All posts by admin

Potential Risk of CVE, Under our observation

Stay alert! Cisco Releases Security Updates for Multiple Products 18th April 2018

1 Comment

Be extra alert because alliance bombarded Syria chemical facilities with justice. So the cyber attacks will be increased. I encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. For more details, please see below:

Cisco WebEx Clients Remote Code Execution Vulnerability cisco-sa-20180418-wbs (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs

Cisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal cisco-sa-20180418-uscd (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-uscd

Cisco StarOS Interface Forwarding Denial of Service Vulnerability cisco-sa-20180418-staros (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros

Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability cisco-sa-20180418-iosxr (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr

Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability cisco-sa-20180418-fpsnort (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort

Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability cisco-sa-20180418-fp2100 (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100

Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability cisco-sa-20180418-asaanyconnect (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect

Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities cisco-sa-20180418-asa_inspect (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa_inspect

Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability cisco-sa-20180418-asa3 (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa3

Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability cisco-sa-20180418-asa2 (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa2

Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability cisco-sa-20180418-asa1 (link is external) – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1

 

Potential Risk of CVE

Oracle security update for April 2018 to address 254 vulnerabilities across multiple products

We heard tsunami so far, but it is hard to imagine that it will be happened in IT world.

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. A technology type of tsunami happened today which given by Oracle!

Next Critical Patch Update Schedule

  • 17 July 2018
  • 16 October 2018
  • 15 January 2019
  • 16 April 2019

No comment in this regard! Crazy! For more detail, please refer below url for reference.

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Potential Risk of CVE, Under our observation

About Apple security updates – CVE-2018-4173 – It allows invisible microphone access via a crafted app

2 Comments

We do not have suprise that malware infiltrate malicious code to software application because it happens in frequent from cyber technology world.  Apple counputer found a vulnerability on their iOS and MacOS was that a invisible microphone access via a crafted app but do not display on status bar. But it bring up the concerns, details are shown as below:

  1. Apple code scanning do well. But how does hacker do this implant or embedded malicous code in SDK?
  2. Even though someone turn on microphone on iphone, but the problem is that it do not shown on status bar?

About Apple security updates

About the security content of iOS 11.3

https://support.apple.com/en-hk/HT208693

About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan

https://support.apple.com/en-hk/HT208692

 

 

Potential Risk of CVE, Under our observation

Be patient! KB4100375. Stay tuned!

If the memory leak is intensive, it can cause the program to crash or even make the whole computer freeze. The most common reason programs have memory leaks is due to a programming error where unused memory is not allocated back to the system.Memory leaks are a class of bugs where the application fails to release memory when no longer needed. A large leak might result in unacceptable response times due to excessive paging. The windows 10  security update (KB4100375) rescheduled because of above reasons.

For more details, please refer below url for reference.

Microsoft explains why Windows 10 Spring Creators Update delayed

https://www.windowslatest.com/2018/04/17/microsoft-explains-why-windows-10-spring-creators-update-delayed/

Potential Risk of CVE, Under our observation

Company which are going to implement the opensource CMS system, you must be extra care – Apr 2018.

3 Comments

Using a CMS, companies can easily build sites for themselves and their clients. These systems streamline web design and content publishing, ensuring that both your site and workflow are streamlined.The open source CMS system (Drupal, Joomla, Magento and CMS Made Simple) boost up the market growth and demand. However EU is going to enforce the law on data protection and privacy for all individuals within the European Union. Just do a quick review of the vulnerabiolties found on open source this year (2018). Those vulnerabilities happened are potentially contravention of the data protect law. So company which are going to implement the opensource CMS system, you must be extra care.

Opensources CMS system vulnerability Reference –

Drupal core – Highly critical – Remote Code Execution (Mar 2018)

https://nvd.nist.gov/vuln/detail/CVE-2018-10085

IoT, System, Under our observation

Easily Bypass iPhone Encryption – Apr 2018

Headline news report that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors. It looks that a great opportunities for technology firm. It can receive rewards. It is indeed a win win situation. Tech firm can earn money. The court is able to collect the evidences to do the right judgement. Meanwhile, I was wonder whether this is the only way to open the backdoor? As we know, jailbreak the iPhone not a secret. The default password looks easily to collect. So far, the cheap tool to do the magic are available. Perhaps you cannot unlock the phone directly. However you are able to get in (see attached diagram for reference). I beleive that there are more possible way and idea will be coming soon.

My friend posted the official post provided by motherboard and awaken my imagination.

Yes, information technology and cyber technology relies on people imagination. And such a way let your dream come ture.

Official articles in below url for your reference:

https://motherboard.vice.com/en_us/article/vbxxxd/unlock-iphone-ios11-graykey-grayshift-police

Potential Risk of CVE, Under our observation

VMware Releases Security Updates – especially cloud base users must staying alert! 12th Apr 2018

In java world, it has plenty of areas are allow hacker to do some tricks. VMware announced that found so called DOM Based Cross-site Scripting Vulnerability and Missing renewal of session tokens vulnerability. In regards to my comment, both vulnerabilities similar modern java applications security weakness, we are able to apply filter to do that. For example a regular expression solution. In short, please refer official announcement for reference.

vRealize Automation updates address multiple security issues

https://www.vmware.com/security/advisories/VMSA-2018-0009.html

Potential Risk of CVE, Under our observation

Juniper JunOS – The giant is sick! April 2018

Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10844&cat=SIRT_1&actp=LIST

Denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845&cat=SIRT_1&actp=LIST

Crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies (CVE-2018-0018)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846&cat=SIRT_1&actp=LIST

Denial-of-service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10847&cat=SIRT_1&actp=LIST

rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10848&cat=SIRT_1&actp=LIST

Eclipse Jetty information disclosure vulnerability (CVE-2015-2080)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10849&cat=SIRT_1&actp=LIST

Return of Bleichenbacher’s Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10850&cat=SIRT_1&actp=LIST

Multiple vulnerabilities resolved in OpenSSL

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10851&cat=SIRT_1&actp=LIST

Multiple vulnerabilities in stunnel 5.38

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10852&cat=SIRT_1&actp=LIST

 

Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10853&cat=SIRT_1&actp=LIST

 

Short MacSec keys may allow man-in-the-middle attacks

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10854&cat=SIRT_1&actp=LIST

Mbuf leak due to processing MPLS packets in VPLS networks (CVE-2018-0022)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10855&cat=SIRT_1&actp=LIST

world writeable default configuration file permission (CVE-2018-0023)

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10856&cat=SIRT_1&actp=LIST

 

 

Application Development

Why REST (API) is so popular? But how to hardening the API security features?

1 Comment

REST (API) is key component to building powerful, scalable web-based applications today. So how to enhance the security feature, since it is working with HTTP communication method. Thence:

1. We should ensure that the HTTP method is valid for the API key/session token and linked collection of resources, record, and action.

2. Authentication – It is better to deploy multi-factor authentication and token-based authentication.

3. Token validation errors should also be logged for audit purpose.

4. Input sanitization.

5. If the classification label of data is private or confidential. A symmetric cryptography will be used to encrypt the data transmitted.

6. Hardrening REST API status return codes instead of 404 (errors) and 200 (success).

Perhaps above items of enhancement not easy to fulfill. However the system developers should be fulfilled the standard requirements. Following the web server security best practice. Apart from that it compliance with HTTP security (RFC7230 – section 9).

Should you have interested of RFC7230 – section 9 standard. Please refer to below url for reference.

https://tools.ietf.org/html/rfc7230#section-9.1

Potential Risk of CVE, Under our observation

Microsoft security update – April 10, 2018 – KB4093112

1 Comment

The security update of Microsoft this week included provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715. Apart from that it also provides Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities. However I was wondering the mitigation plan coverage provided by AMD?

A insidiousness of the SIMD instruction extensions of ARM, MIPS, and x86? Does AMD cover this part because SIMD Instructions considered harmful?Any advice or we just ignore it?

For more details about the security update, please refer below url for references.

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities – https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

KB4093112 – https://www.catalog.update.microsoft.com/Search.aspx?q=KB4093112