Uncategorized

Jun 2018 – ALL NIPPON Airways Security Advisories

ALL NIPPON Airways Security Advisories

Airline application and protocol are proprietary in past 2 decades. The Airline terminal guarantee the reliability. Any counterfeit transaction or cyber attack no way to happen there. As times goes by, Airline industry react to develop mobile apps to expand the business function goal to cope with modern world. Japan airline is one of the responsible company. They are not intend to hide their mobile application design weakness. Believe that the specify design weakness not only happens on ANA airways mobile apps. May be it happen in other mobile apps but some of the company not aware or ignore.

Official announcement (see below):

http://jvn.jp/en/jp/JVN71535108/index.html

 

Blockchain

Vault 7 re-engineering by hacker. They are aim to steal the cryptocurrency.

1 Comment

As far as we know, Notepad++ has been updated to version 7.3.3. It aim to remediate a vulnerability on notepad. Such vulnerability exploit by law enforcement to do the survillance. The specifics annoucement released by WikiLweaks on 2017 so called Vault 7.
Wanna Cry Ransomware technology re-emngineering of Microsoft SMB weakness and jepodizing the world. It wreak havoc in cyber security world in 1st quarter in 2018.
Cryptocurrency technology proud of their design concept and technology and claimed that it can reduced the cyber attack in fundemental concept. The reality is that the total no of data breaches or money losts not less than traditional technology architecture. What’s the root causes let distrbuted technogy demote their cyber security in scanario today.
Per observation, cryptocurrency system limitation occurs in endpoint devices in frequent. From technical point of view, the zero day of attack is hard to avoid in personal computer user end point devices( mobile phone, notebook and desktop). A hints as usual inform cryptocurrency owner stayed alert. As a matter of fact, nowadays antivirus can keep secure of your system. Please make sure your virus signature is up to date.

2.3 Million Cryptocurrency Addresses Monitored by Clipboard Hijacking Malware headline news (see below):

https://www.blockchainnews.buzz/2018/07/01/2-3-million-cryptocurrency-addresses-monitored-by-clipboard-hijacking-malware/

Potential Risk of CVE

30th Jun, 2018 – VMware releases security updates

VMware Releases Security Updates – June 30, 2018 VMware ESXi, Workstation, and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. A local user can trigger an out-of-bounds memory read error in the shader translator to obtain potentially sensitive information or cause their virtual machine to crash. The browser’s built-in shader translation facilities, it is a underlying platform’s graphics driver. So, VMware user must staying alert!

VM offical announcement  – https://www.vmware.com/security/advisories/VMSA-2018-0016.html

 

Public safety, Under our observation, Virus & Malware

The world cup 2018 – malicious game website and phishing email also involved in this competition. This like malware transformation of football shooting.

21 Comments

THE 2018 WORLD CUP lure hacker interest, a breeding ground for hackers. The phishing campaign linked to the start of the FIFA World Cup where cyber-criminals attempt to lure would-be victims into downloading. For instance, Games, email and related information. Such download contain malware and let the downloader become cyber attack victim.

How do you defend against this football (malware)? 1. Use and maintain antivirus software. 2. Keep software and operating systems up-to-date. 3. Be wary of downloading files from websites. 4. Think before you Click!

Headline News :

https://www.independent.co.uk/sport/football/world-cup/world-cup-live-streaming-free-streams-fifa-2018-football-matches-risk-fans-watch-a8419266.html

Data privacy, Under our observation

Sometimes RESTful API jeopardize your personal data privacy

Ticketmaster Hacked! The company sold 500 million tickets to 86 million people last year. It is important for you to select the best API to create chatbot. Common way call a RESTful API from your Chatbot. What makes RESTful APIs even more attractive is that the same REST API could potentially be used both by a web application, as well as other clients such as a mobile application. But RESTful API require hardening. Otherwise it is not in secure way.

Common REST API security risk (see below):

  • unencrypted payload
  • Lack of input  sanitisaton

And therefore payments or approvals process must put into a secure place which is usually not the client app.

Should you have interest of the Ticketmaster data breach incident, please refer below url for reference.

Ticketmaster admits personal data stolen in hack attack

https://www.bbc.com/news/technology-44628874?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story

30thJune2018 – status update (Inbenta and the Ticketmaster Data Breach FAQ’s – official announcement)

https://www.inbenta.com/en/inbenta-and-the-ticketmaster-data-breach-faqs/

 

Potential Risk of CVE, Under our observation

See whether does it a defect on GNU Binutils (status update on 25th June 2018)

 

Bug (CVE-2018-7642) found GNU Binutils 2.30 on 24th Feb 2018. GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. The GNU compiler Collection (gcc) play a important role of software development. If a bug will be happened in compiler. We might imagine that it will effect the software development life cycle (SDLC). A bug found earlier this year on GNU Binutils hits system crash. But bug found on April 2018 looks expanded and not only system crash. Should you have interest, please refer below url for reference.

CVE-2018-12700 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

CVE-2018-12700 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

CVE-2018-12699 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

CVE-2018-12641 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452

CVE-2018-12698 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

Bug found GNU Binutils 2.30 on 24th Feb 2018

CVE-2018-7642 – GNU Binutils 2.30

 

Uncategorized

Found buffer overflow, integrate overflow & memory corruption in redis – Jun 2018

If you have a database of geo-located data, what is the appropriate database setup? The geospatial require fastest database so Redis is one of the option.Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs and geospatial indexes with radius queries. Found buffer overflow, integrate overflow & memory corruption in redis. Technical details shown as below:

CVE-2018-12326, CVE-2018-11218 & CVE-2018-11219: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES

https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES

CVE-2018-12453: https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5

Dark power (malware) jeopardize the open geospatial data:

Dark power (malware) jeopardize the open geospatial data

 

Potential Risk of CVE, Under our observation

Will satellites be affected by a buffer overflow vulnerability?

5 Comments

Will satellites be affected by a buffer overflow vulnerability? Heard that hacker interested of the satellite device. This news let you imagine that it is a APT attack, right? It looks that political issues run around the world. Who’s right? Who’s wrong? Perhaps god also doesn’t know. On 16th Jan 2018, the confirmation of Solaris and SPARC Spectre vulnerabilities comes as Oracle delivers its Meltdown/Spectre patches for its x86 servers. Meldown and Spectre look like a AIDS or ebola disease.

The CDMU (Command and Data Management Unit) is used for spacecraft control especially satellities. It is composed of the following functional element. The LEON-3 CPU, developed by Gaisler Research, is a 32 bit synthesisable processor core based on the SPARC V8 architecture. Oh! As far as I know, hacker can be exploiting SPARC Buffer Overflow vulnerabilities. Perhaps it is not easy to do the patch management on the sky? Should you have interest of this topic, please refer below url for references.

http://www.nspo.narl.org.tw/en2016/aboutNSPO/gs.html

Potential Risk of CVE, Under our observation

“With great power comes great responsibility” (CVE-2018-6961)

Sometimes we review the vulnerability check list. We are aim to address high severity of vulnerabilities items in first piority. From technical point of view it looks correct. Since some medium vulnerabilities especially cookie or cross site scripting issue may spend more time to do the remediation. A security advisories announced by VMware on 15th May 2018 bring to my attentions. That is CVE-2018-6961 (see attached diagram). It looks that the orginal Web UI function is a dilemma! Web UI in frequent have design weakness thus let attacker do the code injection. Since there is no prefect item in the world. The attacker might relies on CVE-2018-6961 execute Use-After-Free vulnerability. As a result it affected drag-and-drop functionality and triggered through the Backdoor RPC interface.

Remark:  Staying alert of this directory (lib/include/backdoor_def.h)

Reference – Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud :

https://www.vmware.com/security/advisories/VMSA-2018-0011.html

Potential Risk of CVE, Under our observation

Not seen attack related to CVE-2018-7559, but require considerations and stay alert.

US Homeland security has announcement three times within this year ( April 16, 2018,May 29, 2018 and June 14, 2018) thus to urge the world staying alert malicious attack.Perhaps the industrial sector especailly oil and gas, power supplier facilities has detective and preventive control in placed. Hacker will be facing difficulties for attack. As far as we know, OPC source code on GitHub contains a flaw let remote attacker use the Server’s private key to decrypt and sign messages by using information obtained by sending invalid UserIdentityTokens encrypted with the Basic128Rsa15 security policy. The successful result could allow an attacker to decrypt passwords even if they are encrypted with another security policy such as Basic256Sha256. This flaw found on April this year and remediation has been announced. However, I believe that cyber security attacks exploit of this vulnerability will be happened soon.

Official announcement (OPC Foundation Security Bulletin Security Update for the OPC UA Stacks – April 2018)

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf

 

antihackingonline.com