Blog

QEMU VM Escape Vulnerability (CVE-2020-14364) Threat Alert

September 18, 2020 | Mina Hao

Vulnerability Description On August 24, QEMU released a security patch to fix a VM escape vulnerability (CVE-2020-14364) which is the result of an out-of-bounds read/write access issue in the USB emulator in QEMU. This vulnerability resides in ./hw/usb/core.c. When the program handles USB packets from a guest, this vulnerability is deemed to exist if USBDevice […]

IP Reputation Report-09132020

September 17, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at September 13, 2020. 2. Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China […]

SANGFOR Endpoint Detection Response Remote Command Execution Vulnerability Handling Guide

September 16, 2020 | Mina Hao

Vulnerability Description On August 18, 2020, the China National Vulnerability Database (CNVD) listed SANGFOR Endpoint Detection Response (EDR) remote command execution vulnerability (CNVD-2020-46552) as a new entry. An unauthenticated attacker could exploit this vulnerability to send a maliciously crafted HTTP request to a target server, thereby obtaining the privileges of the target server and causing […]

Function Identification in Reverse Engineering of IoT Devices

September 15, 2020 | Mina Hao

This document dwells upon function identification and symbol porting in reverse engineering of Internet of things (IoT) devices without using BinDiff and PatchDiff2, which are “too good” for the purposes here and are inapplicable in certain scenarios. Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo […]

Botnet Trend Report 2019-10

September 14, 2020 | Mina Hao

Adware For many years, large grey software supply chains on the Internet have been showing their own prowess for self-promotion. A specific piece of software is often bundled with unnecessary software, even malware, during the download and installation.

Future cyber security protection: reflection from the ups and downs of Covid-19-2

September 13, 2020 | Mina Hao

Biological virus and computer virus share similarities in some characters such as transmissibility. From the solutions to the COVID-19, we can learn the gain and loss of cyber security defense and protection, analyze the new trends and techniques and come up with the new ideas of defense and protection against attacks in the cyber security […]

Future cyber security protection: reflection from the ups and downs of Covid-19-1

September 12, 2020 | Mina Hao

2020 is almost halfway through, it is indeed a troubled period. Covid-19 swept all over the world in just a few months. The epidemic continues to spread and repeat, and has also changed many people’s inherent perceptions, including health care, public safety, organizational mobilization, economics and politics. The concept of computer virus is derived from […]

2020 H1 Cybersecurity Trends

September 11, 2020 | Mina Hao

01 Overview of the Vulnerability Trend In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, etc. […]

Struts S2-059, S2-060 Vulnerabilities (CVE-2019-0230, CVE-2019-0233) Threat Alert

September 11, 2020 | Mina Hao

Overview On August 13, 2020, Beijing time, Struts issued a new security bulletin to announce the fix of two vulnerabilities. S2-059 (CVE-2019-0230) is a possible remote code execution vulnerability, and S2-060 (CVE-2019-0233) is a denial-of-service vulnerability. The two vulnerabilities were fixed in Struts 2.5.22 released in November 2019. Users are advised to upgrade as soon […]

IP Reputation Report-09062020

September 10, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at September 6, 2020.