Blog

Adobe Security Bulletins for February 2020 Security Updates Threat Alert

February 24, 2020 | Mina Hao

Overview On February 11, 2020, local time, Adobe officially released February’s security updates to fix multiple vulnerabilities in its various products, including Adobe Experience Manager, Adobe Digital Editions, Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Framemaker.

Microsoft’s Security Bulletin for February 2020 Patches That Fix 100 Security Vulnerabilities Threat Alert

February 21, 2020 | Mina Hao

Overview Microsoft released the February 2020 security patches on Tuesday that fixes 100 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft […]

IP Reputation Report-02162020

February 20, 2020 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 16, 2020.

Cisco Discovery Protocol Vulnerabilities Threat Alert

February 19, 2020 | Mina Hao

Overview On February 6, 2020, Beijing time, Cisco fixed five high-risk vulnerabilities in the Cisco Discovery Protocol (CDP) in new versions. The CDP protocol allows Cisco devices to share information in the intranet via multicast messages. These vulnerabilities affect VoIP (Voice over Internet Protocol) phones and cameras.

Android Bluetooth Component Critical Vulnerability (CVE-2020-0022) Threat Alert

February 18, 2020 | Mina Hao

Overview Recently, Google released February 2020 security updates for Android which fixed a critical vulnerability (CVE-2020-0022) in Android’s Bluetooth component. This vulnerability could be exploited without user interaction when Bluetooth is enabled on devices. An attacker that successfully exploits this vulnerability could execute arbitrary code on the target system. Also, researchers pointed out that this […]

ICS Information Security Assurance Framework 17

February 17, 2020 | Mina Hao

Nuclear Power The security scenario of the nuclear power plant is similar to that of the thermal power platform. For details, sees section 4.1.1. Generally, it contains the following contents:

FusionAuth Remote Code Execution Vulnerability (CVE-2020-7799) Threat Alert

February 14, 2020 | Mina Hao

Vulnerability Description On January 28, 2019, Beijing time, NVD released a remote command execution vulnerability (CVE-2020-7799) in the Apache Freemarker template in FusionAuth. It is found that an authenticated user can edit email templates (Home > Settings > Email Templates) or themes (Home > Settings > Themes) in FusionAuth to execute arbitrary commands in the […]

IP Reputation Report-02092020

February 13, 2020 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 9, 2020.

oracle

WebLogic WLS Component IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-2551) Threat Alert

February 12, 2020 | Mina Hao

Overview Oracle released Critical Patch Update (CPU) for January 2020, announcing a remote code execution vulnerability (CVE-2020-2551) in the Internet Inter-ORB Protocol (IIOP) used by the WLA component in WebLogic.

ICS Information Security Assurance Framework 16

February 11, 2020 | Mina Hao

System Introduction The computer monitoring system of the hydropower plant adopts a hierarchical distributed open system structure totally controlled by the computer, which consists of the main control layer of functions and the local control unit (LCU) layer of objects. The main control layer consists of the operator station, data server station, external communication station, […]