Joomla! Content Management System Remote Code Execution Vulnerability Threat Alert

October 22, 2019 | Mina Hao

Overview Recently, security researcher Alessandro Groppo posted a blog about a remote code execution vulnerability in the early version of the content management system Joomla!. The vulnerability is a remote code execution caused by a PHP object injection discovered by researchers in the Joomla! CMS 3.0.0. to 3.4.6 (released from September 2012 to December 2015). […]

Oracle October 2019 Critical Patch Update for All Product Families Threat Alert

October 21, 2019 | Mina Hao

Overview On October 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its October 2019 Critical Patch Update (CPU) which fixes 240 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the appendix.

vBulletin Remote Code Execution Vulnerability (CVE-2019-16759) Threat Alert

October 18, 2019 | Mina Hao

Overview vBulletin is a powerful, scalable, and fully customizable forums package. Despite being a commercial product, vBulletin is still the most popular web forums package, whether from the market share or the actual installations.

IP Reputation Report-10132019

October 17, 2019 | Mina Hao

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at October 13, 2019. Top 10 countries in attack percentage: The Laos is in first place. The Uzbekistan is in the second place. The country China (CN) is not […]

Harbor Remote Privilege Escalation Vulnerability (CVE-2019-16097) Threat Alert

October 16, 2019 | Mina Hao

Overview Harbor is an open-source project from VMware and an enterprise-class registry server that stores and distributes Docker container images. It adds some functionalities required by enterprises such as security, identity, and management.

Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-1367) Threat Alert

October 15, 2019 | Mina Hao

1 Vulnerability Description On September 23, local time, Microsoft released cumulative security updates for the Internet Explorer (IE), fixing a remote code execution vulnerability (CVE-2019-1367) in IE. This vulnerability exists in the way the IE’s script engine handles objects in memory. By tricking a user into accessing a crafted website through IE, an attacker could […]

WebSphere Arbitrary File Read Vulnerability (CVE-2019-4505) Threat Alert

October 14, 2019 | Mina Hao

Vulnerability Description On September 18, 2019, IBM officially released a security bulletin, disclosing an arbitrary file read vulnerability (CVE-2019-4505) in WebSphere (web service deployment middleware), which allows remote attackers to read sensitive files on the server via a crafted URL. This could result in attackers viewing any files in a certain directory, which may aid […]

Information Security in the Workplace- System Update-v

October 11, 2019 | Mina Hao

With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.

IP Reputation Report-10072019

October 10, 2019 | Mina Hao

Top 10 countries in attack counts:

phpStudy Backdoor Event Threat Alert

October 9, 2019 | Mina Hao

Event Overview Hangzhou Municipal Bureau of Public Security mentioned in its press release of Hangzhou Police Reports Work on Cracking Down on Cybercrimes and Achievements in the Cyberspace Cleanup Campaign 2019 released on September 20, 2019 that the phpStudy version released in 2016 was maliciously planted with a backdoor and the person allegedly responsible for […]