Emergency Response

GitLab Remote Command Execution Vulnerability (CVE-2021-22205) Threat Alert

November 23, 2021 | Jie Ji

Overview Recently, NSFOCUS monitored that researchers disclosed the exploitation program of GitLab remote command execution vulnerability (CVE-2021-22205), and found that the existence of unauthorized endpoints in GitLab cause the vulnerability exploitable without authentication. Both Community Edition (CE) and Enterprise Edition (EE) are affected. On April 15, GitLab official released a security update to fix the […]

CODESYS V2 Multiple High-Risk Vulnerabilities Threat Alert

November 22, 2021 | Jie Ji

Overview Recently, CODESYS officially issued four security update advisories that fixed 10 vulnerabilities in CODESYS V2. NSFOCUS received a letter of acknowledgement from CODESYS for NSFOCUS Gewu Lab’s reporting of three vulnerabilities that were rated high-risk. All of the three vulnerabilities are exploited for attacks via private communication protocols supported by CODESYS runtime. By using […]

Oracle October Critical Patch Update for All Product Families

November 16, 2021 | Jie Ji

Overview On October 20, 2021, NSFOCUS detected that Oracle released the October Critical Patch Update (CPU), which fixed 419 vulnerabilities of varying risk levels. The update involves multiple commonly used products, such as Oracle MySQL, Oracle WebLogic Server, Oracle Java SE, Oracle Fusion Middleware and Oracle Retail Applications. Oracle strongly recommends that users fix these […]

Microsoft October Security Updates for Multiple High-Risk Product Vulnerabilities

October 27, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released October Security Updates on October 13 to fix 81 vulnerabilities, including high-risk vulnerabilities like privilege escalation and remote code execution, in widely used products like Windows, Microsoft Office, Microsoft Visual Studio, and Exchange Server. This month’s security updates fix 3 critical vulnerabilities and 70 important ones, including […]

VMware vCenter Server Multiple High-Risk Vulnerabilities Threat Alert

October 22, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, VMware’s official security advisory, disclosing multiple vulnerabilities in VMware vCenter Server on September 22. Those issues allow attackers to cause information disclosure, privilege promotion and remote code execution. Now VMware has released security updates to fix the vulnerabilities. Affected users are advised to take measures for protection. vCenter Server […]

XStream Multiple High-Risk Vulnerabilities Threat Alert

October 15, 2021 | Jie Ji

Overview Recently, NSFOCUS found that XStream released security advisories disclosing 14 security vulnerabilities in its products. An attacker could exploit these vulnerabilities to conduct a DoS, server-side request forgery (SSRF), or remote code execution (RCE) attack. XStream is a tool to serialize Java objects to XML and back again. When serializing JavaBeans or deserializing XML […]

Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) Threat Alert

October 12, 2021 | Jie Ji

Overview On September 8, Beijing time, NSFOCUS CERT found that Microsoft released a security bulletin to disclose a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML. Attackers could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine, and convince the user to open a malicious […]

Atlassian Confluence Remote Code Execution Vulnerability (CVE-2021-26084) Threat Alert

October 4, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]

Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 2-2

September 27, 2021 | Jie Ji

Analysis of the Kill Chain of the LockFile Ransomware Group KDU Tool Terminating Multiple Antivirus Processes The attacker renames the KDU tool (open-source Windows driver loader implementing DSG bypass via an exploit) autologin, copies the related program to the temporary directory, and loads and executes the designated driver file to execute code with kernel privileges […]

Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2

September 26, 2021 | Jie Ji

Event Overview Recently, NSFOCUS CERT discovered a slew of security incidents that exploited security vulnerabilities (ProxyShell) in Microsoft Exchange. Also, NSFOCUS found that the new LockFile ransomware group LockFile took advantage of these ProxyShell and PetitPotam vulnerabilities to target enterprise domain environments, finally encrypting quite a few hosts from enterprises for ransom. In April, a […]