Blog

Drupal Access Bypass Vulnerability (CVE-2019-6342) Technical Analysis

August 5, 2019 | Mina Hao

1 Vulnerability Description Recently, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical.

Botnet Trend Report-7

August 2, 2019 | Mina Hao

3.4 DDoS Attacks 3.4.1 Behavior Seen Effective attack instructions are botnet attack instructions that control a task other that starting and stopping.  Effective attack instructions captured in 2018 included DDoS, Local Area Network (LAN) scanning, and vulnerability exploits among other types of attacks. There were 440,000 DDoS attack instructions issued from botnet families, constituting most […]

IP Reputation Report-07292019

August 1, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 28, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Curacao changes from fourth to second. The country China (CN) is […]

Drupal Access Bypass Vulnerability (CVE-2019-6342) Threat Alert

July 31, 2019 | Mina Hao

Overview On July 17, 2019, local time, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical.

DDoS Attack Misinterpretations

July 30, 2019 | Mina Hao

River blockage used to be a great survival crisis in ancient times. Similarly in cyberspace, distributed denial-of-service (DDoS) attacks have become a devastating disaster. As we all know, DDoS attacks are  destructive attacks and after over 10 years of evolution, such attacks have become an effective attack tool favored by multiple organizations and individuals who […]

Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert

July 29, 2019 | Mina Hao

1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met: An SMTP server has been configured in Jira and the Contact Administrators Form is enabled. An SMTP server […]

Oracle July 2019 Critical Patch Update for All Product Families Threat Alert

July 26, 2019 | Mina Hao

Overview On July 16, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 319 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link: For more details, see Oracle’s official […]

IP Reputation Report-07222019

July 25, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 21, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Suriname is in the second place. The country China (CN) is […]

Botnet Trend Report-6

July 24, 2019 | Mina Hao

3.3.2 Analysis Most Botnets Deployed on VPSs for Economic Reasons Low-cost virtual private servers, which have little security oversight, have become the main target for hosting command & control servers. When setting up C&C servers, botnet groups will attempt to take over any available system. Having evolved past traditional on-premises servers, botnet groups now target […]

Fastjson Remote Code Execution Vulnerability Threat Alert

July 23, 2019 | Mina Hao

Overview Recently, a security researcher discovered an issue with the fixes for multiple versions of fastjson. Despite these fixes, an attacker could remotely execute code on a server running fastjson via a carefully crafted request. This issue affects fastjson 1.2.47 and earlier and does not require enabling the autotype option.