Case Analysis It is a common practice to protect an account with a password. However, the account will be compromised if the password is disclosed. Now many mobile phones or apps support two-step verification. When detecting a login to your account from another phone, the mechanism requires the other form...
Year: 2019
Technical Report on Container Security (IV)-4
Container Security Protection – Image Security Image Security Images are the basis of containers. Therefore, their security speaks a lot for that of the entire container ecosystem. Container images are a series of images stacked layer by layer. They are distributed and updated through image repositories. The following sections describe...
2019 Predictions: Email Attachments, IoT, and Cryptominers to be Security Pain Points
Data breaches in 2018 compromised personal information of millions of people around the world, most notably from large corporations such as Facebook, Marriott, T-Mobile and Quora. Seemingly every week there is a new breach reported, and consumers have taken notice. In the past year, the average number of overall...
Oracle January 2019 Critical Patch Update Security Advisory for All Product Families
Overview On January 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 284 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (more…)
ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* Remote Code Execution Vulnerability Handling Guide
1 Vulnerability Overview Recently, ThinkPHP 5.0-5.0.23 was found to have a remote code execution (RCE) vulnerability. The NSFOCUS Falcon Team carried out tests and found that ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* were also prone to this vulnerability, which could be triggered in both Linux and Windows systems. (more…)
Researchers analyze DDoS attacks as coordinated gang activities
Help Net Security - In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. Researchers analyzed attack types, volume,...
