The Department of Homeland Security urge the world and United state staying alert of new wave of cyber attack.
SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Most likely the goal of the action is interfere the society stability. It can widespread impact on political stability.
1. Maintain up-to-date antivirus signatures and engines.
2. Keep operating system patches up-to-date.
3. Disable File and Printer sharing services.
4. Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
5. Enforce Awareness training.
Even Though end user not affected by the DNSSEC Key Signing Key Rollover. But at least we know the internet world what is happening. For more detail, please refer below url for reference.
If run below command , result display
(dnssec-failed.org. 7200 IN 126.96.36.199).
It shown that DNSSEC is off.
$ dig @$server dnssec-failed.org a +dnssec
SIMATIC WinCC Open Architecture enables handling with bigger amounts of data with even smaller hardware solutions. However WinCC OA v3.14 found critical vulnerability. Do you think below detail is the root causes? A remote attackers execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. So we must Protecting C Programs from Attacks via Invalid Pointer.
Vulnerability record in SIMATIC WinCC OA V3.14 (see below):
In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run. In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run.
The most popular CMS systems nowadays are the following:
1 WordPress – With around 18 million installations, WordPress is the most-used open source CMS worldwide.
2. Joomla – With 2.5 million installations worldwide, Joomla! is the second biggest agent in the CMS market.
3. Drupal – As of January 2017 more than 1,180,000 sites use Drupal. These include hundreds of well-known organizations including corporations, media and publishing companies, governments, non-profits, schools, and individuals.
On April 2018, a critical design flaw found on Drupal. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. Drupal users required to stay alert again! Official announcement shown as below:
Archer Technologies provided enterprise governance, risk, and compliance management software. The product aim to reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls. Whereby, it integrate with your internal systems equivalent as workflow management especially approval process.
REST API relies on a stateless, client-server, cacheable communications protocol. The HTTP protocol is use in default.
Reference hyperlink shown as below:
Headline News said a global laboratory company suspect encounter cyber attack this month (Jul 2018). LabCorp a leading global life sciences company, aim to provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year. As of today, we did not heard any official announce the details. However the news on article given hints to speculated the root cause. The company insider senior managers were informed that the entire computer network of LabCorp, a Fortune 500 company, was shut down across the US Sunday morning after hackers tried to access the private medical records of millions of people.
Regarding to this unconfirmed cyber attack incident, can you still remember CVE-2018-10593 and CVE-2018-10595. What if attacker hunt the staff from LabCorp go through phishing email or send malicious MS Word document. It luck to evade the antivirus and firewall IPS. Then conduct the design weakness of BD Kiestra system vulnerabilities (CVE-2018-10593 and CVE-2018-10595). It looks that one of the data breach scenario will be successful establish.
A VULNERABILITY FOUND IN BECTON DICKINSON DB MANAGER (CVE-2018-10593 AND CVE-2018-10595)
A vulnerability found in becton dickinson DB Manager (CVE-2018-10593 and CVE-2018-10595)
EXCLUSIVE: Hackers have breached the network at LabCorp – one of the largest diagnostic blood testing laboratories in the US – sparking fears of exposing MILLIONS of patients’ private medical records
FBI Aware Of ‘Reports Of Ransomware Attack’ Involving LabCorp Security Breach
CVE-2018-5739: ISC Kea 1.4.0 failure to release memory may exhaust system resources
Hook/Hook Point – used interchageably, this is a point in the code at which a call to user functions is made. Each hook has a name and each hook can have any number (including 0) of user functions attached to it. Store leases and host reservations in a MySQL, PostgreSQL or Cassandra database rather than a text file.
official document for reference: https://kb.isc.org/article/AA-01626
ALL NIPPON Airways Security Advisories
Airline application and protocol are proprietary in past 2 decades. The Airline terminal guarantee the reliability. Any counterfeit transaction or cyber attack no way to happen there. As times goes by, Airline industry react to develop mobile apps to expand the business function goal to cope with modern world. Japan airline is one of the responsible company. They are not intend to hide their mobile application design weakness. Believe that the specify design weakness not only happens on ANA airways mobile apps. May be it happen in other mobile apps but some of the company not aware or ignore.
Official announcement (see below):
If you have a database of geo-located data, what is the appropriate database setup? The geospatial require fastest database so Redis is one of the option.Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs and geospatial indexes with radius queries. Found buffer overflow, integrate overflow & memory corruption in redis. Technical details shown as below:
CVE-2018-12326, CVE-2018-11218 & CVE-2018-11219: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Dark power (malware) jeopardize the open geospatial data:
Dark power (malware) jeopardize the open geospatial data
Botnet from earlier phase relies on workstations engage the attack convert to smartphones in last few years. Most likely the security enhancement in workstations and smartphones improved. The threat actors found the new victims today.It is a low-end wireless router.
So below items are the guidance:
- Never trust input
- Prefer rejecting data to filtering data
- Every component should validate data
Whereby the way to validate the input are:
- Indirect selection – application never directly uses user input
If required input, do the validation actions:
- Sanitize – Attempt to fix input by removing dangerous parts
- Refuse to use invalid input
- Record invalid input in log file
- Alert – send notification to related personnel
The devices which could be affected by new malware (vpnfilter). Below is the checklist for reference.
MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:
Special Item: QNAP DEVICES (Network-attached storage)
Other QNAP NAS devices running QTS software