Category Archives: Uncategorized

Security advisories – Drupal Releases Security Update (August 02, 2018)

In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run. In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run.

The most popular CMS systems nowadays are the following:

1 WordPress – With around 18 million installations, WordPress is the most-used open source CMS worldwide.

2. Joomla – With 2.5 million installations worldwide, Joomla! is the second biggest agent in the CMS market.

3. Drupal – As of January 2017 more than 1,180,000 sites use Drupal. These include hundreds of well-known organizations including corporations, media and publishing companies, governments, non-profits, schools, and individuals.

On April 2018, a critical design flaw found on Drupal. A remote code execution  vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. Drupal users required to stay alert again! Official announcement shown as below:

https://www.drupal.org/SA-CORE-2018-005

Silent security alert – RSA archer (CVE-2018-11059 & CVE-2018-11060)

Archer Technologies provided enterprise governance, risk, and compliance management software. The product aim to reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls. Whereby, it integrate with your internal systems equivalent as workflow management especially approval process.

REST API  relies on a stateless, client-server, cacheable communications protocol. The HTTP protocol is use in default.

Recent found vulnerabilities (CVE-2018-11059 and CVE-2018-11060) coincident working together jeopardizing your risk management and cyber security defense. A possible scenario may happens in this way. RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. Then hacker exploit CVE-2018-11060 to to elevate his privileges.

Reference hyperlink shown as below:

https://exchange.xforce.ibmcloud.com/vulnerabilities/147142

Jul 2018 – What’s up involving LabCorp Cyber Security incident ?

Headline News said a global laboratory company suspect encounter cyber attack this month (Jul 2018). LabCorp  a leading global life sciences company,  aim to provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year. As of today, we did not heard any official announce the details. However the news on article given hints to speculated the root cause. The company insider senior managers were informed that the entire computer network of LabCorp, a Fortune 500 company, was shut down across the US Sunday morning after hackers tried to access the private medical records of millions of people.

Regarding to this unconfirmed cyber attack incident, can you still remember CVE-2018-10593 and CVE-2018-10595. What if attacker hunt the staff from LabCorp go through phishing email or send malicious MS Word document. It luck to evade the antivirus and firewall IPS. Then conduct the design weakness of BD Kiestra system vulnerabilities (CVE-2018-10593 and CVE-2018-10595). It looks that one of the data breach scenario will be successful establish.

A VULNERABILITY FOUND IN BECTON DICKINSON DB MANAGER (CVE-2018-10593 AND CVE-2018-10595)

A vulnerability found in becton dickinson DB Manager (CVE-2018-10593 and CVE-2018-10595)

Headline News:

EXCLUSIVE: Hackers have breached the network at LabCorp – one of the largest diagnostic blood testing laboratories in the US – sparking fears of exposing MILLIONS of patients’ private medical records

http://www.dailymail.co.uk/news/article-5959021/LabCorp-blood-testing-labs-hacked-sparking-fears-exposing-MILLIONS-patients-records.html

FBI Aware Of ‘Reports Of Ransomware Attack’ Involving LabCorp Security Breach

https://www.wfmynews2.com/article/news/fbi-aware-of-reports-of-ransomware-attack-involving-labcorp-security-breach/83-574887499

 

12th Jul 2018 – ISC Kea 1.4.0 failure to release memory may exhaust system resources

CVE-2018-5739: ISC Kea 1.4.0 failure to release memory may exhaust system resources

Hook/Hook Point – used interchageably, this is a point in the code at which a call to user functions is made. Each hook has a name and each hook can have any number (including 0) of user functions attached to it. Store leases and host reservations in a MySQL, PostgreSQL or Cassandra database rather than a text file.

official document for reference: https://kb.isc.org/article/AA-01626

Jun 2018 – ALL NIPPON Airways Security Advisories

ALL NIPPON Airways Security Advisories

Airline application and protocol are proprietary in past 2 decades. The Airline terminal guarantee the reliability. Any counterfeit transaction or cyber attack no way to happen there. As times goes by, Airline industry react to develop mobile apps to expand the business function goal to cope with modern world. Japan airline is one of the responsible company. They are not intend to hide their mobile application design weakness. Believe that the specify design weakness not only happens on ANA airways mobile apps. May be it happen in other mobile apps but some of the company not aware or ignore.

Official announcement (see below):

http://jvn.jp/en/jp/JVN71535108/index.html

 

Found buffer overflow, integrate overflow & memory corruption in redis – Jun 2018

If you have a database of geo-located data, what is the appropriate database setup? The geospatial require fastest database so Redis is one of the option.Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs and geospatial indexes with radius queries. Found buffer overflow, integrate overflow & memory corruption in redis. Technical details shown as below:

CVE-2018-12326, CVE-2018-11218 & CVE-2018-11219: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES

https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES

CVE-2018-12453: https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5

Dark power (malware) jeopardize the open geospatial data:

Dark power (malware) jeopardize the open geospatial data

 

Heads-up: Low-end Wi-Fi router vulnerability – 24th May 2018

Botnet from earlier phase relies on workstations engage the attack convert to smartphones in last few years. Most likely the security enhancement in workstations and smartphones improved. The threat actors found the new victims today.It is a low-end wireless router.

So below items are the guidance:

  • Never trust input
  • Prefer rejecting data to filtering data
  • Every component should validate data

Whereby the way to validate the input are:

  • Indirect selection – application never directly uses user input
  • Whitelist
  • Blacklist

If required input, do the validation actions:

  • Sanitize – Attempt to fix input by removing dangerous parts
  • Refuse to use invalid input
  • Record invalid input in log file
  • Alert – send notification to related personnel

The devices which could be affected by new malware (vpnfilter). Below is the checklist for reference.

LINKSYS DEVICES:

E1200
E2500
WRVS4400N

MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:

1016
1036
1072

NETGEAR DEVICES:

DGN2200
R6400
R7000
R8000
WNR1000
WNR2000

TP-LINK DEVICES:

R600VPN

Special Item: QNAP DEVICES  (Network-attached storage)

TS251
TS439 Pro
Other QNAP NAS devices running QTS software

The US Securities and Exchange Commission (SEC) new guidance

Big country versus Big discussion:

The US Securities and Exchange Commission (SEC) released a statement urge high-ranking executives not to trade stocks before the disclosing breaches, major vulnerabilities, and other cybersecurity related incidents.

New guidance – https://www.sec.gov/rules/interp/2018/33-10459.pdf

Meanwhile Intel release guidance this week (details of availability and schedule for microcode update). For more details, please see below url for reference.

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf

It is a funny cyber and economic world!

 

 

Staying alert – vulnerability found on ABRT in 2015 – CVE-2015-1862

As times go by, Linux especially Fedora replace the position of microsoft windows. This status no popular in personal PC however investment bank environement especially broker and forex exchange trading firm might using intensively. A vulnerabiity found on 2015 but the status of fedora bugzilla display that this is not a bug. My idea is that we must staying alert. Bugzilla status shown as below url:

https://bugzilla.redhat.com/show_bug.cgi?id=1211223

Alert: Cisco CVE-2018-0125,CVE-2018-0117,CVE-2018-0113,CVE-2018-0116

Staying alert – Your Cisco products Cisco

RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability – CVE-2018-0125 (Critical) 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x

Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability – CVE-2018-0117 (High)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-vpcdi

Cisco UCS Central Arbitrary Command Execution Vulnerability – CVE-2018-0113 (High)

 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc

Cisco Policy Suite RADIUS Authentication Bypass Vulnerability – CVE-2018-0116 (High) 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps

Observation: Since threat actors are around the world today. It is hard to avoid vulnerability happen perhaps it is out of hardware vendor control. In order to avoid unforseen issue occurs, it is better to enhance your IDS YARA rules or invite manage security services vendor to protect your IT campus.