Preface:
SharePoint is unquestionably one of the best and most significant enterprise productivity tools for user. It similar OneDrive for Business and Apps functions.

Vulnerability found on SharePoint – 2019 Jan
CVE 2019-0556 | Microsoft Office SharePoint XSS vulnerability

The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.

Example:

1. Exploit go through email attach with graphic file. The graphic file embedded malicious code simultaneously. This way will have high possibility to evade malware detection.
2. It can exploit the vulnerability (CVE-2019-0556) when hunt the victim.
3. Assume sharepoint application user will be the target since they are focus on operation instead of cyber security awareness.
4. Assume computer compromised by attacker.
5. I assume that the attacker’s ultimate goal is to steal the victim’s cookies by exploiting an XSS vulnerability in sharepoint. This can be done by having the victim’s browser parse the HTML code.
6. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. For more detail, please refer to attached diagram

Official announcement:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556

Preface: What Is Big Data and Why Do We Need It?

A complex reason of this question. In short sentence to describe, business and human being looking for operational efficiency to improve the daily life.

Technical background of Apache NiFi:
Apache NiFi can help you get your S3 data storage into proper shape for analytic processing with EMR, Hadoop, Drill, and other tools.
Drill is primarily focused on non-relational datastores, including Hadoop, NoSQL and cloud storage.

Vulnerability found on Apache NiFi:
A vulnerability in the template upload API endpoint of Apache NiFi could allow an unauthenticated, adjacent attacker to conduct a cross-site request forgery (CSRF) attack on a targeted system which could be used to conduct further attacks.

Reason: The vulnerability is due to improper validation of user-supplied input by the template upload API endpoint used by the affected software.

Remedy: Official announcement shown as below

https://nifi.apache.org/download.html

Cause: A vulnerability in the Java deserialization used by the Apache Commons Collections (ACC) library could allow an unauthenticated, remote attacker to execute arbitrary code.

Remark: Researchers have found complex object graphs which, when deserialized, can lead to remote code execution in most Java software.

Official announcement:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization

Preface: On 4th Jan 2019 CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server…

Report details:
The report recall vulnerabilities found on 13th Dec 2018 (see below):
CVE-2018-8626 Windows DNS Server Heap Overflow
Vulnerability – https://www.kb.cert.org/vuls/id/531281/

CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability – https://www.kb.cert.org/vuls/id/289907/

But vulnerability (CVE-2018-8611) successfully bypasses modern process mitigation policies, such as Win32k System call Filtering that is used, among others, in the Microsoft Edge Sandbox and the Win32k Lockdown Policy employed in the Google Chrome Sandbox.

My observations:
Perhaps you applied the MS patch but it is hard to avoid similar evasion of technique in the moment because of the following reason.
C++ Exception Handling. An exception is a problem that arises during the execution of a program. A C++ exception is a response to an exceptional circumstance that arises while a program is running, such as an attempt to divide by zero. Exceptions provide a way to transfer control from one part of a program to another.

Suggestion: Enforce the control by SIEM or deploy MSS services.

An attacker could exploit these vulnerabilities to take control of an affected system.

Reminder: It is hard to avoid system administrator read the pdf format of document during installation. If such vulnerability occur, it is very dangerous!

Official announcement: https://helpx.adobe.com/security/products/acrobat/apsb19-02.html

Preface: The objective of an APT attack is usually to monitor network activity and steal data. But the APT historical records shown that there are APT attacks intend to damage the network or organization.

APT might not easy to detect:
VM handler able to relocate and move code because of ASLR (address space layout randomization) applied. Example shown below for refernce.
For example the instruction AND has opcode 0x17 when you print.
The 32-bit code to run is stored entirely into the variable section with the value at offset 5 specifying the number of bytes to be copied and executed.
However the ability of conditional opcodes, the variable part can contain the next JIT packet ID or the next relative virtual address (RVA) where code execution should continue. So it such a way increase the difficult to detect the malware behaviour.

Prevention:
In order to fight against APT activities. Try to understand their goal of action. For example, we can learn from security report. For more details, please find below URL for reference.

Kaspersky Threat predictions for 2019 – https://www.brighttalk.com/webcast/15591/340766?utm_source=kdaily&utm_medium=blog&utm_campaign=gl_Vicente-Podz_organic&utm_content=link&utm_term=gl_kdaily_organic_link_blog_Vicente-Podz

Preface: Business Insider predicts business spending on IoT solutions will hit $6 trillion by 2021.

Technical background: EcoStruxure is Schneider Electric’s IoT-enabled, plug-and-play, open, interoperable architecture and platform, in Homes, Buildings, Data Centres, Infrastructure and Industries.

Vulnerability details:
Security Notification – Embedded Web Servers for Modicon V2 : https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-327-01-Embedded-Web-Servers-Modicon-V2.pdf&p_Doc_Ref=SEVD-2018-327-01

Security Notification – Power Monitoring Expert, Energy Expert : https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-347-01+Power+Monitoring+Expert+and+Energy+Expert.pdf&p_Doc_Ref=SEVD-2018-347-01

Comment: Not only a phishing scam trigger a URL redirection vulnerability. It also causes awaken product design weakness let multiple vulnerability occurs. It is a array effect. Since modicon and PLC products contains design limitations. The total 3 layers will be compromised once attack successful implement their phishing scam.

Preface: Open a command prompt and type the following commands in sequence. Download vSphere PowerCLI from the Download page of the VMware Web site and install the vSphere PowerCLI software.

Technical background:
VMware vRealize Operations will help customers derive even more value from a “Self-Driving” approach to operations management. For instance:

• Intent-Driven Continuous Performance Optimization
• Efficient Capacity Management
• Intelligent Remediation

Vulnerability:
VMware vRealize Operations (vROps) could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper permissions of support scripts. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain root privileges on a vROps machine.

Remedy: https://www.vmware.com/security/advisories/VMSA-2018-0031.html

Preface: Over 3,000 companies around the world to protect intellectual property and other digital content deployed WibuKey Digital Rights Management (DRM) solution.

Technical background: Keep documents safe and stay compliant, while protecting your digital assets without impacting productivity. Digital Right Management (DRM) solution is a file-based security system that prevents exposure of sensitive and confidential files by trusted insiders, business partners, customers and unauthorized people.

Vulnerabilities details: Cisco Telos security expert has discovered a vulnerability in WibuKey WIBU-SYSTEMS WibuKey.sys, which can be exploited by malicious, local users to gain escalated privileges.

Remedy solution: https://www.wibu.com/support/user/downloads-user-software.html#download-216