Preface: One of the objective for Aggregation Services aim to provision and manage a huge number of separate physical platforms. As a result, the international vendor like Cisco also doing the transformation of the physical network devices. And therefore we seen VM devices OS system image today.

Synopsis: In order to cope with cloud computing and container environment, IOS XR 64-bit operating system (OS) is able to runs on virtualized environment with underlying 64-bit Linux kernel. As a result, the cisco product services can be extended.

Vulnerability details:
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.

Official remedy solution: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

Preface:

The Department of Homeland Security urge the world and United state staying alert of new wave of cyber attack.

Technical details:
SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Most likely the goal of the action is interfere the society stability. It can widespread impact on political stability.

Recommendations:
1. Maintain up-to-date antivirus signatures and engines.
2. Keep operating system patches up-to-date.
3. Disable File and Printer sharing services.
4. Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
5. Enforce Awareness training.

Even Though end user not affected by the DNSSEC Key Signing Key Rollover. But at least we know the internet world what is happening. For more detail, please refer below url for reference.

https://www.icann.org/

If run below command , result display

(dnssec-failed.org. 7200 IN 69.252.80.75).
It shown that DNSSEC is off.

$ dig @$server dnssec-failed.org a +dnssec

SIMATIC WinCC Open Architecture enables handling with bigger amounts of data with even smaller hardware solutions. However WinCC OA v3.14 found critical vulnerability. Do you think below detail is the root causes? A remote attackers execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. So we must Protecting C Programs from Attacks via Invalid Pointer.

Vulnerability record in SIMATIC WinCC OA V3.14 (see below):

https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf

In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run. In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run.

The most popular CMS systems nowadays are the following:

1 WordPress – With around 18 million installations, WordPress is the most-used open source CMS worldwide.

2. Joomla – With 2.5 million installations worldwide, Joomla! is the second biggest agent in the CMS market.

3. Drupal – As of January 2017 more than 1,180,000 sites use Drupal. These include hundreds of well-known organizations including corporations, media and publishing companies, governments, non-profits, schools, and individuals.

On April 2018, a critical design flaw found on Drupal. A remote code execution  vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. Drupal users required to stay alert again! Official announcement shown as below:

https://www.drupal.org/SA-CORE-2018-005

Archer Technologies provided enterprise governance, risk, and compliance management software. The product aim to reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls. Whereby, it integrate with your internal systems equivalent as workflow management especially approval process.

REST API  relies on a stateless, client-server, cacheable communications protocol. The HTTP protocol is use in default.

Recent found vulnerabilities (CVE-2018-11059 and CVE-2018-11060) coincident working together jeopardizing your risk management and cyber security defense. A possible scenario may happens in this way. RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. Then hacker exploit CVE-2018-11060 to to elevate his privileges.

Reference hyperlink shown as below:

https://exchange.xforce.ibmcloud.com/vulnerabilities/147142

Headline News said a global laboratory company suspect encounter cyber attack this month (Jul 2018). LabCorp  a leading global life sciences company,  aim to provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year. As of today, we did not heard any official announce the details. However the news on article given hints to speculated the root cause. The company insider senior managers were informed that the entire computer network of LabCorp, a Fortune 500 company, was shut down across the US Sunday morning after hackers tried to access the private medical records of millions of people.

Regarding to this unconfirmed cyber attack incident, can you still remember CVE-2018-10593 and CVE-2018-10595. What if attacker hunt the staff from LabCorp go through phishing email or send malicious MS Word document. It luck to evade the antivirus and firewall IPS. Then conduct the design weakness of BD Kiestra system vulnerabilities (CVE-2018-10593 and CVE-2018-10595). It looks that one of the data breach scenario will be successful establish.

A VULNERABILITY FOUND IN BECTON DICKINSON DB MANAGER (CVE-2018-10593 AND CVE-2018-10595)

A vulnerability found in becton dickinson DB Manager (CVE-2018-10593 and CVE-2018-10595)

Headline News:

EXCLUSIVE: Hackers have breached the network at LabCorp – one of the largest diagnostic blood testing laboratories in the US – sparking fears of exposing MILLIONS of patients’ private medical records

http://www.dailymail.co.uk/news/article-5959021/LabCorp-blood-testing-labs-hacked-sparking-fears-exposing-MILLIONS-patients-records.html

FBI Aware Of ‘Reports Of Ransomware Attack’ Involving LabCorp Security Breach

https://www.wfmynews2.com/article/news/fbi-aware-of-reports-of-ransomware-attack-involving-labcorp-security-breach/83-574887499