Blog

Apache Solr Remote Code Execution Vulnerability (CVE-2019-0193) Threat Alert

August 13, 2019 | Mina Hao

1 Vulnerability Overview Recently, Apache Software Foundation (ASF) issued a security bulletin to announce the fix of the remote arbitrary code execution vulnerability (CVE-2019-0193) in Apache Solr. This vulnerability exists in the DataImportHandler module, a common module used to import data from databases or other sources. The whole DIH configuration of this module can come […]

ProFTPd Arbitrary File Copy Vulnerability (CVE-2019-12815) Threat Alert

August 12, 2019 | Mina Hao

Overview Recently, an official security bulletin was released to announce the remediation of an arbitrary file copy vulnerability (CVE-2019-12815) in ProFTPd. This vulnerability lies in the custom SITE CPFR and SITE CPTO operations in the mod_copy module. By issuing the two commands to ProFTPd, an attacker can copy any file on the FTP server without […]

Botnet Trend Report-8

August 9, 2019 | Mina Hao

3.5 Delivery and Propagation  3.5.1 Behavior Seen  Studying 25 million intrusion logs extracted from NSFOCUS managed services customers in 2018, we found that approximately 14 million logs recorded intrusions using weak password cracking mainly against Telnet, RDP, and SSH services. From other logs, a large portion of intrusions seen were vulnerability-based intrusions, with 54 vulnerabilities […]

IP Reputation Report-08052019

August 8, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at August 04, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Curacao is in the second place. The country China (CN) is […]

Jackson-databind Remote Code Execution Vulnerability Technical Analysis

August 7, 2019 | Mina Hao

Vulnerability Overview On June 21, Red Hat officially released a security bulletin to announce the fix for a vulnerability in jackson-dababind. This vulnerability with a CVSS score of 8.1 affects multiple Red Hat products and a sophisticated exploit using this vulnerability is observed in the wild. On July 22, a security researcher named Andrea Brancaleoni […]

Jackson-databind Remote Code Execution Vulnerability (CVE-2019-12384) Threat Alert

August 6, 2019 | Mina Hao

Overview Recently, a security researcher discovered a vulnerability (CVE-2019-12384) in jackson-databind, noting that when certain conditions are met, an attacker, via a malicious request, could bypass the blacklist restriction and remotely execute code in an affected server during deserialization.

Drupal Access Bypass Vulnerability (CVE-2019-6342) Technical Analysis

August 5, 2019 | Mina Hao

1 Vulnerability Description Recently, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical.

Botnet Trend Report-7

August 2, 2019 | Mina Hao

3.4 DDoS Attacks 3.4.1 Behavior Seen Effective attack instructions are botnet attack instructions that control a task other that starting and stopping.  Effective attack instructions captured in 2018 included DDoS, Local Area Network (LAN) scanning, and vulnerability exploits among other types of attacks. There were 440,000 DDoS attack instructions issued from botnet families, constituting most […]

IP Reputation Report-07292019

August 1, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at July 28, 2019.   Top 10 countries in attack percentage: The Palestine is in first place. The Curacao changes from fourth to second. The country China (CN) is […]

Drupal Access Bypass Vulnerability (CVE-2019-6342) Threat Alert

July 31, 2019 | Mina Hao

Overview On July 17, 2019, local time, Drupal released a security advisory on the remediation of an access bypass vulnerability (CVE-2019-6342). In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. In terms of the security risk, Drupal rates the vulnerability as Critical.