Case AnalysisCase Analysis Ransomware emails usually have an intriguing subject and body to entice receivers to open the attachment. As shown above, the attachment is compressed. The virus file is an executable with the extension of js. To disguise it as a seemingly secure text file, the attacker adds .txt in the file name. Files […]
1 Vulnerability Overview Recently, a security researcher with Twitter alias SandboxEscaper, once again, published proof-of-concept (PoC) code for a new 0-day vulnerability affecting Windows. This is the third Windows 0-day vulnerability published by this same researcher since August 2018. The vulnerability made known to the public this time could lead to arbitrary file read. Specifically, […]
Overview Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows […]
Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader.
Top 10 countries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases in October. But the United States has the largest allocated IP addresses in the world and China is in the second place. So, report IP Reputation as a percentage of total IP addresses […]
Unit 42, a research team of Palo Alto Networks found a new malware family this month and named it Xbash. This new malware combines ransomware, coinming, botnet, and worm features and targets Linux and Windows mainly. Xbash is developed in Python and was then converted into self-contained Linux ELF executables by abusing the legitimate tool […]
Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected versions: IBM WebSphere 9.0.0.0 – 9.0.0.9 IBM WebSphere 8.5.0.0 – 8.5.5.14 IBM WebSphere 8.0.0.0 – 8.0.0.15 IBM […]
On August 22, 2018, Beijing time, Apache Software Foundation (ASF) released a security bulletin, announcing a remote code execution vulnerability (CVE-2018-11776, CNVD-2018-15894, or CNNVD-201808-740) in Apache Struts 2. This vulnerability exists in either of the following cases: The namespace value is not set for a result defined in underlying XML configurations. Also, upper action configurations […]
Tag: Apache Struts2, CVE-2018-11776, Remote Code Execution, S2-057 Severity:Critical This vulnerability can lead to remote code execution. PoC has been made publicly available and may lead to significant, extensive impact. Description On August 22, Apache disclosed a remote code execution (RCE) vulnerability that has been asigned the CVE number CVE-2018-11776. This vulnerability could be triggered […]
Taiwan Semiconductor Manufacturing Company (TSMC) is the world’s largest dedicated semiconductor and processor manufactor, manufacturing processors and other chips for the world’s largest science and technology companies including Apple, AMD, NVDIA and Qualcomm. In the evening of August 3, 2018, Beijing time, a technician’s improper operation during software installation caused the virus infection in the […]
