Japan is going to execute infiltration to citizens smart home devices. Do you think what is the goal? Whether they are aware of 3rd party (enemy) has been completed a surveillance program in their country or they are avoid to become a botnet victim?
CNN Headline News: https://edition.cnn.com/2019/02/01/asia/japan-hacking-cybersecurity-iot-intl/index.html
Preface: Maybe this is a trend! If we are going to the next generation world (IoT 4.0). At the same time, the APT Group is also sniffing the cybersecurity loopholes in that place!
Technical background: In business world we understand the function of broker. A similar situation in computer world, we so called gateway vs middle-ware are equivalence to broker. The modern computer world involves multi vendor and multi-environment and therefore we can’t lack of broker. As a result this area become critical.
Security focus – Schneider Electric IIoT Monitor 3.1.38 vulnerabilities (see below).
Remark: The key component of IIoT monitor 3.1.38 is equivalent Magelis iPC ( IIoT monitor 3.1.38 for Magelis iPC on Windows 10 ).
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-354-03-IIoT+Monitor+Security+Notification+-+V1.1.pdf&p_Doc_Ref=SEVD-2018-354-03
Comment: Perhaps these vulnerabilities announce to public on Dec 2018. But I believe that more hidden vulnerabilities will be dig out in future. Stay tuned! Happy Lunar New Year.
Preface: Dynamic memory automatically reclaimed when the garbage collector no longer sees any live reference to it.
Description: A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition.
Official announcement – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass
My opinion: For memory that is not associated with a Scheme object, we cannot assume the new memory block can be freed by a garbage collection. FirePower run on top of Cisco ASA appliance.See below bug history, eventhough it is Cisco. The design is better to separate the Snort with CISCO ASA!
Preface: phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.
Description: Phpmyadmin sometimes similar is a gadget. It can help you reset your WordPress password. It seems to be very useful, but this time the vulnerability is equivalent to the Swiss Army Knife, thus breaking your defense mechanism.
Vulnerability detail: An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
Official reference: https://www.phpmyadmin.net/security/PMASA-2019-2/
Preface: EWS Push Subscription, you will get notifications as long as you respond to the server and acknowledge that you received the notification.
The CERT Coordination Center (CERT/CC) announcement – 29th Jan 2019: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
Vulnerability detail: Exchange allows any user to specify a desired URL for Push Subscription, and the server will attempt to send notifications to this URL….. For more detail, please refer to attached diagram for reference.
Remedy:
Technical article for reference: https://www.kb.cert.org/vuls/id/465632/
Preface: Programmer just spend 10 minutes write a python script then can listen UDP traffic. Even though we performing Google Search , the function is using Python code.
Information background:
Python has now become the most taught programming languages in Universities and Academica. Machine learning or artificial intelligence is learning Python because it is the primary language that makes tasks easier.
Vulnerability:
The security expert from Cisco Talos found that a vulnerability will be occured when python parser handling x509 certificate. A handshake failures result in skipping the call to getpeercert(). Under above circumstances, attacker can craft a x.509 certificate with both a blank distributionPoint and cRLIssuer causes a NULL pointer dereference. As a result a denial-of-service occur.
Official details: https://bugs.python.org/issue35746
Preface: IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. Relion products have been designed to implement IEC 61850 standard.
Vulnerability has been recorded to National Vulnerability Database – 15th Jan 2019:
ABB Relion 630 series allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
Ref: SP command is used to setup the SPA-bus interface, UN command is used to program the unit list, ..
Vendor reference:
http://search.abb.com/library/Download.aspx?DocumentID=1MRS758909&LanguageCode=en&DocumentPartId=&Action=Launch
Remark: The atmosphere shown that in industrial world especially energy, gas, water supply facilities will be the attacked target by APT group once political issue occurs in between different countries. The Natural-gas processing plant and Oil refining facility relies on SCADA system. The cyber security alert awaken the business owner and management group last year. They are now have better understanding of patch management and cyber security awareness.
Preface: Cyber security experts predict that global DNS hijacking activities are underway. However, it is not certain who is the attacker (the cyber attack group), FireEye said on January 9, 2019.
Background information:
This cybersecurity incident caught the attention of the Network Security and Infrastructure Security Agency (CISA). Whereby, CISA released their first emergency order on January 22, 2019. They urge the world to understand the current situation (global DNS hijacking campaign). At the same time, they released a mitigation solution for mitigating DNS system.
For more details, please see below: https://cyber.dhs.gov/blog/#why-cisa-issued-our-first-emergency-directive
My observation:
While DNS software is specially designed to fulfill one specific role, applications like Bind are incredibly flexible and can be used as hybrid solutions. However there are plenty of vulnerabilities ( high severity of risk) found on Bind system software.Please refer following url for reference:
By the way, your in house SIEM system can fight against cyber crime.
Preface: Cisco SD-WAN key advantage keen to reducing costs with transport independence across MPLS, 3G/4G LTE, etc. Meanwhile it improving business application performance and increasing agility.
Technical background:
The vSmart controller is the brains of the centralized control plane for the Viptela system network architecture. The vSmart controller runs as a virtual machine (VM) on a network server. It can also run as a container within a vContainer host.
Vulnerability found announced on today (23rd Jan 2019)
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The details are as follows: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
Preface: Tycoon wants to invest in a football team. He wants to know which is the good team, how many matches they won in years, the revenue they generate,..etc. Believe that analyzing data solution (TIBCO Spotfire ) can help.
TIBCO Spotfire technology Synopsis:
Data virtualization time-to-solution is 5‒10X faster than traditional data warehousing and ETL.You can extend TIBCO Spotfire yourself using TIBCO Spotfire’s publicly published APIs, download extensions from the TIBCO component exchange.
Vulnerabilities found this month (16th Jan 2019)!
TIBCO Spotfire Authentication Vulnerability – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814
TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812
TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities – https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813