Adobe September 2018 Security Updates Threat Alert
November 19, 2018
Overview
On November 13, local time, Adobe officially released security bulletins and advisories to announce the remediation of multiple vulnerabilities in such products as Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. (more…)
Wi-Fi Security——Free Wi-Fi Acces
November 17, 2018
Case AnalysisCase Analysis
A malicious actor tends to set up Wi-Fi with a name that is the same as or similar to as a commonly used one, and then set an empty password or the same password as the legitimate Wi-Fi to attract connections from the public. Then the offender will hijack DNS requests on a Wi-Fi router, directing users to a phishing website to steal their user names and passwords or monitoring the traffic on mobile phones connecting to the router to obtain plaintext passwords.
IP Reputation Report-11162018
November 16, 2018
Top 10 countries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases in October. But the United States has the largest allocated IP addresses in the world and China is in the second place. So, report IP Reputation as a percentage of total IP addresses […]
Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert
November 16, 2018
Vulnerability Overview
Recently, Apache Software Foundation (ASF) has released a security advisory to strongly advise users of Apache Struts2.3.X to upgrade the Apache Commons FileUpload component. Struts 2.3.x, by default, uses the Commons FileUpload component of V1.3.2. Early in 2016, this component of V1.3.2 is disclosed to contain a deserialization vulnerability (CVE-2016-100031) which could result in arbitrary code execution.
Commons is a Java subproject of ASF and FileUpload is a subproject for handling HTTP file uploads. The Commons FileUpload component is mainly used to assist developers in implementing the web file upload function.
VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert
November 15, 2018
Overview
Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018.
Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert
November 15, 2018
Overview
On November 7, 2018, local time, Cisco released a security advisory to announce the remediation of two critical vulnerabilities in the Stealthwatch Management Console (SMC) and the Utility Express respectively. (more…)
Technical Report on Container Security (II)-2
November 14, 2018
1 Image Metadata
By default, in the Linux system, Docker data is stored in /var/lib/docker by default. However, different systems have different Docker storage drivers and directory structures.. This document uses Docker images in the OCI standard format as an example to describes how Docker images are stored. (more…)
AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
November 14, 2018
Overview
Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software.
CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user.
CVE-2018-17914 stems from an empty password in the configuration file. An unauthorized attacker could exploit this vulnerability to remotely execute code with the same privilege as that of the affected software. (more…)
NSFOCUS Present at the CS3STHLM Summit as the Only Asia-Pacific Security Vendor
November 12, 2018
On October 24, 2018, the CS3STHLM industrial cyber security & Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems (“the Stockholm summit”) kicked off in Sweden for the fifth consecutive year, bringing together cybersecurity experts worldwide. NSFOCUS, as the only participating security vendor from Asia-Pacific, delivered a speech titled Attacking PLCs by PLC in Deep, sharing the company’s security research experience in the industrial control system (ICS) realm. (more…)
Cisco ASA Security Product Denial-of-Service Vulnerability (CVE-2018-15454) Threat Alert
November 12, 2018
Recently, Cisco officially released a security advisory to fix the denial-of-service (DoS) vulnerability (CVE-2018-15454) in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability exists in the Session Initiation Protocol (SIP) inspection engine used by Cisco ASA and FTD. An unauthorized attacker could exploit this vulnerability remotely to cause an affected device to reload or trigger a high CPU usage, causing a denial of service to the device. (more…)
