Adeline Zhang

OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-8794) Threat Alert

março 18, 2020

Overview

On February 24, local time, researchers from Qualys released a remote code execution vulnerability (CVE-2020-8794) existing in OpenSMTPD.

As part of the OpenBSD part, OpenSMTPD (also known as OpenBSD’s mail server) is a free implementation of the server-side SMTP protocol as defined by RFC 5321.

CVE-2020-8794 is an out-of-bounds read vulnerability. Attackers could exploit this vulnerability to inject arbitrary commands into the envelope file that are then executed as root.

According to researchers, they developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6, OpenBSD 5.9, Debian 10 (stable), Debian 11 (testing), and Fedora 31.

Reference:

https://www.openwall.com/lists/oss-security/2020/02/24/5 (mais…)

ICS Information Security Assurance Framework 21

março 17, 2020

What to Expect for ICS Security in the Coming Years

With the policy guidance of various ministries and commissions under the State Council, related  financial support, and the increased emphasis on ICS security by ICS enterprises, the ICS information security will get on the fast track of development. With the advancement of “one network, one database, and three platforms” proposed by the Ministry of Industry and Information Technology (MIIT), the introduction of Classified Protection of Information System Security 2.0 , and the introduction of Critical Information Infrastructure Security Protection Regulations , industrial security will see a very good opportunity for development. (mais…)

Google Chrome Releases Updates for Remediation of the Zero-day Vulnerability (CVE-2020-6418) Threat Alert

março 16, 2020

Overview

On February 24, local time, Google released updates for fixing multiple vulnerabilities existing in the desktop Chrome browser, including the high-risk CVE-2020-6418 vulnerability that has been exploited by attackers in the wild.

CVE-2020-6418 is a type confusion vulnerability in V8, which is Google Chrome’s open-source JavaScript and WebAssembly engine. This vulnerability was discovered and reported by Clement Lecigne of Google’s Threat Analysis Group. (mais…)

VMware vRealize Operations for Horizon Adapter Remote Code Execution Vulnerability (CVE-2020-3943) Threat Alert

março 13, 2020

Overview

Recently, VMware released a security advisory, announcing remediation of a remote code execution vulnerability (CVE-2020-3943) in vRealize Operations for Horizon Adapter. VMware has evaluated the severity of this vulnerability to be in the critical severity range with a maximum CVSSv3 base score of 9.0. (mais…)

IP Reputation Report-03082020

março 12, 2020

  1. Top 10 countries in attack counts:

  • The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 8, 2020.

(mais…)

Fastjson 1.2.62 and Earlier Remote Code Execution Vulnerability Threat Alert

março 11, 2020

Vulnerability Description

On February 19, National Vulnerability Database (NVD) released a JNDI injection vulnerability (CVE-2020-8840) in jackson-databind. However, gadget deserialization in jackson-databind also affects Fastjson. According to researchers from NSFOCUS, when the AutoType fucntion is enabled (disabled by default), this vulnerability affects Fastjson 1.2.62, allowing attackers to result in remote arbitrary code execution on the target machine. (mais…)

ICS Information Security Assurance Framework 20

março 10, 2020

Petroleum and Petrochemical Industry

  • Overview

System introduction

Oil field exploitation is field work featuring strong fluidity, large quantities of scattered points, and a long distance. In the process of oil field exploitation, out of management requirements, the oil and gas management center connects to the gathering and transportation control center, gas processing plant control center, gas transmission initial station, and field control layer through an industrial network. Therefore, the system needs a large number of wired and wireless networks for data transmission and remote system management. (mais…)

Jackson-databind Remote Code Execution Vulnerability (CVE-2020-8840) Threat Alert

março 9, 2020

 

Vulnerability Description

On February 19, National Vulnerability Database (NVD) disclosed a remote code execution vulnerability (CVE-2020-8840) that resulted from JNDI injection in jackson-databind and assigned a CVSS score of 9.8. Affected versions of jackson-databind lack certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. An attacker could exploit this vulnerability to cause remote code execution via JNDI injection. Currently, the vendor has released new versions to fix this vulnerability. Affected users are advised to update their installation to the latest versions as soon as possible. (mais…)

ICS Information Security Assurance Framework 19

março 6, 2020

Government Affairs

  • SCADA System Architecture Used in Water Affairs

The SCADA system used in water affairs mainly consists of the operator workstation, engineering workstation, SCADA system of the water intake pump room, SCADA system of the drug dosing room, SCADA system of the backwashing system, SCADA system of the water supply pump room, and SCADA system of the dewatering pump room. Figure 4.13 shows the architecture. (mais…)

IP Reputation Report-03012020

março 5, 2020

  1. Top 10 countries in attack counts:

  • The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 1, 2020.

(mais…)

Search

Inscreva-se no Blog da NSFOCUS