Research & Reports

Technical Report on Container Security (IV)-3

January 16, 2019 | Mina Hao

Container Security Protection – Host Security Host Security Hardening of Basic Host Security Containers share the operating system kernel with the host. Therefore, host configuration determines whether containers can be executed in a secure manner. For example, vulnerable software puts the host at risk of arbitrary code execution; opening ports at will exposes the host […]

Technical Report on Container Security (IV)-2

January 8, 2019 | Mina Hao

Container Security Protection – Container Service Security Container Service Security The security of the container management and orchestration service has a direct bearing on that of the container control plane. Take Docker for example. Whether the Docker daemon is properly configured determines the security of Docker to some extent. It is recommended that the following […]

Technical Report on Container Security (IV)-1

January 7, 2019 | Mina Hao

Container Security Protection—Linux Kernel Security Mechanism As a lightweight virtualized implementation, the container technology took into account security factors at the time of design, which constitute an important basis for container security protection. This chapter describes security risks and threats facing containers and common protection ideas and methods.

Technical Report on Container Security (III)-3

December 29, 2018 | Mina Hao

Security Risks and Challenges – Container Application Security Threat Container Application Security Threat Microservice Security From traditional monolithic applications to modern microservice applications, security has always been a hot issue. A monolithic application usually exposes fewer services and ports,narrowing the attack surface. In addition, security professionals know common points from which attacks are often launched. […]

Multiple Cisco Vulnerabilities Threat Alert

November 6, 2018 | Adeline Zhang

Overview Recently, Cisco released an official security advisory to announce fixes for multiple high-risk vulnerabilities, which could cause a denial of service and remote code execution.

LIVE NETWORKS LIVE555 Streaming Media RTSP Server Remote Code Execution Vulnerability(CVE-2018-4013) Threat Alert

October 26, 2018 | Adeline Zhang

Overview Recently, the TALOS team disclosed a critical remote code execution vulnerability (CVE-2018-4013). This vulnerability exists in the HTTP packet parsing functionality of the LIVE555 RTSP server library. An attacker could exploit this vulnerability to cause a stack-based buffer overflow via a specially crafted packet, resulting in code execution.

FreeRTOS Multiple Remote Code Execution Vulnerabilities Threat Alert

October 25, 2018 | Adeline Zhang

Overview Recently, researchers from Zimperium disclosed 13 critical vulnerabilities in FreeRTOS, including four remote code execution vulnerabilities.

Drupal Remote Code Execution Vulnerability Threat Alert

October 24, 2018 | Adeline Zhang

Overview Recently, Drupal released an official security advisory to announce the fixes for multiple security issues, including two critical remote code execution vulnerabilities which affect Drupal 7 and 8. The two critical vulnerabilities are described as follows:

libssh Server-Side Identity Authentication Bypass Vulnerability (CVE-2018-10933)Threat Alert

October 23, 2018 | Adeline Zhang

Overview On October 16, local time, libssh officially released an update to fix the server-side identity authentication bypass vulnerability (CVE-2018-10933) existing in libssh 0.6 and later versions. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any […]

WebLogic Remote Code Execution Vulnerability(CVE-2018-3191)Threat Alert

October 23, 2018 | Adeline Zhang

Overview On October 17, Beijing time, Oracle officially released a Critical Patch Update (CPU), which contains a fix for the critical WebLogic remote code execution vulnerability (CVE-2018-3191). This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in takeover of Oracle WebLogic Server, […]