Overview On April 14, local time, Oracle released the April Critical Patch Update (CPU) which fixes vulnerabilities that include a critical one (CVE-2020-2915) in Oracle Coherence CPU, with a CVSS score of 9.8. This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle Coherence. Successful exploitation of it could result in […]

Background Recently, a new strain of ransomware WannaRen came to the surface and began to spread between PCs. This ransomware encrypts files in the Windows system and uses .WannaRen as the extension of encrypted files. The attacker leaves a Bitcoin wallet address and demands 0.05 Bitcoin as ransom. Through tracking and analysis, NSFOCUS’s emergency response […]

Overview On April 14, 2020, local time, Oracle released its own security advisory and third-party security advisories for its April 2020 Critical Patch Update (CPU) which fix 397 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:

Overview On April 14, 2020, local time, Microsoft released its April patches that fix 113 security issues, including three 0-day vulnerabilities that have been exploited in the wild. The three vulnerabilities exist in Windows Adobe Type Manager Library and the Windows kernel.

Overview Recently, a new strain of ransomware WannaRen came to the surface and began to spread between PCs. This ransomware encrypts almost all files in the Windows system and uses .WannaRen as the extension of encrypted files. The attacker leaves a Bitcoin wallet address and demands 0.05 Bitcoin as ransom.

Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 19, 2020.

Controlled DDoS Attack Sources According to statistics, China was still home to the largest number of controlled DDoS attack sources (36.19%) in 2019, followed by the USA and UK. Although China’s ranking remained unchanged in terms of the number, the proportion decreased compared with 2018. This indicates that China’s DDoS governance and defenses have yielded […]

Overview On March 31, 2020, local time, Google published an advisory, announcing that the newest version of Chrome 80.0.3987.162 to be rolled out in the coming days would address eight security vulnerabilities. Now this version has been released. The most severe of these vulnerabilities could allow attackers to execute arbitrary code in the context of […]

Overview On April 6, Sangfor released an advisory, announcing that an overseas APT organization illegally took control of some of their SSL VPN devices and sent malicious files to clients by exploiting a client upgrade vulnerability. NSFOCUS has kept a close eye on this issue and conducted overall analysis. We advise related users to take […]

Overview IBM released security advisories to announce the fix of two remote code execution vulnerabilities (CVE-2020-4276 and CVE-2020-4362) in WebSphere Application Server. The two vulnerabilities exist when WebSphere uses token-based authentication in an admin request over the SOAP connector. By sending a maliciously crafted request to WebSphere SOAP Connector, an attacker could execute arbitrary code […]