Preface: Gartner Reports give people direction, but sometime as a customer, you can select your appropriate product on your decision. For instance cyber security product

Technical background: SIEM software products provides real-time analysis of security alerts generated by applications and network hardware. Netwitness can investigate data capture and display the real scenario on screen.It is very important in IT world nowadays.

Synopsis: RSA security product pioneer go to the market more than decade. From 2011 acquire Netwitness and conduct a product integration. It was today naming convention security analytic. It contains SIEM, real time network activities data capture (Big data) and malware analysis (ECAT). From technical point of view, the GUI (Dashboard) and web access technology looks did not have any security enhancement.

Vulnerability details: Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to an Authorization Bypass vulnerability and command injection vulnerability. For more details please refer to the link below:

https://community.rsa.com/docs/DOC-104202

Preface: Before Kerberos, Microsoft used an authentication technology called NTLM.

Technical background: The biggest difference between the two systems is the third-party verification and stronger encryption capability in Kerberos. Kerberos version 4 was targeted at Project Athena in 80s. Neuman and Kohl published version 5 in 1993 to improve the limitations and enhance the security.
Heimdal is an implementation of Kerberos 5 and large footprint in Sweden.

About PKINIT:
Specifies the Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol. This protocol enables the use of public key cryptography in the initial authentication exchange of the Kerberos Protocol (PKINIT) and specifies the Windows implementation of PKINIT where it differs from [RFC4556].

Vulnerability Details:
RFC8062 Section 7 requires verification of the PA-PKINIT-KX key exchange when anonymous PKINIT is used. Failure to do so can permit an active attacker to conduct MITM.

Comment: This vulnerability not only happen in Heimdal open source product. Believe that it will have more vendor report similar problem afterwards. Heimdal has released updates via following link: https://github.com/heimdal/heimdal/tags

Preface: Intel flaw let VMware become victim (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) ! VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526) looks not a news?

VMware Vulnerability details:

VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526) – https://www.vmware.com/security/advisories/VMSA-2019-0007.html

VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

Technical background: To improve the performance of writing data back to Intel CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. But a design limitation occurs which allows unauthorized users to access data used by other programs, containers, and virtual machines. So called Zombieload. ZombieLoad Attack affects all Intel CPUs since 2011.

VMware Security Advisories – https://www.vmware.com/security/advisories/VMSA-2019-0008.html

Preface: Heard that Microsoft is trying to head off another WannaCry-style malware outbreak before it starts.

Technical background: Remote Desktop Protocol is based on, and is an extension of, the T-120 family of protocol standards.

Vulnerability details: A vulnerability in the Remote Desktop Services component of Microsoft Windows could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

Current status: The POC details open to cyber world. The source code let people know the design weakness of RDP. For instance, the buffer of TPKT (ver 3,5,8) , ITU-T Rec X.224 & MULTIPOINT-COMMUNICATION-SERVICE T.125. The overall feedback in commercial IT world is that they are not vulnerable because they do not have Win 2008, Win 7 and XP. It is right. But the attack vector is not a commercial area, and its targets are medical systems, SCAD control, power facilities and the oil industry. So this let Microsoft headache this time.

Remediation via following link:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Preface: If you could talk to God. And ask in the world who can be trust? He will reply……

About technology risk for the FPGA:
How to trusting an external party with maintaining keys that protect the FPGA configuration?
A common practice till now is that it is a distinction between trust in operational processes and trust in functionality. In particular, we assume that the FPGA manufacturer is trustworthy at the time the device is created and provisioned. But the exception is that if the one of the element may become untrusthworty or manipulate by criminals. The original functionality of the FPGA as initially provisioned contains backdoors or other malicious components. Apart from that any long term keys maintained by the manufacturer might have risk.

Cisco findings and recommendation: A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality.

Remediation: For more information, please see the link below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot

With great power comes great responsibility.

Preface: I do not care about this vulnerability since social media communication not secure by far. This is not the news.

Headline news: Facebook Releases Security Advisory for WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. For more details, please refer following url – https://www.facebook.com/security/advisories/cve-2019-3568

About vulnerability background Quote: Whatsapp, and messenger both of which uses STUN protocols to establish video call connectivities.

Doubt – The WebRTC Vulnerability
The fundamental vulnerability with WebRTC is that your true IP address can be exposed via STUN requests with Firefox, Chrome, Opera and Safari browsers, even when you are using a VPN.
Besides, STUN requests are made outside of the normal XMLHttpRequest.This makes these types of requests available for online tracking if threat actors sets up a STUN server with a wildcard domain.

Does VPN avoid WebRTC leaks?
WebRTC vulnerability on your browser, rather than relying solely on a VPN for protection.

Objective: As a matter of fact, the specify spyware is custom made for law enforcement. So, I believe that not easy to know the truth. Perhaps above hits will let you have more imaginations.

Preface: TFTP was primarily designed to read or write files by using a remote server. It fully compliant with all related RFCs. This include RFC1350, RFC2090, RFC2347, RFC2348 and RFC2349.

Background: It is used where user authentication and directory visibility are not required. So, the design goal is cater for non confidential file sharing because the cyber attack not serious like today.

Vulnerability details: The atftpd Stack-Based Buffer Overflow vulnerability is due to an insecurely implemented strncpy call related to the tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c source code files of the affected software.

Remark: Strncpy is one of the C library functions, from the C standard library, defined in string.h, char *strncpy (char *dest, const char *src, int n), the string pointed to by src as src address The first n bytes of the beginning are copied into the array pointed to by dest, and the copied dest is returned.

Impact: If attacker can execute arbitrary code on a target, there is often an attempt at a privilege escalation exploit in order to gain additional control (see attached diagram).

The vendor has released software updates via following url: https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/

Preface: The software reads data past the end, or before the beginning, of the intended buffer. It may allow access to sensitive memory. This is so called “out of bounds read”.

Technical background: HHVM is an open-source virtual machine designed for executing programs written in Hack and PHP. HHVM uses a just-in-time (JIT) compilation approach to achieve superior performance. HHVM is developed by Facebook, so software developer for Facebook will select this technology.

Vulnerability details: Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory.

Impact: This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).

Facebook HHVM release resolution via following link: https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75

Preface: Lua is a powerful, fast, lightweight, embeddable scripting language. So it can work with Geospatial data perfectly.

Technical background: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. In order to achieve its outstanding performance, Redis contains different functions.The Redis Lua interpreter loads seven libraries: base, table, string, math, debug, cjson, and cmsgpack. From performance point of view, CJSON library provides extremely fast JSON manipulation within Lua.

Vulnerability details:

CVE-2019-11834 : cJSON Multiline Comments Out-of-Bounds Access Vulnerability (allowing the attacker to compromise the system completely)
CVE-2019-11835: cJSON Out-of-Bounds Access Vulnerability (allowing the attacker to compromise the system completely)

Remediation: The vendor has released software updates at the following link – https://github.com/DaveGamble/cJSON/releases

Preface: PHP is a scripting language that runs on a computer. Its main purpose is to process dynamic web pages, including command-line runtime interfaces or to generate graphical user interface programs.

Vulnerability details: A vulnerability in the EXIF component of PHP could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

Causes: The vulnerability exists in the exif_process_IFD_TAG function (ext/exif/exif.c source code). But similar flaw was occured in 2011 (CVE-2011-4566).

Official announcement: The PHP Project has released software updates via following url: https://php.net/downloads.php