Emergency Response

Overview On January 13, 2021, NSFOCUS’s emergency response team received feedback on the incaseformat virus from a host of customers in the government, healthcare, education, and telecom sectors. According to analysis, we found that this virus mainly infected hosts installed with financial management application systems. Also, we observed that all other files than system partition […]

Overview Recently, Apache Flink announced two directory traversal vulnerabilities, CVE-2020-17518 and CVE-2020-17519. Currently, Apache Flink has released a new version to fix the preceding vulnerability. Affected users are advised to upgrade as soon as possible.

Overview On December 14, 2020, Beijing time, FireEye posted a blog on a SolarWinds supply chain attack. The blog shows that SolarWinds software was trojanized by attackers around March 2020 and suffered a severe supply chain attack. Currently, SolarWinds has released relevant updates. Users are advised to install the updates immediately.

Overview On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated organization and that FireEye Red Team tools were stolen. According to FireEye, the stolen Red Team tools were mainly used to provide its customers with basic penetration testing services and did not contain […]

Overview Microsoft disclosed a remote code execution vulnerability (CVE-2020-17144) Microsoft Exchange Server 2010 in its latest December security updates, rating the vulnerability as Important.   The vulnerability exists because the program improperly verifies cmdlet parameters. An authenticated attacker could exploit this vulnerability to cause remote code execution. This vulnerability is similar to CVE-2020-0688 and requires login […]

Overview On December 8, 2020, local time, OpenSSL released a security advisory disclosing a NULL pointer dereference vulnerability (CVE-2020-1971), rating the vulnerability as High-risk. The vulnerability exists in the GENERAL_NAME_cmp function in OpenSSL. GENERAL_NAME_cmp compares different instances of a GENERAL_NAME to see if they are equal or not. When both GENERAL_NAMEs contain EDIPartyName, a NULL […]

Overview On December 8, 2020, Struts released a security bulletin disclosing a potential remote code execution vulnerability (CVE-2020-17530) in S2-061. The vulnerability stems from insufficient input validation. This results in two forced Object Graph Navigation Library (OGNL) evaluations when the original user input is calculated. When the OGNL expression is forced in Struts tag attributes […]

Overview On December 8, 2020, local time, Adobe released security updates which address multiple vulnerabilities in Adobe Prelude, Adobe Experience Manager, and Adobe Lightroom.

Overview  Microsoft released December 2020 security updates on Tuesday which fix 58 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 9 critical vulnerabilities, 47 important vulnerabilities, and two moderate vulnerabilities. All users are advised to install updates without delay.

Overview Recently, Citrix SD-WAN released a security update to address three vulnerabilities (CVE-2020-8271, CVE-2020-8272, CVE-2020-8273). These vulnerabilities allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root. At present, there exist detailed analysis of relevant vulnerabilities and the proof of concept (POC) concerning CVE-2020-8271.