Emergency Response

Overview Recently, NSFOCUS CERT detected that a security researcher disclosed a local privilege escalation vulnerability (CVE-2022-0847) in the Linux kernel. Due to a flaw in the correct initialization of the copy_page_to_iter_pipe and push_pipe functions in the Linux kernel, an attacker can overwrite the data in any readable file by exploiting this vulnerability, thereby escalating ordinary […]

Overview Recently, NSFOCUS CERT detected that Spring released a report to fix the Spring Cloud Gateway code injection vulnerability (CVE-2022-22947). Due to a flaw in the Actuator endpoint of Spring Cloud Gateway, when a user enables and exposes an insecure Gateway Actuator endpoint, Applications using Spring Cloud Gateway are vulnerable to code injection attacks. Unauthenticated […]

Background Since 2022, the relationship between Russia and Ukraine has become increasingly tense. The two sides are at loggerheads and have deployed a large number of military personnel and equipment in the border areas of the two countries. However, since entering the 21st century, war is not limited to armed actions, but happens in other […]

Intro The world of cybersecurity is rapidly changing and technologies continue to evolve and innovate. While emerging technologies on big data, Internet of Things, artificial intelligence, mobile payment, just name a few, are helping digital transformation, new security risks expose constantly. Security incidents handled by NSFOCUS emergency response team in 2021 reaches 438, an increase […]

Overview On February 9, NSFOCUS CERT detected that Microsoft released the February security update patch, which fixed 48 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Dynamics, and Azure, including privilege escalation and remote code execution. and other high-risk vulnerability types. Among the vulnerabilities fixed by Microsoft’s monthly update this month, […]

Overview Recently, NSFOCUS Labs discovered that the South Asian APT organization SideWinder launched phishing attacks with documents used Pakistan National Day-related content as the bait. The domain name of command and control (C2) server was forged as a Pakistani government website. Since SideWinder ‘s targets include Pakistan and China, it has always been considered an […]

Overview Recently, NSFOCUS CERT detected a Samba remote code execution vulnerability (CVE-2021-44142) disclosed online. Because the default configuration of Samba’s vfs_fruit module allows out-of-bounds heap read and write through extended file attributes. When smbd parses EA metadata, a remote attacker (guest account or unauthorized user) with write access to the file’s extended attributes can execute […]

Overview On January 26, NSFOCUS CERT detected that the Qualys research team publicly disclosed a privilege escalation vulnerability (CVE-2021-4034) found in Polkit’s pkexec, also known as PwnKit. The vulnerability is due to the inability of pkexec to properly process the call parameters, thereby executing the environment variable as a command. An attacker with arbitrary user […]

Overview In July 2021, NSFOCUS Security Labs captured a number of phishing documents using windows 11 related topics as bait. These phishing documents show some ideas and techniques that are different from common phishing attacks. Through in-depth analysis, NSFOCUS Security Labs found that the phishing files are part of a large-scale spear attacks being carried out by […]

Overview On January 12, NSFOCUS CERT detected that Microsoft released a monthly security update, which fixed an HTTP protocol stack remote code execution vulnerability (CVE-2022-21907). A buffer overflow can occur due to a boundary error in the HTTP Trailer Support feature in the HTTP stack (HTTP.sys). An unauthenticated attacker can execute arbitrary code on a […]