Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert
July 29, 2019
1 Vulnerability Description
Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met:
- An SMTP server has been configured in Jira and the Contact Administrators Form is enabled.
- An SMTP server has been configured in Jira and an attacker has “Jira Administrators” access.
Oracle July 2019 Critical Patch Update for All Product Families Threat Alert
July 26, 2019
Overview
On July 16, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 319 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:
For more details, see Oracle’s official security advisories from the following link:
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (more…)
IP Reputation Report-07222019
July 25, 2019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 21, 2019. Top 10 countries in attack percentage: The Palestine is in first place. The Suriname is in the second place. The country China (CN) is […]
Botnet Trend Report-6
July 24, 2019
3.3.2 Analysis Most Botnets Deployed on VPSs for Economic Reasons Low-cost virtual private servers, which have little security oversight, have become the main target for hosting command & control servers. When setting up C&C servers, botnet groups will attempt to take over any available system. Having evolved past traditional on-premises servers, botnet groups now target […]
Fastjson Remote Code Execution Vulnerability Threat Alert
July 23, 2019
Overview
Recently, a security researcher discovered an issue with the fixes for multiple versions of fastjson. Despite these fixes, an attacker could remotely execute code on a server running fastjson via a carefully crafted request. This issue affects fastjson 1.2.47 and earlier and does not require enabling the autotype option. (more…)
A Look into the Gafgyt Botnet Trends from the Communication Traffic Log
July 23, 2019
About the Gafgyt Botnet
Gafgyt is a long-lived IoT botnet family with a lot of variants. Over the years, it has grown into a gigantic family with the same notoriety as Mirai. Its variants are mature enough to provide capabilities of scanning vulnerabilities conducting DDoS, executing instructions, and downloading and executing malware. (more…)
Redis Active/Standby Synchronization Code Execution Vulnerability Threat Alert
July 19, 2019
1 Vulnerability Description
Written in ANSIC, Redis is an open-source, memory- or network-bound key-value database which can store logs in a persistent manner. It provides multilingual APIs. (more…)
Botnet Trend Report-5
July 17, 2019
3.3 Geographical Distribution
3.3.1 Behavior Seen
According to geographical analysis of IP addresses, 2018 saw most new C&C servers in the USA (30.64%), closely followed by China (29.79%). Other top C&C hosting countries include Canada, Russia, Germany, France, and Italy. (more…)
Microsoft’s Security Patches for July 2019 Fix 79 Security Vulnerabilities
July 16, 2019
Overview
Microsoft released July 2019 security updates on Tuesday which fix 79 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, ASP.NET, Azure, Azure DevOps, Internet Explorer, Microsoft Browsers, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Servicing Stack Updates, SQL Server, Visual Studio, Windows Kernel, Windows Media, Windows RDP, and Windows Shell. (more…)
