BLOG

December 17, 2020

Multiple vulnerabilities in GameLoop – remote code execution, privilege escalation

Gameloop is an Android emulator released by Tencent. During our tests, we have identified multiple vulnerabilities which can lead to code execution and privilege escalation inside the guest operating system. CVEID: CVE-2020-29008 Name of the affected product(s) and version(s): Tencent Gameloop (all versions) Problem type: CWE-96: CWE-284: Improper Access Control CVEID: CVE-2020-29009 Name of the affected product(s) and version(s): Tencent Gameloop (all versions prior to 3.21.736.100) Problem type: CWE-96: CWE-284: Improper Access Control

Read more
The Top 20 Secure PLC Coding Practices. Part 14 – Disable unneeded / unused communication ports and protocols
The Top 20 Secure PLC Coding Practices. Part 14 – Disable unneeded / unused communication ports and protocols

15.12.2020

PLC controllers and network interface modules generally support multiple communication protocols that are enabled by default. Disable ports and protocols that are not required for the application. Security Objective Target Group Hardening Integration / Maintenance Service Provider Guidance Common protocols usually enabled by default are e.g., HTTP, HTTPS, SNMP, Telnet, FTP, MODBUS, PROFIBUS, EtherNet/IP, ICMP, etc. Best practice is to develop a data flow diagram that depicts the required communications between the PLC and other components in the system.

More
The Top 20 Secure PLC Coding Practices. Part 13 – Validate inputs based on physical plausibility
The Top 20 Secure PLC Coding Practices. Part 13 – Validate inputs based on physical plausibility

08.12.2020

Ensure operators can only input what’s practical or physically feasible in the process. Set a timer for an operation to the duration it should physically take. Consider alerting when there are deviations. Also alert when there is unexpected inactivity. Security Objective Target Group Integrity oI/O values Integration / Maintenance Service Provider Guidance a) Monitor expected physical durations If the operation takes longer than expected to go from one extreme to the other, that is worthy of an alarm.

More
CVE-2020-29007 - remote code execution in Mediawiki Score
CVE-2020-29007 - remote code execution in Mediawiki Score

02.12.2020

Score is a Mediawiki extension which generates musical notation based on user-provided Lilypond or ABC markup. During our tests, we have determined it is vulnerable to remote code execution through Scheme code embedded in Lilypond markup. CVEID: CVE-2020-29007 Name of the affected product(s) and version(s): Mediawiki Score (all versions up to 0.3.0) Problem type: CWE-96: Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’) Summary All version of Score (up to and including 0.

More
The Top 20 Secure PLC Coding Practices. Part 12 – Instrument for plausibility checks
The Top 20 Secure PLC Coding Practices. Part 12 – Instrument for plausibility checks

01.12.2020

Instrument the process in a way that allows for plausibility checks by cross-checking different measurements. Security Objective Target Group Integrity oI/O values Product Supplier Integration / Maintenance Service Provider Guidance There are different ways of using physical plausibility for validating measurements: a) Compare integrated and time-independent measurements Plausibility checks can be done by integrating or differentiating time-dependent values over a period of time and comparing them to time-independent measurements. b) Compare different measurement sources

More
The Top 20 Secure PLC Coding Practices. Part 11 – Assign designated register blocks by function (read/write/validate)
The Top 20 Secure PLC Coding Practices. Part 11 – Assign designated register blocks by function (read/write/validate)

25.11.2020

Assign designated register blocks for specific functions in order to validate data, avoid buffer overflows and block unauthorized external writes to protect controller data. Security Objective Target Group Integrity of PLC variables Product Supplier Integration / Maintenance Service Provider Guidance Temporary memory, also known as scratch pad memory, is an easily exploitable area of memory if this practice is not followed. e.g., simply writing to a “Modbus” register that is out of bounds could lead to overwriting memory registers used for temporary calculations.

More
The Top 20 Secure PLC Coding Practices. Part 10 – Validate indirections
The Top 20 Secure PLC Coding Practices. Part 10 – Validate indirections

17.11.2020

Validate indirections by poisoning array ends to catch fence-post errors. Security Objective Target Group Integrity of PLC variables Product Supplier Integration / Maintenance Service Provider Guidance Indirection is the use of the value of a register in another register. There are many reasons to use indirections. Examples for necessary indirections are: Variable frequency drives (VFDs) that trigger different actions for different frequencies using lookup tables. To decide which pump to start running first based on their current run times PLCs do not typically have an “end of an array” flag so it’s a good idea to create it in software; the goal is to avoid unusual/unplanned PLC operations.

More
Cyber Kill Chain - what is it and how to use it to stop advanced methods of attack?
Cyber Kill Chain - what is it and how to use it to stop advanced methods of attack?

05.08.2020

Recently the number of cyberattacks has increased year on year. It is also estimated that the number of attacks conducted with the use of ransomware increases by 350%¹ each year. Additionally, the Covid19 pandemic has caused an increase in the number of malicious emails by 600%². An understanding of the characteristics of attacks and strategies used by attackers is one of the key ways of protection against potential attacks. Cybersecurity experts have created a few models showing the characteristics of attacks.

More
How to enable multi-factor authentication in Office 365
How to enable multi-factor authentication in Office 365

25.05.2020

The coronavirus pandemic has forced many organisations to undergo a rapid digital transformation and switch to a remote workforce. This sudden change created a need for tools allowing users remote access to company resources. Within a couple of days, business processes of many companies have been moved online. Due to the rapidness of the changes, not all employees have been sufficiently prepared for working remotely and telecommunication and IT systems have not been adequately secured.

More
Cloud computing security - identity and access management comparison for GCP and AWS
Cloud computing security - identity and access management comparison for GCP and AWS

10.05.2020

Cloud computing is the foundation of many digital transformation projects. Currently, enterprises see progressively more value in the ability to scale the cloud environment, being able to transfer part of the responsibility for reliability onto a cloud service provider as well as the accessibility of data for employees working remotely. However, the ease of access to data creates the need for rigorous identity management: specifying exactly who, in what situation and to what level can access the data stored in the cloud.

More