Preface: phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.

Description: Phpmyadmin sometimes similar is a gadget. It can help you reset your WordPress password. It seems to be very useful, but this time the vulnerability is equivalent to the Swiss Army Knife, thus breaking your defense mechanism.

Vulnerability detail: An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Official reference: https://www.phpmyadmin.net/security/PMASA-2019-2/

Preface: Programmer just spend 10 minutes write a python script then can listen UDP traffic. Even though we performing Google Search , the function is using Python code.

Information background:
Python has now become the most taught programming languages in Universities and Academica. Machine learning or artificial intelligence is learning Python because it is the primary language that makes tasks easier.

Vulnerability:
The security expert from Cisco Talos found that a vulnerability will be occured when python parser handling x509 certificate. A handshake failures result in skipping the call to getpeercert(). Under above circumstances, attacker can craft a x.509 certificate with both a blank distributionPoint and cRLIssuer causes a NULL pointer dereference. As a result a denial-of-service occur.

Official details: https://bugs.python.org/issue35746

Preface: IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. Relion products have been designed to implement IEC 61850 standard.

Vulnerability has been recorded to National Vulnerability Database – 15th Jan 2019:
ABB Relion 630 series allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
Ref: SP command is used to setup the SPA-bus interface, UN command is used to program the unit list, ..

Vendor reference:

http://search.abb.com/library/Download.aspx?DocumentID=1MRS758909&LanguageCode=en&DocumentPartId=&Action=Launch

Remark: The atmosphere shown that in industrial world especially energy, gas, water supply facilities will be the attacked target by APT group once political issue occurs in between different countries. The Natural-gas processing plant and Oil refining facility relies on SCADA system. The cyber security alert awaken the business owner and management group last year. They are now have better understanding of patch management and cyber security awareness.

Preface: Cisco SD-WAN key advantage keen to reducing costs with transport independence across MPLS, 3G/4G LTE, etc. Meanwhile it improving business application performance and increasing agility.

Technical background:
The vSmart controller is the brains of the centralized control plane for the Viptela system network architecture. The vSmart controller runs as a virtual machine (VM) on a network server. It can also run as a container within a vContainer host.

Vulnerability found announced on today (23rd Jan 2019)
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The details are as follows: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo

Preface: Tycoon wants to invest in a football team. He wants to know which is the good team, how many matches they won in years, the revenue they generate,..etc. Believe that analyzing data solution (TIBCO Spotfire ) can help.

TIBCO Spotfire technology Synopsis:
Data virtualization time-to-solution is 5‒10X faster than traditional data warehousing and ETL.You can extend TIBCO Spotfire yourself using TIBCO Spotfire’s publicly published APIs, download extensions from the TIBCO component exchange.

Vulnerabilities found this month (16th Jan 2019)!

TIBCO Spotfire Authentication Vulnerability – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814

TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812

TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813

Preface: Every computer has a finite amount of memory so OS might actually need to use more than is physically available on your system. As a result, it is hard to avoid sharing resources feature.

Our security focus:
In regard to security update announced by Apple. Our security focus of this topic will be follow closely of malicious application may cause unexpected changes in memory shared between processes.

Under XNU a virtual memory map is represented by a
_vm_map struct, defined in osfmk/vm/vm_map.h. Because not the entire virtual memory address space is mapped at any given moment, the virtual memory map is divided in several entries, each representing a continuous block of mapped memory which share common properties.

Design limitation:
CVE-2019-6205 and CVE-2019-6208: A malicious application may cause unexpected changes in memory shared between processes.

Remedy:
The Apple Security Update covers all of its products. For more information, please see the following: https://support.apple.com/en-hk/HT209446

Preface: Container Linux by CoreOS is an open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure to clustered deployments, while focusing on automation, ease of application deployment, security, reliability and scalability.

Found vulnerability:

A vulnerability in CoreOS etcd could allow an unauthenticated, remote attacker to bypass security restrictions and gain unauthorized access.

Impact:

An attacker could exploit this vulnerability by sending malicious requests to the affected application. A possible way let attacker evade security restrictions then gain unauthorized access to the targeted system.

Vendor Announcement:

CoreOS has released updated software at the following link: https://github.com/etcd-io/etcd/releases

Preface: Drupal is a free and open source content-management framework written in PHP and distributed under the GNU General Public License.

Security Focus:
Drupal has traditionally depended on multiple external tools. Drupal core uses the third-party PEAR Archive_Tar library. In PEAR Archive_Tar before 1.4.4, there are several file operation with $v_header['filename'] as parameter (such as file_exists, is_file, is_dir, etc). When extract() is called without a specific prefix path, we can trigger phar induced unserialization by crafting a tar file with phar://[path_to_malicious_phar_file] as path name. Object injection can be used to trigger destructor/wakeup method in the loaded PHP classes. For instabce: With Archive_Tar itself, it can trigger arbitrary file deletion because @unlink($this->_temp_tarname) will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible.

Official announcement:
Drupal core Arbitrary PHP code execution (Critical) – https://www.drupal.org/sa-core-2019-002

Drupal core Third Party Libraries vulnerability (Critical) – https://www.drupal.org/sa-core-2019-001

Preface: Computer system vulnerability wreak havoc, IT life not easy!

Background: Oracle’s revolutionary cloud database features autopilot, self-protection, and self-healing capabilities designed to eliminate error-prone manual data management. But the Core RDBMS vulnerability still exists!

Security focus – CVE-2019-2444:
Since it did not provide the details. We supculated that even if you revoke the CREATE SESSION privilege from a user they would still be able to log in to the database by using a ROLE that has this privilege.

For instance:
DB contains a role with the create session privilege:
SQL> CREATE ROLE hidden_privileges;
SQL> GRANT create session TO hidden_privileges;

schema/batch user
SQL> CREATE USER user1 IDENTIFIED BY admin;
SQL> GRANT create session TO user1;

If someone has an alternative way for connecting to the database
SQL> GRANT hidden_privileges TO user1;

Then vulnerability occurs.

For remaining vulnerabilities, please refer official announcement. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html