WebSphere Remote Code Execution Vulnerability (CVE-2020-4450) Threat Alert
June 19, 2020
Vulnerability Description
On June 5, Beijing time, IBM released a security advisory to announce the fix of a remote code execution vulnerability (CVE-2020-4450) in WebSphere Application Server (WAS). This vulnerability is caused by deserialization of the IIOP protocol. An unauthenticated attacker could target the WAS server remotely via the IIOP protocol, causing arbitrary code execution on the target server to gain system privileges to take control of the server. This vulnerability is assigned the CVSS score of 9.8 and therefore is a high-risk one.
WebSphere Application Server is an enterprise-ready web middleware that is widely used in enterprises’ web services, thanks to its reliability, flexibility, and robustness. As this vulnerability has an extensive impact, affected users should take preventive measures as soon as possible.
(more…)IP Reputation Report-06142020
June 18, 2020
1. Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 14, 2020.
2019 Cybersecurity Insights -2
June 17, 2020
Key Findings [Vulnerabilities] 2019 saw a steady increase in high-risk vulnerabilities and in Internet of Things (IoT) vulnerability exploits. Of server-related vulnerabilities, web vulnerabilities stole the spotlight and the Windows remote desktop vulnerability CVE-2019-0708 had a far-reaching impact. [Malware] Ransomware and cryptojacking malware were two most active types of malware in 2019. In this year, […]
A Newcomer in Anti-DDoS Solutions: BGP FlowSpec
June 16, 2020
With the robust development of the Internet, more and more companies have put their services online. While the Internet conveniences people’s lives, how to secure it becomes an increasingly severe challenge. Distributed denial-of-service (DDoS) is one of the most common types of cyberattacks. It paralyzes the target network, disrupts services, and causes direct financial damages by exhausting the egress bandwidth and degrading server performance. NSFOCUS’s anti-DDoS solution has been widely adopted by telecom carriers, financial companies, Internet service providers (ISPs), and small and medium-sized businesses (SMBs), which, in turn, makes it possible for the company to gain an insight in customer requirements, thoroughly understand various business scenarios, and keep innovating. In August 2017, NSFOCUS introduced an innovative concept of integrating BGP FlowSpec into ADS, injecting new life into DDoS protection.
(more…)Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution
June 15, 2020
Overview
On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. This vulnerability exists in the way the Microsoft SMBv3 protocol handles certain requests. An attacker could exploit this vulnerability in an unauthenticated way.
For the SMBv3 server, attackers could send a crafted packet to the server to trigger this vulnerability; for the SMBv3 client, attackers could trigger the vulnerability by tricking the user into connecting to a maliciously crafted SMB server.
(more…)Information Security in the Workplace- Use of Mobile Storage-v
June 12, 2020
With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.
(more…)Cybersecurity Insights -1
June 11, 2020
Executive Summary
2019 witnessed more intense challenges in global political and economic orders. Restricted by various conventions, agreements, and protocols, traditional military means are now the last resort. In this context, attacks on the financial sector and on the cyberspace become the first choices for rival countries to try on their modern military strategies. Predictably, these attacks will probably become regular approaches in the future. By the time when the 2018 Cybersecurity Insights was released, the following trends had taken shape regarding cybersecurity: The window between the discovery of a vulnerability and the effective exploitation of this vulnerability was shortened; the DDoS attack size steadily grew; emerging threats like those from the Internet of Things (IoT) rose sharply; such malware as backdoors, cryptojackers, worms, trojans, and botnets were still active. When it comes to information disclosure, the AcFun website was hacked, leading to a leak of nearly 10 million pieces of user data; India’s Aadhaar (India’s national ID database) number leak affected 1.1 billion citizens. Information disclosure events have hit record highs for six years in a row since 2013. The four enterprises, namely Facebook, Equifax, British Airways, and Marriott International, together were fined approximately USD 9 billion for privacy and information leaks, more than the aggregate market value of the cybersecurity industry in China in that year.
(more…)IP Reputation Report-06072020
June 10, 2020
1.Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at June 7, 2020. 2.Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China (CN) is […]
Apache Kylin Remote Code Execution Vulnerability (CVE-2020-1956) Threat Alert
June 9, 2020
Vulnerability Description Recently, Apache released a security advisory to announce the fix of a remote code execution vulnerability (CVE-2020-1956) in Apache Kylin. Apache Kylin has some RESTful APIs that will associate OS commands with user-typed strings. As Apache Kylin fails to properly verify user inputs, an attacker could execute arbitrary system commands without authorization. Currently, […]
Fastjson 1.2.68 and Earlier Remote Code Execution Vulnerability Threat Alert
June 8, 2020
Vulnerability Description
On May 28, Fastjson 1.2.68 and before were reported to contain a remote code execution vulnerability that bypasses the autoType switch to implement deserialization of classes that contain security risks. Attackers could exploit this vulnerability to execute arbitrary code on the target machine.
(more…)