Potential Risk of CVE

Cisco IOS XE Software CLI command injection vulnerabilities CVE-2018-0193

The design objective of the Command Line Parser is used to parse the command line arguments. The parser parsing a string and returns an object representing the values extracted. This is the the regular expression design objective. The Cisco IOS XE is a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS), introduced with the ASR 1000 series. IOS XE is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel. The goal of IOS SE aim to integrate the IOS feature set for routing and switching cope with modern business critical applications.  Vulnerability found daily we have not surprise. A CLI command injection vulnerability has been found on CISCO IOS XE this month. For more details, please find below url for reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj

 

Under our observation, Virus & Malware

Bank ATM Framework QUICK TOUR

Believe that ATM scammer or criminal activities will be signigicant dropped after ATM thief are under sentence. It looks that I am overlook the attraction of bank note since a new jackpotting malware is under development. I surprise to me that the malware originate country is in Hong Kong. We known that bank of China did the system update (perhaps including ATM machine) during easter Hoilday. The ATM infrastructure looks prefect under the custodiance of Hong Kong monetary authority. However there are system design bugs and limiations on both hardware and software so it lure the hacker interest. It bring misunderstanding of ATM technology to the IT people so far, ATM archiecture is old fashion. But the truth is that ATM system architecture has been line up with Microsoft client-server architecture for financial applications on the Microsoft Windows platform in last decade. Threat actors can appear all around the world. The highlight of this news incidentally let the world know that Hong Kong is also a technology development zone. It is not only limit to business financial area.

For more details about the headline news articles. Please refer below url for reference.

https://www.securityweek.com/new-strain-atm-jackpotting-malware-discovered

Potential Risk of CVE, Under our observation

A quick way to do the remediation (CVE-2018-0171(smart install vulnerability))

Headline news posted by Reuters report that Iran hit by global cyber attack that left U.S. flag on screens. As we know, this vulnerability will be conducted the following:

  1. Triggering a reload of the device.
  2. Allowing the attacker to execute arbitrary code on the device.
  3. Causing an indefinite loop on the affected device that triggers a watchdog crash.

Perhaps the side effect of this vulnerability looks dangerous especially allowing the attacker to execute arbitrary code on the device.

But there is quick way to do the remedation of this vulnerability.

a. Go to your router configuration mode and input no vstack command.

b. Since victim report that a special message show on the console screen. And therefore it is recommended to use your ios backup file to replace existing ios.

For more details about the headline news report by Reuters. Please following below url for reference.

https://www.reuters.com/article/us-iran-cyber-hackers/iran-hit-by-global-cyber-attack-that-left-u-s-flag-on-screens-idUSKBN1HE0MH

country cyber law

Russian regulator moves to ban messaging app Telegram – 2018

The Fall of the Berlin Wall on November 9, 1989. A physical wall who goal to isolate the culture and humanity looks never appears in the world again. However we are living in the modern of ages. We unintend to transform our culture and daily life to a digital world. Furthermore the operation of the world also under digital mainbrain custodian. If you looking around, seems Berlin has not falling down. Don’t be childish! Perhaps Berlin wall disappeared, but another wall has been established around the world!

We are focusing censorship policy especially the China great firewall ban VPN and external parties communications. May be we overlook Russia! Russia’s Supreme Court orders telegram to hand over keys this month. Should you have interested of the headline news, please refer below url for reference.

Financial Times – Russian regulator moves to ban messaging app Telegram

https://www.ft.com/content/66062614-397c-11e8-8b98-2f31af407cc8

Potential Risk of CVE, Under our observation

Ruby – CVE-2018-3740,CVE-2018-3741 & CVE-2018-8048

 

There are total 2,149,836 web sites deployed Ruby On Rails framework.Ruby on Rails, or Rails, is a server-side web application framework written in Ruby under the MIT License. RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries. There are 3 items of vulnerabilities found on Ruby. Per my investigation, if hacker combining those 3 items of vulnerabilities can transform as a powerful hacking strategy. System administrator must check your environment see whether it requires for update.

Technical references shown as below:

CVE-2018-3740 – https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e

CVE-2018-3741 – https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae

CVE-2018-8048 – https://github.com/flavorjones/loofah/issues/144

2018, Blockchain, cyber security incident news highlight

Verge Is Forced to Fork After Suffering a 51% Attack

Blockchain technology contains advanced security features fundamentally. However the heist occurs in such secure platform are in frequent. The questions of a retrospective and why was hacked? It proof that the problem not given by blockchain technology design flaw. Most likely the root causes are given by end point (client side), operation management (show the privilesge credential in the system event log). Rumors happened yesterday, verge user feared the attacker might use his dominant network position to siphon funds from their accounts. Verge technical team announce that it is a hash attack and it only some blocks were affected during a 3 hour period, not 13 hours. But what do you think? Do you think there is a zero day happens in e-wallet? Headline News can be found in following url.

https://news.bitcoin.com/verge-is-forced-to-fork-after-suffering-a-51-attack/

Potential Risk of CVE, Under our observation

Staying alert! Microsoft Malware Protection Engine design limitation CVE-2018-0986

Staying alert! Microsoft Malware Protection Engine design limitation

Microsoft Releases Security Update 3rd April 2018:

https://portal.msrc.microsoft.com/en-US/security-guidance

Technical details: Explanation

1. Microsoft Malware Protection Engine runs as NT AUTHORITY\SYSTEM without sandboxing, and is remotely accessible without authentication via various Windows services,including Exchange, IIS,…etc

2. NScript is the component of Microsoft Malware Protection Engine that evaluates any filesystem or network activity that looks like JavaScript.

3. The attacker can invoke object vtable to pass arbitrary to other objects.

Remark: When an object is created, a pointer to this table, called the virtual table pointer, vpointer or VPTR, is added as a hidden member of this object.

Under our observation, Virus & Malware

Magento-Based Websites Hacked: Steal Credit Card Data and Install Mining Malware

I keep observe Magento platform so far. On Jan 2018, OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers. A security expert found that Oneplus exploiting Magento eCommerce platform. Heard that over 1000 Magenoto stores as hacked this week (Apr 2018). It looks strange that only for 3 months another new cyber security accident happen again. Security experts observed there are three possible ways make the incident happen.

1. Insert malicious code in Magento core files.

2. Attackers deploy cryptojacking scripts that mine Monero on the computers of store visitors.

3. Adobe Flash Player update packages, which would infect users with the AZORult infostealers.

Remark: TrendMicro investigation report display in below url for reference.

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/magento-based-websites-hacked-to-steal-credit-card-data-and-install-cryptocurrency-mining-malware

But my observation looks have different than above. For more details, please refer to above diagram.

Potential Risk of CVE, Under our observation

Oil refinery industry security alert! CVE-2018-4841

We heard in frequent that threat actors will be engaged APT attack to hostile country. The more percentage of cyber attack to the important public facilities most likely is the nuclear power facilities and power generator. As we know, a harden procedure has been built by nuclear power facilitates company. In order to avoid the unforeseen cyber incident happens, internet access function is prohibited in that area. However working with SCADA technologies market coverage not limit to nuclear power facilities. The oil refinery industry, natural gas and water supply facilities are relies on SCADA system. Today, a security alert is going to awake oil refinery, gas and water supply industries. Since a announcement by SCADA hardware manufacture Siemens, they inform that their product encountered vulnerability. The manufacture provides the workaround. However, the workaround only suggest to setup a preventive control.  To be honest, may be there are more spaces to do the remediation! Should you aware of this vulnerability. please refer below vendor announcement for reference.

https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Application Development, Cell Phone (iPhone, Android, windows mobile)

Firebase Analytics – To be compliance or not to be compliance on personal privacy

Perhaps the scandal of Facebook and awaken people in the world concerning their personal privacy. Meanwhile web surfing behavior is a major element to do the behaviour analytic.  Now we fully understand the influence power of social media platform. However the analytic function not only valid today. Firebase is a mobile and web application development platform developed by Firebase, Inc. in 2011, then acquired by Google in 2014. Google Analytics for Firebase is a free app measurement solution that provides insight on app usage and user engagement. I do a survey on popular mobile application software tonight. The reason I chosen this mobile apps software for evaluation is that it contains a series of new claims services includes insurance claim. It  allow insurance claims pay-out at 7-Eleven (Hong Kong). The result is that the mobile apps pass the compliance requirement. The firebase analytics service disabled for legal reasons. For more details, please refer above diagram for reference.

antihackingonline.com