Blog

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2020-16875) Threat Alert

September 30, 2020 | Mina Hao

Overview Microsoft has fixed a critical vulnerability in its September 2020 Security Updates, which is a remote code execution vulnerability (CVE-2020-16875) in Microsoft Exchange Server. Recently, relevant proof of concept (PoC) has appeared on the Internet. Due to incorrect verification of cmdlet arguments, an attacker may trigger this vulnerability by sending an email that contains […]

Microsoft September 2020 Security Updates for Multiple High-Risk Product Vulnerabilities Threat Alert

September 29, 2020 | Mina Hao

Vulnerability Description On September 9, 2020, Beijing time, Microsoft released September 2020 Security Updates that fix 129 vulnerabilities ranging from remote code execution to privilege escalation in various products, including Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft Exchange Server, Visual Studio, and ASP.NET.

Botnet Trend Report 2019-12

September 28, 2020 | Mina Hao

This chapter describes active botnet families under long-term tracking of and other families newly captured by NSFOCUS Security Labs, from the perspectives of their background, activity, and association with other families. Botnet Families GoBrut Malware in the GoBrut family, written in Go, made its debut in early 2019, in a bid to detect services on […]

Apache DolphinScheduler High-Risk Vulnerabilities (CVE-2020-11974, CVE-2020-13922) Handling Guide

September 26, 2020 | Mina Hao

1. Vulnerability Description On September 11, 2020, NSFOCUS detected that the Apache Software Foundation released security advisories fixing Apache DolphinScheduler permission overwrite vulnerability (CVE-2020-13922) and Apache DolphinScheduler remote code execution vulnerability (CVE-2020-11974). CVE-2020-11974 is related to mysql connectorj remote code execution vulnerability. When choosing mysql as database, an attacker could execute code remotely on the […]

Analysis of the 2020 H1 Malware Trend

September 25, 2020 | Mina Hao

1. Overview From data collected throughout 2019 and data as of June 30, 2020, we extracted information about malware, whose distribution by type is shown in Figure 1-1. Compared with 2019, the percentages of various types of malware in 2020 H1 changed, with backdoors overtaking crytominers to become No .1 with a percentage of 48.05%, […]

Apache DolphinScheduler High-Risk Vulnerabilities (CVE-2020-11974, CVE-2020-13922) Threat Alert

September 23, 2020 | Mina Hao

1. Vulnerability Description On September 11, 2020, NSFOCUS detected that the Apache Software Foundation released security advisories fixing Apache DolphinScheduler permission overwrite vulnerability (CVE-2020-13922) and Apache DolphinScheduler remote code execution vulnerability (CVE-2020-11974). CVE-2020-11974 is related to mysql connectorj remote code execution vulnerability. When choosing mysql as database, an attacker could execute code remotely on the […]

BT.CN Unauthenticated phpmyadmin Vulnerability Threat Alert

September 22, 2020 | Mina Hao

Overview On August 23, 2020, Beijing time, BT.CN released an urgent security update announcing that BT-Panel for Linux 7.4.2 and BT-Panel for Windows 6.8 are vulnerable. Unauthenticated phpmyadmin causes direct database login by accessing a specific address. BT-Panel is server management software that improves the operation and maintenance efficiency. It supports more than 100 server […]

Botnet Trend Report 2019-11

September 21, 2020 | Mina Hao

Overview Overall, malware on mobile platforms, though evolving in the same way as those on PC, has a complex composition. In 2019, ad apps still dominated the list of malware threatening the security of Android users. Potentially dangerous software involving sensitive operations also made up a large proportion. Agent programs launching attacks via remote code […]

QEMU VM Escape Vulnerability (CVE-2020-14364) Threat Alert

September 18, 2020 | Mina Hao

Vulnerability Description On August 24, QEMU released a security patch to fix a VM escape vulnerability (CVE-2020-14364) which is the result of an out-of-bounds read/write access issue in the USB emulator in QEMU. This vulnerability resides in ./hw/usb/core.c. When the program handles USB packets from a guest, this vulnerability is deemed to exist if USBDevice […]

SANGFOR Endpoint Detection Response Remote Command Execution Vulnerability Handling Guide

September 16, 2020 | Mina Hao

Vulnerability Description On August 18, 2020, the China National Vulnerability Database (CNVD) listed SANGFOR Endpoint Detection Response (EDR) remote command execution vulnerability (CNVD-2020-46552) as a new entry. An unauthenticated attacker could exploit this vulnerability to send a maliciously crafted HTTP request to a target server, thereby obtaining the privileges of the target server and causing […]