Preface: The phrase “old wine in new bottles”! Cyber security world has similar things all the time!
About SS7 design weakness:
Business impact: A U.K. bank says no customers lost money after cyber attackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports. The National Cyber Security Centre (NCSC) also confirmed. Such attacks involve tampering with Signaling System #7, the protocol used to route mobile phone calls worldwide.
Security advice: A one-time passcode may be sent over SMS, but the safer way is to use an authenticator app, such as Authy, Cisco’s Duo or Google Authenticator, to generate the code.
Aim to security:
The new regulations on China’s Cybersecurity Law on November 2018 grant China cyber security agencies (the legal authority) to conduct remote testing of any Internet-related business operating in China.
Their authority is possible to copy and share any data that government officials find on the system being inspected.
MPS (The Ministry of Public Security (MPS) ) is able to execute the following authorities:
Conduct on-site or remote inspection of network security defenses taken by companies operating in China.
Check for prohibited content in China.
Record the safety response plan during the on-site inspection.
Copy any user information found on the system being inspected during a live or remote inspection.
Perform a penetration test to check for vulnerabilities.
Perform a remote check without notifying the company.
Share any collected data with other state agencies.
During the on-site inspection, two members of the PAP (Chinese People’s Armed Police Force) had the right to enforce the procedure.
Preface: It was because of new version 4.0 introduced on Jan 2018. Cisco urge customers upgrade to 4.0 to do the remediation. The Elastic Services Controller Service Portal Authentication Bypass Vulnerability finally fixed on Feb 2019.
Product background: Cisco ESC provides a single point of control to manage all aspects of VNF lifecycle for generic Virtual Network Functions (VNFs) in a dynamic environment. ESC brings advanced capabilities like VM and Service monitoring, auto-recovery and dynamic scaling.
Speculate the technical weakness on similar design function: Perhaps the problem given by Vulnerabilities of using a REST API token based authentication! So the official announcement state that vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software.
Preface: GD is extensively used with PHP. As of PHP 5.3, a system version of GD may be used as well, to get the additional features that were previously available only to the bundled version of GD.
Technical background: The LibGD 2.2.5 allow to written C code to load an entire image file into a buffer in memory, then ask gd to read the image from that buffer. But the programmer must responsible for allocating the buffer, apart from that a customized function must responsible for freeing the buffer with your normal memory management functions.
Vulnerability found: A vulnerability in GD Graphics Library (libgd) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
Doubt: Similar vulnerability was found on 2017 (Double-free in gdImagePngPtr(). (CVE-2017-6362)). LibGD 2.2.5 release announced that Double-free in gdImagePngPtr(). (CVE-2017-6362) has been fixed!
Preface: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.
Background: A WAF is deployed to protect a specific web application or set of web applications. Generally, the common attacks such as cross-site scripting (XSS) and SQL injection will be under WAF protection. But in reality, XSS is hard to avoid.
New vulnerability found: Palo Alto Networks PAN-OS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
The following PAN-OS versions are affected:
PAN-OS 7.1.21 and prior
PAN-OS 8.0.14 and prior
PAN-OS 8.1.5 and prior
Preface: The Marvell 88W8897A SoC (System on a Chip) is the industry’s first 802.11ac chip to combine Bluetooth 4.2, mobile MIMO (Multi-input Multi-output), transmit beamforming, and with built-in support for all screen projection technologies.
Technology Background: Computer design primary focus on memory usage. Even though without an exception in SoC (System on a Chip) design.
Vulnerability found: During Wi-Fi network scans, an overflow condition can be triggered, overwriting certain block pool data structures.
Exploitation of vulnerability: Attacker can exploit ThreadX block pool overflow vulnerability to intercept network traffic or achieve code execution on the host system.
Remedy: Marvell encourages customer to contact their Marvell representative for additional support.
Remark: This vulnerability was post on headline news on mid of January 2019. However we could not found any positive responses announce by vendor.
Preface: Avahi is a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery.
Technical background: Multicast DNS (mDNS) is a protocol that uses packets similar to unicast DNS except sent over a multicast link to resolve hostnames.
Vulnerability found in Avahi: The vulnerability exists because the affected software misses link-local checks, causing the multicast DNS (mDNS) protocol to respond to IPv6 unicast queries with source addresses that are not on-link.
Impact: Remote attacker to access sensitive information on a targeted system or conduct DDoS!
Remedy released finally: 22 Dec 2018 https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f
Japan is going to execute infiltration to citizens smart home devices. Do you think what is the goal? Whether they are aware of 3rd party (enemy) has been completed a surveillance program in their country or they are avoid to become a botnet victim?