Adeline Zhang

Windows Arbitrary File Read 0-Day Vulnerability Handling Guide

January 7, 2019

1 Vulnerability Overview

Recently, a security researcher with Twitter alias SandboxEscaper, once again, published proof-of-concept (PoC) code for a new 0-day vulnerability affecting Windows. This is the third Windows 0-day vulnerability published by this same researcher since August 2018. The vulnerability made known to the public this time could lead to arbitrary file read. Specifically, it allows low-privileged users or malicious programs to read, but not write into, arbitrary files on a targeted Windows host. Before an official patch is released by Microsoft, all Windows users will be affected by this vulnerability. (more…)

Technical Report on Container Security (IV)-1

January 7, 2019

Container Security Protection—Linux Kernel Security Mechanism

As a lightweight virtualized implementation, the container technology took into account security factors at the time of design, which constitute an important basis for container security protection. This chapter describes security risks and threats facing containers and common protection ideas and methods. (more…)

IP Reputation Report-01042019

January 4, 2019

  1. Top 10 c¿ountries:

The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases at January 04, 2019. (more…)

Cybersecurity trends 2019: What should you look out for?

January 4, 2019

Silicon Republic – As the year begins, there are a few key areas that cybersecurity professionals should keep in mind. After the excesses of the holiday period, you are more than likely looking at the blank slate of a new year before you with a sense of optimism and hope for times ahead. Those in […]

Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

December 29, 2018

Technical Report on Container Security (III)-3

December 29, 2018

Security Risks and Challenges – Container Application Security Threat

Container Application Security Threat
  • Microservice Security
From traditional monolithic applications to modern microservice applications, security has always been a hot issue. A monolithic application usually exposes fewer services and ports,narrowing the attack surface. In addition, security professionals know common points from which attacks are often launched. Therefore, security is not that big of a problem for such applications as long as they are properly protected. (more…)

Adobe Security Bulletin for December 2018 Security Updates

December 29, 2018

Overview

On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader. (more…)

Cyber security predictions roundup for 2019

December 21, 2018

IT WORLD CANADA – Criminals using artificial intelligence. More nation-state backed attacks. The Internet held hostage. Dangerous chatbots. President Trump’s cellphone will be hacked. And, of course, more malware. These are some of the predictions security vendors see coming in the next 12 months. It’s not a pretty picture, but then again cyber security never […]

New Satan Variants Target Financial Sector With Monero Miners and Ransomware

December 21, 2018

SecurityIntelligence – Researchers spotted two Satan variants targeting organizations in the financial sector with Monero miners and ransomware. The first variant of the malware, which security solutions provider NSFOCUS spotted in early November, targets Linux and Windows systems and spreads by exploiting various application vulnerabilities. After establishing a foothold into a system, the virus simply […]

IP Reputation Report-12212018

December 21, 2018

Top 10 countries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases at December 21, 2018. But the United States has the largest allocated IP addresses in the world and China is in the second place. So, report IP Reputation as a percentage of total […]

Search

Subscribe to the NSFOCUS Blog