Potential Risk of CVE, Under our observation

CVE-2018-0229: See whether is there any attack make use of this vulnerability transform another type of attack in future?

Seems firewall administrator do not take the single sign-on authentication method in firewall. Perhaps it can’t fulfill audit requirement.  Cisco found SAML Authentication Session Fixation Vulnerability. The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company’s Identity Provider (IdP).  My concerns is that see whether is there any attack make use of this vulnerability transform another type of attack in future?

Cisco Official announcement is shown as below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect

Potential Risk of CVE, Under our observation

Be alert! Vulnerability in the Java SE, Java SE Embedded and JRockit component of Oracle Java SE (subcomponent: Serialization). 

3 Comments

The security concerns on CVE-2018-2815, please staying alert. For more details, please see below:

  1. The Java Security Architecture (JSA) defines ways for unprivileged code to perform privileged operations using

AccessController.doPrivileged().

2. The method includes create a new PrivilegedIntrospectHelper.

3. The new PrivilegedIntrospectHelper will be executed on a privileged block. This block will all internalIntrospecthelper(bean,prop,value,request,param,ignoreMethodNF) which will allow to invoke encapsulation (setter).

4. Result:

With encapsulation we pretend that nothing is revealed about the internal representation of an object, and we interact with our components only through their public interfaces; a desirable attribute that we usually exploit later when we want to change the internal representation of data in a component without breaking any code from its users.

Official security update show as below url:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

 

 

Blockchain, cyber security incident news highlight

Hackers jailbreak MyEtherWallet Infrastructure (Apr 2018)

ISPs tend to restrict what an end customer can advertise. However, any ISP do not filter customer advertisements.
A possible factor let’s hacker compromise the customer router thus advertise errant information into the global routing table.

An attackers stolen at least $13,000 in Ethereum within two hours.

Security expert speculate that it is a DNS attack. But many attack method can be used. For example: BGP hijacking. The scenario displayed on above diagram.

Headline news shown as below:

https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum

 

 

 

 

 

 

Potential Risk of CVE

Apple security updates (Apr 2018)

My speculation on iOS 11.3.1 show on picture.This is the moment when silence is more expressive than all words ever spoken. For more details about official announcement. Please see below url for references:

About the security content of iOS 11.3.1

https://support.apple.com/en-us/HT208743

About the security content of Safari 11.1

https://support.apple.com/en-us/HT208741

About the security content of Security Update 2018-001

https://support.apple.com/en-us/HT208742

Potential Risk of CVE, Under our observation

Schneider Electric Important Security Notification – Mar & Apr 2018

 

A flaws found in Schneider Electric’s Modicon M340 PLC Station P34 Module human machine interface (HMI) software since 2015. An official announcement by vendor since last month till now. From techincal point of view, Modicon product series programmable logic controller has large usage in electric, gas and oil supply industry. So related party must stay alert!

CVE-2018-7758: https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=SEVD-2018-074-04+MiCOM+Px4x+Rejuvenated.pdf&p_Doc_Ref=SEVD-2018-074-04

CVE-2018-7762: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7759: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7242: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7760 & CVE-2018-7761: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7240 & CVE-2018-7241: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

Potential Risk of CVE

Cisco Firepower vulnerabilities – Apr 2018

The content filter features enhance the firewall defense function. At the same time it is hard to avoid the design limitation occurs in this place. And therefore vulnerabilities occurs!

Vulnerabilities  details shown as below:

CVE-2018-0233: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort

CVE-2018-0272: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower

CVE-2018-0254: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2

CVE-2018-0244: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1

CVE-2018-0243: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss

CVE-2018-0230: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100

Application Development, Cell Phone (iPhone, Android, windows mobile), Under our observation

Realistic threats exists in NFC. Are they all secure?

The mobile payment is aggressive in some sort of area. As seen, it fully utilized in China market. From the economey point of view, this new payment design driven the retail business in parallel. The traditional banknote concept convert to digitalization silently.Is this a prelude of digital currency? The people doubt of the NFC (near field communcation) technology embedded in Visa payment earlier. As times goes by, it is popular today. The new smartphone market similar pushing the NFC techonology into next phase. The new form of payment method integrated both smartphone (iPhone and Android) and payment card with near field communication. How Secure Are NFC Payments? NFC technology comes with a range of security features that help protect financial data from stolen. But are they capable to avoid modern cyber attack? Perhaps if the computer product contains Java programming element. It is hard to avoid vulnerability. As a matter of fact, Java bytecode Verification is a key element in Java world. If this feature applied in the overalll design. It will significant reduce the malware infection because it is not easy to execute the malicious code. Do you have doubt after this discussion?

Data privacy

What is your privacy today? – Apr 2018

We are concerning about data privacy! Whereby we are scare of the surveillance program. As a matter of fact we are always under custodian.When you apply the loan or you have credit card. The financial instition will know your credit details. Your trustee will be categorized by score. Since this is the verification check and therefore we do not have negative comment. But it looks that the authorized agencies data custodian power become bigger and bigger. So a doubt occured after Equifax cyber security incident in 2017 causes data breach? Equifax is one of the credit report acency. There are total number of three company at this time. They are Equifax, Experian and TransUnion. Experian also offer INTERNET SURVEILLANCE,SOCIAL NETWORK MONITORING and anti-IDENTITY THEFT SERVICES. As far as I know, SunTrust Bank now offering identity protection for all current and new consumer clients at no cost on an ongoing basis because a former Employee Stole Details on 1.5 Million Customers. The identity protection services provider is Experian. Their power is bigger and no one aware. From technical point of view, their power similar government. But how we can do?

SunTrust 1.5 M client info stolen news – Apr 2018 (see below)

https://www.usatoday.com/story/tech/2018/04/20/many-1-5-million-accounts-may-have-been-compromised-suntrust-banks/535687002/

Public safety

Nuclear headache – It is better stores the older warheads (old plutonium) on moon or other planet.

1 Comment

As a world justice leader it is hard to avoid to enhance the military setup. From the cold war till today, international atmosphere not significant change the protection definition. This circumstances match the logic since that man kind will be protect himself and his belongs. However a problem encountered was that how to despose or handle the big power killer weapons especially outdate nuclear bomb. Headline news (REUTERS) yesterday said that America’s has nuclear headache. For more details, please refer below url for reference.

https://www.reuters.com/article/us-usa-nukes-plutonium-specialreport/americas-nuclear-headache-old-plutonium-with-nowhere-to-go-idUSKBN1HR1KC

Remark: Send that radioactive stuffs to moon and other planet looks a possible solution. However it is hard to avoid incident occurs during transportation. A reminder is that Plutonium has a radioactive half-life of 24,000 years. So where can they go?

antihackingonline.com