Cisco Unified Contact Center Express (Unified CCX) Deserialization Code Execution Vulnerability (CVE-2020-3280) Threat Alert
junho 2, 2020
Overview
Recently, Cisco officially released a security advisory, announcing the fix of a high-risk vulnerability (CVE-2020-3280) in Unified Contact Center Express (Unified CCX). The vulnerability stems from the fact that during the deserialization operation of the software, the input provided by the user is not sufficiently restricted. The attacker can send a malicious Java object to trigger the vulnerability without authorization to execute arbitrary code.
CVSS3.0 Base Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
(mais…)WellinTech KingView Multiple Vulnerabilities Threat Alert
junho 1, 2020
Overview
Some versions of WellinTech KingView are prone to multiple vulnerabilities, including the real-time database access authorization bypass vulnerability and denial-of-service vulnerability existing in the web data transmission service. Vulnerability details are as follows:
1. KingView real-time database access authorization bypass vulnerability (CNVD-C-2020-87074)
2. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92339)
3. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92346)
4. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92365)
5. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92343)
6. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92341)
7. KingView denial-of-service vulnerability existing in the web data transmission service (CNVD-C-2020-92351)
(mais…)NSFOCUS Named a Representative Vendor in Gartner Market for Security Threat Intelligence Products and Services
maio 30, 2020
The world’s leading research and advisory company, Gartner, has named NSFOCUS as a Representative Vendor in its May 2020 Market Guide for Security Threat Intelligence Products and Services.
This guide provides in-depth analysis of the threat intelligence (TI) market, focusing on introducing its technical value and commercial potential of threat intelligence, and selecting credible vendors globally. NSFOCUS is honored to be named in the list.
(mais…)Microsoft’s Security Bulletin for May Patches That Fix 111 Security Vulnerabilities Threat Alert
maio 29, 2020
Overview
Microsoft released the May 2020 security patch on Tuesday that fixes 111 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Common Log File System Driver, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Power BI, Visual Studio, Windows Hyper-V, Windows Kernel, Windows Scripting, Windows Subsystem for Linux, Windows Task Scheduler, and Windows Update Stack.
(mais…)IP Reputation Report-05242020
maio 28, 2020
1. Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at May 24, 2020. 2. Top 10 countries in attack percentage: The Belarus is in first place. The Cape Verde is in the second place. The country China […]
DDoS Attack Landscape 9
maio 27, 2020
DDoS Botnets
In 2019, NSFOCUS Security Labs detected over 400,000 DDoS attacks launched via botnets, a sharp increase compared with 2018 (8323 DDoS attacks). According to our observation, the
botnets running on IoT devices were mainly Mirai and Gafgyt families. These two families were exploited to launch over 60% of DDoS attacks in the first half of 2019. The following figure shows the proportions of high-risk commands observed by NSFOCUS Security Labs in 2018 and 2019.
Adobe Releases May’s Security Updates Threat Alert
maio 26, 2020
Overview
On May 12, 2020, local time, Adobe officially released July’s security updates to fix multiple vulnerabilities in its various products, including Adobe DNG Software Development Kit (SDK) and Adobe Acrobat and Reader.
For details about the security update, visit the following link:
Java Deserialization Exploits: Registry Whitelist Bypass
maio 25, 2020
In 2019, An Trinh discovered two vulnerabilities, CVE-2019-9670 (XXE/SSRF) and CVE-2019-6980 (deserialization vulnerability), in Zimbra.
As usual, An Trinh did not disclose any details.
Luckily, Hans Martin Munch is more generous than An Trinh and has shared many interesting ideas. For example, he once advised using YouDebug to fix the CVE-2017-3241 vulnerability.
ysoserial.payloads.JRMPClient is designed to trick a victim into accessing a malicious DGC server as a DGC client. When the victim deserialization comes from a malicious object of the DGC server, a filter is configured by default. For details, see the implementation of sun.rmi.transport.DGCImpl.checkInput().
A new idea proposed by An Trinh is to trick a victim into accessing a malicious RMI Registry server as an RMI Registry client. In this case, there is no filter involved if the victim deserialization comes from a malicious object of the RMI Registry server. No default filter is configured on JEP 290 for this scenario.
(mais…)635Gbps DDoS attack spike During Covid-19 Pandemic
maio 22, 2020
NSFOCUS cloud scrubbing center witnessed a torrent of DDoS attack traffic, with peak volume up to 634.8 Gbps.
At 5 p.m. of May 20th, 2020, NSFOCUS SOC team detected an enormous DDoS attack – three IPs of a Hong Kong customer were hit by DDoS attacks and inbound traffic kept increasing sharply. As DDoS attack traffic constantly gushing into the scrubbing center, the peak attack traffic reached 634.8 Gbps, a new height encountered by NSFOCUS’s customers in the year of 2020. When NSFOCUS reported this event to the customer after the attack mitigation, they extended their grateful thanks to NSFOCUS and said selecting NSFOCUS Anti-DDoS solution was their best choice they made because they were well protected even when they were not aware of being targeted by DDoS attacks.
(mais…)SecureCRT Memory Corruption Vulnerability (CVE-2020-12651) Threat Alert
maio 22, 2020
Overview
A memory corruption vulnerability (CVE-2020-12651) was fixed in the latest version 8.7.2 of SecureCRT. When the CSI function receives a large negative number as a parameter, it may allow the remote system to destroy the memory in the terminal process, resulting in the execution of arbitrary code or the program crashes.
(mais…)