Monthly Archives: August 2019

2019, cyber security incident news highlight

Have you heard of the “Capital one” data leak! July 2019

Cyber criminal is under arrested. She is accused of breaking into a “Capital One” computer facility and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.

Security Focus : Cyber criminal is under arrested. She is accused of breaking into a “Capital One” computer facility and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers. Technical guy may known that there is a design limitation occurs on AWS. The metadata service provides temporary credentials. There is no authentication and no authorization to access the service. A mis-configure firewall policy will causes untrusted source establish connection to meta service. For more details, please refer to attach diagram.

Headline News – A hacker gained access to 100 million Capital One credit card applications and accounts

https://edition.cnn.com/2019/07/29/business/capital-one-data-breach/index.html

Potential Risk of CVE

CVE-2019-10142 Freescale hypervisor management driver integer overflow in ioctl – jul 2019

Preface: The Freescale hypervisor management driver provides several services to drivers and applications related to the Freescale hypervisor.

About: Integer overflows and other integer manipulation vulnerabilities frequently result in buffer overflows. An integer overflow occurs when an arithmetic operation results in a number that is too large to be stored in the space allocated for it.

Vulnerability details: The vulnerability exists due to integer overflow within the freescale hypervisor manager implementation in drivers/virt/fsl_hypervisor.c. A local guest user can send specially crafted data to the affected IOCTL , trigger integer overflow and execute arbitrary code on the target system.

Remedy: Kernel.org has released a software patch at the following link – https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6a024330650e24556b8a18cc654ad00cfecf6c6c