Potential Risk of CVE, Under our observation

IOS-XE vulnerabilities (CVE-2018-0196) + (CVE-2018-0171 & CVE-2018-0151)

3 Comments

Perhaps a medium vulnerability found on IT product not a shock. However the medium vulnerability co-exists with known critical vulnerabilities created multiple vulnerabilities are unable to foreseen what is the level of damage. Cisco IOS XE fundamental design integrate to open system. The severity of vulnerability CVE-2018-0196 is medium level. End user is allow to disable the http services to avoid the vulnerability. But the default state of the HTTP Server feature is version-dependent. A significant signal alert Cisco customer that corrective control is not enough. A efficient way is enhance your preventive and detective control. That is the implementation of managed security services. The critical vulnerabilities was posted last week. But the vulnerability of CVE-2018-0196 confirmed and therefore it summarized as below:

CVE-2018-0196 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-wfw

CVE-2018-0151

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

CVE-2018-0171

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

2018, cyber security incident news highlight, Under our observation

Bank Negara Malaysia (Bank) detected and foiled a cybersecurity incident involving attempted unauthorized fund transfers using falsified SWIFT messages.

3 Comments

Easter holiday make me lazy. Seen cyber incident alert posted by my friend Enoch yesterday. However I just ignore until awaken this evening. The details of this incident was that the crooks use falsified SWIFT Messages try to achieve their goal. The news told that they haven’t successful. As far as I remember, on February this year City Union Bank in India victim of cyber hack through SWIFT system. My speculation is that it is the flaw of MT202. A fundamental design limitation on original MT 202 message. Perhaps MT 202 COV doing the compensated control. But the MT 202 COV must not be used for any other interbank transfer. However MT 202 still valid and not end of life yet. A hints input of technical concerns shown on attach picture see whether this is root causes of this incident.

MT 202 design weakness lure financial crime

i. Suspicious activity monitoring on the underlying originator and beneficiary in the message would not be performed.

ii. The originating bank could be in a jurisdiction with different sanction watch lists and the technical capabilities of each bank’s sanction screening program could vary.

Below url is the press release (Cybersecurity Incident Involving the Use of Falsified SWIFT Messages)

http://www.bnm.gov.my/index.php?ch=en_press&pg=en_press&ac=4651

Reference:

City Union Bank in India victim of cyber hack through SWIFT system – Reuters Headline News (19th Feb 2018)

 

Potential Risk of CVE, Under our observation

Mar 2018 – Apple Releases Multiple Security Updates

I spend a lot of time to study security update by Apple this week. It looks that core foundation vulnerability bring to my attention. As we know Objective-C is a general-purpose, object-oriented programming language used by Apple for the OS X and iOS operating systems. Retrospectively, vendor has urge developer that a good practices will be prevented memory-related problem. I am concerning about the race condition vulnerability found this time. There are two main kinds of problem that result from incorrect memory management. Freeing or overwriting data that is still in use. Not freeing data that is no longer in use causes memory leaks. This is the way to causes the vulnerability (race condition) happens.

Since there are plenty of vulnerabilities address this time. For more details, please refer to official url for reference.

About the security content of iOS 11.3

https://support.apple.com/en-us/HT208693

About the security content of Xcode 9.3

https://support.apple.com/en-us/HT208699

Potential Risk of CVE, Under our observation

CVE-2018-1327: DoS attack is possible when using XStream handler with the Struts REST plugin

 

Vulnerability when will it stop, this is our holiday! The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. The problem was that a DoS attack is possible when using XStream handler with the Struts REST plugin. As far as I know, Cisco integrate Struts 2 in their product design. Since without status update by Cisco in regards to this vulnerabilities. So, stay tuned!

You can find the official technical details below:

https://cwiki.apache.org/confluence/display/WW/S2-056

This vulnerability so call Easter holiday vulnerability.

Potential Risk of CVE, Under our observation

Drupal core – Highly critical – Remote Code Execution (Mar 2018)

1 Comment

Drupal core installation can serve as a simple Web site, a single- or multi-user blog, an Internet forum, or a community Web site providing for user-generated content. The risk calculator shown that it is highly critical according NIST Common Misuse Scoring System (NISTIR 7864). Two critical factors told us the following:

  • All data can be modified or deleted
  • All non-public data is accessible

It is indeed nightmare! Drupal user must do the patching immediately. Otherwise there is a new round of data leakage incident will be happened soon!

Official announcement: Drupal core – Highly critical – Remote Code Execution

https://www.drupal.org/sa-core-2018-002

Potential Risk of CVE

Alert ! Cisco Releases Security Updates

Cisco IOS is a monolithic operating system running directly on the hardware while IOS XE is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel. Attacker executing code remotely using system vulnerabilities. It is common type of attack and hard to avoid.

CVE-2018-0151 – Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

CVE-2018-0171 – Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

CVE-2018-0150 – Cisco IOS XE Software Static Credential Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc

Potential Risk of CVE

Siemens typical control system – vulnerabilities found (CVE-2018-4844 and CVE-2018-4843)

1 Comment

Supervisory control and data acquisition (SCADA) is a system of software and hardware elements that allows industrial organizations to: Control industrial processes locally or at remote locations. Monitor, gather, and process real-time data. Since the server and workstation of the SCADA system capable to operate with Windows OS system. And therefore it awaken the security expert concerns. Indeed factual that SCADA system are the hacker target because SCADA system integrate to electric power facilities. The cyber security attack to power facilities are growth rapidly.  The vendor announced that vulnerabilities was found on 2 system components. For more details, please find below url for reference.

CVE-2018-4843 – https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf

CVE-2018-4844 – https://cert-portal.siemens.com/productcert/pdf/ssa-822928.pdf

stay tuned!

Potential Risk of CVE

Navarino Infinity web interface is affected by multiple vulnerabilities

If you are belongs to marine industry especially container shipping company, see whether you are going to do patching to your maritime bandwidth management system this week. Do not let those vulnerabilities causes shipping traffic jam. To be honest, bad guys can relies of such vulnerabilities to do a lot of bad things. For more details, please see below url for reference.

https://navarino.gr/archives/6989

Status update 2nd Aug 2018 – Hacker or criminal group will be targeting Superyacht (see hyperlink below) – https://edition.cnn.com/2018/07/03/sport/is-yacht-hacking-the-next-big-cybercrime-spt-intl/index.html

Potential Risk of CVE, Under our observation

CVE-2018-5148: Mozilla Foundation Security Advisory 2018-10 Use-after-free

Hi Folks, homeland security urge computer users stay alert of web browser (FireFox) vulnerability. The design flaw could let the attacker execute a denial-of-service condition.  I review the vulnerability details. It state the following. A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. But I have different imagination of this flaw. In short, please refer below diagram for reference.

To be or not to be? But it is better to conduct the security update now. For more details, please refer below url for reference.

https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/

Potential Risk of CVE

F5 Networks: CVE-2018-5504,CVE-2018-5502,CVE-2018-5505&CVE-2018-5503

2 Comments

WebSockets are vulnerable to malicious input data attacks, therefore leading to attack. Therefore it attract the cutting edge technology vendors do the development in this place. F5 one of the famous L5 to L7 cutting edge technology vendor. Perhaps vulnerabilites happen for IT world today not a fresh news. However the webSocket itself have fundamental design limitation.  The status update of CVE checklist released last night. F5 product includes in their list.

K11718033: TMM WebSocket vulnerability CVE-2018-5504

https://support.f5.com/csp/article/K11718033

K43121447: BIG-IP Client SSL vulnerability CVE-2018-5502

https://support.f5.com/csp/article/K43121447

Final – K15500: SSL acceleration card timing vulnerability CVE-2014-4024

https://support.f5.com/csp/article/K15500

K23520761: BIG-IP ASM and BIG-IP Analytics vulnerability CVE-2018-5505

https://support.f5.com/csp/article/K23520761

K54562183: BIG-IP PEM vulnerability CVE-2018-5503

https://support.f5.com/csp/article/K54562183

 

antihackingonline.com