Is this a careless mistake? BlackRock Exposes Confidential Data on Thousands of Advisers on iShares Site!

Preface: Excel spreadsheets are used all the time in high-risk financial data analysis, and sometimes this is a silent way to dig out the data.

BlackRock data leakage synopsis:

Bloomberg found three spreadsheets contains BlackRock’s iShares ETF business confidential information included thousands of financial advisors were given ratings based on how much business they bring BlackRock. For more details, please refer below url:

Is it a careless mistake?
It is hard to tell. From technical point of view, Blackrock is easy to figure out the problem though their spreadsheet management system.

If it didn’t find related suspicious activity in the spreadsheet management system and security incident event management? What is the next step? Do the dark web research may find out some hints. If the final confirmation is a user negligence. In a nutshell, user negligence shown the design weakness of awareness training program.

CVE-2019-6446 NumPy pickle Python Module Remote Code Execution Vulnerability – 16th Jan 2019

Preface: Gamma-Ray Observatory Satellite Mission for the study of cosmic gamma-ray sources in the keV to MeV energy range.

About Numpy and Gammapy:

NumPy is an open source Python package for scientific computing. NumPy supports large, multidimensional arrays and matrices. NumPy is written in Python and C. NumPy arrays are faster compared to Python lists.

Gammapy is an open-source Python package for gamma-ray analysis built on Numpy and Astropy. It is a prototype for the Cherenkov Telescope Array (CTA) science tools, and can be used to analyse data from existing gamma-ray telescopes.

Security Alert : NumPy pickle Python Module

NumPy could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to the unsafe use of the pickle Python module by the affected software.

Official Announcements:

CoreOS etcd Role-Based Access Control Authentication Vulnerability – 16th Jan 2019

Preface: Container Linux by CoreOS is an open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure to clustered deployments, while focusing on automation, ease of application deployment, security, reliability and scalability.

Found vulnerability:

A vulnerability in CoreOS etcd could allow an unauthenticated, remote attacker to bypass security restrictions and gain unauthorized access.


An attacker could exploit this vulnerability by sending malicious requests to the affected application. A possible way let attacker evade security restrictions then gain unauthorized access to the targeted system.

Vendor Announcement:

CoreOS has released updated software at the following link:

Drupal Releases Security Updates – 16th Jan 2019

Preface: Drupal is a free and open source content-management framework written in PHP and distributed under the GNU General Public License.

Security Focus:
Drupal has traditionally depended on multiple external tools. Drupal core uses the third-party PEAR Archive_Tar library. In PEAR Archive_Tar before 1.4.4, there are several file operation with $v_header['filename'] as parameter (such as file_exists, is_file, is_dir, etc). When extract() is called without a specific prefix path, we can trigger phar induced unserialization by crafting a tar file with phar://[path_to_malicious_phar_file] as path name. Object injection can be used to trigger destructor/wakeup method in the loaded PHP classes. For instabce: With Archive_Tar itself, it can trigger arbitrary file deletion because @unlink($this->_temp_tarname) will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible.

Official announcement:
Drupal core Arbitrary PHP code execution (Critical) –

Drupal core Third Party Libraries vulnerability (Critical) –

Security Focus – Critical Path Update contains 3 new security fixes for the Oracle Database Server – 15th Jan 2019

Preface: Computer system vulnerability wreak havoc, IT life not easy!

Background: Oracle’s revolutionary cloud database features autopilot, self-protection, and self-healing capabilities designed to eliminate error-prone manual data management. But the Core RDBMS vulnerability still exists!

Security focus – CVE-2019-2444:
Since it did not provide the details. We supculated that even if you revoke the CREATE SESSION privilege from a user they would still be able to log in to the database by using a ROLE that has this privilege.

For instance:
DB contains a role with the create session privilege:
SQL> CREATE ROLE hidden_privileges;
SQL> GRANT create session TO hidden_privileges;

schema/batch user
SQL> GRANT create session TO user1;

If someone has an alternative way for connecting to the database
SQL> GRANT hidden_privileges TO user1;

Then vulnerability occurs.

For remaining vulnerabilities, please refer official announcement.

Jackson is very popular choice for processing JSON data in Java but has critical vulnerabilities occurred. Developer must staying alert(Jan 2019)

Preface: In Java development, software developers will often need to read in JSON data, or provide JSON data as an output. But Java JSON Processing API is not very user friendly and doesn’t provide features for automatic transformation from Json to Java object.

Jackson technical background: Jackson is a suite of data-processing tools for Java (and the JVM platform), including the flagship streaming JSON parser / generator library, matching data-binding library (POJOs to and from JSON) and additional data format modules to process data encoded in Avro, BSON, CBOR, CSV, Smile, (Java) Properties, Protobuf, XML or YAML.

Remark: com.fasterxml.jackson.databind.ObjectMapper is the most important class in Jackson API that provides readValue() and writeValue() methods to transform JSON to Java Object and Java Object to JSON.

Vulnerabilities found on FasterXML jackson-databind:

FasterXML jackson-databind slf4j-ext Class Arbitrary Code Execution Vulnerability – A successful exploit could allow the attacker to execute arbitrary code.

FasterXML jackson-databind Blaze-ds-Opt and Blaze-ds-Core Classes Arbitrary Code Execution Vulnerability – A successful exploit could allow the attacker to execute arbitrary code.

FasterXML jackson-databind Polymorphic Deserialization External XML Entity Vulnerability – A successful exploit could allow the attacker to conduct an XXE attack, which could be used to access sensitive information, bypass security restrictions, or cause a denial of service (DoS) condition on the targeted system.

Vendor Announcements:

Linux Kernel mincore() Implementation Information Disclosure Vulnerability – 12th Jan 2019

Preface: Hard drives are slower and they affect loading and saving (read and write) times only.

Technical overview:
The mincore() function requests a vector describing which pages of a file are in core and can be read without disk access.

Vulnerability occurred:
A vulnerability in the mincore() function in the Linux Kernel could allow a local attacker to access sensitive information on a targeted system.

Design weakness:
The vulnerability occured in the mincore() function implementation in the mm/mincore.c source code file. The design weakness allow an attacker exploit this vulnerability to conduct a page-cache side-channel attack (allowing the attacker to view page-cache access patterns of other processes on the system).

Official announcement :

CVE-2019-0246 Multiple Vulnerabilities in SAP Cloud Connector – January 2019

Preface: Using both private and public clouds in parallel allows company to pick and choose which data and services they want to keep in the private cloud for added security, and which in the public cloud. This is so called a hybrid cloud concept.

Vulnerability found on SAP cloud connector:
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. As a result it might happen unknown malicious action.

Synopsis: Attacker will be exploit Java code through scripting API or dynamic JSP do the injection .

Official announcement shown as below:
SAP Security Patch Day – January 2019 –

Has the extraterrestrial (E.T.) established a hydrogen line to observe our planet since ancient times?


Principle in the detection of radio signals from space is the Hydrogen atom. The hydrogen atom comprises a proton and an electron. It emits radioenergy at a wavelength of 21 cm or a frequency of 1420 MHz.


The Egyptian pyramids are ancient pyramid-shaped masonry structures located in Egypt. But the archaeologist found that a sightly difference of Pyramid of Khufu compared to other.


There are three known chambers inside the Great Pyramid. The lowest chamber is cut into the bedrock upon which the pyramid was built and was unfinished. The so-called Queen’s Chamber and King’s Chamber are higher up within the pyramid structure. But it did not found emperor mummies in placed.

Sea Salt found in the Pyramids guide to scientist expose the secret and possibilities.

The material of pyramid – The Pyramids at Giza have more than 5 million blocks of limestone, until now believed to be CARVED stones, new evidences shows they were CAST with agglomerated limestone concrete. But the King’s Chamber, sarcophagus and relieving chambers were made of granite. Don Holeman (biochemical engineer) found that Queen’s Chamber is the only chamber that has salt discovered on the walls and ceiling.

The archaeologist found the location of Subterranean Chamber is equivalent the location below water level of river Nile. Meanwhile the causeway from the Great Pyramid leading down to the location of the ancient Nile River. For more details, please refer below picture.

Technical point of view

The result found by scientist and Archaeologist sightly indicated that Great Pyramid of Giza might not only for recall or condolence of the late Egyptian emperor. From technical point of view, it is advance technology facilities instead of Imperial Tombs. As a matter of fact, the tombs is located in The Valley of the Kings. The valley stands on the west bank of the Nile, opposite Thebes (modern Luxor), within the heart of the Theban Necropolis. 

The speculation by Don Holeman was that the design objective of the Great Pyramid goal to reproduce hydrogen as a gas transformation technique. A scientific way has possibilities to reproduce above concept. The chemical engineer told Don that a diluted hydrochloric acid coming in from one shaft and hydrated zinc feeding in from the other when combined would produced hydrogen. Meanwhile the consultant also affirmed that the boiling off of hydrogen when the chemicals mixed would create salts on the limestone (calcium carbonate) walls and ceiling of the chamber. Besides, the subterranean chamber equivalent with a hydraulic ram pump function to balance the pressure inside the Pyramid. And avoid the leakage of the liquid. Should you have interest of the technology, please see below diagram.

Technology architecture – advanced technology of Pyramid

Motivation – So, what is the goal for designer produce the hydrogen gas? Perhaps we can conduct the reasoning to trace the answer.

Assumption: I assume that few thousand years ago, the extraterrestrial teach the Egypt person build the Pyramid is for transmit the rescue signal. Then let the hydrogen line trigger their interstellar detection system. Per observation, pyramid follow the array of Orion constellation built. The location of the facility in the earth mimic to the 3 Stars of ‘Belt of Orion’ in the Orion constellation. This factor driving me speculate they are come from Orion.

The radio telescopes can see the otherwise invisible cold, dark features in space. In our earth, there are no hydrogen atoms in the air because hydrogen is highly reactive as a sole atom and requires another hydrogen atom to stabilise itself. Furthermore hydrogen is of low frequency in the Earth’s atmosphere because the H2 has very low molecular weight and therefore escapes the Earth’s gravity and rising into space.

When hydrogen atoms switch from the parallel to the anti-parallel configuration they emit radio waves with a wavelength of 21 centimeters and a corresponding frequency of exactly 1420 MHz. This is called the 21 cm line. Thus, radio telescopes tuned to this frequency can be used to map the great clouds of neutral hydrogen found in interstellar space. As a result, let the extraterrestrial (located in Orion constellation) can find out the location for colleague waiting for rescue since an unknown planet in sudden increase the hydrogen atom quantities similar an alert signal bring for their attention.

What is the hydrogen line, and why are radio or RF transmissions prohibited at this frequency?

Quote: The hydrogen line (1420.40575 MHz) is the precession frequency of neutral hydrogen atoms, the most abundant substance in space. It happens to fall in the quietest part of the radio spectrum, what’s known as the Microwave Window. Although there may not seem to be a lot of loose hydrogen atoms about (there’s perhaps one per cubic centimeter of interstellar space), the interstellar medium contains a lot of cubic centimeters. So these individual atoms chirping away at 1420 MHz make a powerful chorus, which is readily detected by even small radio telescopes. (

Principle in the detection of radio signals from space is the Hydrogen atom. Whereas Radio Astronomers listen to the Earth Universe at 78 MHz with Dipole and Custom SDR (Software Defined Radio). The goal of SDR is to provide a hardware that enables radio astronom to perform astronomical measurements.

Our situation not E.T. phone home. Few thousand years ago, they know where we are?

For my speculation, seems few thousand years ago, the extraterrestrial teach the Egypt person build the Pyramid is for merely for their objective (may be they are not the invader). Just let their race know where are they. Strongly believe that they encountered problem so stay in our planet). And the they are formulate a solution. Build the pyramid emit the hydrogen atom let their Radio telescope know their location because their planet far away from our galaxy. When they left our planet, it looks that the Pyramid not operate again. As a matter of fact, ancient Egyptian civilization lost the advance technology in that moment. As times goes by, it is hard to know or proof the truth of this issue. 

The dangers of humankind meeting alien civilizations

I agree with Professor Hawking opinion. He urge the world that the dangers of humankind meet with alien civilizations. Perhaps they have nomads. As a result, they will try to conquer another civilization (weak than him) thus colonize to our planet.

Quote: “Such advanced aliens would perhaps become nomads, looking to conquer and colonize whatever planets they could reach,” said Professor Hawking.

For the details of the comments by Professor Stephen Hawking, please refer below url:

Summary: Pyramid not operate again. But it alert human being what is our situation. We heard that people experiences Close Encounters of the Third Kind. We do not know the truth. As a matter of fact, extraterrestrial know where we are.


We can also RASDR, RASDR is an Open Hardware project undertaken by members of the Society of Amateur Radio Astronomers (SARA) to develop a low cost, high performance software defined receiver for use by SARA members.

RASDR2 block diagram as below:

Simple and powerful evasion technique – Threat actor will be exploit MS word document.

Preface: Preface: Threat Intelligence vendor (FireEye) alert that Global DNS Hijacking Campaign rapidly growth. This storm affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.

Synopsis: More information about the impact of this cyber attack.. Please refer to below url for reference.

Reflection – The attack method:

Let us think that this kind of attack seems to happen in our daily lives. Perhaps sometime even though Defense mechanism not aware. Microsoft Office documents containing built-in macros is very useful and can become a Swiss army knife to hurt you. Macros are essentially bits of computer code, and historically they’ve been vehicles for malware. Should you have interest of this topic, attach diagram can provide high level overview for your reference.

Remark: Seems the SIEM endpoint event monitoring will be the effective remedy solution. However it might have involves confidential data label. So this part requires management review and separation of duties.