Overview Recently, NSFOCUS Security Labs captured a series of phishing documents containing specific Korean bait information. Most of these documents contain keywords such as "BTC", "ETH", "NFT", and "account information", which trick victims into opening them and then use remote template injection to implant malicious programs, thereby stealing host information....
Category: Emergency Response
Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965) Manual
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Spring related frameworks. Unauthorized remote attackers can construct HTTP requests to write malicious programs on the target system to execute arbitrary code. This vulnerability is Spring framework remote code execution vulnerability. (CVE-2010-1622), but it has a wider impact. Officials...
Spring Cloud Function SPEL Expression Injection Vulnerability Alert
Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter "spring.cloud.function.routing-expression" in the request header is processed as a Spel expression by the apply method of the RoutingFunction class in Spring Cloud Function, resulting in a Spel expression...
Microsoft’s March security update for multiple high-risk product vulnerabilities
Overview On March 9, NSFOCUS CERT detected that Microsoft released the March security update patch, which fixed 71 security issues, involving Windows, Exchange Server, Remote Desktop Client, Azure, etc., including privilege escalation, remote code execution and other high-risk vulnerability types. Among the vulnerabilities fixed by Microsoft's update this month, there...
1TB Multi-Vector DDoS Attack in LATAM Blocked after CVE-2022-26143 Vulnerability Exploited
In early March, NSFOCUS Cloud Scrubbing SOC team discovered that one of our customers in Latin America suffered a volumetric, multi-vector distributed denial-of-service (DDoS) attack. NSFOCUS Cloud DPS prevented this attack successfully. The captured entire attack and defense process is as follows: March 3, 10:00 a.m. GMT+8 NSFOCUS cloud-based Network...
Linux Kernel Privilege Escalation Vulnerability (CVE-2022-0847) Alert
Overview Recently, NSFOCUS CERT detected that a security researcher disclosed a local privilege escalation vulnerability (CVE-2022-0847) in the Linux kernel. Due to a flaw in the correct initialization of the copy_page_to_iter_pipe and push_pipe functions in the Linux kernel, an attacker can overwrite the data in any readable file by exploiting...
