Overview Recently, a foreign researcher discovered a potential vulnerability in the UC browser which may affect hundreds of millions of users around the world. A hidden feature is found in the UC browser to download auxiliary software modules for execution by bypassing some restrictions of an application store. This feature...
Category: Blog
PostgreSQL Arbitrary Code Execution Vulnerability (CVE-2019-9193) Threat Alert
1 Vulnerability Overview Recently, a security researcher disclosed details about a PostgreSQL privilege escalation code execution vulnerability (CVE-2019-9193), which allows attackers with read access to database server-side files to execute arbitrary system commands. (more…)
Daily Communication——Use of Shared Folders
Case Analysis Public shared folders usually house various documents from different departments, many of which contain sensitive data. Sensitive files reside in such folders mainly because people forget to delete them after copying them, thus exposing sensitive data to intranet hackers and rogue insiders. (more…)
Apache Tomcat DoS Vulnerability (CVE-2019-0199) Threat Alert
1 Vulnerability Overview Recently, The Apache Software Foundation announced the existence of a denial-of-service (DoS) vulnerability in Apache Tomcat HTTP/2. Specifically, the HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permits clients to keep streams open without reading/writing request/response data. Thus, too many connection requests from...
Technical Report on Container Security (V)-3
Security Tools – StackRox About StackRox StackRox features a distributed architecture that collects and analyzes data throughout the application lifecycle to detect and block malicious actors, and finally meet the requirement for protecting containerized cloud-native applications. StackRox delivers continuous detection through its unique combination of distributed sensors and centralized analysis...
NSFOCUS Attack Threat Monitoring Wins 2019 Cyber Defense Magazine InfoSec Award
Earlier this month at RSA we released the newest service in our arsenal of holistic hybrid security solutions, Attack Threat Monitoring (ATM). We were thrilled not only to demo ATM at our RSA booth, but even more pleased to release the service to the public having already won an award....
