Sometimes he is your friend, but somtimes he is your enemy (CVE-2018-12907)

Have you been use Rclone? Rclone is an opensource tool for syncing to various forms of cloud storage. In Rclone 1.42, use of “rclone sync” to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL’s content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server.

Should you have interest of this topic, please refer below url for reference.

TIBCO Security Advisory: June 26, 2018

The vulnerabilities that may allow for unauthorized information disclosure, remote code execution and allow for the disclosure of information looks a common topic in CVE list. Predictive models and analysis are typically used to forecast future probabilities. Applied to business, predictive models are used to analyze current data and historical facts in order to better understand customers, products and partners and to identify potential risks and opportunities for a company. TIBCO Spotfire makes it easy for you to analyze data from any number of data sources. Using this data, you can create predictive models and apply advanced techniques within the Spotfire environment. What do you think if this type of services has data breaches incident occurs?

TIBCO Spotfire existing has 1400 websites. Market share 2.49 % comparing with similar functions of competitor.

TIBCO Spotfire Product Family Remote Code Execution Vulnerability

TIBCO Spotfire Product Family Information Disclosure Vulnerability

TIBCO Spotfire Server information disclosure vulnerabilities

Jun 2018 – SSL Forward Proxy vulnerability (CVE-2018-5527)

Since data privacy is the 1st pirority of objective in cyber world. We now internet connectivity heavy utilize of SSL cert. For instance SSL VPN, PKI, SSL web server,etc. Popular web portal receive large amount of connectiviies per second. And therefore the popluar solution is TCP offload. Install SSL server cert out of web server and install in web server front end. That is load balancer. Even though you said, you have TCP offload. But fundenmental limation told that SSL connections consume about twice as much memory as HTTP layer 7 connections, and four times as much memory as layer 4 with TCP proxy. Meanwhile huge amount of ssl session from cache while full garbage collection seems cause IO Thread owned lock delayed, and other I/O threads BLOCKED.

F5 now resolved their SSL forward proxy vulnerability (CVE-2018-5527). See below:

But believe that it is a not easy ending story caused by the following factors!

1. Huge amount of ssl session from cache while full garbage collection seems cause IO Thread owned lock delayed, and other I/O threads BLOCKED.

2. SSL connections consume about twice as much memory as HTTP layer 7 connections, and four times as much memory as layer 4 with TCP proxy.

Jun 2018: Misbehaviour technique revealed (manipulate cryptocurrencies (ERC20 Tokens))

A liquidity trap is caused when people hoard cash, if the cryptocurrency exchange do the manipulation. As a result the suspect cryptocurrency exchange equivalent as a crook.

The company headquartered in Hangzhou, China goal to identify cryptocurrency hidden vulnerabilities, expose zero-day exploits, and defend against emerging threats. On Jun 2018 two key misbehaviour techniques was revealed. So called “tradeTrap” and “evilReflex”.

So called the “tradeTrap”

CVE-2018-12084,CVE-2018-12082,CVE-2018-12083,CVE-2018-11446,CVE-2018-12080,CVE-2018-12063,CVE-2018-12078,CVE-2018-12070,CVE-2018-12067,CVE-2018-12079,CVE-2018-12062,CVE-2018-12081 & CVE-2018-12068

So called the “evilReflex”

CVE-2018-12703 and CVE-2018-12702

Jun 2018 – ALL NIPPON Airways Security Advisories

ALL NIPPON Airways Security Advisories

Airline application and protocol are proprietary in past 2 decades. The Airline terminal guarantee the reliability. Any counterfeit transaction or cyber attack no way to happen there. As times goes by, Airline industry react to develop mobile apps to expand the business function goal to cope with modern world. Japan airline is one of the responsible company. They are not intend to hide their mobile application design weakness. Believe that the specify design weakness not only happens on ANA airways mobile apps. May be it happen in other mobile apps but some of the company not aware or ignore.

Official announcement (see below):


Vault 7 re-engineering by hacker. They are aim to steal the cryptocurrency.

As far as we know, Notepad++ has been updated to version 7.3.3. It aim to remediate a vulnerability on notepad. Such vulnerability exploit by law enforcement to do the survillance. The specifics annoucement released by WikiLweaks on 2017 so called Vault 7.
Wanna Cry Ransomware technology re-emngineering of Microsoft SMB weakness and jepodizing the world. It wreak havoc in cyber security world in 1st quarter in 2018.
Cryptocurrency technology proud of their design concept and technology and claimed that it can reduced the cyber attack in fundemental concept. The reality is that the total no of data breaches or money losts not less than traditional technology architecture. What’s the root causes let distrbuted technogy demote their cyber security in scanario today.
Per observation, cryptocurrency system limitation occurs in endpoint devices in frequent. From technical point of view, the zero day of attack is hard to avoid in personal computer user end point devices( mobile phone, notebook and desktop). A hints as usual inform cryptocurrency owner stayed alert. As a matter of fact, nowadays antivirus can keep secure of your system. Please make sure your virus signature is up to date.

2.3 Million Cryptocurrency Addresses Monitored by Clipboard Hijacking Malware headline news (see below):

30th Jun, 2018 – VMware releases security updates

VMware Releases Security Updates – June 30, 2018 VMware ESXi, Workstation, and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. A local user can trigger an out-of-bounds memory read error in the shader translator to obtain potentially sensitive information or cause their virtual machine to crash. The browser’s built-in shader translation facilities, it is a underlying platform’s graphics driver. So, VMware user must staying alert!

VM offical announcement  –