Preface: Vulnerabilities are flaws in computer software that create weaknesses in your computer or network overall security.
Can you imagine that what is the actual situation before vulnerability found?

Background information: Jenkins is the leading open-source automation server. Built with Java, it provides over 1000 plugins to support automation.

Vulnerability announcement on 17th Dec 2018:
The vulnerability is due to improper handling of HTTP requests by the stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java code of the Stapler web framework used by the affected software. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the targeted system. An exploit could allow the attacker to invoke certain methods that are not intended to be invoked, which the attacker could use to execute arbitrary code.

Official announcement (Remedy): https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595

Preface: Xen Project is a hypervisor using a microkernel design, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently.

Vulnerability description:
The vulnerability is due to an interpretation conflict for union data structure associated with shadow paging.The XSA-240 introduced a new field into the control structure
associated with each page of RAM. This field was added to a union data structure.Thus dirty bitmap tracking which is used when performing live migration of virtual machines. However a technical conflicts during migration, or L1TF mitigation for PV guests(L1 Terminal Fault speculative side channel mitigation – XSA-273).

Impact: All Xen versions from at least 3.2 onwards are vulnerable. Earlier versions have not been checked

Official remedy solution: https://xenbits.xen.org/xsa/advisory-280.html

Preface: As time goes by, an evolution in technology offers best-of-class in rendering for both VFX and feature film animation.

What does VFX stand for?
Visual effects (abbreviated VFX) is the process by which imagery is created or manipulated outside the context of a live action shot in film making.
RenderMan offers a combination of unbiased and biased rendering techniques which provide both accuracy and technical efficiency

Vulnerability details:
Pixar’s Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability.

Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
In most of the cases, cross-site scripting attack is being used to steal the other person‘s cookies. As we know, cookies help us to log in automatically. Therefore with stolen cookies, we can login with the other identities. Cope with above vulnerability, the stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user.

Reference: https://kb.cert.org/vuls/id/756913/

Preface: Since we launched it in 2014, Kubernetes running strong. It is becoming “the Linux of the cloud,” according to Jim Zemlin, Executive Director of the Linux Foundation. Analysts estimate that 54 percent of Fortune 100 companies use Kubernetes across a spectrum of industries including finance, manufacturing, media, and others.

Giant will sick as normal people (so called vulnerability):
Critical – CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses. Reference: https://access.redhat.com/security/cve/cve-2018-1002105

CVE-2018-1002101 – In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. Reference:
Reference:  https://github.com/kubernetes/kubernetes/issues/65750

CVE-2018-1002103 – The attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.
Reference: https://github.com/kubernetes/minikube/issues/3208

Preface:
Remote code execute and Privileges escalation are the critical vulnerabilities topics which lure end user attentions. On patch Tuesday (remedy program) issued by Microsoft this week. Their product design limitation contains priviliges escalation vulnerability.

CVE-2018-8611 – Vulnerability details:
With reference of CVE-2018-8611 inform customer that exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

Technical background:
So far, the the win32k.sys kernel module is a well-known attack surface. The function NtUserSetWindowLongPtr replaces the target window’s spmenu field with the function’s argument without any checks when using GWLP_ID and the target window’s style is WS_CHILD.
NtUserSetWindowLongPtr is a win32k service function which can be called from user mode (use the corresponding system call ID).
In the nutshell, this gives a way to attacker to replace the target window’s spmenu value to anything.

Microsoft remedy: 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611

Background:
On 28th Nov 2018, a SQL injection vulnerability found on Cisco Prime License Manager. Vendor (Cisco) with immediate action release the patch to remediate this design weakness.

Technical issue found on patch:
Update (2018-December-10): Installing the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch may cause functional issues. Workarounds are available for some of these issues. Rolling back this patch as described in the Fixed Releases section will correct these functional issues, but the device will be affected by this vulnerability again when the patch is not in place. See the Fixed Releases section for details.
An official announcement in regard to this issue.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

So what is the next action of customer:

USING SIEM EVENT CORRELATION TO DETECT SQL INJECTION & XSS ATTACK.

We can detect SQL injection following the methods below.

1. Network IDS spotting SQL injection

2. Host IDS detecting SQL injection by watching file activity

Preface: Intel Software Guard Extensions (SGX) is a set of central processing unit instruction codes from Intel that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels.

SGX design limitation:
L1 Terminal Fault aka Foreshadow found in August 2018. Foreshadow enables an attacker to extract SGX sealing keys, previously sealed data can be modified and re-seal.

The Foreshadow / L1-terminal-fault attack were assigned the following CVE numbers:
CVE-2018-3615 for attacking SGX.
CVE-2018-3620 for attacking the OS Kernel and SMM mode.
CVE-2018-3646 for attacking virtual machines.

Remedy:

Regarding to this vulnerability. Siemens Security Advisory by Siemens Product has following announcement to their product. For more details, please see below:

https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf

Preface: One of the biggest successes of the iPhone is its security. Still No Major Malware found on iPhone.

Current possible infection methods:
1. iOS process named “iBoot” that starts up the system when you first turn on your iPhone and ensures the code being run is valid and originates from Apple. Hacker mimic counterfeit firmware may have way to compromise Apple iOS devices.

2. Malware compromised windows OS, exploit this channel implant malicious code to 3rd party iOS app then install to Apple iOS devices.

3. Man-in-the-middle -attack: On 2016, found a program called “爱思助手 (Aisi Helper),” which acts as the “man-in-the-middle” attack. Aisi Helper silently installs a malicious app to any connected iOS devices. It appears that the malicious app connects to a third-party iOS app and game store that asks users to enter their Apple ID passwords then implant malicious code to 3rd party Preventive maintenance:

Following official suggestion to enhance your iOS devices (see below)

iOS – https://support.apple.com/en-us/HT209340

iTunes – https://support.apple.com/en-us/HT209345

Safari – https://support.apple.com/en-us/HT209344

iCloud – https://support.apple.com/en-us/HT209346

Preface:

As of 2018, expert estimates that Google Chrome has a 68% worldwide usage share of web browsers as a desktop browser. It also has 61% market share across all platforms combined. Moreover it has over 50% share on smartphones.

Technical features:
Google chrome not only a web browser. It contained friendly capabilities.
How to enable Material Design?
Google Chrome is a freeware web browser developed by Google LLC.
If you are interested of Google Chrome with its secret Material Design. You can following below details for reference.

Chrome-desktop:
Go to the URL bar and type – chrome://flags/#top-chrome-md

Chrome-iOS:
Go to the URL bar and type – chrome://flags/#top-chrome-md

Chrome design weakness – Found Nov 2018
Since there are several items of issue found. Following details of items bring to my interest.
Out of bounds write in V8 – High CVE-2018-17480, CVE-2018-18342
Use after frees in PDFium – High CVE-2018-17481, CVE-2018-18336, CVE-2018-18343

Should you have interested, please refer to official announcement for reference

https://chromereleases.googleblog.com/search/label/Stable%20updates