Android Bluetooth Component Critical Vulnerability (CVE-2020-0022) Threat Alert
fevereiro 18, 2020
Overview
Recently, Google released February 2020 security updates for Android which fixed a critical vulnerability (CVE-2020-0022) in Android’s Bluetooth component. This vulnerability could be exploited without user interaction when Bluetooth is enabled on devices. An attacker that successfully exploits this vulnerability could execute arbitrary code on the target system. Also, researchers pointed out that this vulnerability could be exploited to craft self-spreading Bluetooth worms. (mais…)
ICS Information Security Assurance Framework 17
fevereiro 17, 2020
Nuclear Power
The security scenario of the nuclear power plant is similar to that of the thermal power platform. For details, sees section 4.1.1. Generally, it contains the following contents: (mais…)
FusionAuth Remote Code Execution Vulnerability (CVE-2020-7799) Threat Alert
fevereiro 14, 2020
On January 28, 2019, Beijing time, NVD released a remote command execution vulnerability (CVE-2020-7799) in the Apache Freemarker template in FusionAuth. It is found that an authenticated user can edit email templates (Home > Settings > Email Templates) or themes (Home > Settings > Themes) in FusionAuth to execute arbitrary commands in the underlying operating system by using freemarker.template.utility.Execute in the Apache FreeMarker engine of custom templates. (mais…)
IP Reputation Report-02092020
fevereiro 13, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 9, 2020.
WebLogic WLS Component IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-2551) Threat Alert
fevereiro 12, 2020
-
Overview
Oracle released Critical Patch Update (CPU) for January 2020, announcing a remote code execution vulnerability (CVE-2020-2551) in the Internet Inter-ORB Protocol (IIOP) used by the WLA component in WebLogic. (mais…)
ICS Information Security Assurance Framework 16
fevereiro 11, 2020
System Introduction
The computer monitoring system of the hydropower plant adopts a hierarchical distributed open system structure totally controlled by the computer, which consists of the main control layer of functions and the local control unit (LCU) layer of objects. The main control layer consists of the operator station, data server station, external communication station, internal communication station, engineering station, voice alert station, GPS time synchronization system, UPS power supply, and network devices. (mais…)
ICS Information Security Assurance Framework 15
fevereiro 10, 2020
Wind Power
System Introduction
Based on computers, communication devices, and test control units, the wind power monitoring system provides a basic platform for real-time data collection, switch status monitoring, and remote control of wind power plants. It can work with detection and controls devices to form an arbitrarily complex monitoring system. It plays a vital role in the monitoring of wind power plants by helping enterprises eliminate information silos, reduce operating costs, improve production efficiency, and accelerate the speed of responding to anomalies in the process of power transformation and distribution. Figure 4.4 shows its system architecture Currently, the electric power monitoring system is vertically connected to dispatching planes 1 and 2 and the centralized control center of the wind power plant. (mais…)
ICS Information Security Assurance Framework 14
fevereiro 7, 2020
ICS Security Solutions for Typical Industrial Scenarios
System Introduction
Based on computers, communication devices, and test control units, the electric power monitoring system provides a basic platform for real-time data collection, switch status monitoring, and remote control of thermal power plants. It can work with detection and controls devices to form an arbitrarily complex monitoring system. It plays a vital role in the monitoring of thermal power plants by helping enterprises eliminate information silos, reduce operating costs, improve production efficiency, and accelerate the speed of responding to anomalies in the process of power transformation and distribution. (mais…)
IP Reputation Report-02022020
fevereiro 6, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 2, 2020.
ICS Information Security Assurance Framework 13
fevereiro 5, 2020
Policies for Building the Defense-in-Depth System for Industrial Control Networks
For the sake of ICS security protection, we can build a defense-in-depth system by implementing the following policies:
