Microsoft’s January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert

January 15, 2019 | Adeline Zhang

Overview Microsoft released the January 2019 security patch on Tuesday that fixes 51 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Android App, ASP.NET, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft […]

NSFOCUS Forms Strategic Partnerships in LATAM and Around the World

January 14, 2019 | WPAdmin

  By: Andre Tristao e Mello, Vice President, Latin America & Caribbean, NSFOCUS At NSFOCUS, we are always looking for ways to better serve and work with our customers — from innovative product updates to partnerships; we’re dedicated to helping and protecting our customers. Across the LATAM region, we focused many of our efforts into […]

IP Reputation Report-01112019

January 11, 2019 | Adeline Zhang

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at January 11, 2019. Top 10 countries in attack percentage: From the diagram above, we can see the region Palestinian Territory has the biggest percentage of malicious IPs. The […]

Microsoft Exchange Server Arbitrary User Impersonation Vulnerability Handling Guide

January 10, 2019 | Adeline Zhang

1 Vulnerability Overview Recently, a security researcher released details of an arbitrary user impersonation vulnerability (CVE-2018-8581) in Microsoft Exchange Server (also known as Exchange Web Server, EWS for short), revealing that an authenticated attacker could exploit this vulnerability to impersonate arbitrary accounts or even gain privileges of the target user. Currently, the vulnerability’s proof of […]

Technical Report on Container Security (IV)-2

January 8, 2019 | Adeline Zhang

Container Security Protection – Container Service Security Container Service Security The security of the container management and orchestration service has a direct bearing on that of the container control plane. Take Docker for example. Whether the Docker daemon is properly configured determines the security of Docker to some extent. It is recommended that the following […]

Email Security – Attachment Virus

January 7, 2019 | Adeline Zhang

Case AnalysisCase Analysis Ransomware emails usually have an intriguing subject and body to entice receivers to open the attachment. As shown above, the attachment is compressed. The virus file is an executable with the extension of js. To disguise it as a seemingly secure text file, the attacker adds .txt in the file name. Files […]

Windows Arbitrary File Read 0-Day Vulnerability Handling Guide

January 7, 2019 | Adeline Zhang

1 Vulnerability Overview Recently, a security researcher with Twitter alias SandboxEscaper, once again, published proof-of-concept (PoC) code for a new 0-day vulnerability affecting Windows. This is the third Windows 0-day vulnerability published by this same researcher since August 2018. The vulnerability made known to the public this time could lead to arbitrary file read. Specifically, […]

Technical Report on Container Security (IV)-1

January 7, 2019 | Adeline Zhang

Container Security Protection—Linux Kernel Security Mechanism As a lightweight virtualized implementation, the container technology took into account security factors at the time of design, which constitute an important basis for container security protection. This chapter describes security risks and threats facing containers and common protection ideas and methods.

IP Reputation Report-01042019

January 4, 2019 | Adeline Zhang

Top 10 c¿ountries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases at January 04, 2019.

Cybersecurity trends 2019: What should you look out for?

January 4, 2019 | Adeline Zhang

Silicon Republic – As the year begins, there are a few key areas that cybersecurity professionals should keep in mind. After the excesses of the holiday period, you are more than likely looking at the blank slate of a new year before you with a sense of optimism and hope for times ahead. Those in […]

Search

Subscribe to the NSFOCUS Blog