Preface: Apple found memory vulnerability, since no additional information will be provided by vendor.
Does it relate to DUI (Dereference Under the Influence)?

What is DUI?
Attackers use the DUI vulnerability as a memory access service to mount attacks. Their aim to influence memory operations of isolated components through inputs to their public interface.

Apple Releases Multiple Security Updates:
Original release date: February 07, 2019

About the security content of iOS 12.1.4 – https://support.apple.com/en-us/HT209520

About the security content of macOS Mojave 10.14.3 Supplemental – Update – https://support.apple.com/en-us/HT209521

Preface: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

Background: A WAF is deployed to protect a specific web application or set of web applications. Generally, the common attacks such as cross-site scripting (XSS) and SQL injection will be under WAF protection. But in reality, XSS is hard to avoid.

New vulnerability found: Palo Alto Networks PAN-OS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

The following PAN-OS versions are affected:

PAN-OS 7.1.21 and prior
PAN-OS 8.0.14 and prior
PAN-OS 8.1.5 and prior

Official announcement shown as below: https://securityadvisories.paloaltonetworks.com/Home/Detail/140

Preface: Avahi is a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery.

Technical background:
Multicast DNS (mDNS) is a protocol that uses packets similar to unicast DNS except sent over a multicast link to resolve hostnames.

Vulnerability found in Avahi:
The vulnerability exists because the affected software misses link-local checks, causing the multicast DNS (mDNS) protocol to respond to IPv6 unicast queries with source addresses that are not on-link.

Impact: Remote attacker to access sensitive information on a targeted system or conduct DDoS!

Remedy released finally: 22 Dec 2018
https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f

Remark: Happy Lunar New Year. Kung Hei Fat Choi!

Preface: Dynamic memory automatically reclaimed when the garbage collector no longer sees any live reference to it.

Description: A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition.

Official announcement – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass

My opinion: For memory that is not associated with a Scheme object, we cannot assume the new memory block can be freed by a garbage collection. FirePower run on top of Cisco ASA appliance.See below bug history, eventhough it is Cisco. The design is better to separate the Snort with CISCO ASA!

Preface: phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.

Description: Phpmyadmin sometimes similar is a gadget. It can help you reset your WordPress password. It seems to be very useful, but this time the vulnerability is equivalent to the Swiss Army Knife, thus breaking your defense mechanism.

Vulnerability detail: An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Official reference: https://www.phpmyadmin.net/security/PMASA-2019-2/

Preface: Programmer just spend 10 minutes write a python script then can listen UDP traffic. Even though we performing Google Search , the function is using Python code.

Information background:
Python has now become the most taught programming languages in Universities and Academica. Machine learning or artificial intelligence is learning Python because it is the primary language that makes tasks easier.

Vulnerability:
The security expert from Cisco Talos found that a vulnerability will be occured when python parser handling x509 certificate. A handshake failures result in skipping the call to getpeercert(). Under above circumstances, attacker can craft a x.509 certificate with both a blank distributionPoint and cRLIssuer causes a NULL pointer dereference. As a result a denial-of-service occur.

Official details: https://bugs.python.org/issue35746

Preface: IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. Relion products have been designed to implement IEC 61850 standard.

Vulnerability has been recorded to National Vulnerability Database – 15th Jan 2019:
ABB Relion 630 series allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
Ref: SP command is used to setup the SPA-bus interface, UN command is used to program the unit list, ..

Vendor reference:

http://search.abb.com/library/Download.aspx?DocumentID=1MRS758909&LanguageCode=en&DocumentPartId=&Action=Launch

Remark: The atmosphere shown that in industrial world especially energy, gas, water supply facilities will be the attacked target by APT group once political issue occurs in between different countries. The Natural-gas processing plant and Oil refining facility relies on SCADA system. The cyber security alert awaken the business owner and management group last year. They are now have better understanding of patch management and cyber security awareness.

Preface: Cisco SD-WAN key advantage keen to reducing costs with transport independence across MPLS, 3G/4G LTE, etc. Meanwhile it improving business application performance and increasing agility.

Technical background:
The vSmart controller is the brains of the centralized control plane for the Viptela system network architecture. The vSmart controller runs as a virtual machine (VM) on a network server. It can also run as a container within a vContainer host.

Vulnerability found announced on today (23rd Jan 2019)
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The details are as follows: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo

Preface: Tycoon wants to invest in a football team. He wants to know which is the good team, how many matches they won in years, the revenue they generate,..etc. Believe that analyzing data solution (TIBCO Spotfire ) can help.

TIBCO Spotfire technology Synopsis:
Data virtualization time-to-solution is 5‒10X faster than traditional data warehousing and ETL.You can extend TIBCO Spotfire yourself using TIBCO Spotfire’s publicly published APIs, download extensions from the TIBCO component exchange.

Vulnerabilities found this month (16th Jan 2019)!

TIBCO Spotfire Authentication Vulnerability – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814

TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812

TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813