Overview Recently, researchers from Zimperium disclosed 13 critical vulnerabilities in FreeRTOS, including four remote code execution vulnerabilities. (more…)
Author: NSFOCUS
Drupal Remote Code Execution Vulnerability Threat Alert
Overview Recently, Drupal released an official security advisory to announce the fixes for multiple security issues, including two critical remote code execution vulnerabilities which affect Drupal 7 and 8. The two critical vulnerabilities are described as follows: (more…)
libssh Server-Side Identity Authentication Bypass Vulnerability (CVE-2018-10933)Threat Alert
Overview On October 16, local time, libssh officially released an update to fix the server-side identity authentication bypass vulnerability (CVE-2018-10933) existing in libssh 0.6 and later versions. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker...
WebLogic Remote Code Execution Vulnerability(CVE-2018-3191)Threat Alert
Overview On October 17, Beijing time, Oracle officially released a Critical Patch Update (CPU), which contains a fix for the critical WebLogic remote code execution vulnerability (CVE-2018-3191). This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in...
USA and China identified as top cyber attack sources
Help Net Security - NSFOCUS released its H1 Cybersecurity Insights report, which analyzed traffic from January 1, 2018 to June 30, 2018. Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most...
WebLogic Remote Code Execution Vulnerability(CVE-2018-3245) Threat Alert
Overview On October 16, local time (early morning on October 17, Beijing time), Oracle officially released the October (third quarter) Critical Patch Update (CPU), which fixes a July (second quarter) CPU patch. The WebLogic remote code execution vulnerability (CVE-2018-2893) has not been fully fixed. The newly fixed vulnerability is assigned...
