Apache DolphinScheduler High-Risk Vulnerabilities (CVE-2020-11974, CVE-2020-13922) Threat Alert
September 23, 2020
1. Vulnerability Description
On September 11, 2020, NSFOCUS detected that the Apache Software Foundation released security advisories fixing Apache DolphinScheduler permission overwrite vulnerability (CVE-2020-13922) and Apache DolphinScheduler remote code execution vulnerability (CVE-2020-11974). CVE-2020-11974 is related to mysql connectorj remote code execution vulnerability. When choosing mysql as database, an attacker could execute code remotely on the DolphinScheduler server by inputting {“detectCustomCollations”:true, “autoDeserialize”:true} through jdbc connect parameters. CVE-2020-13922 allows an ordinary user to overwrite other users’ passwords in the DolphinScheduler system through api interface /dolphinscheduler/users/update. Affected users are advised to upgrade without delay.
(more…)BT.CN Unauthenticated phpmyadmin Vulnerability Threat Alert
September 22, 2020
Overview
On August 23, 2020, Beijing time, BT.CN released an urgent security update announcing that BT-Panel for Linux 7.4.2 and BT-Panel for Windows 6.8 are vulnerable.
Unauthenticated phpmyadmin causes direct database login by accessing a specific address.
BT-Panel is server management software that improves the operation and maintenance efficiency. It supports more than 100 server management functions, such as cluster, monitoring, website, FTP, database, and Java.
(more…)Botnet Trend Report 2019-11
September 21, 2020
Overview
Overall, malware on mobile platforms, though evolving in the same way as those on PC, has a complex composition.
In 2019, ad apps still dominated the list of malware threatening the security of Android users. Potentially dangerous software involving sensitive operations also made up a large proportion. Agent programs launching attacks via remote code execution, thanks to the inherent nature of Android, were another type of mobile threats at the top of the list. In addition, it becomes quite common to use dropper or downloader to drop malicious payloads, but the scale is yet to be as large as those released by PCs. High-risk threats, such as spyware, banking Trojans, and ransomware, were small in number, but most of them had been around for some time and some even for years.
(more…)QEMU VM Escape Vulnerability (CVE-2020-14364) Threat Alert
September 18, 2020
Vulnerability Description
On August 24, QEMU released a security patch to fix a VM escape vulnerability (CVE-2020-14364) which is the result of an out-of-bounds read/write access issue in the USB emulator in QEMU. This vulnerability resides in ./hw/usb/core.c. When the program handles USB packets from a guest, this vulnerability is deemed to exist if USBDevice ‘setup_len’ exceeds its ‘data_buf[4096]’ in the do_token_in and do_token_out routines. An attacker could exploit this vulnerability to cause out-of-bounds read of the 0xffffffff contents following the heap, forcibly terminating the virtual process and realizing VM escape.
(more…)SANGFOR Endpoint Detection Response Remote Command Execution Vulnerability Handling Guide
September 16, 2020
Vulnerability Description On August 18, 2020, the China National Vulnerability Database (CNVD) listed SANGFOR Endpoint Detection Response (EDR) remote command execution vulnerability (CNVD-2020-46552) as a new entry. An unauthenticated attacker could exploit this vulnerability to send a maliciously crafted HTTP request to a target server, thereby obtaining the privileges of the target server and causing […]
Function Identification in Reverse Engineering of IoT Devices
September 15, 2020
This document dwells upon function identification and symbol porting in reverse engineering of Internet of things (IoT) devices without using BinDiff and PatchDiff2, which are “too good” for the purposes here and are inapplicable in certain scenarios. Typical function identification technologies include the Fast Library Identification and Recognition Technology (FLIRT) in IDA and the rizzo method developed by Craig Heffner, whose rationale and engineering practices are detailed here. The rest of this document explains the usage of some other IDA plug-ins.
(more…)Botnet Trend Report 2019-10
September 14, 2020
Adware
For many years, large grey software supply chains on the Internet have been showing their own prowess for self-promotion. A specific piece of software is often bundled with unnecessary software, even malware, during the download and installation.
(more…)Future cyber security protection: reflection from the ups and downs of Covid-19-2
September 13, 2020
Biological virus and computer virus share similarities in some characters such as transmissibility. From the solutions to the COVID-19, we can learn the gain and loss of cyber security defense and protection, analyze the new trends and techniques and come up with the new ideas of defense and protection against attacks in the cyber security industry.
(more…)Future cyber security protection: reflection from the ups and downs of Covid-19-1
September 12, 2020
2020 is almost halfway through, it is indeed a troubled period. Covid-19 swept all over the world in just a few months. The epidemic continues to spread and repeat, and has also changed many people’s inherent perceptions, including health care, public safety, organizational mobilization, economics and politics.
The concept of computer virus is derived from biological virus. There are certain similarities between the two, such as mutation, transmission, infection mechanism, etc. Once a malicious software breaks out, the consequences caused are equally serious. A typical example is the ransomware WannaCry that took advantage of the NSA’s Eternal Blue in 2017. It infected 200,000 computers in 150 countries in just a few days, even paralyzed the production lines of manufacturers such as TSMC, broke through physical isolation and destroyed important assets of the intranet. It greatly impacted people’s inherent concept of cyber attacks and cyber warfare.
(more…)2020 H1 Cybersecurity Trends
September 11, 2020
01 Overview of the Vulnerability Trend
In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, etc.
Note: The NSFOCUS Vulnerability Database (NSVD) contains application vulnerabilities, security product vulnerabilities, operating system vulnerabilities, database vulnerabilities, and network device vulnerabilities.
(more…)