IP Reputation Report-12012019
December 5, 2019
- Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at December 01, 2019.
Cybersecurity Insights-7
December 4, 2019
Insights into Malicious Traffic
5.1 Vulnerability Exploitation
Here we classify vulnerabilities into
- server vulnerabilities
- desktop application vulnerabilities
- device vulnerabilities
Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409) Threat Alert
December 3, 2019
Vulnerability Description On November 18, local time, Apache Software Foundation (ASF) released an official security bulletin to reveal a remote code execution vulnerability (CVE-2019-12409) in Apache Solr. This vulnerability exists and can bring security risks because the configuration item ENABLE_REMOTE_JMX_OPTS in the configuration file solr.in.sh is enabled by default. If you use the default configuration […]
Advisory: Apache Flink Remote Code Execution Vulnerability
December 2, 2019
Overview
Recently, a security researcher announced a remote code execution vulnerability in Apache Flink Dashboard. The vulnerability does not require an attacker to authenticate, and a malicious Jar package can be uploaded via the dashboard to execute the code remotely. NSFOCUS researchers also made a successful re-enactment through research, confirming that they can attack the latest version of Flink. (more…)
Advisory: Apache Shiro RememberMe Padding Oracle Vulnerability
November 30, 2019
Vulnerability Description
In September 2019, Apache officially released a vulnerability topic “RememberMe Padding Oracle Vulnerability” numbered SHIRO-721. The issue pointed out that because the RememberMe field of the Apache Shiro cookie is encrypted by the AES-128-CBC mode, Shiro is vulnerable to Padding Oracle attacks. An attacker can use the Legal RememberMe cookie as the Padding Oracle attack prefix to construct RememberMe to trigger a Java deserialization attack. The attacker does not need to know the RememberMe encryption key when executing an attack. Apache Shiro is a powerful and easy-to-use Java security framework for performing authentication, authorization, passwords, and session management. Recently, it has been found that the use of this vulnerability has been spread in a small scope, and relevant users should take measures to protect against this vulnerability as soon as possible. (more…)
Microsoft Released November 2019 Security Patches to Fix 13 Critical Vulnerabilities
November 29, 2019
Overview
Among the vulnerabilities that Microsoft has updated in this month, there are 13 critical ones which exist in products like Hyper-V, VBScript, Exchange, and Scripting Engine. (more…)
IP Reputation Report-11242019
November 28, 2019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at November 24, 2019. Top 10 countries in attack percentage: The Laos is in first place. The Uzbekistan is in the second place. The country China (CN) […]
Cybersecurity Insights-6
November 27, 2019
4.2 Significant Increase in Device Vulnerabilities
In the past few years, vulnerabilities associated with network devices have grown rapidly. This is because more network enabled devices of more diverse types are connecting to the network. The threat increases as device vendors do not take security seriously and are remiss in providing timely firmware updates. Thus, the discovery of more vulnerabilities is not that difficult. (more…)
Adobe Security Bulletins for November 2019 Security Updates Threat Alert
November 26, 2019
Overview
On November 12, local time, Adobe officially released the November security update, which fixes multiple vulnerabilities in Adobe’s various products, including Adobe Bridge CC, Adobe Media Encoder, Adobe Illustrator CC, and Adobe Animate CC. (more…)
Advisory: Squid Multiple High-risk Vulnerability
November 25, 2019
Vulnerability Description
On November 5, local time, Squid officially released a security bulletin to fix multiple vulnerabilities, including a high-risk buffer overflow vulnerability that could lead to code execution (CVE-2019-12526), an information disclosure vulnerability (CVE-2019-18679) And HTTP request splitting problem (CVE-2019-18678). (more…)
