Security Articles

Exploit PoC_Linux unprivileged user access to systemctl command (CVE-2018-19788)

A new vulnerability CVE-2018-19788 has been discovered on Linux systems which effects on major Linux OS products including Red Hat, Debian, Ubuntu, and Cent OS. This vulnerability can be very easily exploited on Linux systems.

Vulnerability Summary: A low privilege user on most Linux systems with uid greater than 2147483647 automatically gets the system level privilege for issuing system level systemctl command.

A word about Polkit (formerly PolicyKit): Polkit is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy.

Time-based Blind injection attacks and Countermeasures

A CSR or Certificate Signing request is a block of encrypted data that is generated on the server that the certificate is going to be used on. It contains information that will be needed to generate your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually generated while you create the CSR.

A certificate authority can use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a CSR will only work with the private key that was generated with it. Hence if you lose the private key, the certificate will no longer work.

Contents

IAM Shortfalls : Solutions to Overcome

Identity & access management is the most important key factor in managing security, but it falls short when applying the same solution to all the enterprise data.

  • The major gap in unstructured data (files, emails, etc)

End users storing the data into various places like file shares, share point where we don’t have centralized IAM solution to monitor the user identity & access portion.

  • No single application for IAM to connect to, because end users are storing the data onto their own project application, O365 application storage, Microsoft one drive for storing the data. So IAM is missing the connection between AD users/groups and the folder and mailbox ACL’s

Solution to overcome these blunders.

Data Privay: What a Protected Data Really Means?

To Begin with, let us all  know the basis question: “What a Protected Data really means?”

Protected data, sometimes called as Personally Identifiable Information (or PII), is a term for information about a person that can be used to facilitate identity theft and other criminal acts. To make it more defined  and to know how much protection different types of data require, the CSU has developed a 3-tier classification system:

HackQuest 3.0 | A Digital Security Challenge by TCS’ Cyber Security Practice

They say the best defense is a great offense – and with cybersecurity, that is certainly a big factor in staying ahead of the cyber-attackers. 
Juniper Research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. 

With more and more of our information going online, from work to our personal lives, our data is more at risk than ever before. However, in this age where everything is digitalized, how can we make sure that it is secured? How can we ensure the confidentiality, integrity and availability for our data? 

Cyber Security Landscape for 2019

Will 2019 be better or worse than 2018? Traditional business structures will continue to get disrupted over the next two to five years. The digital age has created unprecedented opportunities to do business and deliver services using new technologies. Organizations are rapidly embracing social media, mobility and cloud computing technology and transforming their ICT operations. The fast advancement in above technologies is being driven by the economics of value and advantage created by this competitive change. While this opens up exciting new opportunities, improves efficiency, it also exposes businesses to larger attack surface and associated multiplicative risks of cyber-attacks of adopting such emerging technologies, increased network bandwidth, and interconnected devices.

Transition from DevOps to DevSecOps

DevSecOps is a process of integrating and streamlining security practices earlier within the DevOps process. This can be achieved by replacing the traditional process of working in silos with that of increased communication and shared the responsibility for security processes during various phases of application/software development lifecycle. It helps identify security issues early in the development process rather than after a product is released.

Adopting DevSecOps process will have the following benefits:

Security Intelligence: You miss, attackers hit !!

Today’s world is more interested in analytics and automation. Likewise, Security is more focusing on automating the process of generating network alarms, identifying threats and risks with real-time correlation and behavioral anomaly detection. Security requirement is more of gathering security information from across the organization and analyze it to automate the threat detection, vulnerability identification, risk management, anomaly detection and for forensic analysis.

Let’s see one by one in detail what is covered in Security Intelligence and analytics:

1. Gathering security logs, relevant information from across the organization and having big data analytics capabilities is a must require ingredient. We must be able to capture necessary network traffic, endpoint and user behavioral data, application data, threat intelligence feeds. So we know what’s happening in our environment very well.

Blockchain Technology - Digital Era

The blockchain is the new buzzword in today’s banking environment. A blockchain is basically a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree root hash). By design, a blockchain is resistant to modification of the data. It is "an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way".

Blockchain was invented by Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the cryptocurrency bitcoin. The invention of the blockchain for bitcoin made it the first digital currency to solve the double-spending problem without the need for a trusted authority or central server. The bitcoin design has inspired other applications.

Pages

Subscribe to RSS - Security Articles