Sanitization process is important in IT world. If without correct validation, it may allow malicious code pass to trust boundary. As a result it may causes remote code execution, SQL injection, trigger Zero day attack, ….etc. So…… Headline News this week. Should you have interest, my picture can tell my speculation.

https://www.scmagazine.com/home/news/veeam-mongodb-left-unsecured-440-million-records-exposed/

Vulnerability looks scary! However, as the variety and volume of data has increased in recent years, non-relational databases like MongoDB have arisen to meet the new needs of our fluid data.

Because many industries requires monitoring and control capabilities that SCADA offers. In most uses, SCADA is used to manage a physical process of Electric, Gas and water Utilities.We heard cyber security alert in SCADA facilities so far. As a citizen we cannot immagine how worst will be the incident happened. For instance once SCADA PLC compromised by hacker (malware).

Coolant in a nuclear reactor is used to remove heat generated from it. It flushes out heat to electrical generators and environment. But how to monitor the temperature. Deploy Schneider M221 can conduct the Electric Temperature Control.

On end of Aug 2018, vendor found design weakness on Modicon M221. For more details, please refer below URL.

https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/

The amazon-ebs Packer builder is able to create Amazon AMIs backed by EBS volumes for use in EC2. Found design weakness on Amazon Web Services (AWS) that CLI could provide weaker than expected security, caused by the failure to require the –owners flag when describing images. By setting similar image properties, a remote attacker could exploit this vulnerability to trigger the loading of an undesired AMI.

For details, please refer below url:

https://github.com/hashicorp/packer/issues/6584

Retropective of the programming history, JavaScript was used primarily for client-side scripting, in which scripts written in JavaScript are embedded in a webpage’s HTML and run client-side by a JavaScript engine in the user’s web browser. Node js programming technique lets developers use JavaScript to write command line tools thus transfer script programming function to server-side. It let the programming scripts execute on server-side to produce dynamic web page content before the page is sent to the user’s web browser. As a result, it provides equivalent asynchronous I/O functionality (also non-sequential I/O). Asynchronous is a form of input/output processing that permits other processing to continue before the transmission has finished. But node js itself is difficult ro avoid traditional design bottleneck. For instance memory leakage issues. Found 2 issue on node js this month. However similar Buffer ucs2 and utf16le encoding issue found on 2012. For instance memory leakage issues. Found 2 issue on node js this month. However such similar Buffer ucs2 and utf16le encoding issue was found on 2012.

Official details shown below URL: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

We heard cyber attack causes privileges escalation. Thus technology expert in creative way discover many solution to avoid such behavior happen. Perhaps we are focusing the patch management, antivirus signature update, malware detector yara rules. A silent way similar penetrate to your end point devices, even though server side will be compromised of this attack. Yes, we are talking about the Windows privilege escalation. Sounds like complicate, but it is simple on the other way round. If your remote client access software use SSL certificate establish TLS encryption. One of the possible way shown as below diagram. Be aware and stay alert! There are more products has this vulnerability but not exploit yet!

On the other hand, Adobe announce security updates for Creative Cloud Desktop Application. No specifics details provided. But only know the impact cause by Improper Certificate Validation. Detail shown as below url:

https://helpx.adobe.com/security/products/creative-cloud/apsb18-32.html

Above vulnerability looks complicated. It is only effect SQL server 2016 and 2017.

I do a debug on the download file.

Found the following syntax “ntdll.dll RtlEnterCriticalSection”. It looks that the software patch focus on PageHeap, which is intended for debugging of memory overhead.
In Microsoft SQL server 2016 and 2017 environment, each IAM and PFS page covers lots of data pages, so there are few IAM and PFS pages in a database. So the IAM and PFS pages are generally in memory in the SQL Server buffer pool. As seen, the file provided by Microsoft around 700MB. Not a minor modification. See whether what will be happen on the next stage?

Should you have interest, please reference below diagram.

Official announcement shown below:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273

Since the popularity of VM machine. Software development team and IT operations team will do the testing on their own premises in the first. May be you would say, this is not compliance for best practice. But the fact is that this is one of the way. VMware alert to public last week (14th Aug 2018 -CVE-2018-6973). In high level point of view, this vulnerability only occurs in VMware Workstation and Fusion products. VMware workstation is a solution for running virtual machines on Windows and Linux, while Fusion is used for running virtual machines on macOS. So the popularity and volume of usage will be much high than VM server in public. But do not contempt this bug, if such vulnerabilities occurs in your local workstation. It will jeopardizes your infrastructure because you workstation will become vulnerable. Wishing that the attached pictures can tell you the story.

Official reference details shown as below:

https://www.vmware.com/security/advisories/VMSA-2018-0022.html