VMblog.com - It's no surprise that 2018 continued to bring an increase in fraud attacks and data security breaches, including those of Facebook and now Marriott. In the past two years, the average number of overall daily searches for keywords such as "personal information disclosure" and "hacker" have been fluctuating...
Author: NSFOCUS
ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert
Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework's insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is...
The missing leg – integrity in the CIA triad
Linkedin Eric Vanderburg Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing...
Technical Report on Container Security (III)-2
Security Risks and Challenges—Security Threat Analysis Security Threat Analysis When we talk about security risks to containers, we mean security threats to hosts, to containers, and to the carried applications. (more…)
Adobe Flash Player 0-Day Vulnerabilities Threat Alert
Overview On December 5, 2018, local time, Adobe released a security bulletin to document the remediation of two vulnerabilities, namely a critical 0-day vulnerability (CVE-2018-15982) in Adobe Flash Player and an important vulnerability (CVE-2018-15983) in Adobe Flash Player installer. (more…)
Satan Ransomware Variant Exploits 10 Server-Side Flaws
Dark Reading - Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say. A new version of ransomware that first surfaced about two years ago is garnering attention for its ability to spread via as many as ten different vulnerabilities in Windows and Linux server platforms.
