Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework's insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is...
Category: Threat Analysis
Adobe Flash Player 0-Day Vulnerabilities Threat Alert
Overview On December 5, 2018, local time, Adobe released a security bulletin to document the remediation of two vulnerabilities, namely a critical 0-day vulnerability (CVE-2018-15982) in Adobe Flash Player and an important vulnerability (CVE-2018-15983) in Adobe Flash Player installer. (more…)
“WeChat Pay” Ransomware Analysis and Decryption Tool
Risk Overview Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the ransomware. To regain access to the files, users are asked to scan a WeChat QR code that appears in a pop-up window and pay 110 yuan...
Sample Analysis Report-3
1 Sample Introduction 1.1 Sample Type The sample is a Trojan, which belongs to the Tsunami family. (more…)
Adobe Flash Player Remote Code Execution Vulnerability Threat Alert
Overview On November 20, 2018, local time, Adobe released a security advisory for documenting the remediation of a critical vulnerability in Adobe Flash Player. Successful exploitation of this vulnerability could allow attackers to remotely execute arbitrary code. (more…)
Sample Analysis Report
1 Sample Introduction 1.1 Sample Type This sample is a trojan, similar to Satori which is a Mirai variant. (more…)
