Preface: Dynamic memory automatically reclaimed when the garbage collector no longer sees any live reference to it.
Description: A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition.
My opinion: For memory that is not associated with a Scheme object, we cannot assume the new memory block can be freed by a garbage collection. FirePower run on top of Cisco ASA appliance.See below bug history, eventhough it is Cisco. The design is better to separate the Snort with CISCO ASA!
Preface: phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.
Description: Phpmyadmin sometimes similar is a gadget. It can help you reset your WordPress password. It seems to be very useful, but this time the vulnerability is equivalent to the Swiss Army Knife, thus breaking your defense mechanism.
Vulnerability detail: An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
Preface: EWS Push Subscription, you will get notifications as long as you respond to the server and acknowledge that you received the notification.
The CERT Coordination Center (CERT/CC) announcement – 29th Jan 2019: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
Vulnerability detail: Exchange allows any user to specify a desired URL for Push Subscription, and the server will attempt to send notifications to this URL….. For more detail, please refer to attached diagram for reference.
Disable EWS push/pull subscriptions.
Remove privileges that Exchange has on the domain object.
Preface: Programmer just spend 10 minutes write a python script then can listen UDP traffic. Even though we performing Google Search , the function is using Python code.
Information background: Python has now become the most taught programming languages in Universities and Academica. Machine learning or artificial intelligence is learning Python because it is the primary language that makes tasks easier.
Vulnerability: The security expert from Cisco Talos found that a vulnerability will be occured when python parser handling x509 certificate. A handshake failures result in skipping the call to getpeercert(). Under above circumstances, attacker can craft a x.509 certificate with both a blank distributionPoint and cRLIssuer causes a NULL pointer dereference. As a result a denial-of-service occur.
Preface: IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. Relion products have been designed to implement IEC 61850 standard.
Vulnerability has been recorded to National Vulnerability Database – 15th Jan 2019: ABB Relion 630 series allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. Ref: SP command is used to setup the SPA-bus interface, UN command is used to program the unit list, ..
Remark: The atmosphere shown that in industrial world especially energy, gas, water supply facilities will be the attacked target by APT group once political issue occurs in between different countries. The Natural-gas processing plant and Oil refining facility relies on SCADA system. The cyber security alert awaken the business owner and management group last year. They are now have better understanding of patch management and cyber security awareness.
Preface: Cyber security experts predict that global DNS hijacking activities are underway. However, it is not certain who is the attacker (the cyber attack group), FireEye said on January 9, 2019.
Background information: This cybersecurity incident caught the attention of the Network Security and Infrastructure Security Agency (CISA). Whereby, CISA released their first emergency order on January 22, 2019. They urge the world to understand the current situation (global DNS hijacking campaign). At the same time, they released a mitigation solution for mitigating DNS system. For more details, please see below: https://cyber.dhs.gov/blog/#why-cisa-issued-our-first-emergency-directive
My observation: While DNS software is specially designed to fulfill one specific role, applications like Bind are incredibly flexible and can be used as hybrid solutions. However there are plenty of vulnerabilities ( high severity of risk) found on Bind system software.Please refer following url for reference:
Preface: Cisco SD-WAN key advantage keen to reducing costs with transport independence across MPLS, 3G/4G LTE, etc. Meanwhile it improving business application performance and increasing agility.
Technical background: The vSmart controller is the brains of the centralized control plane for the Viptela system network architecture. The vSmart controller runs as a virtual machine (VM) on a network server. It can also run as a container within a vContainer host.
Preface: Tycoon wants to invest in a football team. He wants to know which is the good team, how many matches they won in years, the revenue they generate,..etc. Believe that analyzing data solution (TIBCO Spotfire ) can help.
TIBCO Spotfire technology Synopsis: Data virtualization time-to-solution is 5‒10X faster than traditional data warehousing and ETL.You can extend TIBCO Spotfire yourself using TIBCO Spotfire’s publicly published APIs, download extensions from the TIBCO component exchange.
Preface: Every computer has a finite amount of memory so OS might actually need to use more than is physically available on your system. As a result, it is hard to avoid sharing resources feature.
Our security focus: In regard to security update announced by Apple. Our security focus of this topic will be follow closely of malicious application may cause unexpected changes in memory shared between processes.
Under XNU a virtual memory map is represented by a
_vm_map struct, defined in osfmk/vm/vm_map.h. Because not the entire virtual memory address space is mapped at any given moment, the virtual memory map is divided in several entries, each representing a continuous block of mapped memory which share common properties.
Design limitation: CVE-2019-6205 and CVE-2019-6208: A malicious application may cause unexpected changes in memory shared between processes.
Preface: Some organizations that use MySQL include GitHub, US Navy, NASA, Tesla, Netflix, WeChat, Facebook, Zendesk, Twitter, Zappos, YouTube,…etc
Background: Technology writer Ionut Ilascu alert that there is command in MySQL server could be use for steal the personal and web server data without a high level evasion technique.
Technical overview: Security Issues with LOAD DATA LOCAL on MySQL DB server side: Such a server could access any file on the client host to which the client user has read access.
Security Issues with LOAD DATA LOCAL on web server side:
In a Web environment where the clients are connecting from a Web server, a user could use LOAD DATA LOCAL to read any files that the Web server process has read access to.