Blog

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability (CVE-2019-12643) Threat Alert

September 13, 2019 | Mina Hao

Overview On August 28, 2019, local time, Cisco released a security advisory, announcing remediation of an authentication bypass vulnerability (CVE-2019-12643) in the Cisco REST API virtual service container for Cisco IOS XE Software.

IP Reputation Report-09012019

September 12, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at September 08, 2019.   Top 10 countries in attack percentage: The Laos is in first place. The Palestine is in the second place. The country China (CN) is […]

Botnet Trend Report-13

September 11, 2019 | Mina Hao

4.4 Satan: Evolving Ransomware In late April 2018, MalwareHunterTeam reported seeing new ransomware that leveraged EternalBlue to propagate. Through analysis, we found that the ransomware was based on a new version (dubbed V2) of Satan, a ransomware family launched in 2017. The ransom demanded in this version increased from 0.1 to 0.3 Bitcoin. At the […]

Microsoft RDS Remote Code Execution Vulnerabilities (CVE-2019-1181-1182)Threat Alert

September 10, 2019 | Mina Hao

Vulnerability Overview On August 14, 2019, Beijing time, Microsoft released remote desktop (RDP) service fixes and patches for a series of vulnerabilities, including two critical remote code execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182). Similar to the BlueKeep vulnerability (CVE-2019-0708) previously fixed, vulnerabilities disclosed this time have characteristics of worms. In other words, attackers could exploit […]

QEMU VM Escape Vulnerability (CVE-2019-14378) Threat Alert

September 9, 2019 | Mina Hao

Overview Recently, a security researcher disclosed a heap-based buffer overflow vulnerability (CVE-2019-14378) in the SLiRP networking backend in the QEMU emulator. An attacker could exploit this vulnerability to crash the QEMU process on a host machine, resulting in a denial of service, or possibly execute arbitrary code with privileges of the QEMU process.

Ghostscript .buildfont1 –dSAFER Sandbox Bypass Vulnerability

September 6, 2019 | Mina Hao

Vulnerability Overview Ghostscript is a suite of software based on an interpreter for Adobe System’s PostScript and Portable Document Format (PDF) page description languages. It is widely used as a raster image processor (RIP) for raster computer printers. Currently, it has been ported from Linux to other operating systems, including UNIX, Mac OS X, VMS, […]

IP Reputation Report-09012019

September 5, 2019 | Mina Hao

Top 10 countries in attack counts:

Botnet Trend Report-12

September 4, 2019 | Mina Hao

4.3 XMRig: Cryptomining For Fun and Profit Cryptomining by botnets has gained popularity in the past two years. Unlike other common malicious activities like DDoS, ransomware attacks, and confidential information theft, cryptomining has some unique characteristics: 1. Predictable earnings. Cryptominers are good at hiding their presence by controlling their CPU usage within 30%–40%. Based on […]

TortoiseSVN Remote Code Execution Vulnerability (CVE-2019-14422) Threat Alert

September 3, 2019 | Mina Hao

Overview On August 13, local time, a researcher from a vulnerability laboratory (vxrl team) disclosed a remote code execution vulnerability (CVE-2019-14422) in TortoiseSVN. The URI handler of TortoiseSVN (Tsvncmd:) allows a customized diff operation on Excel workbooks. This vulnerability could be used to open remote workbooks without protection from macro security settings to execute arbitrary […]

Ghostscript -dSAFER Multiple Sandbox Bypass Vulnerabilities Threat Alert

September 2, 2019 | Mina Hao

Vulnerability Description On August 28, 2019, Artifex submitted “Bug 701446: Avoid divide by zero in shading” on the master branch of Ghostscript and announced remediation of four -dSAFER sandbox bypass vulnerabilities. -dSAFER is a security sandbox used by Ghostscript for prevention of insecure PostScript operations.