All posts by admin

Foreshadow vulnerabilities spread to Siemens Industrial Products – Nov 2018

Preface: Intel Software Guard Extensions (SGX) is a set of central processing unit instruction codes from Intel that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels.

SGX design limitation:
L1 Terminal Fault aka Foreshadow found in August 2018. Foreshadow enables an attacker to extract SGX sealing keys, previously sealed data can be modified and re-seal.

The Foreshadow / L1-terminal-fault attack were assigned the following CVE numbers:
CVE-2018-3615 for attacking SGX.
CVE-2018-3620 for attacking the OS Kernel and SMM mode.
CVE-2018-3646 for attacking virtual machines.

Remedy:

Regarding to this vulnerability. Siemens Security Advisory by Siemens Product has following announcement to their product. For more details, please see below:

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Virus, malware and ransomware may be can help mankind once AI develop become extreme.

Preface: What is your expectation from our robot counterparts in the future?

Before Professor Stephen Hawking leave the world. The final warning for humanity: AI is coming for us. In the world now in preparing the 5G mobile technology, Big Data technology and Smart City. A silent force unintend to drive human go to next generation of world. We believe all the regime in the world now get into this competitions. A quick idea to you is that the term so called Smart or intelligence most likely are efficiency and productivity. All the components within the earth are running fast in the moment. But what is your expectation from our robot counterparts in the future? Because they are coming!

Why do we recommend thinking about it at this time?
For instance, the global surface temperature increases while climate change includes global warming and everything else. The extreme changes was began in mid 80’s. Why? Manufacturer cost allocation & development country boots up their power. Now we understand the impact. But seems too late!
So this is the right time to consider.

Reference: https://www.vox.com/future-perfect/2018/10/16/17978596/stephen-hawking-ai-climate-change-robots-future-universe-earth


About recent data breaches – Every CEO might say cyber security.

Data leakage accident as of December 2018. It provides a message to the world. Even though you installed antivirus, malware detector and Firewall. The hacker still have ways to evade. In a nutshell, technology world is fighting with evils. But it make the senior management team especially CEO headache. So who can help?

CA insider Threat Report findings:

A majority of 53% confirmed insider attacks against their organization in the previous 12 months (typically less than five attacks). Twenty-seven percent of organizations say insider attacks have become more frequent.

US Homeland security recommendations:

  1. Elevate cybersecurity risk management discussions to the company CEO and the leadership team.
  2. Implement industry standards and best practices rather than relying solely on compliance standards or certifications.
  3. Evaluate and manage organization-specific cybersecurity risks.
  4. Ensure cybersecurity risk metrics are meaningful and measurable.
  5. Develop and exercise cybersecurity plans and procedures for incident response, business continuity, and disaster recovery.
  6. Retain a quality workforce.
  7. Maintain situational awareness of cybersecurity threats.

Mr.CEO, what do you think?

Apple Releases Multiple Security Updates – December 05, 2018

Preface: One of the biggest successes of the iPhone is its security. Still No Major Malware found on iPhone.

Current possible infection methods:
1. iOS process named “iBoot” that starts up the system when you first turn on your iPhone and ensures the code being run is valid and originates from Apple. Hacker mimic counterfeit firmware may have way to compromise Apple iOS devices.

2. Malware compromised windows OS, exploit this channel implant malicious code to 3rd party iOS app then install to Apple iOS devices.

3. Man-in-the-middle -attack: On 2016, found a program called “爱思助手 (Aisi Helper),” which acts as the “man-in-the-middle” attack. Aisi Helper silently installs a malicious app to any connected iOS devices. It appears that the malicious app connects to a third-party iOS app and game store that asks users to enter their Apple ID passwords then implant malicious code to 3rd party Preventive maintenance:

Following official suggestion to enhance your iOS devices (see below)

iOS – https://support.apple.com/en-us/HT209340

iTunes – https://support.apple.com/en-us/HT209345

Safari – https://support.apple.com/en-us/HT209344

iCloud – https://support.apple.com/en-us/HT209346

Release updates from the Chrome team – design weakness (Dec 2018)

Preface:

As of 2018, expert estimates that Google Chrome has a 68% worldwide usage share of web browsers as a desktop browser. It also has 61% market share across all platforms combined. Moreover it has over 50% share on smartphones.

Technical features:
Google chrome not only a web browser. It contained friendly capabilities.
How to enable Material Design?
Google Chrome is a freeware web browser developed by Google LLC.
If you are interested of Google Chrome with its secret Material Design. You can following below details for reference.

Chrome-desktop:
Go to the URL bar and type – chrome://flags/#top-chrome-md

Chrome-iOS:
Go to the URL bar and type – chrome://flags/#top-chrome-md

Chrome design weakness – Found Nov 2018
Since there are several items of issue found. Following details of items bring to my interest.
Out of bounds write in V8 – High CVE-2018-17480, CVE-2018-18342
Use after frees in PDFium – High CVE-2018-17481, CVE-2018-18336, CVE-2018-18343

Should you have interested, please refer to official announcement for reference

https://chromereleases.googleblog.com/search/label/Stable%20updates

Security Bulletin: NVIDIA GeForce Experience – November 2018

Preface:

NVIDIA GeForce graphics cards are built for the ultimate PC gaming experience, delivering amazing performance, immersive VR gaming, and high-res graphics.

Technical background:
GeForce Experience is the companion application to your GeForce GTX graphics card. It keeps your drivers up to date and automatically optimizes your game settings.

Vulnerability details announced on Nov 2018:
https://nvidia.custhelp.com/app/answers/detail/a_id/4740

CVE‑2018‑6263 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.

CVE‑2018‑6265 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.

For more details, please refer to attached diagram.

Reflective thinking on Marriott data beaches – Dec 2018

Preface: Why we are concerning personal data privacy. Or major concern is we scare someone misuse your credit card for online shopping?

About cyber security:
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks – Quote Cisco definition.

Crime in the Hotel & Lodging Industry:
In the comments of security experts, they believe that since 2014, advanced cyber attacks or criminal network activities (POS malware or credit card fraud). The hotel industry will be the main goal. Kaspersky says the attackers have been active in hotel industry, they conducting surgical strikes against targeted guests at other luxury hotels in Asia as well as infecting victims via spear-phishing attacks and P2P networks. In additional, we cannot ignore threat actors exploit NSA-Level Infection Mechanism.

About GDPR:

In this incident, this reflects the effectiveness of GDPR regulations. For instance does it intend to execute the investigation?
Headline news – https://www.campaignlive.co.uk/article/marriott-potentially-exposed-first-big-gdpr-fine-starwood-data-breach/1520070

Any comment for you in this regard?

Cyber Security focus: Node.js – Nov 2018

Preface:

Who use Node JS?
Node.js build various applications such as social media apps, video and text chat engines, real-time tracking apps, online games and collaboration tools. CiscoDevNet has sample to guide the developer how to integrate integrate Webex with node.js.

Technology background:
Node.js is an open-source, cross-platform JavaScript run-time environment that executes JavaScript code outside of a browser.

Severity of impact:

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default. A debug menu or debug mode is a user interface implemented in a computer program that allows the user to view and/or manipulate the program’s internal state for the purpose of debugging.

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers

Severity – High severity

Node.js Official announcement for reference:

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

SamSam Ransomware variant – December 3, 2018

Preface:

The Department of Homeland Security urge the world and United state staying alert of new wave of cyber attack.

Technical details:
SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Most likely the goal of the action is interfere the society stability. It can widespread impact on political stability.

Recommendations:
1. Maintain up-to-date antivirus signatures and engines.
2. Keep operating system patches up-to-date.
3. Disable File and Printer sharing services.
4. Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
5. Enforce Awareness training.

Credit reporting agency TransUnion – personal data security flaw (Nov 2018)

Preface:
Transunion offers total credit protection all in one place from credit score, credit report and credit alert. On June 25, 2015, TransUnion became a publicly traded company for the first time, trading under the symbol TRU.

Who is CreditGo?
CreditGo provides free access to credit circular reports and credit scores for Hong Kong residents. Meanwhile the credit information provided by CreditGo comes from TransUnion.

Data privacy leakage incident:
The Hong Kong arm of American consumer credit reporting agency TransUnion was forced to suspend its online services on Thursday after a local newspaper was easily able to access the personal data of the city’s leader and finance minister.

What is the reason?
Incorrect program logic from online web application cause database leak.

Remedy:
Suspend online services.

Comments:
Refer to attached diagram, it is hard to avoid your data personal privacy leakage since when bank or financial institute check the information of a person. It is because a duplicate copy will be generate.
Business world and our daily life is insane now!

Headline news:

https://www.scmp.com/news/hong-kong/hong-kong-economy/article/2175654/credit-agency-transunion-suspends-online-services