Emergency Response

Critical runC Container Escape Vulnerability (CVE-2019-5736) Threat Alert

February 18, 2019 | Adeline Zhang

Overview RUNC is a CLI tool for spawning and running containers according to the Open Container Initiative (OCI) specification. As the core of the Docker, runC can be called for creating, running, and destructing containers.

APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide

January 30, 2019 | Adeline Zhang

1 Vulnerability Overview Recently, a security researcher discovered a critical vulnerability in the Advanced Packaging Tool (APT) of Linux. This vulnerability stems from the APT’s failure to properly handle redirects, which can be triggered via a man-in-the-middle attack or a malicious package mirror, resulting in remote code execution.

Linux apt/apt-get Remote Code Execution (RCE) Vulnerability (CVE-2019-3462) Threat Alert

January 28, 2019 | Adeline Zhang

Overview On January 22, 2019, local time, security researcher Max Justicz announced his discovery of a remote code execution (RCE) vulnerability in Linux apt/apt-get. This vulnerability stems from the APT’s failure to properly handle certain parameters involved in HTTP redirects. It can be triggered via a man-in-the-middle attack or a malicious package mirror, resulting in […]

Oracle January 2019 Critical Patch Update Security Advisory for All Product Families

January 22, 2019 | Adeline Zhang

Overview On January 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 284 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix.

ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* Remote Code Execution Vulnerability Handling Guide

January 21, 2019 | Adeline Zhang

1 Vulnerability Overview Recently, ThinkPHP 5.0-5.0.23 was found to have a remote code execution (RCE) vulnerability. The NSFOCUS Falcon Team carried out tests and found that ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* were also prone to this vulnerability, which could be triggered in both Linux and Windows systems.

ThinkPHP 5.0.* Remote Code Execution Vulnerability Handling Guide

January 17, 2019 | Adeline Zhang

1 Vulnerability Overview Recently, ThinkPHP 5.0.* is prone to a remote code execution vulnerability that has been officially fixed. All related users should stay wary and take precautions as soon as possible.

ThinkPHP 5 Remote Code Execution Vulnerability Threat Alert

January 16, 2019 | Adeline Zhang

Overview On January 11, ThinkPHP addressed a remote code execution vulnerability. This vulnerability stems from the Request class’s (thinkphp/library/think/Request.php) lack of sufficient input validation when handling requests, which finally leads to remote code execution.

Microsoft’s January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert

January 15, 2019 | Adeline Zhang

Overview Microsoft released the January 2019 security patch on Tuesday that fixes 51 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Android App, ASP.NET, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft […]

Microsoft Exchange Server Arbitrary User Impersonation Vulnerability Handling Guide

January 10, 2019 | Adeline Zhang

1 Vulnerability Overview Recently, a security researcher released details of an arbitrary user impersonation vulnerability (CVE-2018-8581) in Microsoft Exchange Server (also known as Exchange Web Server, EWS for short), revealing that an authenticated attacker could exploit this vulnerability to impersonate arbitrary accounts or even gain privileges of the target user. Currently, the vulnerability’s proof of […]

Email Security – Attachment Virus

January 7, 2019 | Adeline Zhang

Case AnalysisCase Analysis Ransomware emails usually have an intriguing subject and body to entice receivers to open the attachment. As shown above, the attachment is compressed. The virus file is an executable with the extension of js. To disguise it as a seemingly secure text file, the attacker adds .txt in the file name. Files […]