Preface: Add the Viptela SD-WAN technology to the IOS XE software running the ISR/ASR routers. Both Cisco ASR and ISR routers offer secure WAN connectivity.
Vulnerability details: A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device.
Root Cause Analysis: Remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. An attacker could exploit this vulnerability by modifying the “save” command in the Command Line Interface (CLI) of an affected device.
Impact: A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user .
Reference: To save the user preferences class to an XML file simply create an XML Writer and invoke the Serialize method.
Preface – You never know what will be happened tomorrow.
Synopsis: A vulnerability in IBM Tivoli Netcool Impact could allow an authenticated, adjacent attacker to execute arbitrary commands on a targeted system.
Vulnerability details: A vulnerability in IBM Tivoli Netcool Impact could allow an authenticated, adjacent attacker to execute arbitrary commands on a targeted system.At the time this alert was first published, the exploit vector was unknown due to vendor not disclosed the details.We believe that IBM Tivoli Netcool Impact 7.1 has encountered the open source vulnerabilities. The defect might be caused by CVE-2015-0227. Apache WSS4J could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the requireSignedEncryptedDataElements property. An attacker could exploit this vulnerability using various types of wrapping attacks to bypass security restrictions and perform unauthorized actions.
Preface: Sometime, the argue in between two countries similar a child. I am going to joke with you then switch off your power.
Highlight: Headline news by the New York Times give a tremendous feeling to the world. It let the people think the cyber war is on the way. Yes, it is true. The plan to implement Astra Linux in Russian defense systems dates back to the beginning of 2018. As far as we know, Russian do not relies on Microsoft operation system anymore especially critical facilities (military, defense system and power grid). Astra Linux compatible with Siemens Simatic IPC427D workstation. And therefore it is secure to implement in power supplier facility. But….
However it is hard to guarantee the vendor hardware vulnerability, right? For instance, Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATICS7-1500 CPU.
Remark: SIEMENS SCADA software family consists of three main pillars, WinCC Pro, WinCC 7 and WinCC … WinCC Pro is popular and can be used in any – discrete or process.
What is your opinion on the headlines of the New York Times? Do you think this is a conspiracy?
Looking back – The Russia hacked the US electric grid. DHS and FBI are characterizing it as a Russian attack, noting that this was a multiyear campaign started in March 2016 by Russian government “cyber actors.” The unconfirmed accusation of cyber attack to Russia posted by New York Times. Do you think it was a defensive action by US government?
– Compatibility with the Komrad SIEM
system – FSTEC certificates of the Russian Federation and FSB of
the Russian Federation on Astra Linux of SE (release Smolensk) –
Compatibility with the Simatic IPC427D workstation – Compatibility
with Videoselektor – Minobona’s certificate of the Russian
Federation and FSB on Astra Linux of SE (release Leningrad) –
Compatibility with Mellanox Spectrum – Compatibility with
TerraLink xDE – Tests of BLOK computers running SE 1.6 Astra Linux
OS – Availability of an official mirror of a repository of Astra
Linux OS on mirrors.kernel.org – Compatibility with JaCarta –
Compatibility with CryptoPro CSP on Elbrus and Baikal processors –
Compatibility with Linter DBMS
Preface: IoT device similar a delivery arm of robotic concept. They are the python language heavy duty users.
Python language married with IoT devices – For IoT, there has been a variant of python called Micropython , that lets you program for IoT in Python. Additionally, developer can use Raspberry Pi to program your IoT applications in Python.
Vulnerability details: A vulnerability in the the urllib.parse.urlsplit and urllib.parse.urlparse components of Python could allow an unauthenticated, remote attacker to obtain sensitive information from a targeted system.
Synopsis: Python Web application (Web Frameworks for Python) which accepting Unicode URL will be converted to IDNA (Punycode) or ASCII for processing. This conversion will decompose certain Unicode characters that can affect the netloc part of your URL, potentially resulting in requests being sent to an unexpected host.
Remark: Parse a URL into six components, returning a 6-item named tuple. This corresponds to the general structure of a URL: scheme://netloc/path;parameters?query#fragment.
Preface: Exim is growing in popularity because it is open source.
Background:It’s the default mail transport agent installed on some Linux systems.It contain feature likes: Lookups in LDAP servers, MySQL and PostgreSQL databases, and NIS or NIS+ services.
Vulnerability details: The vulnerability was patched in Exim 4.92, released on February 10, 2019. The vulnerable code is in “deliver_message()”. A vulnerability exists because the email address in the deliver_message() function in /src/deliver.c is not fully validated. So local attackers simply send emails to “${run{…}}@localhost”. Since “localhost” is a local domain of Exim) and execute as root (system privileges).
Remark: Deliver_drop_privilege is set to false by default.
Attack synopsis: If the “verify = recipient” ACL is manually deleted then remote attack will be occurred. Attacker can reuse our local-exploitation method with an RCPT TO “xxx+${run{…}} @ localhost”. Where “xxx” is the name of the local user .
Preface: Need to know what processes are running on a given machine? A servers current CPU temperature? Verify a hard drive is encrypted? OSQUERY can do, even though security monitoring.
Technical background: osquery is a tool that exposes an operating system as a high-performance relational database.The design founded by Facebook. It enables developers to write SQL-based queries that explore operating system data includes the following:
Running processes
Loaded kernel modules
Open network connections
Browser plugins
Hardware events
File hashes
Vulnerability detail: Osquery running on windows or Linux system requires the daemon configured to be a system service. Meanwhile, this operation will make service daemon receive the system privileges. The design feature of osquery unintended let attacker has a way pass the file to a hard link parent folder. So it is similar to create a hidden area for malware. Under such circumstances the malware payload can be operate under SYSTEM permissions. The official announcement is as follows: https://www.facebook.com/security/advisories/cve-2019-3567
Preface: Independently deployable is the strongest feature of microservices. Docker is one of the technology vendor keen to develop the microservice.
What is Istio? An open platform to connect, manage, and secure microservices. Istio is easy to deploy. User merely install a proxy (side-car proxy) and complete the configuration.
Vulnerability details: The vulnerability was impacting the TCP Authorization feature. A vulnerability in Istio could allow an unauthenticated, adjacent attacker to gain unauthorized access to a targeted system. Per vendor announcement, a self diagnose can find whether you are vulnerable of this bug. For details, please refer to the following.
Check the status of policy enforcement for your mesh with the following command:
$ kubectl -n istio-system get cm istio -o jsonpath="{@.data.mesh}" | grep disablePolicyChecks
If the output shows that disablePolicyChecks is set to true, it will not be affected by this vulnerability.
Preface: Every time you review Oracle security advisory. Your feeling is vague since no details will be provided!
Vulnerability details: A vulnerability in the Core RDBMS component of Oracle Database Server could allow an authenticated, remote attacker with high privileges to compromise a targeted system completely.
More details: The vulnerability resides in the Java Virtual Machine component of the Oracle Database Server and does not require user interaction. The vulnerability allows low-privileged attackers that have Create Session privilege with network access via Oracle Net to compromise the Java VM component.
How to identify your JVM for Oracle:
select * from all_registry_banners;
Impact: Since the vulnerability happen on JVM. Therefore successful exploit could allow the attacker to compromise the system completely.
Affected products: Oracle Database Server 12c12.2 (.0.1), Oracle Database Server 18cRelease Update 6 (18.6) (Base)
Preface: Maybe people won’t use WPA because it’s not safe. However, WPA2 can also collect PSK through tools.
Technical details:
WPA and WPA2 offline attack technique are well known today. For instance, penetration test conduct the WiFi penetration test will relies on tool (Aircrack-NG). As a matter of fact, the attacker first obtains a man-in-the-middle (MitM) position between the victim and the real Wi-Fi network. However it does not enable the attacker to decrypt packets! One of the way use a password recovery tool work with “wordlist”. The mechanism is read line by line from a textfile (aka “dictionary” or “wordlist”) and try each line to find out the password.
Reference: The dictionary pass-phrase attack is one of the popular attacks on WPA2-PSK. Since PSK will be the main key to protect WLAN, the attacker will try to guess the pass-phrase used to generate PSK. This can be done by capturing the initial WPA2-PSK handshaking between a legitimate wireless client and the AP.
Remedy: Sounds like not difficult to crack. In our world, IoT devices do not use 802.1x for authentication. What can we do?
If not possible change to 802.1x, configure a strong PSK with a minimum length of 19 characters or more.
Synopsis: The users were temporarily unable to reach adjacent countries internet web sites for short period of time (less than 1 – 3 minutes) due to an issue of Internet BGP backbone.
Description: On Sat, I was surprise that some internet web site looks unstable. It is not only happens on a single web site.
What do you think about or do you aware? There are likely to be similar problems that you can find below:
The ABC ISP (AS __xx) configured a static route 66.220.144.0/24 pointing to null in order to block Facebook access for ABC ISP customers. However, the ISP started to announce the prefix 66.220.144.0/20 towards its upstream provider CDEF (AS xxxx) that propagated the announcement to its peers. Meanwhile Facebook (AS32934) that had been announcing prefix 66.220.144.0/20 so far, started to fight back. Facebook began to announce more specific prefix 66.220.144.0/24. They kept announcing 66.220.145.0/24, however the service would still not be available for a large part of Facebook users. Those were the users whose traffic took a path towards ABC ISP (AS__xx), thus it could not reach Facebook. The traffic was being backhauled by a static route configured on ABC (AS__xx) edge router.
