2018 AUSCERT Cyber Security Conference
March 12, 2018 | Adeline Zhang
2018 AUSCERT Cyber Security Conference May 29- June 1, 2018 Gold Coast
Cloud & Cyber Security Expo 2018
March 12, 2018 | Adeline Zhang
Cloud & Cyber Security Expo 2018 May 16-17, 2018 HKCEC, Hong Kong
RSA Conference 2018
March 12, 2018 | Adeline Zhang
RSA Conference 2018 April 16-20, 2018 San Francisco, CA
AWS ASEAN Summit Event
March 12, 2018 | Adeline Zhang
AWS ASEAN Summit Event April 4, 2018 Singapore
Apricot 2018 APNIC45
March 12, 2018 | Adeline Zhang
Apricot 2018 APNIC45 February 25-28, 2018 Kathmandu, Nepal
NSFOCUS Found Multiple Vulnerabilities in Schneider Pelco Sarix professional Cameras
March 6, 2018 | Adeline Zhang
Multiple vulnerabilities were found by NSFOCUS researchers in Schneider Pelco Sarix professional Cameras. These vulnerabilities included: CVE# Vulnerability Severity CVE-2018-7227 Information Disclosure Medium CVE-2018-7228 Admin Privilege Authentication Bypass High CVE-2018-7229 Admin Privilege Authentication Bypass High CVE-2018-7230 XML External Entity Vulnerability High CVE-2018-7231 Command Execution – ‘system.opkg.remove’ Critical CVE-2018-7232 Command Execution – ‘network.ieee8021x.delete_certs’ Critical CVE-2018-7233 Command […]
Deep Analysis of Memcached Large DRDoS Attacks – China Telecom DamDDoS & NSFOCUS Jointly Released
March 5, 2018 | Adeline Zhang
Recently, many domestic and foreign security companies and agencies issued warnings about the Memcached Distributed Reflection Denial of Service attack, which aroused the concern of all parties. According to our monitoring, the peak traffic for this attack has now reached 1.35T. On Feb. 27, Memcached’s reflection DDoS attacks ranged from hundreds of megabytes to a maximum of […]
Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)
January 25, 2018 | Adeline Zhang
At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, 2.7.9.1 and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind’s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method is called via the ObjectMapper […]
Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)
January 5, 2018 | Adeline Zhang
A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). This behavior, when combined with […]
