VMware vRealize Operations for Horizon Adapter Remote Code Execution Vulnerability (CVE-2020-3943) Threat Alert
March 13, 2020
Overview
Recently, VMware released a security advisory, announcing remediation of a remote code execution vulnerability (CVE-2020-3943) in vRealize Operations for Horizon Adapter. VMware has evaluated the severity of this vulnerability to be in the critical severity range with a maximum CVSSv3 base score of 9.0. (more…)
IP Reputation Report-03082020
March 12, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 8, 2020.
Fastjson 1.2.62 and Earlier Remote Code Execution Vulnerability Threat Alert
March 11, 2020
Vulnerability Description
On February 19, National Vulnerability Database (NVD) released a JNDI injection vulnerability (CVE-2020-8840) in jackson-databind. However, gadget deserialization in jackson-databind also affects Fastjson. According to researchers from NSFOCUS, when the AutoType fucntion is enabled (disabled by default), this vulnerability affects Fastjson 1.2.62, allowing attackers to result in remote arbitrary code execution on the target machine. (more…)
ICS Information Security Assurance Framework 20
March 10, 2020
Petroleum and Petrochemical Industry
-
Overview
System introduction
Oil field exploitation is field work featuring strong fluidity, large quantities of scattered points, and a long distance. In the process of oil field exploitation, out of management requirements, the oil and gas management center connects to the gathering and transportation control center, gas processing plant control center, gas transmission initial station, and field control layer through an industrial network. Therefore, the system needs a large number of wired and wireless networks for data transmission and remote system management. (more…)
Jackson-databind Remote Code Execution Vulnerability (CVE-2020-8840) Threat Alert
March 9, 2020
Vulnerability Description
On February 19, National Vulnerability Database (NVD) disclosed a remote code execution vulnerability (CVE-2020-8840) that resulted from JNDI injection in jackson-databind and assigned a CVSS score of 9.8. Affected versions of jackson-databind lack certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. An attacker could exploit this vulnerability to cause remote code execution via JNDI injection. Currently, the vendor has released new versions to fix this vulnerability. Affected users are advised to update their installation to the latest versions as soon as possible. (more…)
ICS Information Security Assurance Framework 19
March 6, 2020
Government Affairs
-
SCADA System Architecture Used in Water Affairs
The SCADA system used in water affairs mainly consists of the operator workstation, engineering workstation, SCADA system of the water intake pump room, SCADA system of the drug dosing room, SCADA system of the backwashing system, SCADA system of the water supply pump room, and SCADA system of the dewatering pump room. Figure 4.13 shows the architecture. (more…)
IP Reputation Report-03012020
March 5, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 1, 2020.
ICS Information Security Assurance Framework 18
March 4, 2020
Manufacturing Sector
-
Network Architecture of a Cigarette Factory
The network architecture of a cigarette factory consists of the production network and management network, as shown in Figure. (more…)
Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2020-0618) Threat Alert
March 3, 2020
Vulnerability Description
On February 12, Microsoft released a security update to announce the fix of the remote code execution vulnerability (CVE-2020-0618) in Microsoft SQL Server Reporting Services. SQL Server, developed by Microsoft, is a relational database management system (RDBMS) that is widely used in the world. (more…)
Apache Tomcat File Inclusion Vulnerability (CVE-2020-1938) Threat Alert
March 2, 2020
Vulnerability Description
On February 20, China National Vulnerability Database (CNVD) released an Apache Tomcat file inclusion vulnerability (CNVD-2020-10487/CVE-2020-1938). This vulnerability is due to a flaw in the Tomcat Apache JServ Protocol (AJP). An attacker could exploit this vulnerability to read arbitrary files from a web application directory on the server. If the target server also provides the file upload function, the attacker can further implement remote code execution. Currently, the vendor has released new versions to fix this vulnerability. Tomcat is an important project of the Apache Software Foundation (ASF). Owing to its stable performance and availability for free use, it is quite a popular web application server. Considering the widespread deployment of Tomcat, the vulnerability in question affects a large number of users. Tomcat users should take preventive measures to fix this vulnerability as soon as possible.
