News


  • CHT Security Discovered Multiple CVEs in Well-known Email System

    CHTSecurityRedTeamdiscoveredmultiplevulnerabilities(CVE-2019-11071、CVE-2019-11072、CVE-2019-11073)inawell-knownemailsystem.TheemailsystemhasCross-SiteScripting(XSS)andOpenRedirectvulnerabilities.Morethan40organizationsincludinggovernment,educationandfinancialsectorareaffected.Thvulnerabilitiesarebrieflydescribedasfollows:CVE-2019-11071:Anattackercanperformcross-sitescriptingattackspriortoauthentication.Thisvulnerabilityexistsinmultipleversionsoftheemailsystem.Thevulnerablepageis/cgi-bin/go.ThisvulnerabilityisclassifiedinA7-Cross-SiteScripting(XSS)ofOWASPTOP102017.CVE-2019-11072:Attackerscanperformcross-sitescriptingattacksagainstarbitraryparameters.Thisvulnerabilityexistsinmultipleversionsofthemessagingsystem.Thevulnerablepageis/cgi-bin/portal.ThisvulnerabilityisalsoclassifiedinA7-Cross-SiteScripting(XSS)ofOWASPTOP102017.CVE-2019-11073:Attackerscanperformunverifiedforwardingandredirectionpriortoverification.Thisvulnerabilityexistsinmultipleversionsoftheemailsystem.Thevulnerablepageis/cgi-bin/go.ThisvulnerabilityisclassifiedinCWE-601:URLRedirectiontoUntrustedSite(OpenRedirect).Emailsystemisoneofthecoresystemsofanenterprise.Oncehacked,allmailwhichmayincludeidentificationandorganizationinformationcanbeleaked.Enterprisesoftenoverlookthecriticalityofemailsystemsincetheyusuallyusepackagesoftwareorsubscribetoservices.Pertheexperienceofourpenetrationtestteam,vulnerabilitiesinweb-basedemailsystemsareoftenfound.TheXSSandOpenRedirectinthiscasearecommonvulnerabilitiesthatenablehackerstolaunchphishingoridentitytheft.Oncehackerscangrasptheemailcontentsandthekeypersons,theycanlaunchpreciseattackslikeBusinessEmailCompromise(BEC).AccordingtoFBIsreportin2018,BECscamshadbroughtmorethan$12billionlossesglobally.Thevendorhasreleasedrelatedpatchesafterreceivingourreport.Ifyourorganizationorenterpriseisusingtheaffectede-mailsystem,itisrecommendedtocontactthevendorforpatchingandupdatingassoonaspossible.CHTSecurityalsorecommendthefollowingmeasures:Enterprise:Contactthevendortoinstallthepatchassoonaspossible.Inadditiontoregularlyupdatingthesystem,itisrecommendedthatadministratorscanconfiguretwo-factorauthenticationtoenhanceloginsecurityandrequireenoughstrengthforuserpasswords.Emailsystemvendor:Implementinputvalidationintheapplications.ItisrecommendedtoadoptSecureSoftwareDevelopmentLifeCycle(SSDLC),providesecurecodingtraining,andregularlyconductsecuritytests,suchasSourceCodeSecurityAnalysisandPenetrationTesting,toeffectivelyensureproductsecurityfortheclients.

    更多
  • (108/9/9) Reporting High Risk CVE in SWIFT Alliance Web Platform that Enables Log Injection

    CHTSecuritysredteamdiscoveredahighriskloginjectionvulnerability(CVE-2018-16386)inSWIFTAllianceWebPlatformwhenperformingFinancialServiceSystemSecurityAssessmentlastyear.SWIFT(SocietyforWorldwideInterbankFinancialTelecommunication)isaglobaltransactiondataexchangesystemforfinancialservicesthatmorethan11,000banksandsecuritiesdealersinmorethan200countriesareusing.SWIFTisoneimportanttargetforhackers.Overthepastthreeyears,manybanks,includingTaiwan,havelostmorethan2.5billionTWDduetothehackingofSWIFTrelatedsystems.ThisvulnerabilitydoesnotrequireloginforloginjectionandtheCVSSv3.0riskscoreis7.5High.Thedetailsaredescribedasfollows:CVE-2018-16386:OurwhitehathackerdiscoveredaloginjectionvulnerabilityinSWIFTAllianceWebPlatform7.1.23.Anattackercanabusethesystemserrorlogfunctiontowritearbitrarycontenttoanylogfile.Whencombinedwithotherfileinclusionvulnerability,itispossibletoachievecommandinjection.Forexample:anattackercanwriteexploitationcommandintothelog,andthenloadthelogcontenttoachievecommandinjectionattack.Oncesuccessfullyattacked,theattackerwillhavefullcontrolofthevictimhost.Thevendorhasreleasedrelatedupdatesassoonaspossibleafterreceivingthereporting.SincetheSWIFTsystemishighlysensitive,thevulnerabilitywasnotpubliclyreleaseduntilthisyeareventhoughitwasreportedlastyear.ItisrecommendedthatfinancialinstitutionsorenterprisesthatarestillusingSWIFTpriortoversion7.1.23(inclusive),contactthevendorforsystemupdatesassoonaspossible.Ifyoucannotupdateimmediately,werecommendthefollowingmitigations:Regularlycheckthecontentoflogsifanyunexpectedinformationiswritten.Ensurepermissioncheckingforaccesstoanyfunctioninsoftwareimplementation.Denytheaccesswithoutproperprivilege.Developersshallintroducewhitelistingorregularexpressionforparametercheckandavoidinjectionofmaliciousinput.ItisrecommendedthatenterprisesshouldadoptSecureSoftwareDevelopmentLifeCycle(SSDLC),providesecurecodingtraining,andregularlyconductsecuritytests,suchasSourceCodeSecurityAnalysisandPenetrationTesting,toensuretheeffectivenessofenterprisecybersecurity.

    更多
  • (2019/8/6)Reporting Critical CVE in Popular eLearning Platform that Leads to Server Compromise without Authentication

    OurRedTeamhasreportedCVE-2019-11062,pointingoutthatapopulareLearningplatformhasacriticalriskofOSCommandInjection.TheriskiscategorizedinOWASPTOP102017A1-Injection.Duetothewiderangeofaffect,itisassignedwithrisksscores9.8CriticalfromCVSSv3.0.CVE-2019-11062:TheSUNNETWMProv5.0andv5.1foreLearningsystemhasOSCommandInjectionviabasePathparameterin/teach/course/doajaxfileupload.php.Thevictimservercanbeexploitedwithoutauthentication.Oncetheattacksucceeds,theattackercancompromisethevictimserverwithfullcontrol.Theattackercanthenuploadawebshelloraccessthecredentialsofserveranddatabaseadmins.Thevendorhasreleasedthesecuritypatch.IfyourorganizationorenterpriseisusingthiseLearningplatform,itisrecommendedtocontactthevendorforpatchingASAP.CHTSecurityhasthefollowingrecommendationforprotection:1.Disablethepathof/teach/course/doajaxfileupload.phptomakeitinaccessible.2.EnableyourWAFtocheckthebasePathparameteragainstanyplaintextorencodedOScommandstrings.3.Checkanddeleteifanyunexpectedfileisuploaded.4.Checkanddisconnectifaconnectionto/teach/course/doajaxfileupload.phpisnotauthenticated.5.Ensurepermissioncheckingforaccesstoanyfunctioninsoftwareimplementation.Denytheaccesswithoutproperprivilege.6.Inrecentyears,thenumbersandvariationsofmalwareareincreasing,andthehackingtechniquesarechangingwitheveryminute.Enterprisescanreducethecybersecurityriskswithsystematicsecuritytestingbyexperiencedsecurityexperts.Itisrecommendedthatenterprisesshouldregularlyconductsecuritytests,suchasSourceCodeSecurityAnalysisandPenetrationTesting,toensuretheeffectivenessofenterprisecybersecurity.

    更多
  • (2019/7/5) Reporting Critical and High CVEs that can Leak Sensitive Information from a Popular Official Document Editing System

    OurRedTeamhasreportedCVE-2019-11232andCVE-2019-11233,pointingoutthatapopularofficialdocumenteditingsystemhastwomajorrisksofleakingsensitiveinformation.TheriskscanbecategorizedinOWASPTOP102017A3-SensitiveDataExposure.Duetothewiderangeofaffect,thoseareassignedwithrisksscores9.8Criticaland7.5HighfromCVSSv3.0.CVE-2019-11232:allowinganattackertoaccessuserpasswordswithoutbeingauthenticated.TheexposedpasswordsareeitherstoredinplaintextorinsecureMD5format.CVE-2019-11233:allowinganattackertoaccesssensitiveinformationwithoutbeingauthenticated.Theexposedsensitiveinformationincludesemails,phonenumbers,employeenumber,departmentinfo,etc.Withoutbeingauthenticated,anattackercannotonlyaccesstosensitiveofficialdocumentswiththeexposedpasswords,butalsolaunchsocialengineeringorAPTcampaignswiththeexposedemployeeandorganizationinformation.Thevendorhasreleasedsecurityupdatesafterwereportedthevulnerabilitiestothem.Thus,ifyouareusingthementionedofficialdocumenteditingsystem,pleasecontactthevendorforpatchingASAP.CHTSecurityalsorecommendtakingthefollowingcountermeasures:Inthedevelopmentprocess,makesuretoperformprivilegecheckbeforeeveryfunctionexecution.Denytheaccesswhentheprivilegeisinsufficient.Passwordsshallbestoredwithsaltedhashing.Thatis,beforestoringpasswordsintodatabase,theoriginalpasswordshouldbeappendedwithalongrandomstring(salt)thenbehashedwithmultipleoperationsbysecurehashalgorithm(e.g.SHA-256).Inrecentyears,thenumbersandvariationsofmalwareareincreasing,andthehackingtechniquesarechangingwitheveryminute.Enterprisescanreducethecybersecurityriskswithsystematicsecuritytestingbyexperiencedsecurityexperts.Itisrecommendedthatenterprisesshouldregularlyconductsecuritytests,suchasSourceCodeSecurityAnalysisandPenetrationTesting,toensuretheeffectivenessofenterprisecybersecurity.

    更多
  • CHT Security Protects Critical Infrastructure Information Systems with Carbon Black.

    [Taipei,Taiwan,December14,2018]CHTSecurityandDocutekSolutionsofficiallybecomestrategicpartnersin2018.TheendpointproductCarbonBlackProtectionislistedoneoftheoptionsofChunghwaTelecomsCybersecurityFleettoenhancethecapabilitytodefendagainstnewmaliciousattacksandtocompletethelineupofCybersecurityFleetintermsofendpointprotection.CHTSecurityistheleadingMSSPinTaiwan,deliveringsecurityservicespriortotheincident(vulnerabilityassessment,penetrationtest),duringtheincident(managedSOC,DDoSprotection)andposttheincident(incidentresponse,digitalforensics)forgovernmentsandenterprises.ItsSOCservicehaswonthehighestscoreintheReviewoftheSecurityServiceProviderbySecurityDepartmentoftheExecutiveYuanforfiveconsecutiveyears.TostrengthentheSOCvisibilityfromendpoints,CHTSecurityleveragesthetop-notchfeaturesofCarbonBlackProtectiontoofferbestdefensecapabilityintheaspectsofendpoint,networkandgateway.CarbonBlackProtectioncombinesapplicationcontrol,fileintegritymonitoring,devicecontrolandmemoryprotectionforthestrongestsystemlockdown.Thisapproachstopsmalwareandnon-malwareattacksbypreventingunwantedchange.Thisiseffectiveatstoppingfile-basedattacksandnext-genattacksthatuseobfuscatedmalware,aswellasmemory-based,andscript-basedtechniques,likePowerShell.WithCarbonBlackProtectionorganizationscanenforcetheintegrityofdeploymentconfigurations,continuouslymonitorcritical-systemactivity,assesscomplianceriskandevenachievecomplianceforend-of-lifesystemsCarbonBlackProtectionenablestheendpointsecuritytocriticalinfrastructureinformationsystemsofCHTSecuritysMSScustomers,suchasthevote-countingnetwork,manufacturersforthemilitary,andgovernmentinstitutionswhosesystemsarehighlyconfidentialandcriticalandhavetoresponsetodomesticandoverseasattacksanytime.CHTSecuritydeliverscomprehensiveandleading-edgesecurityprotectionsfromnetworktoendpoint,ensuringthein-depthdefensearoundtheclock.AboutCHTSecurityFoundedin2017,CHTSecurityisasubsidiarycompanyofChunghwaTelecom,thelargestISPandoneofthelargestICTprovidersinTaiwan.Basedonyearsofexperiencesincyberdefensepractices,CHTSecurityistheleadingcybersecuritysolutionproviderinTaiwan,specializingincuttingedgemanagedsecurityservices,NDR/EDRservices,technicalconsultinganddigitalidentitytechnologyandhasalreadywonseveralinternationalcertificationsandprestigiousawardsworldwide.Formoreinformation,pleasevisitwww.chtsecurity.com.AboutDocutekSolutionsDocutekSolutions,Inc.wasestablishedinTaiwanandstarteditsfirstoperationin2003April,andpositionsasavalue-addeddistributoringreatChinamarket.WefocusonEnterpriseContentSecurityproducts,solutionsandservices,especiallyonassistingclientsinprotectingtheircompanyagainstinternalthreatsfocusedonmeetingthecustomersbudgetandbusinessrequirementsallwhileensuringcompliancetogovernmentregulations.Formoreinformationpleasevisitwww.docutek.com.tw

    更多

For Financial Institutions

Security Assessment, ATM Drills for Offense & Defense, DDoS Drills, GDPR Consultant.

For Enterprises

Large Enterprises: Gateway Protection, Endpoint Protection, Data Security, Regular assessment, ISMS, In-depth Defense with ISPs.
SMB & Soho: Anti-virus, Anti-hacking, Internet Protection.

For Government Departments

Regulation Compliance, Regional Joint Defense, SOC, ISAC, Common Supply Contract.