Adobe Security Bulletins for March 2019 Security Updates Threat Alert
março 26, 2019
Overview
On March 12, 2019 (local time), Adobe released security updates which address multiple vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. (mais…)
Cisco RV110W, RV130W, and RV215W Routers Web-based Management Interface Remote Code Execution Vulnerability Threat Alert
março 25, 2019
Overview
On February 27 (local time), Cisco officially released a security advisory to announce a critical security vulnerability (CVE-2019-1663) in Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. This vulnerability exists in the web-based management interface of the preceding products, which fails to properly validate user-supplied data. (mais…)
IP Reputation Report-03222019
março 22, 2019
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 22, 2019.
- It’s the first time that Japan got into the top 10 list.
Daily Communication——Release of Code on GitHub
março 21, 2019
Case Analysis
Before compromising a website or system, a hacker usually searches for related information beforehand. Code repositories are a major target. A security-unaware developer may upload code to a public platform, providing an opportunity for hackers to obtain API accounts or security holes by analyzing the uploaded code. (mais…)
Microsoft’s Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert
março 20, 2019
Overview
Microsoft released the March 2019 security patch on Tuesday that fixes 68 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, NuGet, Servicing Stack Updates, Skype for Business, Team Foundation Server, Visual Studio, Windows DHCP Client, Windows Hyper-V, Windows Kernel, Windows Kernel-Mode Drivers, Windows Print Spooler Components, Windows SMB Server, and Windows Subsystem for Linux. (mais…)
Technical Report on Container Security (V)-2
março 20, 2019
Security Tools – NeuVector
About NeuVector
NeuVector[I] is the first company to take up development of Docker/Kubernetes security products. With a commitment to assuring the security of enterprise-wide container platforms, the company provides products that are suitable for deployment across multi-cloud and on-premises production environments. (mais…)
Resource-based Constrained Delegation Allows Obtaining of System Privileges of Any Domain Hosts Threat Alert
março 19, 2019
1 Vulnerability Overview Recently, the NSFOCUS M01N team released the Analysis of Privilege Escalation Attacks by Exploiting Resource-based Constrained Delegation, in which they describe the principle of attacks launched by exploiting the resource-based constrained delegation, so as to escalate privileges of domain hosts. For details, click the following link: http://blog.nsfocus.net/analysis-attacks-entitlement-resource-constrained-delegation/ Several days ago, a security […]
Windows Domain Machines Local Privilege Escalation Attack Threat Alert
março 18, 2019
Overview
A security researcher from Shenanigans Labs disclosed a method of attacking the Active Directory by abusing resource-based constrained delegation. This would impose a serious threat to domain environments as an attacker could make a common domain user access services on local computers as a domain administrator, thus escalating local privileges. For details, see reference link [1]. (mais…)
IP Reputation Report-03152019
março 15, 2019
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 15, 2019.
Daily Communication——Business Chat Groups
março 15, 2019
Case Analysis
Chat groups convenience communication, but contain great risks, which include ill-disposed persons impersonating the company’s employees, information disclosure as a result of chat group hacking, and resigned employees lurking in the group for malicious purposes. (mais…)
