Blog

Technical Report on Container Security (IV)-1

January 7, 2019 | Mina Hao

Container Security Protection—Linux Kernel Security Mechanism As a lightweight virtualized implementation, the container technology took into account security factors at the time of design, which constitute an important basis for container security protection. This chapter describes security risks and threats facing containers and common protection ideas and methods.

IP Reputation Report-01042019

January 4, 2019 | Mina Hao

Top 10 c¿ountries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases at January 04, 2019.

Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

December 29, 2018 | Mina Hao

Overview Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows […]

Technical Report on Container Security (III)-3

December 29, 2018 | Mina Hao

Security Risks and Challenges – Container Application Security Threat Container Application Security Threat Microservice Security From traditional monolithic applications to modern microservice applications, security has always been a hot issue. A monolithic application usually exposes fewer services and ports,narrowing the attack surface. In addition, security professionals know common points from which attacks are often launched. […]

Adobe Security Bulletin for December 2018 Security Updates

December 29, 2018 | Mina Hao

Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader.

IP Reputation Report-12212018

December 21, 2018 | Mina Hao

Top 10 countries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases at December 21, 2018. But the United States has the largest allocated IP addresses in the world and China is in the second place. So, report IP Reputation as a percentage of total […]

NSFOCUS’s Presence at Botconf 2018

December 17, 2018 | Adeline Zhang

On December 7, 2018 security experts from NSFOCUS Fu Ying Labs delivered a speech at Botconf 2018, presenting WASM security threat analysis technologies with researchers from security firms, media personnel, and security practitioners from CERTs (Computer Emergency Response Teams) of various countries. Their striking insights were highly accepted and acknowledged by the international security industry. […]

ThinkPHP Remote Code Execution Vulnerability Handling Guide

December 17, 2018 | Adeline Zhang

1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access to the server. ThinkPHP is […]

Personal Computer——File Deletion

December 14, 2018 | Adeline Zhang

Case AnalysisCase Analysis When you delete files from a computer or USB flash drive, just clicking the deletion button or doing a quick formatting does not completely remove files because you can easily recover them using data recovery software. Even after you clear the recycle bin, those deleted files can still be retrieved.

ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert

December 13, 2018 | Adeline Zhang

Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is fixed in the latest version.