Heuristic Recon via the Dual-Stack UPnP Service In addition to the recon of IPv6 addresses based on their characteristics, we can also use UPnP to detect IoT assets by referring to the method described in a blog post 28 from Cisco Talos Labs. Principle UPnP is a set of protocols...
Blog
Windows Network File System Vulnerabilities (CVE-2020-17051, CVE-2020-17056) Threat Alert
Overview On November 10, 2020 local time, Microsoft fixed two vulnerabilities in the Windows Network File System (NFS) in its monthly security updates, which are CVE-2020-17051 and CVE-2020-17056. CVE-2020-17051 is a remote code execution vulnerability on the nfssvr.sys driver. It is said that the vulnerability can be reproduced to cause...
Annual IoT Security Report 2019-7
Heuristic Recon of IPv6 Addresses Based on Their Characteristics Previously, we mentioned that IPv6 addresses, when assigned, can, for example, include random values in particular bytes or embed MAC addresses. With these facts in mind, we exercised some restrictions to narrow down the address space to be scanned. Specifically, we...
Microsoft’s November 2020 Patches Fix 112 Security Vulnerabilities Threat Alert
Overview Microsoft released November 2020 security updates on Tuesday which fix 112 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 17 critical vulnerabilities, 93 important vulnerabilities, and two low vulnerabilities. All users are advised to install updates without delay. These vulnerabilities affect Azure DevOps, Azure Sphere, Common...
Adobe Releases November’s Security Updates Threat Alert
Overview On November 11, 2020 (local time), Adobe released security updates which address multiple vulnerabilities in Adobe Connect and Adobe Reader Mobile. (more…)
SaltStack Multiple Vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592) Threat Alert
Overview Recently, SaltStack released a security update to address multiple vulnerabilities (CVE-2020-16846, CVE-2020-17490, CVE-2020-25592). These vulnerabilities can cause authentication bypass and command execution. SaltStack recommends users upgrade as soon as possible. Salt is an open-source IP architecture management solution written in Python. It has been widely used in data centers...
