Vulnerability Overview Recently, Apache Software Foundation (ASF) has released a security advisory to strongly advise users of Apache Struts2.3.X to upgrade the Apache Commons FileUpload component. Struts 2.3.x, by default, uses the Commons FileUpload component of V1.3.2. Early in 2016, this component of V1.3.2 is disclosed to contain a deserialization...
Author: NSFOCUS
VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert
Overview Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018. (more…)
Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert
Overview On November 7, 2018, local time, Cisco released a security advisory to announce the remediation of two critical vulnerabilities in the Stealthwatch Management Console (SMC) and the Utility Express respectively. (more…)
Technical Report on Container Security (II)-2
1 Image Metadata By default, in the Linux system, Docker data is stored in /var/lib/docker by default. However, different systems have different Docker storage drivers and directory structures.. This document uses Docker images in the OCI standard format as an example to describes how Docker images are stored. (more…)
AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert
Overview Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software. CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user. CVE-2018-17914 stems from an empty password in the...
NSFOCUS Present at the CS3STHLM Summit as the Only Asia-Pacific Security Vendor
On October 24, 2018, the CS3STHLM industrial cyber security & Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems ("the Stockholm summit") kicked off in Sweden for the fifth consecutive year, bringing together cybersecurity experts worldwide. NSFOCUS, as the only participating security vendor from Asia-Pacific, delivered a...
