Adobe Security Bulletins for January 2020 Security Updates Security Alert
January 30, 2020
Overview
On January 14, local time, Adobe officially released the January security update, which fixed multiple vulnerabilities in various Adobe products, including Adobe Experience Manager and Adobe Illustrator CC.
Official notification address:
Weblogic WLS Component IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-2551) Security Alert
January 29, 2020
Overview
In January 2020, the critical patch update announcement CPU (Critical Patch Update) officially released by Oracle, a remote code execution vulnerability (CVE-2020-2551) in the IIOP protocol of Weblogic WLS component was announced. (more…)
Oracle family key patch update January 2020 Security Alert
January 28, 2020
Overview
On January 14, 2020, Oracle officially announced critical patch update (CPU) security announcement and third-party security announcement, and fixed 334 vulnerabilities. See the appendix table for the affected conditions and available patches of each product.
Windows CryptoAPI High Risk Vulnerability (CVE-2020-0601) Security Alert
January 27, 2020
Overview
On January 14, local time, one of the latest monthly patch updates from Microsoft fixed the Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) discovered and reported to Microsoft by the National Security Agency (NSA), which affects Windows 10. , Windows Server 2016 and Windows Server 2019. (more…)
WordPress plug-in authentication bypass vulnerability Security Alert
January 26, 2020
Overview
Recently, webarx researchers announced two high-risk authentication bypass vulnerabilities in WordPress plug-ins, which allow attackers to log in to an administrator account without a password. (more…)
ICS Information Security Assurance Framework 8
January 25, 2020
2.2.3 New ICS Attack Framework “TRITON”
In the middle of November 2017, the Dragos, Inc. team found malware tailor-made for ICSs and identified it as TRISIS (referred to as TRITON in this document) because it fixed it gaze on Schneider Electric’s Triconex safety instrumented system (SIS), enabling the replacement of logic in final control elements. (more…)
GitLab EE / CE Information Disclosure Vulnerability (CVE-2020-6832) Security Alert
January 24, 2020
Vulnerability Description
On January 14th, GitLab officially released an important version update security notice, fixing a vulnerability (CVE-2020-6832) that could lead to private project inform-ation disclosure. GitLab is an open source project for a warehouse management system. It uses Git as a code management tool and a web service built on it. (more…)
Cybersecurity Insights-14
January 23, 2020
Analysis of IoT Attack Sources
From NSFOCUS’s IoT threat intelligence, we can associate DDoS attack events with IoT devices. Further analysis of IoT devices compared to source IP addresses of DDoS attacks found that 3.14% of DDoS attackers are IoT devices. Though this proportion is relatively small, the number of DDoS source IP addresses is so staggering large that DDoS attacks based on IoT devices is a very significant threat. (more…)
ICS Information Security Assurance Framework 7
January 23, 2020
2.2.2 Dragonfly 2.0 Malware The Dragonfly organization, also known as Energetic Bear, mainly carries out cyber espionage activities targeting electric power operators, major power generation enterprises, petroleum pipeline operators, and industrial equipment providers in the energy sector. According to a Joint Analysis Report (JAR) released by the Department of Homeland Security (DHS), Dragonfly is a […]
IP Reputation Report-01192020
January 22, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at January 19, 2020.
