Event Overview Hangzhou Municipal Bureau of Public Security mentioned in its press release of Hangzhou Police Reports Work on Cracking Down on Cybercrimes and Achievements in the Cyberspace Cleanup Campaign 2019 released on September 20, 2019 that the phpStudy version released in 2016 was maliciously planted with a backdoor and the person allegedly responsible for […]

Vulnerability Description phpMyAdmin is a free, open-source tool for administering MySQL and MariaDB. It is widely used to manage databases of websites created with WordPress, Joomla, and other content management platforms.

Evolution of the Internet and Accompanying Cyber Threats The fast growth of the Internet has brought constant changes to our lives. More than a decade ago, the egress bandwidth of 100 Mbps was available only to a small number of users, but today links with Tbps-level bandwidths are nothing unusual. The Internet connects everyone and […]

Overview Microsoft released security updates for September that address a remote code execution vulnerability (CVE-2019-1297) in Microsoft Excel. This vulnerability exists in Microsoft Excel when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user […]

Vulnerability Description On September 19, 2019, the Weaver e-cology OA system was reported to contain a remote code execution vulnerability. This vulnerability exists in the BeanShell component of the Weaver OA system. This component comes with the system and allows unauthorized access. Attackers could exploit this vulnerability to directly execute arbitrary commands on the target […]

1 Vulnerability Description On September 18, a security researcher submitted Fastjson remediation code on Alibaba’s official GitHub to prevent new exploits of the Fastjson deserialization remote code execution vulnerability. An attacker could exploit this vulnerability to remotely execute malicious code to compromise the server.

Vulnerability Description Recently, Linux’s mail transfer agent Exim was reported to contain a remote code execution vulnerability (CVE-2019-15846). When the Exim server is accepting TLS connections, attackers could exploit this vulnerability to remotely execute arbitrary code with root privileges by sending an SNI ending in a backslash-null sequence. By default, the TLS function is disabled […]

Vulnerability Description Recently, multiple versions of fastjson have been found to contain a remote denial-of-service (DoS) vulnerability. An attacker could exploit a flaw in the processing logic of fastjson to exhaust memory and CPU resources of the server via a maliciously crafted json string, leading to a denial of service.

With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.

Overview   Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database […]