Blog

Adobe Out-of-Band Patch Tackling Critical Vulnerabilities in Multiple Products Threat Alert

May 11, 2020 | Mina Hao

Overview On April 28, local time, Adobe released an out-of-band patch tackling multiple vulnerabilities in Magento, Adobe Illustrator, and Adobe Bridge. For details about the security bulletins and advisories, visit the following link:

Information Security in the Workplace- Print of Documents at a Print Shop-v

May 8, 2020 | Mina Hao

With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.

IP Reputation Report-05032020

May 7, 2020 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at May 3, 2020. Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China (CN) is […]

DDoS Attack Landscape 6

May 6, 2020 | Mina Hao

Activity of Attack Sources Ongoing monitoring of attack sources reveals that 90% of them were active for no longer than 10 days. There were two reasons behind this. For one thing, in order to keep attack sources freshand prevent them from being blacklisted by defenders, attackers tended to use the hit-and-run strategy. For the other, […]

A Look Into WS-Discovery Reflection Attacks for 2020 Q1

May 5, 2020 | Mina Hao

Executive Summary Web Services Dynamic Discovery (WSD) is a multicast discovery protocol to locate services on a local area network (LAN). However, due to device vendors’ design flaw in the implementation, when a normal IP address sends a service discovery packet, devices will also respond to the request. If exposed on the Internet, these devices […]

WebLogic Remote Code Execution Vulnerabilities (CVE-2020-2801, CVE-2020-2883, and CVE-2020-2884) Threat Alert

May 4, 2020 | Mina Hao

Overview On April 15, 2020, Beijing time, Oracle released Critical Patch Update (CPU) for April 2020 that fixes 397 vulnerabilities of different risk levels. These vulnerabilities include three critical ones (CVE-2020-2801, CVE-2020-2883, and CVE-2020-2884) that target Oracle WebLogic Server with a CVSS score of 9.8. These vulnerabilities allow unauthenticated attackers with network access via T3 […]

Git Credential Disclosure Vulnerability (CVE-2020-5260) Threat Alert

May 1, 2020 | Mina Hao

Vulnerability Description On April 15, Git issued a security bulletin announcing a vulnerability that could reveal Git user credentials (CVE-2020-5260). Git uses a credential helper to store and retrieve credentials. But when a URL contains an encoded newline (%0a), it may inject unexpected values into the protocol stream of the credential helper.  This vulnerability is […]

IP Reputation Report-04262020

April 30, 2020 | Mina Hao

1.Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 26, 2020. 2.Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China (CN) is […]

Adobe Security Bulletins for April 2020 Security Updates

April 30, 2020 | Mina Hao

Overview On April 14, 2020, local time, Adobe officially released April’s security updates to fix multiple vulnerabilities in its various products, including Adobe ColdFusion, Adobe After Effects, and Adobe Digital Editions.

Microsoft’s April Patches Fix 113 Security Vulnerabilities Threat Alert

April 29, 2020 | Mina Hao

Overview Microsoft released April 2020 security updates on Tuesday that fix 113 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Android App, Apps, Microsoft Dynamics, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Remote […]