Vendor: PDFTron Vendor URL: https://www.pdftron.com/ Versions affected: WebViewer UI 8.0 or below Systems Affected: Web applications hosting the affected software Author: Liyun Li <liyun.li[at]nccgroup[dot]com> CVE Identifier: CVE-2021-39307 Summary PDFTron’s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. Impact An attacker … Continue reading Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)
Archive
Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
This is the second blog post in a new code-centric series about selected optimizations found in pairing-based cryptography. Pairing operations are foundational to the BLS Signatures central to Ethereum 2.0, the zero-knowledge arguments underpinning Filecoin, and a wide variety of other emerging applications. While my prior blog series, "Pairing over BLS12-381," implemented the entire pairing … Continue reading Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
CertPortal: Building Self-Service Secure S/MIME Provisioning Portal
tl;dr NCC Group's Research & Development team designed and built CertPortal which allows users to create and manage S/MIME certificates automating the registration and renewal to allow enterprise scale deployment. The core of the system integrates DigiCert to create an S/MIME certificate and then storing both the certificate, the password, creation and expiry dates in … Continue reading CertPortal: Building Self-Service Secure S/MIME Provisioning Portal
NSA & CISA Kubernetes Security Guidance – A Critical Review
Last month, the United States' National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report (CTR) detailing the security hardening they recommend be applied to Kubernetes clusters, which is available here. The guidance the document contains is generally reasonable, but there are several points which are either incorrect or … Continue reading NSA & CISA Kubernetes Security Guidance – A Critical Review
Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery
Vendor: New York State Vendor URL: https://play.google.com/store/apps/details?id=gov.ny.its.healthpassport.wallet Versions affected: 1.2.0 Systems Affected: Android Google Play Store Author: Siddarth Adukia sid.adukia[at]nccgroup[dot]com Summary New York State developed an application called NYS Excelsior Pass Wallet that allows users to acquire and store a COVID-19 vaccine credential. During some research it was discovered that this application does not validate … Continue reading Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery
Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy
Vendor: New York State Vendor URL: https://covid19vaccine.health.ny.gov/excelsior-pass Versions affected: iOS 1.4.1, Android 1.4.1 Systems Affected: iOS, Android Author: Dan Hastings dan.hastings[at]nccgroup[dot]trust Advisory URL / CVE Identifier: Risk: Information Leakage Summary The New York State (NYS) Excelsior scanner app is used by businesses or event venues to scan the QR codes contained in the NYS Excelsior … Continue reading Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy
Conference Talks – September 2021
This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, "Overview of Open-Source Cryptography Vulnerabilities", to be presented at the International Cryptographic Module Conference 2021 (Virtual - Sept 3 2021)Robert Seacord, "Secure Coding", to be presented at Auto ISAC Analysts (Virtual - Sept 7 2021)Erik Steringer, "Automating AWS … Continue reading Conference Talks – September 2021
The ABCs of NFC chip security
tl;dr NFC tags are becoming increasingly more common in everyday use cases such as: Public spaces like museums, art galleries or even retail stores in order to provide additional information about an item or product. Inventory management sites use NFC tags on product packaging to update information on its contents. Industrial facilities can use NFC for sharing … Continue reading The ABCs of NFC chip security
CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2
We look at exploitation without the CVE-2021-31955 information disclosure, enabling better exploit primitives through PreviousMode, reliability, stability and exploit clean-up and well as thoughts on detection
Disabling Office Macros to Reduce Malware Infections
Category: Reduction/Prevention Overview Document macros have gone in and out of style since 1995 as a deployment method for malware. Netskope’s latest ‘Cloud and Threat Report: July 2021 Edition’ points out that in Q2 of 2021, Microsoft Office macros accounted for 43% of malicious Office document downloads, compared to just 20% at the beginning of … Continue reading Disabling Office Macros to Reduce Malware Infections