Emergency Response

Overview Recently, the NSFOCUS security team has found that the Oracle Weblogic vulnerability is exploited in the wild. Its attack signature is similar to that of the CVE-2019-2725 vulnerability. The attack can bypass the latest security patch released by Oracle in April. This vulnerability exists because no proper sanitization is performed when deserialized information is […]

1 Vulnerability Overview On June 12, 2019, Beijing time, Microsoft released security patches for the Windows NTLM tampering vulnerability (CVE-2019-1040), which exists in Windows operating systems and allows attackers to bypass the NTLM MIC (Message Integrity Check) protection.

Overview Microsoft released June 2019 security patches on Tuesday that fix 93 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Kerberos, Microsoft Browsers, Microsoft Devices, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft […]

Overview On June 11, 2019, local time, Adobe officially released June’s security updates to fix multiple vulnerabilities in its various products, including Adobe Flash Player, Adobe Campaign, and Adobe ColdFusion.

Overview Recently, a researcher discovered that his computer motherboard BIOS comes with an anti-theft trace application Computrace from Absolute, which, after a computer startup, will be silently installed by the operating system and then transmit data overseas. Besides, this software can remotely obtain users’ files from their computers, monitor their behavior, and download and install […]

Overview On May 15, 2019, local time, Cisco officially released a security advisory, announcing remediation of three critical remote code execution vulnerabilities (CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823) in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPN).

Overview On May 14, 2019, local time, Adobe officially released May’s security updates to fix multiple vulnerabilities in its various products, including Adobe Flash Player, Adobe Acrobat and Reader, and Media Encoder.

Overview On May 14, 2019, local time, Microsoft released security updates for May that address a critical remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services. The Remote Desktop Protocol (RDP) is not affected by this vulnerability. As the vulnerability may be exploited in worm-related attacks, users are advised to download appropriate patches and upgrade […]

Overview Cisco has released a security advisory, announcing the existence of a REST API authentication bypass vulnerability (CVE-2019-1867) in Cisco Elastic Services Controller (ESC). This vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow an […]

Overview Microsoft released May 2019 security patches on Tuesday that fix 82 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Kerberos, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, […]