In mid-April, NSFOCUS discovered that one of its Cloud DDoS Protection Service customer in APAC region has encountered a TCP-middlebox-reflection attack which became popular throughout the world during past months after its first discourse in Aug, 2021. The attack reached its peak at 7Gbps and lasted for several hours, after immediate reaction by NSFOCUS Managed […]

Overview On April 20, 2022, NSFOCUS’s CERT monitoring found that Oracle officially released the April Critical Patch Update announcement CPU (Critical Patch Update). A total of 520 vulnerabilities of varying degrees were fixed. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications and many other common […]

Overview On April 13, 2022, NSFOCUS CERT detected that Struts officially issued a security notice and fixed a remote code execution vulnerability S2-062 (CVE-2021-31805). This vulnerability is not fully repaired for S2-061. When developers use the %{…} syntax to force OGNL parsing, there are still some special TAG attributes that can be parsed twice; attackers […]

Overview Recently, NSFOCUS Security Labs captured a series of phishing documents containing specific Korean bait information. Most of these documents contain keywords such as “BTC”, “ETH”, “NFT”, and “account information”, which trick victims into opening them and then use remote template injection to implant malicious programs, thereby stealing host information. Analysis shows that these phishing […]

Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Spring related frameworks. Unauthorized remote attackers can construct HTTP requests to write malicious programs on the target system to execute arbitrary code. This vulnerability is Spring framework remote code execution vulnerability. (CVE-2010-1622), but it has a wider impact. Officials have released versions 5.2.20.RELEASE and […]

Abstract Information collection is a very important part of both attack and defense, and high-quality information collected is the basis and premise of follow-up work. However, fragmentary information and the complex composition of cloud native itself bring certain challenges to information collection in cloud native environment. This series of posts will share ideas and methods […]

Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter “spring.cloud.function.routing-expression” in the request header is processed as a Spel expression by the apply method of the RoutingFunction class in Spring Cloud Function, resulting in a Spel expression injection vulnerability, which can be […]

Background With the wide application of encryption technology and the continuous development of new network technology, the network structure becomes more and more complex and the encrypted traffic explodes. Furthermore, as the evolution and promotion of encryption protocols such as TLS1.3, the era of full encryption is silently coming. When protecting users’ privacy, encryption technology […]

Background The public cloud has become the hardest hit by cyberattacks. This article gives you an effective threat monitoring proposal by using VPC traffic mirror. Traffic Mirror In the traditional network environment, the data communications between devices are realized via cables or wireless networks. We can completely divert the traffic to the bypass monitoring device […]

Overview On March 9, NSFOCUS CERT detected that Microsoft released the March security update patch, which fixed 71 security issues, involving Windows, Exchange Server, Remote Desktop Client, Azure, etc., including privilege escalation, remote code execution and other high-risk vulnerability types. Among the vulnerabilities fixed by Microsoft’s update this month, there are 3 critical vulnerabilities and […]