Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 22, 2020. (more…)
Blog
DDoS Attack Landscape 1
Executive Summary In 2019, the average peak size of DDoS attacks rose steadily from 2018 to 42.9 Gbps, indicating that techniques employed by large and medium scale attacks are advancing year by year. After a sharp rise in 2018, super-sized DDoS attacks (> 300 Gbps) were relatively stabilizing in 2019,...
V8 Type Confusion Vulnerability (CVE-2020-6418) Threat Alert
Vulnerability Description On February 25, security updates were released for Google Chrome and Microsoft Edge. The open-source JavaScript and WebAssembly engines in V8 in Google Chrome before 80.0.3987.122 and Microsoft Edge browser before 80.0.361.62 are prone to a type confusion vulnerability (CVE-2020-6418), which allows attackers to access data in an...
jackson-databind/Fastjson Remote Code Execution Vulnerability Threat Alert
Overview Recently, two remote code execution vulnerabilities (CVE-2020-9547 and CVE-2020-9548) were fixed in jackson-databind. By using two components (ibatis-sqlmap and anteros-core) to bypass the blacklist restriction, attackers could exploit these vulnerabilities to cause remote code execution on the victim's machine. (more…)
IP Reputation Report-03152020
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 15, 2020. (more…)
Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555) Threat Alert
Vulnerability Description On January 15, 2020, Oracle released Critical Patch Update (CPU) for January 2020 that fixes 334 vulnerabilities of different risk levels, including a remote code execution vulnerability (CVE-2020-2555) with the CVSS score of 9.8 in the deserialization by Oracle Coherence deserialization. This vulnerability allows an unauthenticated attacker to...
