Blog

Critical runC Container Escape Vulnerability (CVE-2019-5736) Threat Alert

February 18, 2019 | Mina Hao

Overview RUNC is a CLI tool for spawning and running containers according to the Open Container Initiative (OCI) specification. As the core of the Docker, runC can be called for creating, running, and destructing containers.

NSFOCUS Cloud-in-a-Box Wins 2019 InfoSecurity Product Guide Excellence Award

February 15, 2019 | Devika Jain

NSFOCUS Cloud-in-a-Box Wins 2019 InfoSecurity Product Guide Excellence Award Four months after it was released to the general public, our newest cloud security service Cloud-in-a-Box has been named a bronze winner in the 15th annual 2019 InfoSecurity Product Guide’s Global Excellence Awards in the ‘Best Innovation in Cloud Security’ category. In this day and age, […]

IP Reputation Report-02152019

February 15, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 15, 2019.

Mobile Office——Sum-up

February 15, 2019 | Mina Hao

Security Tips/Takeaways

Technical Report on Container Security (IV)-6

February 14, 2019 | Mina Hao

Container Security Protection – Runtime Security Runtime Security Security Configuration for Container Launch A container runs on the host as a process. Running container processes are isolated from one another. Each has its own file system, networking, and isolated process tree separate from the host. The following sections detail how to use the docker run[1] […]

IP Reputation Report-02082019

February 8, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 08, 2019.

IP Reputation Report-02012019

February 1, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 01, 2019.

Mobile Office—SIM and SD Card Security

January 31, 2019 | Mina Hao

Case AnalysisCase Analysis If you do not report the loss of the SIM card after your phone is lost, a hacker may use it to obtain SMS verification codes. Activation of the quick pay service requires only the ID card number, bank card number, and SMS verification code.

NSFOCUS Releases IP Chain Gang Report on Behavior of Recidivist Hackers

January 30, 2019 | Devika Jain

  In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors that exhibit similar behavior among the various attacks conducted by the same gang. The report analyzes the IP Chain-Gangs attack types, volume, size of events, gang […]

APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide

January 30, 2019 | Mina Hao

1 Vulnerability Overview Recently, a security researcher discovered a critical vulnerability in the Advanced Packaging Tool (APT) of Linux. This vulnerability stems from the APT’s failure to properly handle redirects, which can be triggered via a man-in-the-middle attack or a malicious package mirror, resulting in remote code execution.