Blog

Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898) Threat Alert

November 2, 2020 | Mina Hao

Overview On October 13, 2020 (local time), Microsoft fixed a critical vulnerability dubbed Bad Neighbor (CVE-2020-16898) in the Windows TCP/IP stack in its latest monthly patch update. An attacker might execute arbitrary code on a remote system by sending maliciously crafted ICMPv6 Router Advertisement packets. McAfee said the proof-of-concept code shared with MAPP (Microsoft Active […]

Oracle October 2020 Critical Patch Update for All Product Families Threat Alert

October 31, 2020 | Mina Hao

Overview On October 20, 2020, local time, Oracle released Critical Patch Update (CPU) for October 2020, its own security advisories, and third-party security bulletins, which fix 402 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix. For complete information, see Oracle’s official security advisory from the following link:

Analysis of the 2020 H1 Vulnerability Trend

October 30, 2020 | Mina Hao

Overview In 2020 H1, a total of 1419 vulnerabilities were added to the NSFOCUS Vulnerability Database (NSVD), 714 of which were high-risk vulnerabilities. Among these high-risk vulnerabilities, 184 vulnerabilities were Microsoft-related ones. High-risk vulnerabilities were mainly distributed in major products of Microsoft, Oracle, Adobe, Google, Cisco, IBM, Moxa, Apache, and other vendors.

IP Reputation Report-10252020

October 29, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at October 25, 2020.

Microsoft’s October 2020 Patches Fix 87 Security Vulnerabilities Threat Alert

October 28, 2020 | Mina Hao

Overview  Microsoft released October 2020 security updates on Tuesday which fix 87 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure, Group Policy, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, Microsoft Windows Codecs Library, PowerShellGet, Visual Studio, […]

Analysis of Ripple20 Vulnerabilities

October 27, 2020 | Mina Hao

1. Background Recently, the JSOF research lab discovered a series of vulnerabilities on the Treck TCP/IP stack, which were dubbed Ripple20. Successful exploit of these vulnerabilities may allow remote code execution or disclosure of sensitive information. Technical details will be fully released at BlackHat USA 2020.

Botnet Trend Report 2019-16

October 26, 2020 | Mina Hao

Conclusion Botnets have evolved to use weak passwords, exploits, and phishing emails as major propagation and intrusion means. Dormant attackers that are seeking opportunities to do wrong tend to exploit vulnerabilities during the time between vulnerability disclosure and remediation. Botnet hackers often exploit newly revealed vulnerabilities to infect new targets to enlarge their attack surface […]

Adobe Releases October’s Security Updates Threat Alert

October 23, 2020 | Mina Hao

Overview On October 13, 2020 (local time), Adobe released security updates which address a vulnerability in Adobe Flash Player. For details about the security bulletins and advisories, visit the following link:

IP Reputation Report-10182020

October 22, 2020 | Mina Hao

1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at October 18, 2020.

Yii2 Deserialization Remote Command Execution Vulnerability (CVE-2020-15148) Protection Solution

October 21, 2020 | Mina Hao

Overview Recently, NSFOCUS detected that Yii Framework 2 disclosed a deserialization remote command execution vulnerability (CVE-2020-15148) in its update log published on September 14, 2020. By adding the _wakeup() function to Class yii\db\BatchQueryResult, Yii Framework 2 disables yii\db\BatchQueryResult deserialization and prevents remote command execution caused by application calling ‘unserialize()’ on arbitrary user input. Yii2 is […]