Emergency Response

ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* Remote Code Execution Vulnerability Handling Guide

January 21, 2019 | Mina Hao

1 Vulnerability Overview Recently, ThinkPHP 5.0-5.0.23 was found to have a remote code execution (RCE) vulnerability. The NSFOCUS Falcon Team carried out tests and found that ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* were also prone to this vulnerability, which could be triggered in both Linux and Windows systems.

ThinkPHP 5.0.* Remote Code Execution Vulnerability Handling Guide

January 17, 2019 | Mina Hao

1 Vulnerability Overview Recently, ThinkPHP 5.0.* is prone to a remote code execution vulnerability that has been officially fixed. All related users should stay wary and take precautions as soon as possible.

ThinkPHP 5 Remote Code Execution Vulnerability Threat Alert

January 16, 2019 | Mina Hao

Overview On January 11, ThinkPHP addressed a remote code execution vulnerability. This vulnerability stems from the Request class’s (thinkphp/library/think/Request.php) lack of sufficient input validation when handling requests, which finally leads to remote code execution.

Microsoft’s January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert

January 15, 2019 | Mina Hao

Overview Microsoft released the January 2019 security patch on Tuesday that fixes 51 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Android App, ASP.NET, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft […]

Microsoft Exchange Server Arbitrary User Impersonation Vulnerability Handling Guide

January 10, 2019 | Mina Hao

1 Vulnerability Overview Recently, a security researcher released details of an arbitrary user impersonation vulnerability (CVE-2018-8581) in Microsoft Exchange Server (also known as Exchange Web Server, EWS for short), revealing that an authenticated attacker could exploit this vulnerability to impersonate arbitrary accounts or even gain privileges of the target user. Currently, the vulnerability’s proof of […]

Email Security – Attachment Virus

January 7, 2019 | Mina Hao

Case AnalysisCase Analysis Ransomware emails usually have an intriguing subject and body to entice receivers to open the attachment. As shown above, the attachment is compressed. The virus file is an executable with the extension of js. To disguise it as a seemingly secure text file, the attacker adds .txt in the file name. Files […]

Windows Arbitrary File Read 0-Day Vulnerability Handling Guide

January 7, 2019 | Mina Hao

1 Vulnerability Overview Recently, a security researcher with Twitter alias SandboxEscaper, once again, published proof-of-concept (PoC) code for a new 0-day vulnerability affecting Windows. This is the third Windows 0-day vulnerability published by this same researcher since August 2018. The vulnerability made known to the public this time could lead to arbitrary file read. Specifically, […]

Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

December 29, 2018 | Mina Hao

Overview Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows […]

Adobe Security Bulletin for December 2018 Security Updates

December 29, 2018 | Mina Hao

Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader.

Xbash Malware Combines Many Malicious Functions in Worm

September 30, 2018 | Adeline Zhang

Unit 42, a research team of Palo Alto Networks found a new malware family this month and named it Xbash. This new malware combines ransomware, coinming, botnet, and worm features and targets Linux and Windows mainly. Xbash is developed in Python and was then converted into self-contained Linux ELF executables by abusing the legitimate tool […]