Emergency Response

Windows Arbitrary File Read 0-Day Vulnerability Handling Guide

January 7, 2019 | Mina Hao

1 Vulnerability Overview Recently, a security researcher with Twitter alias SandboxEscaper, once again, published proof-of-concept (PoC) code for a new 0-day vulnerability affecting Windows. This is the third Windows 0-day vulnerability published by this same researcher since August 2018. The vulnerability made known to the public this time could lead to arbitrary file read. Specifically, […]

Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

December 29, 2018 | Mina Hao

Overview Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows […]

Adobe Security Bulletin for December 2018 Security Updates

December 29, 2018 | Mina Hao

Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader.

IP Reputation Report-11162018

November 16, 2018 | Mina Hao

Top 10 countries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases in October. But the United States has the largest allocated IP addresses in the world and China is in the second place. So, report IP Reputation as a percentage of total IP addresses […]

Xbash Malware Combines Many Malicious Functions in Worm

September 30, 2018 | Adeline Zhang

Unit 42, a research team of Palo Alto Networks found a new malware family this month and named it Xbash. This new malware combines ransomware, coinming, botnet, and worm features and targets Linux and Windows mainly. Xbash is developed in Python and was then converted into self-contained Linux ELF executables by abusing the legitimate tool […]

Response Guide of IBM WebSphere Code Execution Vulnerability

September 18, 2018 | Adeline Zhang

Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected versions: IBM WebSphere 9.0.0.0 – 9.0.0.9 IBM WebSphere 8.5.0.0 – 8.5.5.14 IBM WebSphere 8.0.0.0 – 8.0.0.15 IBM […]

Technical Analysis and Solution | Apache Struts 2 Remote Code Execution Vulnerability (S2-057)

August 27, 2018 | Adeline Zhang

On August 22, 2018, Beijing time, Apache Software Foundation (ASF) released a security bulletin, announcing a remote code execution vulnerability (CVE-2018-11776, CNVD-2018-15894, or CNNVD-201808-740) in Apache Struts 2. This vulnerability exists in either of the following cases: The namespace value is not set for a result defined in underlying XML configurations. Also, upper action configurations […]

Apache Struts 2 Remote Code Execution Vulnerability

August 24, 2018 | Adeline Zhang

Tag:   Apache Struts2, CVE-2018-11776, Remote Code Execution, S2-057 Severity:Critical This vulnerability can lead to remote code execution. PoC has been made publicly available and may lead to significant, extensive impact. Description On August 22, Apache disclosed a remote code execution (RCE) vulnerability that has been asigned the CVE number CVE-2018-11776.  This vulnerability could be triggered […]

Brief Analysis and Solution | Virus Infection Shuts Down TSMC Factories

August 13, 2018 | Adeline Zhang

Taiwan Semiconductor Manufacturing Company (TSMC) is the world’s largest dedicated semiconductor and processor manufactor, manufacturing processors and other chips for the world’s largest science and technology companies including Apple, AMD, NVDIA and Qualcomm. In the evening of August 3, 2018, Beijing time, a technician’s improper operation during software installation caused the virus infection in the […]

Cisco IOS/IOS XE Software Remote Code Execution Vulnerability (CVE-2018-0171)

March 30, 2018 | NSFOCUS

Recently a serious vulnerability (CVE-2018-0171) was disclosed in Cisco IOS and IOS XE software. An attacker could reload an affected device without authorization, resulting in a denial of service condition or remote code execution. This vulnerability originated from improper validation of packet data. An attack could exploit this vulnerability by sending elaborately-crafted Smart Install message […]