Monthly Archives: December 2018

Potential Risk of CVE

Microsoft Patch Tuesday (Highlights) – 11th Dec 2018

Preface:
Remote code execute and Privileges escalation are the critical vulnerabilities topics which lure end user attentions. On patch Tuesday (remedy program) issued by Microsoft this week. Their product design limitation contains priviliges escalation vulnerability.

CVE-2018-8611 – Vulnerability details:
With reference of CVE-2018-8611 inform customer that exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

Technical background:
So far, the the win32k.sys kernel module is a well-known attack surface. The function NtUserSetWindowLongPtr replaces the target window’s spmenu field with the function’s argument without any checks when using GWLP_ID and the target window’s style is WS_CHILD.
NtUserSetWindowLongPtr is a win32k service function which can be called from user mode (use the corresponding system call ID).
In the nutshell, this gives a way to attacker to replace the target window’s spmenu value to anything.

Microsoft remedy: 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611

IoT

Amazon Web Services (AWS) FreeRTOS security advisory – Dec 2018



Preface: A Real-Time Operating System is a Necessity for IoT.

FreeRTOS is a real-time operating system kernel for embedded devices that has been ported to 35 microcontroller platforms. It is distributed under the MIT License.

Amazon Web Services (AWS) FreeRTOS vulnerabilities checklist:

CVE-2018-16522 Remote code execution

CVE-2018-16525 Remote code execution

CVE-2018-16526 Remote code execution

CVE-2018-16528 Remote code execution

CVE-2018-16523 Denial of service

CVE-2018-16524 Information leak

CVE-2018-16527 Information leak

CVE-2018-16599 Information leak

CVE-2018-16600 Information leak

CVE-2018-16601 Information leak

CVE-2018-16602 Information leak

CVE-2018-16603 Information leak

CVE-2018-16598 Other

Relevant Operating Systems: FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS and SafeRTOS

Comment: Stay alert!

Potential Risk of CVE

Functional issues let remediation solution require fallback – Cisco Prime License Manager SQL Injection Vulnerability 10th Dec 2018

Background:
On 28th Nov 2018, a SQL injection vulnerability found on Cisco Prime License Manager. Vendor (Cisco) with immediate action release the patch to remediate this design weakness.

Technical issue found on patch:
Update (2018-December-10): Installing the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch may cause functional issues. Workarounds are available for some of these issues. Rolling back this patch as described in the Fixed Releases section will correct these functional issues, but the device will be affected by this vulnerability again when the patch is not in place. See the Fixed Releases section for details.
An official announcement in regard to this issue.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

So what is the next action of customer:

USING SIEM EVENT CORRELATION TO DETECT SQL INJECTION & XSS ATTACK.

We can detect SQL injection following the methods below.

1. Network IDS spotting SQL injection

2. Host IDS detecting SQL injection by watching file activity

Potential Risk of CVE

Foreshadow vulnerabilities spread to Siemens Industrial Products – Nov 2018

Preface: Intel Software Guard Extensions (SGX) is a set of central processing unit instruction codes from Intel that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels.

SGX design limitation:
L1 Terminal Fault aka Foreshadow found in August 2018. Foreshadow enables an attacker to extract SGX sealing keys, previously sealed data can be modified and re-seal.

The Foreshadow / L1-terminal-fault attack were assigned the following CVE numbers:
CVE-2018-3615 for attacking SGX.
CVE-2018-3620 for attacking the OS Kernel and SMM mode.
CVE-2018-3646 for attacking virtual machines.

Remedy:

Regarding to this vulnerability. Siemens Security Advisory by Siemens Product has following announcement to their product. For more details, please see below:

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Under our observation

Virus, malware and ransomware may be can help mankind once AI develop become extreme.

Preface: What is your expectation from our robot counterparts in the future?

Before Professor Stephen Hawking leave the world. The final warning for humanity: AI is coming for us. In the world now in preparing the 5G mobile technology, Big Data technology and Smart City. A silent force unintend to drive human go to next generation of world. We believe all the regime in the world now get into this competitions. A quick idea to you is that the term so called Smart or intelligence most likely are efficiency and productivity. All the components within the earth are running fast in the moment. But what is your expectation from our robot counterparts in the future? Because they are coming!

Why do we recommend thinking about it at this time?
For instance, the global surface temperature increases while climate change includes global warming and everything else. The extreme changes was began in mid 80’s. Why? Manufacturer cost allocation & development country boots up their power. Now we understand the impact. But seems too late!
So this is the right time to consider.

Reference: https://www.vox.com/future-perfect/2018/10/16/17978596/stephen-hawking-ai-climate-change-robots-future-universe-earth


2018, cyber security incident news highlight

About recent data breaches – Every CEO might say cyber security.

Data leakage accident as of December 2018. It provides a message to the world. Even though you installed antivirus, malware detector and Firewall. The hacker still have ways to evade. In a nutshell, technology world is fighting with evils. But it make the senior management team especially CEO headache. So who can help?

CA insider Threat Report findings:

A majority of 53% confirmed insider attacks against their organization in the previous 12 months (typically less than five attacks). Twenty-seven percent of organizations say insider attacks have become more frequent.

US Homeland security recommendations:

  1. Elevate cybersecurity risk management discussions to the company CEO and the leadership team.
  2. Implement industry standards and best practices rather than relying solely on compliance standards or certifications.
  3. Evaluate and manage organization-specific cybersecurity risks.
  4. Ensure cybersecurity risk metrics are meaningful and measurable.
  5. Develop and exercise cybersecurity plans and procedures for incident response, business continuity, and disaster recovery.
  6. Retain a quality workforce.
  7. Maintain situational awareness of cybersecurity threats.

Mr.CEO, what do you think?

Potential Risk of CVE

Apple Releases Multiple Security Updates – December 05, 2018

Preface: One of the biggest successes of the iPhone is its security. Still No Major Malware found on iPhone.

Current possible infection methods:
1. iOS process named “iBoot” that starts up the system when you first turn on your iPhone and ensures the code being run is valid and originates from Apple. Hacker mimic counterfeit firmware may have way to compromise Apple iOS devices.

2. Malware compromised windows OS, exploit this channel implant malicious code to 3rd party iOS app then install to Apple iOS devices.

3. Man-in-the-middle -attack: On 2016, found a program called “爱思助手 (Aisi Helper),” which acts as the “man-in-the-middle” attack. Aisi Helper silently installs a malicious app to any connected iOS devices. It appears that the malicious app connects to a third-party iOS app and game store that asks users to enter their Apple ID passwords then implant malicious code to 3rd party Preventive maintenance:

Following official suggestion to enhance your iOS devices (see below)

iOS – https://support.apple.com/en-us/HT209340

iTunes – https://support.apple.com/en-us/HT209345

Safari – https://support.apple.com/en-us/HT209344

iCloud – https://support.apple.com/en-us/HT209346

Potential Risk of CVE

Release updates from the Chrome team – design weakness (Dec 2018)

Preface:

As of 2018, expert estimates that Google Chrome has a 68% worldwide usage share of web browsers as a desktop browser. It also has 61% market share across all platforms combined. Moreover it has over 50% share on smartphones.

Technical features:
Google chrome not only a web browser. It contained friendly capabilities.
How to enable Material Design?
Google Chrome is a freeware web browser developed by Google LLC.
If you are interested of Google Chrome with its secret Material Design. You can following below details for reference.

Chrome-desktop:
Go to the URL bar and type – chrome://flags/#top-chrome-md

Chrome-iOS:
Go to the URL bar and type – chrome://flags/#top-chrome-md

Chrome design weakness – Found Nov 2018
Since there are several items of issue found. Following details of items bring to my interest.
Out of bounds write in V8 – High CVE-2018-17480, CVE-2018-18342
Use after frees in PDFium – High CVE-2018-17481, CVE-2018-18336, CVE-2018-18343

Should you have interested, please refer to official announcement for reference

https://chromereleases.googleblog.com/search/label/Stable%20updates

Potential Risk of CVE

Security Bulletin: NVIDIA GeForce Experience – November 2018

Preface:

NVIDIA GeForce graphics cards are built for the ultimate PC gaming experience, delivering amazing performance, immersive VR gaming, and high-res graphics.

Technical background:
GeForce Experience is the companion application to your GeForce GTX graphics card. It keeps your drivers up to date and automatically optimizes your game settings.

Vulnerability details announced on Nov 2018:
https://nvidia.custhelp.com/app/answers/detail/a_id/4740

CVE‑2018‑6263 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.

CVE‑2018‑6265 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.

For more details, please refer to attached diagram.

cyber security incident news highlight

Reflective thinking on Marriott data beaches – Dec 2018

Preface: Why we are concerning personal data privacy. Or major concern is we scare someone misuse your credit card for online shopping?

About cyber security:
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks – Quote Cisco definition.

Crime in the Hotel & Lodging Industry:
In the comments of security experts, they believe that since 2014, advanced cyber attacks or criminal network activities (POS malware or credit card fraud). The hotel industry will be the main goal. Kaspersky says the attackers have been active in hotel industry, they conducting surgical strikes against targeted guests at other luxury hotels in Asia as well as infecting victims via spear-phishing attacks and P2P networks. In additional, we cannot ignore threat actors exploit NSA-Level Infection Mechanism.

About GDPR:

In this incident, this reflects the effectiveness of GDPR regulations. For instance does it intend to execute the investigation?
Headline news – https://www.campaignlive.co.uk/article/marriott-potentially-exposed-first-big-gdpr-fine-starwood-data-breach/1520070

Any comment for you in this regard?