Potential Risk of CVE

July 2018 – CVE-2018-3754 All versions of query-mysql are vulnerable to SQL injection

As time goes by node.js and MYSQL database become another technology trend in IT world. Before Node.js, Javascript was only used for client-side development. It was necessary to use a different server-side programming language. Nowadays web applications deploy Javascript, making app deployment much easier and more efficient.

But web application developer must staying alert. However a vulnerability was found. The Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

Should you have interested, please see below:

https://nodesecurity.io/advisories/666

Application Development, Potential Risk of CVE

Jul 2018 – PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file)

1 Comment

CVE-2018-12882 – PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file)

Use-After-Free vulnerabilities are a type of memory corruption flaw that can be leveraged by hackers to execute arbitrary code. Refer to statistic, PHP Version 5 is used by 82.0% of all the websites who use PHP. How about this vulnerable version? It  is 17.3 %. Both statistic informaiton seems up to date. PHP programming language have following advantage.

  1. Cross-Platform. PHP is, an application can be run on various platforms.
  2. Ease of use. Any individuals who are new to programming can easily learn to use them within a short duration of time.
  3. Open source and Powerful library support.

Hey, but do the remediation first! If you are using version 7.x.

CVE details shown as below: https://www.securityfocus.com/bid/104551/info

Potential Risk of CVE, Under our observation

July 06, 2018 – Apple Releases Security Update for Boot Camp

WiFi connection seems secure when IT Department authenticating wifi users with windows active directory. A know issue told the world that WPA is not secure and therefore the WiFi authentication best practices jump to WPA2. From general point of view, we all focusing to WiFi access point, authentication protocol and encryption method. It looks that we forget endpoint itself is our missing area. A design weakness found on Apple Mac book products. The explanation by Apple is that a logic issue existed in the handling of state transitions. See attached diagram, when endpoint enforce packet number (PN) reset to 1. Then the attacker possible to engage the replay attack.

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)

Comment: With WPA/WPA2, rekeying of both unicast and global encryption keys is required. Seems WPA2 is the main trend today. So WPA looks ignore by manufacturer. And therefore is going to fix the bug in WPA now!

Official announcement – https://support.apple.com/en-us/HT208847

Potential Risk of CVE

Sometimes he is your friend, but somtimes he is your enemy (CVE-2018-12907)

Have you been use Rclone? Rclone is an opensource tool for syncing to various forms of cloud storage. In Rclone 1.42, use of “rclone sync” to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL’s content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server.

Should you have interest of this topic, please refer below url for reference.

http://openwall.com/lists/oss-security/2018/06/27/3

Data privacy, Potential Risk of CVE

TIBCO Security Advisory: June 26, 2018

The vulnerabilities that may allow for unauthorized information disclosure, remote code execution and allow for the disclosure of information looks a common topic in CVE list. Predictive models and analysis are typically used to forecast future probabilities. Applied to business, predictive models are used to analyze current data and historical facts in order to better understand customers, products and partners and to identify potential risks and opportunities for a company. TIBCO Spotfire makes it easy for you to analyze data from any number of data sources. Using this data, you can create predictive models and apply advanced techniques within the Spotfire environment. What do you think if this type of services has data breaches incident occurs?

TIBCO Spotfire existing has 1400 websites. Market share 2.49 % comparing with similar functions of competitor.

TIBCO Spotfire Product Family Remote Code Execution Vulnerability

https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435

TIBCO Spotfire Product Family Information Disclosure Vulnerability

https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437

TIBCO Spotfire Server information disclosure vulnerabilities

https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436

Potential Risk of CVE, Under our observation

Jun 2018 – SSL Forward Proxy vulnerability (CVE-2018-5527)

Since data privacy is the 1st pirority of objective in cyber world. We now internet connectivity heavy utilize of SSL cert. For instance SSL VPN, PKI, SSL web server,etc. Popular web portal receive large amount of connectiviies per second. And therefore the popluar solution is TCP offload. Install SSL server cert out of web server and install in web server front end. That is load balancer. Even though you said, you have TCP offload. But fundenmental limation told that SSL connections consume about twice as much memory as HTTP layer 7 connections, and four times as much memory as layer 4 with TCP proxy. Meanwhile huge amount of ssl session from cache while full garbage collection seems cause IO Thread owned lock delayed, and other I/O threads BLOCKED.

F5 now resolved their SSL forward proxy vulnerability (CVE-2018-5527). See below:

https://support.f5.com/csp/article/K20134942

But believe that it is a not easy ending story caused by the following factors!

1. Huge amount of ssl session from cache while full garbage collection seems cause IO Thread owned lock delayed, and other I/O threads BLOCKED.

2. SSL connections consume about twice as much memory as HTTP layer 7 connections, and four times as much memory as layer 4 with TCP proxy.

Potential Risk of CVE

Jun 2018: Misbehaviour technique revealed (manipulate cryptocurrencies (ERC20 Tokens))

A liquidity trap is caused when people hoard cash, if the cryptocurrency exchange do the manipulation. As a result the suspect cryptocurrency exchange equivalent as a crook.

The company headquartered in Hangzhou, China goal to identify cryptocurrency hidden vulnerabilities, expose zero-day exploits, and defend against emerging threats. On Jun 2018 two key misbehaviour techniques was revealed. So called “tradeTrap” and “evilReflex”.

So called the “tradeTrap”

CVE-2018-12084,CVE-2018-12082,CVE-2018-12083,CVE-2018-11446,CVE-2018-12080,CVE-2018-12063,CVE-2018-12078,CVE-2018-12070,CVE-2018-12067,CVE-2018-12079,CVE-2018-12062,CVE-2018-12081 & CVE-2018-12068

https://peckshield.com/2018/06/11/tradeTrap/

So called the “evilReflex”

CVE-2018-12703 and CVE-2018-12702

https://peckshield.com/2018/06/23/evilReflex/

Uncategorized

Jun 2018 – ALL NIPPON Airways Security Advisories

ALL NIPPON Airways Security Advisories

Airline application and protocol are proprietary in past 2 decades. The Airline terminal guarantee the reliability. Any counterfeit transaction or cyber attack no way to happen there. As times goes by, Airline industry react to develop mobile apps to expand the business function goal to cope with modern world. Japan airline is one of the responsible company. They are not intend to hide their mobile application design weakness. Believe that the specify design weakness not only happens on ANA airways mobile apps. May be it happen in other mobile apps but some of the company not aware or ignore.

Official announcement (see below):

http://jvn.jp/en/jp/JVN71535108/index.html

 

Blockchain

Vault 7 re-engineering by hacker. They are aim to steal the cryptocurrency.

1 Comment

As far as we know, Notepad++ has been updated to version 7.3.3. It aim to remediate a vulnerability on notepad. Such vulnerability exploit by law enforcement to do the survillance. The specifics annoucement released by WikiLweaks on 2017 so called Vault 7.
Wanna Cry Ransomware technology re-emngineering of Microsoft SMB weakness and jepodizing the world. It wreak havoc in cyber security world in 1st quarter in 2018.
Cryptocurrency technology proud of their design concept and technology and claimed that it can reduced the cyber attack in fundemental concept. The reality is that the total no of data breaches or money losts not less than traditional technology architecture. What’s the root causes let distrbuted technogy demote their cyber security in scanario today.
Per observation, cryptocurrency system limitation occurs in endpoint devices in frequent. From technical point of view, the zero day of attack is hard to avoid in personal computer user end point devices( mobile phone, notebook and desktop). A hints as usual inform cryptocurrency owner stayed alert. As a matter of fact, nowadays antivirus can keep secure of your system. Please make sure your virus signature is up to date.

2.3 Million Cryptocurrency Addresses Monitored by Clipboard Hijacking Malware headline news (see below):

https://www.blockchainnews.buzz/2018/07/01/2-3-million-cryptocurrency-addresses-monitored-by-clipboard-hijacking-malware/

Potential Risk of CVE

30th Jun, 2018 – VMware releases security updates

VMware Releases Security Updates – June 30, 2018 VMware ESXi, Workstation, and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. A local user can trigger an out-of-bounds memory read error in the shader translator to obtain potentially sensitive information or cause their virtual machine to crash. The browser’s built-in shader translation facilities, it is a underlying platform’s graphics driver. So, VMware user must staying alert!

VM offical announcement  – https://www.vmware.com/security/advisories/VMSA-2018-0016.html

 

antihackingonline.com