Preface: Industrial Ethernet has been the network of choice in factory auto-mation for many years and offers a powerful communication basis with PROFINET-based solutions.
Vulnerability details: A vulnerability has been identified in Scalance X-200 (All versions), Scalance X-300 (All versions), Scalance XP/XC/XF-200 (All versions <V4.1). The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network.
Impact: An attacker might use this behaviour to transmit malicious packets to systems in the mirrored network. The worst scanario is that it go direct to facilities like SIMATIC S7-400 advanced controller thus conducting cyber attack directly see whether can find zero-day of attack.
Preface: The vulnerability if not require attacker conduct scam to persuade a user. It is a extreme dangerous vulnerability.
Technical background of Kubernetes: Kubernetes (often referred to as K8s) is an open source system for automatically deploying, extending, and managing containerized applications. The system was designed by Google and donated to the Cloud Native Computing Foundation (now the Linux Foundation).
Synopsis: The container escape vulnerability in runc awaken docker users in regard to cyber security in their domain. Perhaps the vulnerability of CVE-2019-1002101 is in high severity level. But strongly believed that it is an alert. Hey administrator, staying alert! Should you have interest receive a quick understanding, please refer to attached diagram. Kubernetes has released software updates at the following link: https://github.com/kubernetes/kubernetes/releases
Observation: The incident shown that it is not difficult to keep track our web activities. A webhook (HTTP push API) is a way for an app to provide other applications with real-time information. As a result, what you are doing is that what thrid party get! I believe that all related informations over there will be found on Dark Web?
Preface: Today, the stored password is not encrypted like walking around without clothes!
Technical background: Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters). It allows you to manage your all your Docker resources (containers, images, volumes, networks and more) ! It is compatible with the standalone Docker engine and with Docker Swarm mode.
Vulnerability: The affected software stores LDAP credentials in cleartext and performs insufficient security checks on API calls that allow the retrieval of LDAP credentials.
Preface: Splunk is powerful, it can extract cookie of web connections. If client connection still alive, hacker can hijack and get the connection.
Vulnerability details: A vulnerability in Splunk Python SDK could allow an unauthenticated, remote attacker to bypass security restrictions on a targeted system. An attacker could exploit this vulnerability by executing a man-in-the-middle attack to bypass access restrictions on the system.
Design weakness: Due to improper verification of untrusted TLS server certificates
Preface: Linus Benedict Torvalds, he is the principal developer of the Linux kernel, which became the kernel for many Linux distributions and operating systems.
Vulnerability details: An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Impact: An attacker could exploit this vulnerability by executing an application that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary code and completely compromise the system.
Preface: We known so far that APT attack aim to lockdown specify attack target. The target will be specifics government regime and the their revenue. This is the modern way not require engage the traditional war.
Synopsis: APT attack lure people attention is that they form a structure attack and exploit with malware attacking major public facilities. For instance, Nuclear power station, water supply and Gas system. No matter it is a Botnet DDoS or implant malware conducting sabotage activities. It is a time consuming action. Perhaps above action didn’t fully exploit metamorphic definition. On my seen that a new generation of attack mechanism will be frequently exploit by APT group in future. The design will be similar LockerGoga Ransomware.
LockerGoga Ransomware: Expert found that LockerGoga does not have any self-propagation mechanisms (needs to be manually deployed). But later on found that it relies SMB protocol (manually copy files from computer to computer). They are jeopardizing in supply chain industry now. But I believe that it the a pilot run now.
Preface: Coding is the process of translating and writing codes from one language to another support operating system platform.
What is Flatpak?
If Linux user found that the new application not available in the App Stores. He can do the installation via the DEB or RPM packages. Some of them are available via PPAs (for Debian based distributions) and if nothing, one can build from the source code. Flatpak provide a 3rd way.
Vulnerability Details: The vulnerability exists because the affected software does not use the seccomp filter to prevent sandbox applications from using TIOCSTI IOCTL.
The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl() system call when used with TIOCSTI as the second argument to the system call. But it didn’t! The fact is that restriction could be circumvented on 64 bit architectures because it performs a 64-bit comparison,but the system call is defined with a 32-bit command argument in the kernel.
Similar design flaw discovered in libseccomp package!
Synopsis:session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session(sometimes also called a session key) to gain unauthorized access to information or services in a computer system.
In software development, time of check to time of use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check.
Out-of-Bounds Read. The program reads data from outside the bounds of allocated memory. Buffer overflow is probably the best known form of software security vulnerability.
Current Status: VMware has been addressed above issues in their product. For more details, please refer to url below: