Vulnerability details: A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
Introduction: Das U-Boot a popular primary bootloader, it widely used in embedded devices to fetch data from different sources and run the next stage code.In the technology and computer markets, widely used to this bootloader is Linux Kernel. Meanwhile, it is commonly used by IoT. Kindle and ARM ChromeOS devices.
Remedy: Official remediation solution is disable DOS partition default sector for 512 because it’s not very common at all to use large numbers of partitions. Meanwhile set a maximum recursion level (refer to the parameter shown on attached diagram).
Please note that Das U-Boot has other vulnerabilities found. The CVE details shown as below: CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204
Above vulnerabilities could let attacker gain remote code execution at the U-Boot powered device when U-Boot is configured to use the network for fetching the next stage boot resources.
Preface: We are all familiar with the .doc and .pdf formats. Because this is our choice in the business world.
Synopsis: Apache PDFBox is an open source pure-Java library that can be used to create, render, print, split, merge, alter, verify and extract text and meta-data of PDF files.
Vulnerability details: A vulnerability in Apache PDFBox could allow an unauthenticated, remote attacker to conduct an XML External Entity (XXE) attack on a targeted system. Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Preface: One of the objective for Aggregation Services aim to provision and manage a huge number of separate physical platforms. As a result, the international vendor like Cisco also doing the transformation of the physical network devices. And therefore we seen VM devices OS system image today.
Synopsis: In order to cope with cloud computing and container environment, IOS XR 64-bit operating system (OS) is able to runs on virtualized environment with underlying 64-bit Linux kernel. As a result, the cisco product services can be extended.
Vulnerability details: A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.
Preface: Preface: Threat Intelligence vendor (FireEye) alert that Global DNS Hijacking Campaign rapidly growth. This storm affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.
Let us think that this kind of attack seems to happen in our daily lives. Perhaps sometime even though Defense mechanism not aware. Microsoft Office documents containing built-in macros is very useful and can become a Swiss army knife to hurt you. Macros are essentially bits of computer code, and historically they’ve been vehicles for malware. Should you have interest of this topic, attach diagram can provide high level overview for your reference.
Remark: Seems the SIEM endpoint event monitoring will be the effective remedy solution. However it might have involves confidential data label. So this part requires management review and separation of duties.
The Department of Homeland Security urge the world and United state staying alert of new wave of cyber attack.
SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Most likely the goal of the action is interfere the society stability. It can widespread impact on political stability.
1. Maintain up-to-date antivirus signatures and engines.
2. Keep operating system patches up-to-date.
3. Disable File and Printer sharing services.
4. Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
5. Enforce Awareness training.
SIMATIC WinCC Open Architecture enables handling with bigger amounts of data with even smaller hardware solutions. However WinCC OA v3.14 found critical vulnerability. Do you think below detail is the root causes? A remote attackers execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. So we must Protecting C Programs from Attacks via Invalid Pointer.
Vulnerability record in SIMATIC WinCC OA V3.14 (see below):
In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run. In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run.
The most popular CMS systems nowadays are the following:
1 WordPress – With around 18 million installations, WordPress is the most-used open source CMS worldwide.
2. Joomla – With 2.5 million installations worldwide, Joomla! is the second biggest agent in the CMS market.
3. Drupal – As of January 2017 more than 1,180,000 sites use Drupal. These include hundreds of well-known organizations including corporations, media and publishing companies, governments, non-profits, schools, and individuals.
On April 2018, a critical design flaw found on Drupal. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. Drupal users required to stay alert again! Official announcement shown as below:
Archer Technologies provided enterprise governance, risk, and compliance management software. The product aim to reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls. Whereby, it integrate with your internal systems equivalent as workflow management especially approval process.
REST API relies on a stateless, client-server, cacheable communications protocol. The HTTP protocol is use in default.
Headline News said a global laboratory company suspect encounter cyber attack this month (Jul 2018). LabCorp a leading global life sciences company, aim to provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year. As of today, we did not heard any official announce the details. However the news on article given hints to speculated the root cause. The company insider senior managers were informed that the entire computer network of LabCorp, a Fortune 500 company, was shut down across the US Sunday morning after hackers tried to access the private medical records of millions of people.
Regarding to this unconfirmed cyber attack incident, can you still remember CVE-2018-10593 and CVE-2018-10595. What if attacker hunt the staff from LabCorp go through phishing email or send malicious MS Word document. It luck to evade the antivirus and firewall IPS. Then conduct the design weakness of BD Kiestra system vulnerabilities (CVE-2018-10593 and CVE-2018-10595). It looks that one of the data breach scenario will be successful establish.
A VULNERABILITY FOUND IN BECTON DICKINSON DB MANAGER (CVE-2018-10593 AND CVE-2018-10595)