash attack and it only some blocks were affected during a 3 hour period, not 13 hours. But what do you think? Do you think there is a zero day happens in e-wallet? Headline News can be found in following url.

https://news.bitcoin.com/verge-is-forced-to-fork-after-suffering-a-51-attack/

Potential Risk of CVE, Under our observation

Staying alert! Microsoft Malware Protection Engine design limitation CVE-2018-0986

Staying alert! Microsoft Malware Protection Engine design limitation

Microsoft Releases Security Update 3rd April 2018:

https://portal.msrc.microsoft.com/en-US/security-guidance

Technical details: Explanation

1. Microsoft Malware Protection Engine runs as NT AUTHORITY\SYSTEM without sandboxing, and is remotely accessible without authentication via various Windows services,including Exchange, IIS,…etc

2. NScript is the component of Microsoft Malware Protection Engine that evaluates any filesystem or network activity that looks like JavaScript.

3. The attacker can invoke object vtable to pass arbitrary to other objects.

Remark: When an object is created, a pointer to this table, called the virtual table pointer, vpointer or VPTR, is added as a hidden member of this object.

Under our observation, Virus & Malware

Magento-Based Websites Hacked: Steal Credit Card Data and Install Mining Malware

I keep observe Magento platform so far. On Jan 2018, OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers. A security expert found that Oneplus exploiting Magento eCommerce platform. Heard that over 1000 Magenoto stores as hacked this week (Apr 2018). It looks strange that only for 3 months another new cyber security accident happen again. Security experts observed there are three possible ways make the incident happen.

1. Insert malicious code in Magento core files.

2. Attackers deploy cryptojacking scripts that mine Monero on the computers of store visitors.

3. Adobe Flash Player update packages, which would infect users with the AZORult infostealers.

Remark: TrendMicro investigation report display in below url for reference.

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/magento-based-websites-hacked-to-steal-credit-card-data-and-install-cryptocurrency-mining-malware

But my observation looks have different than above. For more details, please refer to above diagram.

Potential Risk of CVE, Under our observation

Oil refinery industry security alert! CVE-2018-4841

We heard in frequent that threat actors will be engaged APT attack to hostile country. The more percentage of cyber attack to the important public facilities most likely is the nuclear power facilities and power generator. As we know, a harden procedure has been built by nuclear power facilitates company. In order to avoid the unforeseen cyber incident happens, internet access function is prohibited in that area. However working with SCADA technologies market coverage not limit to nuclear power facilities. The oil refinery industry, natural gas and water supply facilities are relies on SCADA system. Today, a security alert is going to awake oil refinery, gas and water supply industries. Since a announcement by SCADA hardware manufacture Siemens, they inform that their product encountered vulnerability. The manufacture provides the workaround. However, the workaround only suggest to setup a preventive control.  To be honest, may be there are more spaces to do the remediation! Should you aware of this vulnerability. please refer below vendor announcement for reference.

https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Application Development, Cell Phone (iPhone, Android, windows mobile)

Firebase Analytics – To be compliance or not to be compliance on personal privacy

1 Comment

Perhaps the scandal of Facebook and awaken people in the world concerning their personal privacy. Meanwhile web surfing behavior is a major element to do the behaviour analytic.  Now we fully understand the influence power of social media platform. However the analytic function not only valid today. Firebase is a mobile and web application development platform developed by Firebase, Inc. in 2011, then acquired by Google in 2014. Google Analytics for Firebase is a free app measurement solution that provides insight on app usage and user engagement. I do a survey on popular mobile application software tonight. The reason I chosen this mobile apps software for evaluation is that it contains a series of new claims services includes insurance claim. It  allow insurance claims pay-out at 7-Eleven (Hong Kong). The result is that the mobile apps pass the compliance requirement. The firebase analytics service disabled for legal reasons. For more details, please refer above diagram for reference.

Potential Risk of CVE, Under our observation

IOS-XE vulnerabilities (CVE-2018-0196) + (CVE-2018-0171 & CVE-2018-0151)

4 Comments

Perhaps a medium vulnerability found on IT product not a shock. However the medium vulnerability co-exists with known critical vulnerabilities created multiple vulnerabilities are unable to foreseen what is the level of damage. Cisco IOS XE fundamental design integrate to open system. The severity of vulnerability CVE-2018-0196 is medium level. End user is allow to disable the http services to avoid the vulnerability. But the default state of the HTTP Server feature is version-dependent. A significant signal alert Cisco customer that corrective control is not enough. A efficient way is enhance your preventive and detective control. That is the implementation of managed security services. The critical vulnerabilities was posted last week. But the vulnerability of CVE-2018-0196 confirmed and therefore it summarized as below:

CVE-2018-0196 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-wfw

CVE-2018-0151

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

CVE-2018-0171

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2