Overview On December 8, 2020, local time, OpenSSL released a security advisory disclosing a NULL pointer dereference vulnerability (CVE-2020-1971), rating the vulnerability as High-risk. The vulnerability exists in the GENERAL_NAME_cmp function in OpenSSL. GENERAL_NAME_cmp compares different instances of a GENERAL_NAME to see if they are equal or not. When both...
Year: 2021
Struts2 S2-061 Remote Code Execution Vulnerability (CVE-2020-17530) Threat Alert
Overview On December 8, 2020, Struts released a security bulletin disclosing a potential remote code execution vulnerability (CVE-2020-17530) in S2-061. The vulnerability stems from insufficient input validation. This results in two forced Object Graph Navigation Library (OGNL) evaluations when the original user input is calculated. When the OGNL expression is...
Annual IoT Security Report 2019-14
This section analyzes WS-Discovery reflection attacks. For details about the WS-Discovery service, see section 1.6 WS-Discovery First Found to Be Abused for DDoS Reflection Attacks. (more…)
A Global DTLS Amplification DDoS Attack Is Ongoing
Attackers are targeting Citrix ADC (Application Delivery Controller) and utilize it to launch amplification attacks. However, no official patch has been released yet. (more…)
