Emergency Response

Microsoft’s Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert

March 20, 2019 | Mina Hao

Overview   Microsoft released the March 2019 security patch on Tuesday that fixes 68 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft […]

Resource-based Constrained Delegation Allows Obtaining of System Privileges of Any Domain Hosts Threat Alert

March 19, 2019 | Mina Hao

1 Vulnerability Overview Recently, the NSFOCUS M01N team released the Analysis of Privilege Escalation Attacks by Exploiting Resource-based Constrained Delegation, in which they describe the principle of attacks launched by exploiting the resource-based constrained delegation, so as to escalate privileges of domain hosts. For details, click the following link: http://blog.nsfocus.net/analysis-attacks-entitlement-resource-constrained-delegation/ Several days ago, a security […]

Windows Domain Machines Local Privilege Escalation Attack Threat Alert

March 18, 2019 | Mina Hao

Overview A security researcher from Shenanigans Labs disclosed a method of attacking the Active Directory by abusing resource-based constrained delegation. This would impose a serious threat to domain environments as an attacker could make a common domain user access services on local computers as a domain administrator, thus escalating local privileges. For details, see reference […]

Chrome and Windows 7 32-Bit Vulnerabilities Threat Alert

March 14, 2019 | Mina Hao

Overview On March 7 (local time), Google released a security advisory to announce the existence of a Microsoft Windows vulnerability. According to Google, this local privilege escalation vulnerability could be exploited together with the vulnerability (CVE-2019-5786) in Google Chrome announced last week, to take control of the machine of the victim.

Resource-based Constrained Delegation Allows Obtaining of System Privileges of Any Domain Hosts Threat Alert

March 12, 2019 | Mina Hao

1 Vulnerability Overview Recently, the NSFOCUS M01N team released the Analysis of Privilege Escalation Attacks by Exploiting Resource-based Constrained Delegation, in which they describe the principle of attacks launched by exploiting the resource-based constrained delegation, so as to escalate privileges of domain hosts. For details, click the following link:

Chrome PDF File Parsing 0-Day Vulnerability Threat Alert

March 12, 2019 | Mina Hao

1 Vulnerability Overview On February 28, 2019, a security vendor outside of China spotted a 0-day vulnerability in Google’s Chrome browser, which could lead to information disclosure upon a user’s opening of a malicious PDF file using Chrome. Up to now, a number of malicious samples have been found to exploit this vulnerability in the […]

Drupal Remote Code Execution Vulnerability (CVE-2019-6340) Threat Alert

March 2, 2019 | Mina Hao

Overview Drupal released a security advisory, announcing remediation of a highly critical remote code execution vulnerability (CVE-2019-6430), which stems from some field types improperly sanitizing data from non-form sources, leading to potential execution of arbitrary PHP code.

Gafgy Botnet – Practitioner of the BaaS Mode

March 2, 2019 | Mina Hao

Overview In an era of everything being connected, with the increase of IoT devices exposed on the Internet and vulnerabilities detected in them, more and more malware focuses on the inexhaustible zombie repository. Therefore, IoT platform-based malware families have undergone an exponential growth. The year 2018 alone saw 21 new variants from IoT-based botnet families.

Attack and Defense Around PowerShell Event Logging

February 27, 2019 | Mina Hao

0x00 Overview PowerShell has been a focus of concern for network defense. The fileless PowerShell, featuring LotL and excellent ease of use, is widely used in various attack scenarios. In order to capture PowerShell-based attacks, an increasing number of security professionals tend to, through PowerShell event log analysis, extract attack records such as post-exploitation data […]

WinRAR Code Execution Vulnerability Threat Alert

February 21, 2019 | Mina Hao

1 Vulnerability Overview Recently, a security researcher found a logical bug in WinRAR using the WinAFL fuzzer and exploited it to gain full control over a victim’s computer. An attacker could exploit this vulnerability by crafting an archive and then tricking victims into downloading it by means of a phishing email, net disk, or forum. […]