All posts by admin

Not seen attack related to CVE-2018-7559, but require considerations and stay alert.

US Homeland security has announcement three times within this year ( April 16, 2018,May 29, 2018 and June 14, 2018) thus to urge the world staying alert malicious attack.Perhaps the industrial sector especailly oil and gas, power supplier facilities has detective and preventive control in placed. Hacker will be facing difficulties for attack. As far as we know, OPC source code on GitHub contains a flaw let remote attacker use the Server’s private key to decrypt and sign messages by using information obtained by sending invalid UserIdentityTokens encrypted with the Basic128Rsa15 security policy. The successful result could allow an attacker to decrypt passwords even if they are encrypted with another security policy such as Basic256Sha256. This flaw found on April this year and remediation has been announced. However, I believe that cyber security attacks exploit of this vulnerability will be happened soon.

Official announcement (OPC Foundation Security Bulletin Security Update for the OPC UA Stacks – April 2018)

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf

 

June 2018 Node.js Security Releases

Node.js runs on top of a Javascript engine therefore it is portable to any platform in computer world. Deploy a Node.js web application environment using AWS Elastic Beanstalk and Amazon DynamoDB. Elastic Beanstalk provisions and manages the underlying infrastructure.
Solutions Infini is the Leading Bulk SMS & Cloud Telephony service provider. But the front end AWS Lamda function powered by node.js platform.
The organization of node.js announced that node.js (6.x – 10.x) has vulnerabilities occurs.
Official announcement and remediation step shown url below:

https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

June 20, 2018 – Cisco Releases Security Updates for Multiple Products

A remote attacker could exploit some of these vulnerabilities to take control of an affected system on both NX and FX OS. In the sense that both router, switch and Firewall requires users considerations.

NX-OS Software NX-API Arbitrary Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-bo

FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace

FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution

NX-OS Software CLI Arbitrary Command Injection Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection

NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp

NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac

NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp

NX-OS Software Border Gateway Protocol Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp

FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin

NX-OS Software NX-API Privilege Escalation Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi

FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp

FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos

NX-OS Software CLI Arbitrary Command Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-execution

NX-OS Software NX-API Arbitrary Command Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-api-execution

Cisco Nexus 4000 Series Switch Simple Network Management Protocol Polling Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n4k-snmp-dos

Cisco Nexus 3000 and 9000 Series CLI and Simple Network Management Protocol Polling Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n3k-n9k-clisnmp

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos

Cisco FXOS Software and UCS Fabric Interconnect Arbitrary Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace

Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos

Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepwr-pt

 

Windows SharePoint Services – “To be, or not to be”

Microsoft formalized Patch Tuesday in October 2003 till today. It was focus on workstation, server and software product till today.  Any differences in the Microsoft architecture model in last decade? Perhaps your answer is the cloud platform and collaboration cloud. Yes, the cloud computing technology similar 14th and 17th centuries renaissance. Thus, a major component in existing technology world.

The point of view of IT management avoid of cloud computing in the earlier stage till today they are enjoy of this technology. As times go by, Microsoft SharePoint product widely deploys in IT environment. There is system architect build SharePoint work as data warehouse.

SharePoint design looks fine from Microsoft point of view. Furthermore both authentication and security are coexist with Active directory. It is a popular setup since it is a single sign on.

The vulnerabilities found on SharePoint in 2018 in retrospect (see below), it display that SharePoint are easy to cause remote code execution by attacker.

 

CVE Score Vulnerability Type(s)
CVE-2018-8254 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

not yet calculated
CVE-2018-8252 An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

not yet calculated
CVE-2018-8168 A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability.” This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158. 9.3 Exec Code Overflow
CVE-2018-0922 Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability”. 9.3 Exec Code Overflow Mem. Corr.
CVE-2018-0797 Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka “Microsoft Word Memory Corruption Vulnerability”. 9.3 Exec Code Overflow Mem. Corr.
CVE-2018-0792 Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka “Microsoft Word Remote Code Execution Vulnerability”. This CVE is unique from CVE-2018-0794. 9.3 Exec Code Overflow
CVE-2018-0789 Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0790. 9

Refer to attach Share Point architecture diagram, this is a common practice model deployment integrate to Azure (IaaS) Cloud platform. If coincidentally MS Excel and Share Point has vulnerabilities occurs (similar situation display on diagram). Which item become critical in nowadays IT environment, end point, server or cloud platform?

See whether below high vulnerabilities items happened on Jun 2018 can provides hints to you in this regard.

CVE-2018-8233 | Win32k Elevation of Privilege Vulnerability – An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 10, Windows 10 Servers.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8233

CVE-2018-8251 | Media Foundation Memory Corruption Vulnerability – A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka “Media Foundation Memory Corruption Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251

CVE-2018-8252 | Microsoft SharePoint Elevation of Privilege Vulnerability – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252

CVE-2018-8254 | Microsoft SharePoint Elevation of Privilege Vulnerability – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254

— End —

 

 

 

 

Bitcoin exchanges must remain vigilant to low value coins

Heard that a vulnerability found on cryptocurrency (FuturXE (FXE)). The problem is that smart contact designer make a programming logic mistake. Department of Homeland Security confirm the bug this week. (CVE-2018–12025) – https://nvd.nist.gov/vuln/detail/CVE-2018-12025

The vulnerabilities and cyber attack looks never stop so far. Do you still remember virtual currency exchange Coincheck lost $400 million in NEM cryptocurrency in Jan 2018?

The hack only involved NEM, because the security breach was caused by the lack of strong security measures of Coincheck with regards to their implementation of NEM, lacking the use of mutlisignature support or a cold wallet.

It looks that criminal group will be intereted of low market value cryptocurrency. For instance, CVE-2018-10468 hacker exploits useless token combine with vulnerability steal the token. Coincheck lost $400 million in NEM but the market price of each coin is in lower value.

FutureXE market price equal to zero buy still avaiable to buy on the market. I think this type of coins will be lure criminal group interest. The fact is that this type of coins willl be exploits for money laundering. Since the coin has vulnerability occured, criminal group can hiring hacker to steal the coin and waiting for bitcoin exchanges reimburse the fund to achieve the money laundering objective.

— End —

June 2018 – Red Shell service arousing public question!

DNS logs explicitly shown the internet user activities. For instance a malicious network traffic that can be identified in DNS logs. The technical details includes command and control (C2) traffic of the following cyber attacks.
Ransomware, malicious ads and redirects, exploit kits, phishing, typosquatting attacks, DNS hijacking; denial of service (DoS) attacks; and DNS tunneling.

Pi-hole is a Linux network-level advertisement and internet tracker blocking application which acts as a DNS sinkhole. DNS Sinkholing is a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address. The controlled IP address points to a sinkhole server defined by the DNS sinkhole administrator.

The Sinkhole server can be used to collect event logs, but in such cases the Sinkhole administrator must ensure that all logging is done within their legal boundaries and that there is no breach of privacy.

Red Shell helps PC & console games uncover where their players
come from through reliable attribution. Their system architecture build by PI-HOLE and bind opensourece application. Meanwhile PI-HOLE and BIND can do reverse engineering. It can do the end point monitoring, aim to keep track the customer behaviour.

A concerns of public and question the analytics package provided by Innervate, Inc., to game publishers.
Innervate, a Seattle-based company founded to help game makers reach more customers, is launching its new Red Shell service today.

Reference:

European Union Agency for Network and Information Security

What is a “DNS Sinkhole”? – https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/dns-sinkhole

Remark: Administrator must ensure that all logging is done within their legal boundaries and that there is no breach of privacy.

My reflections – Why do we require complete artificial intelligence into daily life?

The important thing is to never stop questioning, said Albert Einstein.

Since there is no prefect design items in the world. and therefore bug fix or so called software patch update is the acceptable method. So when I heard Apple issued the security update for Siri (speech recognition application program). As usual I will be interested of the techincal details of the security update. But my consideration this time not on cyber security. My question is that why do we require complete artifical intelligence into daily life. As we know after Apple Siri, Microsoft launched Cortana, Amazon launched Alexa. The speech recongnition was significant success (see attached diagram). The aim of this function not target smartphone only. The major goal is integrate this function into Artifical Intellgence system. The situation of today technology world similar following circumstances. That is once we accept our limits, we go beyond them. But my personal opinion is that we are on the way go to simple thinking logical model. The logical thinking steps will be replaced and transfer to another parties.  In fact that it will enhace the security and operation effeciency. Meanwhile the resources in the world is limit. For instance the existing resources in normal non AI environment can be consume for 100 years. But when we integrate our life to AI, how long will be maintain in the consuming cycle?

Apple secuirty announcement reference – https://support.apple.com/en-hk/HT208848

June 13, 2018 – ISC Releases Security Advisory for BIND

 

Operating system · Linux, NetBSD, FreeBSD, OpenBSD, macOS, Windows · Type · DNS server · License · Mozilla Public License (ISC license before 9.11). Website, www.isc.org/downloads/bind. BIND is the most widely used Domain Name System (DNS).

ISC Releases Security Advisory for BIND Published Wednesday, June 13, 2018 – A remote attacker could exploit this vulnerability to obtain sensitive information.

Offical announcement – https://kb.isc.org/article/AA-01616/0/CVE-2018-5738

June 13, 2018 – Intel Releases Security Advisory on Lazy FP State Restore Vulnerability

Many CPU architectures support lazy saving of floating point state (registers) by allowing floating point capability to be disabled, resulting in an exception when a floating point operation is performed. Virtually all floating point math is done in SSE (and thus XMM registers) in 64 bit mode. Attacker is able via a local process instead of web browser. A newly scheduled task can use the exploit described herein to infer the Floating Point register state of another task, which can be used to leak sensitive information.

Official announcement – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

Why do we require AI (Artifical intelligence)?

Preface

When a child is born, his destiny is learning. He requires continuous learning the knowledge. His objective looks simple because his goal is survival.

What is the objective of AI (Artificial Intelligence)?

The aim of the development of AI it is to mimic in machines the “intelligent” behavior of humans.

The major element of AI (Artifical Intelligence). It is learning. The computer similar a baby, the world empower the knowledge to him. As a result, his learning path including human behaviour, human thinking logic, languages, decision making logic. But how does artificial intelligence do the correct decision not jeopardize the world? This is the ethics.

Does science world ignore the key element before A successful build?

The super computer contains super processing power with high calulation speed. It is without difficulties to do the data analytic. But emulate a human logic thinking require huge volume of data set includes human behaviour data set, differect catagories of data, the historical of crime activities, business decisions logic,…etc.

Hey! Is there any contradition found on this place. For instance, a ethic will be bound to human logical thinking? For instance, you visit library to read the book. This is equilvant learning mode. But in the libray, the book could not contain personal data, personal behaviour acivities provides. So this is the classical learning mode.

You pick up sister or brother letter in the mail box. The ethics will guide you are not allow to open the letter, right? But why does the artificial intelligence have this privileges to read the personal data? The AI read the personal data without consent!

Intelligence is not bestowed by whom, but are the condition of each person is born with and enjoys. However the whole way is for human survival in the earth. If machine contains artifical intelligence. From techincal point of view, it looks like human build a new competitor for himself? The major point is that AI will be wind their way to survivail in the world once their technology is mature.

I am not speaking the conspiracy. It is reality since they are in the machine learning phase. Their evolutions are shown as below:

1st Generation

Data science: Data science is an interdisciplinary field that uses scientific methods, processes, algorithms and systems to extract knowledge and insights from data in various forms, both structured and unstructured,similar to data mining.

2nd Generation

Machine learning: Machine learning is a subset of artificial intelligence in the field of computer science that often uses statistical techniques to give computers the ability to “learn”.

Final stage

Artifical intelligence: Artifical intelligence is intelligence demonstrated by machines, in contrast to the natural intelligence (NI) displayed by humans and other animals.

Source of data of machine learning nowadays

Datasets of population, economic and development across the world: https://data.worldbank.org/

Data operate in educational institutions and education demographics from the US and around the world: https://nces.ed.gov/

The collection of social, economic and population data in UK: https://www.ukdataservice.ac.uk/

The national crime statistics, with free data available at national, state and county level: https://ucr.fbi.gov/

Information gathered by NASA’s space exploration missions: https://exoplanetarchive.ipac.caltech.edu/

Conclusion

Human pollute the world because of living standard growth and modern industries.
Artificial intelligence in final phase will be …..
A song is on the way!

Don’t kill the world, don’t let it down. Do not destroy basic ground…..

 

–End–