Oracle October 2020 Critical Patch Update for All Product Families Threat Alert
October 31, 2020
Overview
On October 20, 2020, local time, Oracle released Critical Patch Update (CPU) for October 2020, its own security advisories, and third-party security bulletins, which fix 402 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix.
For complete information, see Oracle’s official security advisory from the following link:
Analysis of the 2020 H1 Vulnerability Trend
October 30, 2020
Overview
In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, and other vendors.
(more…)Microsoft’s October 2020 Patches Fix 87 Security Vulnerabilities Threat Alert
October 28, 2020
Overview
Microsoft released October 2020 security updates on Tuesday which fix 87 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure, Group Policy, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, Microsoft Windows Codecs Library, PowerShellGet, Visual Studio, Windows COM, Windows Error Reporting, Windows Hyper-V, Windows Installer, Windows Kernel, Windows Media Player, Windows RDP, and Windows Secure Kernel Mode.
(more…)Analysis of Ripple20 Vulnerabilities
October 27, 2020
1. Background
Recently, the JSOF research lab discovered a series of vulnerabilities on the Treck TCP/IP stack, which were dubbed Ripple20. Successful exploit of these vulnerabilities may allow remote code execution or disclosure of sensitive information. Technical details will be fully released at BlackHat USA 2020.
(more…)Botnet Trend Report 2019-16
October 26, 2020
Conclusion
Botnets have evolved to use weak passwords, exploits, and phishing emails as major propagation and intrusion means. Dormant attackers that are seeking opportunities to do wrong tend to exploit vulnerabilities during the time between vulnerability disclosure and remediation. Botnet hackers often exploit newly revealed vulnerabilities to infect new targets to enlarge their attack surface quickly. We can see that hackers attach much significance to vulnerability exploitation.
(more…)Adobe Releases October’s Security Updates Threat Alert
October 23, 2020
Overview
On October 13, 2020 (local time), Adobe released security updates which address a vulnerability in Adobe Flash Player.
For details about the security bulletins and advisories, visit the following link:
Yii2 Deserialization Remote Command Execution Vulnerability (CVE-2020-15148) Protection Solution
October 21, 2020
Overview
Recently, NSFOCUS detected that Yii Framework 2 disclosed a deserialization remote command execution vulnerability (CVE-2020-15148) in its update log published on September 14, 2020.
By adding the _wakeup() function to Class yii\db\BatchQueryResult, Yii Framework 2 disables yii\db\BatchQueryResult deserialization and prevents remote command execution caused by application calling ‘unserialize()’ on arbitrary user input.
Yii2 is a high-performance, open-source, component-based PHP framework for rapidly developing modern Web applications.
At present, Yii Framework 2 has released a new version to fix the vulnerability. NSFOCUS detection and protection products are capable of scanning and detecting the vulnerability. Affected users are advised to take preventive measures as soon as possible.
(more…)Linux Kernel Privilege Escalation Vulnerability (CVE-2020-14386) Threat Alert
October 20, 2020
Vulnerability Description
Recently, NSFOCUS detected a privilege escalation vulnerability in the Linux kernel (CVE-2020-14386). An integer overflow exists in the way net/packet/af_packet.c processes AF_PACKET, which leads to out-of-bounds write, thereby escalating privileges. An attacker could exploit this vulnerability to gain system root privileges from unprivileged processes. This vulnerability may affect virtualized products using the Linux kernel, such as OpenShift, Kubernetes, and docker, thus leading to VM escape. Affected users should take preventive measures.
(more…)Botnet Trend Report 2019-15
October 19, 2020
Five Major APT Groups In 2019, NSFOCUS Security Labs tracked and delved into five major APT groups: BITTER, OceanLotus, MuddyWater, APT34, and FIN7. The following sections illustrate the latest developments of these APT groups by explaining how they optimize attack chains, refine attack methods, and sharpen RAT tools. BITTER BITTER is an attack group with […]
Analysis of 2020 H1 Botnet and Honeypot-captured Threat Trends-2
October 17, 2020
Honeypot-captured Threats in 2020 H1
In terms of honeypot-captured threats, in 2020 H1, Internet attack activities mainly consisted of malicious scanning, over 50% of which were attacks on or scanning of port 443. As for exploits, most attacks were directed at Power cameras, Dlink routers, and JBoss servers. Weak password attacks were mainly launched from the Netherlands, Russia, Seychelles, Moldova, and the USA. DDoS reflection attacks were dominated by DNS, CLDAP, and NTP service attacks, and NTP reflections accounted for nearly 40%. 2020 H1 witnessed the capture of more than 24 million DDoS reflection attacks, of which the longest duration was about 86 hours.
(more…)