1. Background Recently, the JSOF research lab discovered a series of vulnerabilities on the Treck TCP/IP stack, which were dubbed Ripple20. Successful exploit of these vulnerabilities may allow remote code execution or disclosure of sensitive information. Technical details will be fully released at BlackHat USA 2020. (more…)
Blog
Botnet Trend Report 2019-16
Conclusion Botnets have evolved to use weak passwords, exploits, and phishing emails as major propagation and intrusion means. Dormant attackers that are seeking opportunities to do wrong tend to exploit vulnerabilities during the time between vulnerability disclosure and remediation. Botnet hackers often exploit newly revealed vulnerabilities to infect new targets...
Adobe Releases October’s Security Updates Threat Alert
Overview On October 13, 2020 (local time), Adobe released security updates which address a vulnerability in Adobe Flash Player. For details about the security bulletins and advisories, visit the following link: https://helpx.adobe.com/security.html (more…)
Yii2 Deserialization Remote Command Execution Vulnerability (CVE-2020-15148) Protection Solution
Overview Recently, NSFOCUS detected that Yii Framework 2 disclosed a deserialization remote command execution vulnerability (CVE-2020-15148) in its update log published on September 14, 2020. By adding the _wakeup() function to Class yii\db\BatchQueryResult, Yii Framework 2 disables yii\db\BatchQueryResult deserialization and prevents remote command execution caused by application calling 'unserialize()' on...
Linux Kernel Privilege Escalation Vulnerability (CVE-2020-14386) Threat Alert
Vulnerability Description Recently, NSFOCUS detected a privilege escalation vulnerability in the Linux kernel (CVE-2020-14386). An integer overflow exists in the way net/packet/af_packet.c processes AF_PACKET, which leads to out-of-bounds write, thereby escalating privileges. An attacker could exploit this vulnerability to gain system root privileges from unprivileged processes. This vulnerability may affect...
Botnet Trend Report 2019-15
Five Major APT Groups In 2019, NSFOCUS Security Labs tracked and delved into five major APT groups: BITTER, OceanLotus, MuddyWater, APT34, and FIN7. The following sections illustrate the latest developments of these APT groups by explaining how they optimize attack chains, refine attack methods, and sharpen RAT tools. BITTER BITTER...
