Achieving Effective Application Security in a Cloud Generation

Today’s modern applications are designed for scale and performance. To achieve this performance, many of these deployments are hosted on public cloud platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) for their benefit of elasticity and speed of deployment. The challenge is that effectively securing cloud hosted applications to date has been difficult. There are many high-profile security events involving successful attacks on cloud-hosted applications in the media, and these are only the examples that were disclosed to the public.

BATT: Recovery at fragile stage

The Bankers Association of Trinidad & Tobago (BATT) has noted the optimism by Finance Minister Colm in his 2017/2018 mid-year budget review but said there is still a lot of work to be done to consolidate the gains made and press ahead with restructuring public finances.

Society needs the Artificial Intelligence Data Protection Act now

On December 31, 2015, I published my original call to arms for society’s rational regulation of artificial intelligence before it is too late. I explained certain reasons why someone who is against solving problems through regulation would propose precisely that mechanism to help hedge the threats created by AI, and announced my proposed legislation: The Artificial Intelligence Data Protection Act (AIDPA).

Suspect Identified In CIA ‘Vault 7’ Leak

An anonymous reader quotes a report from The New York Times: In weekly online posts last year, WikiLeaks released a stolen archive of secret documents about the Central Intelligence Agency’s hacking operations, including software exploits designed to take over iPhones and turn smart television sets into surveillance devices. It was the largest loss of classified documents in the agency’s history and a huge embarrassment for C.I.A. officials. Now, The New York Times has learned the identity of the prime suspect in the breach (Warning: source may be paywalled; alternative source): a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets.

F.B.I. agents searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and family members. The search warrant application said Mr. Schulte was suspected of “distribution of national defense information,” and agents told the court they had retrieved “N.S.A. and C.I.A. paperwork” in addition to a computer, tablet, phone and other electronics. But instead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found the material on a server he created as a business in 2009 while he was a student at the University of Texas.

Adobe Reader zero-day discovered alongside Windows vulnerability

During the first half of 2018, we have witnessed some particularly interesting zero-day exploits, including one for Flash (CVE-2018-4878) and more recently for Internet Explorer (CVE-2018-8174). The former was quickly used by exploit kits such as Magnitude, while it is only a matter of time before we see the latter being weaponized more widely.

We can now add to that list an Adobe Reader zero-day (CVE-2018-4990), which was reported by ESET and Microsoft and has already been patched. Although it has not been observed in the wild yet, it remains a dangerous threat considering it is coupled with a privilege escalation vulnerability in Microsoft Windows.

To exploit the Windows vulnerability, the attacker must write to an arbitrary address in kernel space, which will not work for Windows 8 and above, as newer security features prevent this kind of mapping. Those two combined zero-days were necessary to escape the Acrobat Reader sandbox protection, which to its credit has been improving the security of the software drastically, so much so that malicious PDFs that were once common as part of drive-by download attacks have all but vanished.

Let’s take a quick look at the malicious PDF using pdf-parser:

python pdf-parser.py --content CVE-2018-4990.pdf

We can see a suspicious obfuscated blurb that most likely contains the JavaScript code we are looking for. We can decode and dump the output to a raw file:

python pdf-parser.py -c CVE-2018-4990.pdf --object 1 --filter --raw > output.raw