Overview On January 26, NSFOCUS CERT detected that the Qualys research team publicly disclosed a privilege escalation vulnerability (CVE-2021-4034) found in Polkit's pkexec, also known as PwnKit. The vulnerability is due to the inability of pkexec to properly process the call parameters, thereby executing the environment variable as a command....
Category: Emergency Response
APT Retrospection: FIN7 Uses Windows 11 Topics as Bait to Do Spear Phishing Attacks
Overview In July 2021, NSFOCUS Security Labs captured a number of phishing documents using windows 11 related topics as bait. These phishing documents show some ideas and techniques that are different from common phishing attacks. Through in-depth analysis, NSFOCUS Security Labs found that the phishing files are part of a large-scale spear...
HTTP Stack Remote Code Execution Vulnerability (CVE-2022-21907) Alert
Overview On January 12, NSFOCUS CERT detected that Microsoft released a monthly security update, which fixed an HTTP protocol stack remote code execution vulnerability (CVE-2022-21907). A buffer overflow can occur due to a boundary error in the HTTP Trailer Support feature in the HTTP stack (HTTP.sys). An unauthenticated attacker can...
Apache log4j Deserialization and SQL Injection Vulnerability (CVE-2022-23302/CVE-2022-23305/CVE-2022-23307) Alert
Overview On January 19, NSFOCUS CERT detected that Apache released a security bulletin that disclosed three Log4j vulnerabilities, all of which affected the Apache Log4j 1.x version, and the official support and maintenance are no longer available. Please take measures as soon as possible to protect the relevant users. Apache...
Oracle January Critical Patch Update for All Product Families
Overview On January 19, 2022, NSFOCUS CERT monitoring found that Oracle officially released the CPU (Critical Patch Update) in January. A total of 497 vulnerabilities of varying degrees were fixed this time. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications...
Apache Dubbo Remote Code Execution Vulnerability (CVE-2021-43297) Notification
Overview On January 12, NSFOCUS CERT found that Apache issued a security notice to fix a remote code execution vulnerability (CVE-2021-43297) in Dubbo. Due to a deserialization vulnerability in Dubbo's hessian-lite, an unauthenticated attacker could exploit the vulnerability to remotely execute arbitrary code on the target system. Most Dubbo users...
