The security update of Microsoft this week included provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715. Apart from that it also provides Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities. However I was wondering the mitigation plan coverage provided by AMD?

A insidiousness of the SIMD instruction extensions of ARM, MIPS, and x86? Does AMD cover this part because SIMD Instructions considered harmful?Any advice or we just ignore it?

For more details about the security update, please refer below url for references.

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities – https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

KB4093112 – https://www.catalog.update.microsoft.com/Search.aspx?q=KB4093112

Traditional layer 2 communication system (without TCP/IP), proprietary OS system and without internet technology similar as a antibody protect the important facilities especially electricity power supply, water supply and natural gas facilities. But the element of civilization like a non stop vehicles moving forward. Whereby the man kind went through industrial revolution till today digital technology revolution. Our daily lifes support by electricity, water and natural gas. In order to maintain the stability and quality of those resources of supply. A analogue to digital (electronics) conversion was done, Thereby those facilities are under governance and control by PLC and SCADA today. However a design limitation was found since the components embedded Microsoft operation system and Linux opensource. So we heard power facilities encountered cyber attacks. This time the design flaw found in Allen Bradly PLC product. Regarding to the CVE reference number, we found that the vulnerabilities reported last year and believed that vulnerabilities has been fix. But a reminder to all of us is that vulnerabilities not limit to your office automation system and smartphone.The vulnerabilities are go with us daily.

Below url provides an overview of cyber attack on nuclear power facilities for reference.

Potential black force – digitize Godzilla

CVE-2017-12093

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445

CVE Number

CVE-2017-14462, CVE-2017-14463, CVE-2017-14464, CVE-2017-14465, CVE-2017-14466, CVE-2017-14467, CVE-2017-14468, CVE-2017-14469, CVE-2017-14470, CVE-2017-14471, CVE-2017-14472, CVE-2017-14473

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443

Coin has two sides, the computer has vulnerabilities on the other hand show benefits. Why, it provides a influence effect causes people found out resolution.And such a way go to advanced technology zone.
Security announcement by Adobe urge adobe users following the requirement apply the fix. Since there are total 5 items of security update. The item which bring my attention is the phonegap push plugin vulnerability (CVE-2018-4943). PhoneGap Push plugin that brings support for Firebase Cloud Messaging (FCM) to Apache Cordova apps on iOS and Android since PhoneGap Push Plugin version 2.0.0.
Firebase Cloud Messaging (commonly referred to as FCM), formerly known as Google Cloud Messaging (GCM), is a cross-platform solution for messages and notifications for Android, iOS, and web applications, which currently can be used at no cost. If there is vulnerability encountered on phonegap push API. It merely effect not only a small group of persons! In short, please refer official articles for reference (see below):
Security update available for the Adobe PhoneGap Push Plugin | APSB18-15

https://helpx.adobe.com/security/products/phonegap/apsb18-15.html

There are few vulnerabilities not related to phonegap push API but need to aware!

Security Updates Available for Adobe Digital Editions | APSB18-13

https://helpx.adobe.com/security/products/Digital-Editions/apsb18-13.html

Security Update Available for InDesign | APSB18-11

https://helpx.adobe.com/security/products/indesign/apsb18-11.html

Security updates available for Adobe Experience Manager | APSB18-10

https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html

Security updates available for Flash Player | APSB18-08

https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

Headline news posted by Reuters report that Iran hit by global cyber attack that left U.S. flag on screens. As we know, this vulnerability will be conducted the following:

1. Triggering a reload of the device.
2. Allowing the attacker to execute arbitrary code on the device.
3. Causing an indefinite loop on the affected device that triggers a watchdog crash.

Perhaps the side effect of this vulnerability looks dangerous especially allowing the attacker to execute arbitrary code on the device.

But there is quick way to do the remedation of this vulnerability.

a. Go to your router configuration mode and input no vstack command.

b. Since victim report that a special message show on the console screen. And therefore it is recommended to use your ios backup file to replace existing ios.

For more details about the headline news report by Reuters. Please following below url for reference.

https://www.reuters.com/article/us-iran-cyber-hackers/iran-hit-by-global-cyber-attack-that-left-u-s-flag-on-screens-idUSKBN1HE0MH

There are total 2,149,836 web sites deployed Ruby On Rails framework.Ruby on Rails, or Rails, is a server-side web application framework written in Ruby under the MIT License. RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries. There are 3 items of vulnerabilities found on Ruby. Per my investigation, if hacker combining those 3 items of vulnerabilities can transform as a powerful hacking strategy. System administrator must check your environment see whether it requires for update.

Technical references shown as below:

CVE-2018-3740 – https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e

CVE-2018-3741 – https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae

CVE-2018-8048 – https://github.com/flavorjones/loofah/issues/144

Staying alert! Microsoft Malware Protection Engine design limitation

Microsoft Releases Security Update 3rd April 2018:

https://portal.msrc.microsoft.com/en-US/security-guidance

Technical details: Explanation

1. Microsoft Malware Protection Engine runs as NT AUTHORITY\SYSTEM without sandboxing, and is remotely accessible without authentication via various Windows services,including Exchange, IIS,…etc

2. NScript is the component of Microsoft Malware Protection Engine that evaluates any filesystem or network activity that looks like JavaScript.

3. The attacker can invoke object vtable to pass arbitrary to other objects.

Remark: When an object is created, a pointer to this table, called the virtual table pointer, vpointer or VPTR, is added as a hidden member of this object.

We heard in frequent that threat actors will be engaged APT attack to hostile country. The more percentage of cyber attack to the important public facilities most likely is the nuclear power facilities and power generator. As we know, a harden procedure has been built by nuclear power facilitates company. In order to avoid the unforeseen cyber incident happens, internet access function is prohibited in that area. However working with SCADA technologies market coverage not limit to nuclear power facilities. The oil refinery industry, natural gas and water supply facilities are relies on SCADA system. Today, a security alert is going to awake oil refinery, gas and water supply industries. Since a announcement by SCADA hardware manufacture Siemens, they inform that their product encountered vulnerability. The manufacture provides the workaround. However, the workaround only suggest to setup a preventive control.  To be honest, may be there are more spaces to do the remediation! Should you aware of this vulnerability. please refer below vendor announcement for reference.

https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Perhaps a medium vulnerability found on IT product not a shock. However the medium vulnerability co-exists with known critical vulnerabilities created multiple vulnerabilities are unable to foreseen what is the level of damage. Cisco IOS XE fundamental design integrate to open system. The severity of vulnerability CVE-2018-0196 is medium level. End user is allow to disable the http services to avoid the vulnerability. But the default state of the HTTP Server feature is version-dependent. A significant signal alert Cisco customer that corrective control is not enough. A efficient way is enhance your preventive and detective control. That is the implementation of managed security services. The critical vulnerabilities was posted last week. But the vulnerability of CVE-2018-0196 confirmed and therefore it summarized as below:

CVE-2018-0196 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-wfw

CVE-2018-0151

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

CVE-2018-0171

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

I spend a lot of time to study security update by Apple this week. It looks that core foundation vulnerability bring to my attention. As we know Objective-C is a general-purpose, object-oriented programming language used by Apple for the OS X and iOS operating systems. Retrospectively, vendor has urge developer that a good practices will be prevented memory-related problem. I am concerning about the race condition vulnerability found this time. There are two main kinds of problem that result from incorrect memory management. Freeing or overwriting data that is still in use. Not freeing data that is no longer in use causes memory leaks. This is the way to causes the vulnerability (race condition) happens.

Since there are plenty of vulnerabilities address this time. For more details, please refer to official url for reference.

About the security content of iOS 11.3

https://support.apple.com/en-us/HT208693

About the security content of Xcode 9.3

https://support.apple.com/en-us/HT208699