0x00 Overview PowerShell has been a focus of concern for network defense. The fileless PowerShell, featuring LotL and excellent ease of use, is widely used in various attack scenarios. In order to capture PowerShell-based attacks, an increasing number of security professionals tend to, through PowerShell event log analysis, extract attack...
Ano: 2020
Annual IoT Security Report 2019-2
Extensive Power Outages in Venezuela and New York Starting from the evening of March 7, 2019, a cyberattack hit Venezuela, leaving most parts of the country, including the capital Caracas, without power for more than 24 hours1. Because of the outage, the subway service in Caracas came to a halt,...
WebLogic High-Risk Vulnerabilities (CVE-2020-14841, CVE-2020-14825, CVE-2020-14859) Threat Alert
Overview On October 21, 2020, Beijing time, Oracle released Critical Patch Update (CPU) for October 2020 that fixes 402 vulnerabilities of different risk levels. The WebLogic Server Core component is prone to three severe vulnerabilities with a CVSS base score of 9.8, which are assigned CVE-2020-14841, CVE-2020-14825, and CVE-2020-14859 respectively....
Annual IoT Security Report 2019-1
Executive Summary With the constant evolution of the Internet of Things (IoT), the security of IoT is becoming an issue that more and more people are concerned about. In 2016, we issued the IoT Security Whitepaper to popularize IoT security for a general audience. In 2018, we released the 2017...
Apache Solr ConfigSet API Upload Function Vulnerability (CVE-2020-13957) Threat Alert
Overview Recently, Apache Solr fixed a vulnerability (CVE-2020-13957) in the Configsets API upload function. Attackers could perform unauthorized operations by using a combination of UPLOAD/CREATE actions, which might eventually lead to command execution. Apache Solr is an enterprise search server that is based on Lucene. (mais…)
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898) Threat Alert
Overview On October 13, 2020 (local time), Microsoft fixed a critical vulnerability dubbed Bad Neighbor (CVE-2020-16898) in the Windows TCP/IP stack in its latest monthly patch update. An attacker might execute arbitrary code on a remote system by sending maliciously crafted ICMPv6 Router Advertisement packets. McAfee said the proof-of-concept code...
