Overview Recently, Cisco Talos published several technical analysis reports, claiming that Aspose.cells and Aspose.words in Aspose products contain remote code execution vulnerabilities, which can be exploited via a maliciously crafted file to result in remote code execution.
Recently, an article titled “Tips for Security Risks of Anti-theft and Tracking Software from Absolute” has been widely circulated on the internet, sparking public debate on the software LoJack for Laptops developed by Absolute. This software in question is also known as Computrace, with features including the abilities to remotely lock, delete files from, and […]
With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.
Overview On August 28, 2019, local time, Cisco released a security advisory, announcing remediation of an authentication bypass vulnerability (CVE-2019-12643) in the Cisco REST API virtual service container for Cisco IOS XE Software.
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at September 08, 2019. Top 10 countries in attack percentage: The Laos is in first place. The Palestine is in the second place. The country China (CN) is […]
4.4 Satan: Evolving Ransomware In late April 2018, MalwareHunterTeam reported seeing new ransomware that leveraged EternalBlue to propagate. Through analysis, we found that the ransomware was based on a new version (dubbed V2) of Satan, a ransomware family launched in 2017. The ransom demanded in this version increased from 0.1 to 0.3 Bitcoin. At the […]
Vulnerability Overview On August 14, 2019, Beijing time, Microsoft released remote desktop (RDP) service fixes and patches for a series of vulnerabilities, including two critical remote code execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182). Similar to the BlueKeep vulnerability (CVE-2019-0708) previously fixed, vulnerabilities disclosed this time have characteristics of worms. In other words, attackers could exploit […]
Overview Recently, a security researcher disclosed a heap-based buffer overflow vulnerability (CVE-2019-14378) in the SLiRP networking backend in the QEMU emulator. An attacker could exploit this vulnerability to crash the QEMU process on a host machine, resulting in a denial of service, or possibly execute arbitrary code with privileges of the QEMU process.
Vulnerability Overview Ghostscript is a suite of software based on an interpreter for Adobe System’s PostScript and Portable Document Format (PDF) page description languages. It is widely used as a raster image processor (RIP) for raster computer printers. Currently, it has been ported from Linux to other operating systems, including UNIX, Mac OS X, VMS, […]
