Blog

Technical Report on Container Security (IV)-1

January 7, 2019 | Mina Hao

Container Security Protection—Linux Kernel Security Mechanism As a lightweight virtualized implementation, the container technology took into account security factors at the time of design, which constitute an important basis for container security protection. This chapter describes security risks and threats facing containers and common protection ideas and methods.

Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

December 29, 2018 | Mina Hao

Overview Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows […]

Technical Report on Container Security (III)-3

December 29, 2018 | Mina Hao

Security Risks and Challenges – Container Application Security Threat Container Application Security Threat Microservice Security From traditional monolithic applications to modern microservice applications, security has always been a hot issue. A monolithic application usually exposes fewer services and ports,narrowing the attack surface. In addition, security professionals know common points from which attacks are often launched. […]

Adobe Security Bulletin for December 2018 Security Updates

December 29, 2018 | Mina Hao

Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader.

NSFOCUS’s Presence at Botconf 2018

December 17, 2018 | Adeline Zhang

On December 7, 2018 security experts from NSFOCUS Fu Ying Labs delivered a speech at Botconf 2018, presenting WASM security threat analysis technologies with researchers from security firms, media personnel, and security practitioners from CERTs (Computer Emergency Response Teams) of various countries. Their striking insights were highly accepted and acknowledged by the international security industry. […]

ThinkPHP Remote Code Execution Vulnerability Handling Guide

December 17, 2018 | Adeline Zhang

1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access to the server. ThinkPHP is […]

Personal Computer——File Deletion

December 14, 2018 | Adeline Zhang

Case AnalysisCase Analysis When you delete files from a computer or USB flash drive, just clicking the deletion button or doing a quick formatting does not completely remove files because you can easily recover them using data recovery software. Even after you clear the recycle bin, those deleted files can still be retrieved.

ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert

December 13, 2018 | Adeline Zhang

Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is fixed in the latest version.

The missing leg – integrity in the CIA triad

December 13, 2018 | wangyang2

Linkedin Eric Vanderburg Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing data, integrity by manipulating data […]

Technical Report on Container Security (III)-2

December 11, 2018 | Adeline Zhang

Security Risks and Challenges—Security Threat Analysis Security Threat Analysis When we talk about security risks to containers, we mean security threats to hosts, to containers, and to the carried applications.