Overview Recently, a security researcher discovered an issue with the fixes for multiple versions of fastjson. Despite these fixes, an attacker could remotely execute code on a server running fastjson via a carefully crafted request. This issue affects fastjson 1.2.47 and earlier and does not require enabling the autotype option....
Blog
A Look into the Gafgyt Botnet Trends from the Communication Traffic Log
About the Gafgyt Botnet Gafgyt is a long-lived IoT botnet family with a lot of variants. Over the years, it has grown into a gigantic family with the same notoriety as Mirai. Its variants are mature enough to provide capabilities of scanning vulnerabilities conducting DDoS, executing instructions, and downloading and...
Redis Active/Standby Synchronization Code Execution Vulnerability Threat Alert
1 Vulnerability Description Written in ANSIC, Redis is an open-source, memory- or network-bound key-value database which can store logs in a persistent manner. It provides multilingual APIs. (more…)
IP Reputation Report-07152019
Top 10 countries in attack counts: (more…)
Botnet Trend Report-5
3.3 Geographical Distribution 3.3.1 Behavior Seen According to geographical analysis of IP addresses, 2018 saw most new C&C servers in the USA (30.64%), closely followed by China (29.79%). Other top C&C hosting countries include Canada, Russia, Germany, France, and Italy. (more…)
Microsoft’s Security Patches for July 2019 Fix 79 Security Vulnerabilities
Overview Microsoft released July 2019 security updates on Tuesday which fix 79 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, ASP.NET, Azure, Azure DevOps, Internet Explorer, Microsoft Browsers, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint,...
