Adeline Zhang

Advisory: Drupal fixes multiple vulnerabilities

janeiro 2, 2020

Overview

On December 18, local time, Drupal officially issued a security advisory to announce multiple vulnerabilities in its core products, including one critical vulnerability and three medium-risk vulnerabilities. (mais…)

Cybersecurity Insights-11

janeiro 1, 2020

Backdoor, cryptominer, worm, trojan, and zombie115 made the list of active most malware in 2018. Strains of backdoors malware are still extremely active because they are too stealthy to be easily detected. As the virtual currency market continues to shrink, cryptomining is less popular than before, but still very active, coming second behind backdoors.

(mais…)

XSS Brings You to an Unintended Website

dezembro 31, 2019

I.Principle

Cross-site scripting (XSS) is a website attack approach in which a hacker or tester tampers with web pages by inserting malicious scripts via HTML injection, in a bid to direct the user’s browser to carry out malicious operations when the user browses web pages. (mais…)

Microsoft’s December 2019 Security Update Fixes 38 Security Vulnerabilities

dezembro 30, 2019

Overview

Microsoft released 2019 December security update on Tuesday that fixes 38 security issues ranging from simple spoofing attacks to remote code execution in various products, including End of Life Software, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, None, Open Source Software, Servicing Stack Updates, Skype for Business, SQL Server, Visual Studio, Windows Hyper-V, Windows Kernel, Windows Media Player, and Windows OLE. (mais…)

Adobe Security Advisory for December Security Updates

dezembro 29, 2019

Overview

On December 11, local time, Adobe officially released a December security update that fixes multiple vulnerabilities in Adobe’s many products, including Adobe Photoshop CC, Adobe Acrobat and Reader, Brackets, and Adobe ColdFusion.

For details, visit the following link:

https://helpx.adobe.com/security.html (mais…)

Communication Data Decryption Based on Frida

dezembro 27, 2019

After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has no lack of data encryption. Initially, I handle it in the usual way: figure out the entire encryption process and write a Burp plug-in or mitm proxy script for data encryption and decryption. (mais…)

IP Reputation Report-12232019

dezembro 26, 2019

  1.  Top 10 countries in attack counts:

  • The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at December 23, 2019.

(mais…)

Cybersecurity Insights-10

dezembro 25, 2019

5.3.2 Attack Type Distribution

In 2018, the most frequent attacks seen814 were SYN flood, UDP flood, ACK flood, HTTP flood and HTTPS flood attacks, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attackers contributed to no more than 3% of attacks. Compared with 2017, the year 2018 witnessed a 80% decrease in the number of reflection attacks, but a 73% increase in other attacks. This is because of effective governance measures taken against reflectors. (mais…)

Advisory: Gitlab EE multiple high-risk vulnerabilities

dezembro 24, 2019

Vulnerability Description

On December 10, 2019 local time, GitLab officially released an important version update notice, announcing three high-risk vulnerabilities in GitLab EE (Enterprise Edition). GitLab is an open source and web-based Git-repository management project. (mais…)

Advisory: Two high-risk vulnerabilities in GoAhead web server

dezembro 23, 2019

Vulnerability Description

On December 2, 2019, Cisco Talos publicly released reports of a remote code execution vulnerability (CVE-2019-5096) and a denial of service vulnerability (CVE-2019-5097) for the GoAhead web server. GoAhead is an open source, simple, lightweight, and powerful embedded Web Server. It is a Web server tailored for embedded real-time operating systems (RTOS) and can run on multiple platforms. (mais…)

Search

Inscreva-se no Blog da NSFOCUS