Category Archives: Under our observation

Potential Risk of CVE, Under our observation

Citrix XenServer Multiple Security Updates – CVE-2016-2074,CVE-2018-7540&CVE-2018-7541

1 Comment

Citirix XenServer is a hypervisor platform that enables the creation and management of virtualized server infrastructure.Since modern defense machanism can effectively protected cyber attack. However if the threat actor re-engineering their attack method integrate with rare system bug. The overall suituation will become worst. Hypervisor locate in the middle in between VM and hardware. VM relies on this isolation to avoid ring-0 attack. But now solution released so I am not going to say anymore.

Be quick to read below url if you are the Citrix XenServer end user.

Citrix XenServer Multiple Security Updates

https://support.citrix.com/article/CTX232655

 

Under our observation

Stay Alert when you download Tencent game apk on unofficial web site!

1 Comment

Tencent games are now kings in the Chinese gaming area. The most famous game named “王者榮耀” breaking the record.The total number of downloads exceeded 200 million, and the number of registered users exceeded 200 million. The annual revenue in 2016 was RMB 6.8 billion. Perhaps it is a popular game and therefore it lure the treat actor target on this application (apk). For interest, I download this apk file on internet but not in official website. Found that there are total of 2 files which trigger alert. It was strange that the security alert triggered by file (midaspay.zip). As far as I know Midas is a Tencent’s mobile payment module. However it is hard to understand what is the goal to embedded a advertisement feature? Adware technically is not malicious, but there is nothing good about it. So when you download this hottest game. Be remind yourself stay alert. Please go to the official web site. For more details. Please refer below picture for reference. Good night! Zzzzzzzz

Potential Risk of CVE, Under our observation

Flaw and practices – AMD CPU design flaw more worse than the other product!

 

The threat actor spending their effort to re-engineering the vulnerabilities of Meltdown and Spectre. Their objective is relies on design flaw convert as a cyber attack solution including data extraction and collect the user credential. However it is still in development phase. Today, AMD vulnerabilities looks harm the IT world. Since the proof of concept shown positive result. The AMD covered GPU market so far. Perhaps this time the flaw happened in the design of CPU. It is hard to imagine that once the criminal group convert this flaw successful as attack tool.How the worst will be happened!

Should you have interest, please download the white paper in below URL.

https://safefirmware.com/amdflaws_whitepaper.pdf

Cyber War, Under our observation

New detection of technology. Will it be let Antivirus firm embarrassing?

1 Comment

Retrospectively, the IT technology defense mechanism especially behavior analysis and cloud machine learning model are powerful. The threat actors looks difficult to masquerade themselves to start the infiltration. In order to fight against crime. The law enforcement might have to doing the surveillance or scrutiny the suspects. Since it is not a secret, a professional software house assists law enforce to doing the surveillance. Yes, it is FinFisher. Heard a rumors that Turkish government is going to enforce the cyber security in their country. Perhaps Finfisher is expensive and therefore they are chosen the other way. They deployed Sandvine PacketLogic middleboxes in five regions across the country. It is a man-in-the-middle. A question you will be ask. If anti-virus vendor found the malicious activities which handle by law enforcement. Do you know how they can do? Does it take quarantine action or remaining silent? It looks that a contradiction will be happened more and more in future! Or the law enforcement will be deployed advance technique to masquerade themselves evade the detection?

Potential Risk of CVE, Under our observation

CVE-2018-7642 – GNU Binutils 2.30

Are you aware of CVE-2018-7642? Bug found GNU Binutils 2.30 on 24th Feb 2018. However it noted to my interest that Binutils 2.30 released on 27th Jan 2018. But 3 weeks later, found a system bug causes system crash. The flaw is that it lack of check if “sym” is null. The bug was fixed on 28th Feb 2018. But I was wondering that GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. So if you are using GNU Binutils version 2.30, you must be staying alert! Perhaps the design flaw only encounter system crash. But it  is under my observation.

Potential Risk of CVE, Under our observation

Mar 2018 – A remote attacker could exploit some of these vulnerabilities to take control of an affected Cisco system.

7 Comments

The IT technology vulnerability like cough, running nose,..etc. Medicine please.

Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-cpcp

Cisco Secure Access Control System Java Deserialization Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs2

Cisco Web Security Appliance FTP Authentication Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-wsa

Reminder: Cisco Secure Access Control System

NOTE: This product is no longer being sold and might not be supported.

  • End-of-Life: latest Version – 5.8
  • End of Sale – 30-Aug-17
  • End of Software Maintenance – 30-Aug-18
  • End of Support – 31-Aug-20

 

Potential Risk of CVE, Under our observation

Google has released Chrome version 65.0.3325.146 – use-after-free vulnerability remediation

To be honest, web browser architecture looks messy due to plug-in, Flash,etc. Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. A design flaw looks strange. I speculate that Chrome browser shared previous Flash vulnerability.A memory write is not a necessity. The “use-after-free” type of exploits is that the threat actor duplicate the virtual function table in use. My comment similar NIST, it is strongly recommended upgrade your Chrome to version 65.0.3325.146. Otherwise it is a nightmare especially enterprise IT campus. Below url is the official announcement by Google.

https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html

 

 

Potential Risk of CVE, Under our observation

Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway – CVE-2018-5314

5 Comments

A Cantonese mantra so called “蝦碌”. “蝦碌” means similar exclamation. Citrix product now falling into this situation. It allow remote attackers to execute a system command or read arbitrary files via SSH login prompt. From technical point of view it is similar Authentication Bypass Vulnerability.

In short, the official announcement shown below url:

https://support.citrix.com/article/CTX232199

Under our observation

Volkswagen Customer-Link App 1.30 CAN Message privilege escalation

Auto Pilot system has been implemented in many countries. Perhaps Auto Pilot function enabled become a hot topic. You are allow to install mobile apps on your Android phone keep track the status of your car. We are really appreciate for Controller Area Network (CAN bus) technology assistance. The vulnerability found on car automation not surprising the world. Since this is a computer technology. The design flaw found on Android App this round belongs to Volkswagen.An attacker can leverage this vulnerability to inject CAN messages. How does it work?

The messages sent seem to fall into one of three categories. One is informative. The other type of message is one requesting action of another ECU (Electronic Control Units). The final type of message is diagnostic. For details, please refer below url for reference.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1170

Is this the cost we are going to pay for automation world?

Potential Risk of CVE, Under our observation

A never ending of Intel CPU design hiccups story – SgxPectre Attack

2 Comments

The design limitation of Intel Software Guard eXtensions (SGX) start discussion end of 2017. The security expertise focusing the topic on software development for SDK. Since the programming language are mainly written by programming language C and C++. A possibility factor predict that it will be lured for threat actors interest. And therefore a conference held last  year 2017 focus the specifics issue. Regarding to the observation of The Ohio State University observe (Department of Computer Science and Engineering), they found hack tricks which may allow to do in Intel Software Guard eXtension during SDK development. Perhaps Meltdown and Spectre incident override this issue. The security expert including myself awaken this week and starting the similar discussion. This attack so called SgxSpectre attack. No matter what will be happen in future. It tell the world that our electronic industry running too fast. It lack of business maturity model concept involvement.. Yes, we a living in a huge competition market which do not concerning long product life cycle. And the final way encounter hard to resolve issue occurs like the situation today. Technical article for your reference.

SGXPECTRE Attacks:
Leaking Enclave Secrets via Speculative Execution

http://web.cse.ohio-state.edu/%7Ezhang.834/papers/SgxPectre.pdf

Leaking Enclave Secrets via Speculative Execution

https://arxiv.org/pdf/1802.09085.pdf