Overview The default service StockQuoteService.jws in Axis contains a hard-coded HTTP URL, which can be used to trigger an HTTP request. An attacker can conduct a man-in-the-middle (MITM) attack by taking control of a domain (www.xmltoday.com) or performing ARP poisoning against the targeted Axis server, and then redirect the HTTP...
Category: Emergency Response
Microsoft’s April 2019 Patches Fix 76 Vulnerabilities Threat Alert
Overview Microsoft released April 2019 security patches on Tuesday that fix 76 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, Adobe Flash Player, CSRSS, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office...
Adobe Security Advisory for April Security Updates
Overview On April 9, local time, Adobe officially released April security updates which fix multiple vulnerabilities in such products as Adobe Flash Player, Shockwave Player, Dreamweaver, XD CC, InDesign, Experience Manager Forms, and Bridge CC. (more…)
Apache HTTP Server Privilege Escalation Vulnerability Threat Alert
1 Vulnerability Overview Recently, Apache released a security advisory, announcing remediation of a privilege escalation vulnerability (CVE-2019-0211). Apache HTTP Server running MPM event, worker or, prefork could allow a less-privileged child thread or process (including scripts executed by an in-process scripting interpreter) to execute arbitrary code with privileges of the...
2018 DDoS Attack Landscape-2
Overview of DDoS Attacks in 2018Â (more…)
IP Reputation Report-04052019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 05, 2019. (more…)
