A Cantonese mantra so called “蝦碌”. “蝦碌” means similar exclamation. Citrix product now falling into this situation. It allow remote attackers to execute a system command or read arbitrary files via SSH login prompt. From technical point of view it is similar Authentication Bypass Vulnerability.
In short, the official announcement shown below url:
The design limitation of Intel Software Guard eXtensions (SGX) start discussion end of 2017. The security expertise focusing the topic on software development for SDK. Since the programming language are mainly written by programming language C and C++. A possibility factor predict that it will be lured for threat actors interest. And therefore a conference held last year 2017 focus the specifics issue. Regarding to the observation of The Ohio State University observe (Department of Computer Science and Engineering), they found hack tricks which may allow to do in Intel Software Guard eXtension during SDK development. Perhaps Meltdown and Spectre incident override this issue. The security expert including myself awaken this week and starting the similar discussion. This attack so called SgxSpectre attack. No matter what will be happen in future. It tell the world that our electronic industry running too fast. It lack of business maturity model concept involvement.. Yes, we a living in a huge competition market which do not concerning long product life cycle. And the final way encounter hard to resolve issue occurs like the situation today. Technical article for your reference.
http://web.cse.ohio-state.edu/%7Ezhang.834/papers/SgxPectre.pdf
US-CERT encourages users and administrators to review ISC Knowledge Base Article.
https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
Perhaps it is out of end user control!
What is ISC(Internet Systems Consortium)?
F Root System (ISC) – Enables users around the world to find top-level domains such as .com, .uk, .edu; Reliable anycast network with over 125 nodes; Hosted in local IXes, and on the Cloudflare network, managed by ISC. A vulnerability found on ISC (DHCP) and (BIND). Does it a precaution?
Cyber computer world news similar Hollywood celebrity scandal. It can’t maintain longer and easy to forget. Intel learned by experience. Thus invite Microsoft for assistance.
About CPU platforms around Spectre Variant 2 (CVE 2017-5715 (“Branch Target Injection”)).
I speculate that a technical problem occurs by Intel patch program last time cause by the following issue.
An invalid pool request has been made by the current thread. Typically this is at a bad IRQL level or double freeing the same memory allocation, etc.
KB4090007: Intel microcode updates
Applies to: Windows 10 version 1709Windows Server, version 1709 (Datacenter, Standard)
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
Apache and Tomcat server usage covered more than 60% in cyberworld. A common practice is that Apache server hold the static page or it is a front end (Reversed Proxy function). Tomcat server trend to become a major server component. So all your java application, configure and DB service ID will be located in this place.
This week a vulnerability found on Tomcat. The successful expose the design flaw causes exposed resources to users who were not authorised to access them. Folks, do not ignore this vulnerability. stay alert!
Should you have interest of this news. Please refer below url for reference.
I speculate that APT attack will be proactive doing their engagement in electric Power supply industry and target manufacturer this year. Since they are all deployed SCADA system. Perhaps engage an attack in this zone as much as better than negotiating with world trade commissioner request to reduce other country quota. The SCADA manufacture awaken the severity level of cyber attack will be jeopardizing firm reputation.
A vulnerability found in ABB SCADA system this month. The severity level not defined yet. But SCADA end user must be stayed alert. For more detail, please refer be URL for reference.
Big country versus Big discussion:
The US Securities and Exchange Commission (SEC) released a statement urge high-ranking executives not to trade stocks before the disclosing breaches, major vulnerabilities, and other cybersecurity related incidents.
New guidance – https://www.sec.gov/rules/interp/2018/33-10459.pdf
Meanwhile Intel release guidance this week (details of availability and schedule for microcode update). For more details, please see below url for reference.
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf
It is a funny cyber and economic world!
It indeed a tragedy. A multiple vulnerabilities in both Drupal 7 and Drupal 8. Drupal is a free and open source content-management framework written in PHP and distributed under the GNU General Public License.
In short, in order to avoid unforeseen technology risk issue occurs, please read the official announcement shown as below:
https://www.drupal.org/sa-core-2018-001
Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content.
This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances.
The PHP functions which Drupal provides for HTML escaping are not affected.
When using Drupal’s private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability.
This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.
For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 as a side effect of upgrading Drupal core to use a newer version of jQuery. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.
When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability.
This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records().
Note that the update will mark the node access tables as needing a rebuild, which will take a long time on sites with a large number of nodes.
The Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for.
If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. This release fixes the only two implementations in core, but does not harden against other such bypasses.
This vulnerability can be mitigated by disabling the Settings Tray module.
Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
Install the latest version:
————————- End ———————————————–
Understanding:
The VOSS platform is integrated in Cisco HCS where it is called Cisco Unified Communications Domain Manager (UCDM). VOSS has web services application programming interfaces (APIs) available to third-party developers.Features of VOSS include Web-based Administration, Centralised Management, Collaboration Lifecycle Management, Collaboration Service Management, Business Process Layer on top Network Infrastructure and Communications Architectures Management.
The Cisco Elastic Services Controller (ESC) provides a comprehensive lifecycle management platform for NFV. It provides end-to-end capabilities to automate various tasks such as deploying, monitoring, and elastically scaling virtualized functions, and make them available as business-level service.
Security updates:
Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm
Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc
Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc1
Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp
To be honest, it make surprise to me this month. An abnormal situation causes SCADA system in high risk. CVE-2018-5440 focusing vulnerability on COdesys web server.This product deployment use mainly in the critical manufacturing and energy sectors. Perhaps this is a Microsoft product and hard to avoid vulnerability occurs. The accusation of NotPetya ransomware attack last week bring the world focusing to SCADA system in the world. Meanwhile this vulnerability add unknown factor to SCADA control system environment. The official announcement suggest to do the following:
1. Use controllers and devices only in a protected environment to minimize network exposure and ensure they are not accessible from outside
2. Use firewalls to protect and separate the control system network from other networks
3. Use VPN (Virtual Private Networks) tunnels if remote access is required
4. Protect both development and control systems from unauthorized access (e.g., by means of the operating system)
5. Protect both development and control system by using up-to-date virus detecting solutions
For CVE details, please refer below url for reference.
https://www.securityfocus.com/bid/102909