Monthly Archives: September 2018

Potential Risk of CVE

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion – Sep 2018

Adobe revealed that the Flash end of life will take place at the end of 2020. So we still can be use the flash. Perhaps computer products includes software and hardware.The key word vulnerability similar human not feeling well (sick) then receive medication. The patient will get well. So vulnerability occurs in cyber world do not give people any suprise! The vulnerabilities found in Adobe product not limit to Flash Player this week. Adobe ColdFusion is a commercial rapid web application development platform created by J. J. Allaire in 1995.Medical software manufacturer uses Adobe ColdFusion to more securely collect electronic clinical outcome assessment (eCOA) data.Digital solutions company uses Adobe ColdFusion to help midmarket companies manage eCommerce more effectively. Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion.

Adobe Security Bulletin can provides above details, see below:

ColdFusion – https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html

Flash Player – https://helpx.adobe.com/security/products/flash-player/apsb18-31.html

Potential Risk of CVE

Docker for Windows design weakness – without verifying the validity of the object – CVE-2018-15514

Docker brings several new things to the table that the earlier technologies didn’t. It capable to all platform. It equivalent a multiple adapter. It is hard to avoid vulnerability happen on software and hardware. Docker no exception.

The specific vulnerability found on Aug 2018. For more details, please see below:

Docker for Windows Edge Release notes

https://docs.docker.com/docker-for-windows/edge-release-notes/

Docker for Windows Stable Release notes

https://docs.docker.com/docker-for-windows/release-notes/

 

Potential Risk of CVE, Under our observation

Security Notification – Modicon M221 (Sep 2018)

Because many industries requires monitoring and control capabilities that SCADA offers. In most uses, SCADA is used to manage a physical process of Electric, Gas and water Utilities.We heard cyber security alert in SCADA facilities so far. As a citizen we cannot immagine how worst will be the incident happened. For instance once SCADA PLC compromised by hacker (malware).

Coolant in a nuclear reactor is used to remove heat generated from it. It flushes out heat to electrical generators and environment. But how to monitor the temperature. Deploy Schneider M221 can conduct the Electric Temperature Control.

On end of Aug 2018, vendor found design weakness on Modicon M221. For more details, please refer below URL.

https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/

Potential Risk of CVE

6th Sep 2018 – AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities

The development of the cyber security mechanism involves preventive and corrective control. Security experts alert IT world that a unforseen cyber security loophole will be occurs when the poplarity of smartphone growth. Perhaps mobile device management (MDM) establish a way to rescue the enterprise firm business operation in demand of the usage of mobile phone devices.

Stephan Sekula from compass-security found design weakness on Airwatch Agent and VMware Content Locker. The problem is that it shown an Insufficient data protection feature of Airwatch agent and VMware content locker.

In vendor point of view, they beleive that the severity of such vulnerabilities in low risk. However we fully understand the following statement: You can use iCloud Keychain to access your stored logins and passwords, credit card details, and personal information. So, what do you think?

Airwatch and VMware official announcement shown as below:

https://www.vmware.com/security/advisories/VMSA-2018-0023.html

cyber security incident news highlight, Under our observation

British Airway announcement – 7th Sep 2018 (380,000 customers’ bank details stolen from website)

The Spokesman of British Airways said around 380,000 payment cards had been compromised and it had notified the police.He stated that they suspected that hacker stolen customers’ bank details through official website and or mobile apps. However the stolen data didn’t include travel or passport details.

If there is european citizens become a victims of this incident. The penalty is that it can lead to fines of up to 20 million euros or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. Official announcement shown as below:

https://www.britishairways.com/en-hk/information/incident/data-theft/latest-information?dr=&dt=British%20Airways&tier=&scheme=&logintype=public&audience=travel&CUSTSEG=&GGLMember=&ban=%7C%7CP1M%7C%7C%7C%7C%7C%7C%7CHOME%7C%7C%7C%7CL4%7C%7C%7C%7Canonymous-inspiration%7C%7C%7C&KMtag=c&KMver=1.0&clickpage=HOME

Potential Risk of CVE

Cisco Releases Security Updates on 5th Sep 2018 – Staying alert!

Vendor would like to bring below problems to your attention.

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts

Cisco Umbrella API Unauthorized Access Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api

Cisco RV110W, RV130W, and RV215W Routers Management Interface Buffer Overflow Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow

 

Under our observation

Automatic DNS registration and autodiscovery boots up cyber attacks – Sep 2018

Have a look back of the LLMNR technical feature, NetBIOS and Link-Local Multicast Name Resolution (LLMNR) are Microsoft’s name resolution protocols for workgroups and domains designed primarily for name resolution in the LAN. When DNS resolution fails, Windows systems use NetBIOS and LLMNR to search for names. These protocols are designed only for local connections. Above netbios and LLMNR features seems not only provides function to computer user. Meanwhile it allow hacker to re-engineering of this function. Threat actors can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system.

New vulnerability found on both automatic DNS registration and auto discovery function. UC-CERT announcement aim to alert the world staying alert of these design weakness. For more details, please see below:

https://www.kb.cert.org/vuls/id/598349

Potential Risk of CVE, Under our observation

Amazon Web Services (AWS) CLI weak security – CVE-2018-15869

The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS volumes for use in EC2. Found design weakness on Amazon Web Services (AWS) that CLI could provide weaker than expected security, caused by the failure to require the –owners flag when describing images. By setting similar image properties, a remote attacker could exploit this vulnerability to trigger the loading of an undesired AMI.

For details, please refer below url:

https://github.com/hashicorp/packer/issues/6584