Emergency Response

Background   On May 4, 2022, F5 issued a security bulletin regarding a remote code execution vulnerability in iControlREST component of BIG-IP products. The CVE number of the vulnerability is CVE-2022-1388. The vulnerability can bypass authentication and remotely execute arbitrary code with a vulnerability score of CVSS up to 9.8. Since the bulletin, attackers have […]

Overview Recently, NSFOCUS CERT found that OpenSSL issued a security notice, which fixed multiple security vulnerabilities in OpenSSL products. OpenSSL is an open source software library package. Applications can use this package to communicate securely, avoid eavesdropping, and confirm the identity of the other end of the connection. It is widely used on web servers […]

Overview Recently, NSFOCUS CERT detected that F5 issued a security bulletin to fix an authentication bypass vulnerability in BIG-IP. Unauthenticated attackers can use the control interface to exploit, through the BIG-IP management interface or its own IP address. Network access to the iControl REST interface to execute arbitrary system commands, create or delete files, and […]

Overview On April 20, 2022, NSFOCUS’s CERT monitoring found that Oracle officially released the April Critical Patch Update announcement CPU (Critical Patch Update). A total of 520 vulnerabilities of varying degrees were fixed. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications and many other common […]

Overview On April 13, 2022, NSFOCUS CERT detected that Struts officially issued a security notice and fixed a remote code execution vulnerability S2-062 (CVE-2021-31805). This vulnerability is not fully repaired for S2-061. When developers use the %{…} syntax to force OGNL parsing, there are still some special TAG attributes that can be parsed twice; attackers […]

Overview Recently, NSFOCUS Security Labs captured a series of phishing documents containing specific Korean bait information. Most of these documents contain keywords such as “BTC”, “ETH”, “NFT”, and “account information”, which trick victims into opening them and then use remote template injection to implant malicious programs, thereby stealing host information. Analysis shows that these phishing […]

Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Spring related frameworks. Unauthorized remote attackers can construct HTTP requests to write malicious programs on the target system to execute arbitrary code. This vulnerability is Spring framework remote code execution vulnerability. (CVE-2010-1622), but it has a wider impact. Officials have released versions 5.2.20.RELEASE and […]

Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter “spring.cloud.function.routing-expression” in the request header is processed as a Spel expression by the apply method of the RoutingFunction class in Spring Cloud Function, resulting in a Spel expression injection vulnerability, which can be […]

Overview On March 9, NSFOCUS CERT detected that Microsoft released the March security update patch, which fixed 71 security issues, involving Windows, Exchange Server, Remote Desktop Client, Azure, etc., including privilege escalation, remote code execution and other high-risk vulnerability types. Among the vulnerabilities fixed by Microsoft’s update this month, there are 3 critical vulnerabilities and […]

In early March, NSFOCUS Cloud Scrubbing SOC team discovered that one of our customers in Latin America suffered a volumetric, multi-vector distributed denial-of-service (DDoS) attack. NSFOCUS Cloud DPS prevented this attack successfully. The captured entire attack and defense process is as follows: March 3, 10:00 a.m. GMT+8 NSFOCUS cloud-based Network Traffic Analyzer (NTA) detected a […]