Type1 Font Parsing 0-day Remote Code Execution Vulnerability Threat Alert
April 3, 2020
Overview
On March 23, local time, Microsoft released an out-of-band security advisory ADV200006 to address two critical 0-day vulnerabilities in Adobe Type Manager Library. A vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a crafted multi-master font, namely, the Adobe Type 1 PostScript format. An attacker could exploit the vulnerability to cause remote code execution by convincing a user to open a crafted document or viewing it in the Windows Preview pane. (more…)
IP Reputation Report-03292020
April 2, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 29, 2020.
(more…)
DDoS Attack Landscape 2
April 1, 2020
DDoS Attack Counts and Peak Sizes
Distribution of Peak Sizes
From the monthly data in the last three years, the number of large-scale attacks (> 100 Gbps) soared in 2018 and then fluctuated at a high level over a two-year period. In 2017, the number of
such attacks reached 11,800, only 48% of the number in 2018 (24,500). 2019 saw 21,400 largescale attacks peaking above 100 Gbps (according to data by November 2019), on a par with 2018 (22,000 by November 2018). Besides, super-sized attacks (> 300 Gbps) have increased year by year from an average of 30 per month in 2017 to 247 in 2018 and then to 262 in 2019. Arguably, it has become a normal thing for super-sized attacks to keep increasing in number.
Spring Cloud Config Server Path Traversal (CVE-2020-5405) Threat Alert
March 31, 2020
Vulnerability Description
Security researchers from NSFOCUS found a directory traversal vulnerability (CVE-2020-5405) in the Spring Cloud Config component. On February 26, Spring released a security bulletin to announce this vulnerability and also expressed appreciation to NSFOCUS. (more…)
Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Technical Analysis and Solution
March 30, 2020
Overview
On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. This vulnerability exists in the way the Microsoft SMBv3 protocol handles certain requests. An attacker could exploit this vulnerability in an unauthenticated way. (more…)
Microsoft SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) Threat Alert
March 29, 2020
Overview
On March 11, Beijing time, Microsoft released March 2020 updates to fix vulnerabilities among which is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) indicated in a security bulletin released earlier. Instead of a security patch, Microsoft currently provides a workaround for users to mitigate this vulnerability. (more…)
Linux System PPPD Remote Code Execution Vulnerability (CVE-2020-8597) Threat Alert
March 27, 2020
Vulnerability Description
On March 6, the United States Computer Emergency Readiness Team (US-CERT) release a security bulletin to announce a 17-year-old remote code execution vulnerability in the PPP daemon (pppd). This vulnerability affects nearly all Linux-based operating systems and network device firmware. This vulnerability is a buffer overflow vulnerability (CVE-2020-8597), with a CVSS score of 9.8. eap.c in pppd has a rhostname buffer overflow vulnerability in the eap_request and eap_response functions. Via an Extensible Authentication Protocol (EAP) packet, an unauthenticated attacker could exploit this vulnerability to cause arbitrary code execution in an affected system. (more…)
IP Reputation Report-03222020
March 26, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 22, 2020.
DDoS Attack Landscape 1
March 25, 2020
Executive Summary
In 2019, the average peak size of DDoS attacks rose steadily from 2018 to 42.9 Gbps, indicating that techniques employed by large and medium scale attacks are advancing year by year. After
a sharp rise in 2018, super-sized DDoS attacks (> 300 Gbps) were relatively stabilizing in 2019, increasing slightly by around 200. (more…)
V8 Type Confusion Vulnerability (CVE-2020-6418) Threat Alert
March 24, 2020
Vulnerability Description
On February 25, security updates were released for Google Chrome and Microsoft Edge. The open-source JavaScript and WebAssembly engines in V8 in Google Chrome before 80.0.3987.122 and Microsoft Edge browser before 80.0.361.62 are prone to a type confusion vulnerability (CVE-2020-6418), which allows attackers to access data in an unauthorized way, thereby executing malicious code. According to researchers, this vulnerability has been exploited for attacks before security updates were released. Currently, details have been made public available. Users of Google Chrome and Microsoft Edge browsers adopting V8 are advised to install the updates as soon as possible. (more…)
