Blog

WebLogic Console HTTP Remote Code Execution Vulnerability (CVE-2020-14882) Protection Solution

November 16, 2020 | Mina Hao

Overview The Critical Patch Update (CPU) for October 2020 released by Oracle contains a high-risk WebLogic Consoleremote code execution vulnerability (CVE-2020-14882). The vulnerability can be triggered without authentication and has an extensive impact. Unauthenticated attackers might construct special HTTP GET requests to exploit this vulnerability to execute arbitrary code on the affected WebLogic Server.

VMware ESXi Remote Code Execution Vulnerability (CVE-2020-3992) Threat Alert

November 13, 2020 | Mina Hao

Vulnerability Description On October 21, 2020, NSFOCUS detected that VMware released a security advisory that fixes a VMware ESXi remote code execution vulnerability (CVE-2020-3992). This vulnerability exists because OpenSLP as used in VMware ESXi has a use-after-free issue. An attacker residing in the management network who has access to port 427 on an ESXi machine […]

IP Reputation Report-11082020

November 12, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at November 8, 2020.

Annual IoT Security Report 2019-3

November 11, 2020 | Mina Hao

LockerGoga Ransomware Alleged to Repeatedly Attack Plants On January 24, 2019, France-based Altran Technologies was allegedly hit by LockerGoga ransomware. On March 19, Norsk Hydro, one of the largest aluminum companies worldwide, was hit by an extensive cyberattack, having machines around the globe infected with malware and some unable to operate. As a result, some […]

Attack and Defense Around PowerShell Event Logging

November 10, 2020 | Mina Hao

0x00 Overview PowerShell has been a focus of concern for network defense. The fileless PowerShell, featuring LotL and excellent ease of use, is widely used in various attack scenarios. In order to capture PowerShell-based attacks, an increasing number of security professionals tend to, through PowerShell event log analysis, extract attack records such as post-exploitation data […]

Annual IoT Security Report 2019-2

November 9, 2020 | Mina Hao

Extensive Power Outages in Venezuela and New York Starting from the evening of March 7, 2019, a cyberattack hit Venezuela, leaving most parts of the country, including the capital Caracas, without power for more than 24 hours1. Because of the outage, the subway service in Caracas came to a halt, resulting in massive traffic jams. […]

oracle

WebLogic High-Risk Vulnerabilities (CVE-2020-14841, CVE-2020-14825, CVE-2020-14859) Threat Alert

November 6, 2020 | Mina Hao

Overview On October 21, 2020, Beijing time, Oracle released Critical Patch Update (CPU) for October 2020 that fixes 402 vulnerabilities of different risk levels. The WebLogic Server Core component is prone to three severe vulnerabilities with a CVSS base score of 9.8, which are assigned CVE-2020-14841, CVE-2020-14825, and CVE-2020-14859 respectively.

IP Reputation Report-11012020

November 5, 2020 | Mina Hao

1. Top 10 countries in attack counts:

Annual IoT Security Report 2019-1

November 4, 2020 | Mina Hao

Executive Summary With the constant evolution of the Internet of Things (IoT), the security of IoT is becoming an issue that more and more people are concerned about. In 2016, we issued the IoT Security Whitepaper to popularize IoT security for a general audience. In 2018, we released the 2017 Annual IoT Cybersecurity Report to […]

Apache Solr ConfigSet API Upload Function Vulnerability (CVE-2020-13957) Threat Alert

November 3, 2020 | Mina Hao

Overview Recently, Apache Solr fixed a vulnerability (CVE-2020-13957) in the Configsets API upload function. Attackers could perform unauthorized operations by using a combination of UPLOAD/CREATE actions, which might eventually lead to command execution. Apache Solr is an enterprise search server that is based on Lucene.