Adeline Zhang

Technical Report on Container Security (II)-3

novembro 22, 2018

Container Basics — Container Networking

Container Networking

From the evolutionary history of cloud computing systems, the industry has reached a consensus that, while constant breakthroughs have been made to drive the maturation of computing virtualization and storage virtualization, network virtualization has lagged behind, becoming a major bottleneck that encumbers the fast growth of cloud computing. Such features as network virtualization, multitenancy, and hybrid clouds are posing brand new challenges of varying degrees to the security development of cloud networks. (mais…)

Telecom Exchange LA 2018: NSFOCUS Discusses 2017-18 Report on 27 Million Cyber Attackers

novembro 19, 2018

Telecom Exchange LA – Live from Telecom Exchange (TEX) LA 2018, we are pleased to be joined by Guy Rosefelt, Director, Threat Intelligence & Web Security for NSFOCUS. NSFOCUS is an iconic internet and application security company with over 18 years of proven industry experience. Mr. Rosefelt talks about the importance of focusing on low […]

Microsoft Released September 2018 Patches to Fix 64 Security VulnerabilitiesThreat Alert

novembro 19, 2018

Overview  

On Tuesday, Microsoft released September 2018 security updates to fix 64 vulnerabilities, ranging from spoofing attacks to remote code execution vulnerabilities. Affected products include .NET Core, Active Directory, Adobe Flash Player, Azure, BitLocker, Internet Explorer, Microsoft Drivers, Microsoft Dynamics, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JScript, Microsoft Office, Microsoft Office SharePoint, Microsoft PowerShell, Microsoft RPC, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows Search Component, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Windows Audio Service, and Windows Kernel. (mais…)

Adobe September 2018 Security Updates Threat Alert

novembro 19, 2018

Overview

On November 13, local time, Adobe officially released security bulletins and advisories to announce the remediation of multiple vulnerabilities in such products as Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. (mais…)

Wi-Fi Security——Free Wi-Fi Acces

novembro 17, 2018

Case AnalysisCase Analysis

A malicious actor tends to set up Wi-Fi with a name that is the same as or similar to as a commonly used one, and then set an empty password or the same password as the legitimate Wi-Fi to attract connections from the public. Then the offender will hijack DNS requests on a Wi-Fi router, directing users to a phishing website to steal their user names and passwords or monitoring the traffic on mobile phones connecting to the router to obtain plaintext passwords.

(mais…)

IP Reputation Report-11162018

novembro 16, 2018

Top 10 countries: The above diagram shows the top 10 regions with most malicious IP addresses from the NSFOCUS IP Reputation databases in October. But the United States has the largest allocated IP addresses in the world and China is in the second place. So, report IP Reputation as a percentage of total IP addresses […]

Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert

novembro 16, 2018

Vulnerability Overview

Recently, Apache Software Foundation (ASF) has released a security advisory to strongly advise users of Apache Struts2.3.X to upgrade the Apache Commons FileUpload component. Struts 2.3.x, by default, uses the Commons FileUpload component of V1.3.2. Early in 2016, this component of V1.3.2 is disclosed to contain a deserialization vulnerability (CVE-2016-100031) which could result in arbitrary code execution.

Commons is a Java subproject of ASF and FileUpload is a subproject for handling HTTP file uploads. The Commons FileUpload component is mainly used to assist developers in implementing the web file upload function.

(mais…)

VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert

novembro 15, 2018

Overview

Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018.

(mais…)

Cisco Stealthwatch Management Console and Unity Express Critical Vulnerabilities Threat Alert

novembro 15, 2018

Overview

On November 7, 2018, local time, Cisco released a security advisory to announce the remediation of two critical vulnerabilities in the Stealthwatch Management Console (SMC) and the Utility Express respectively. (mais…)

Search

Inscreva-se no Blog da NSFOCUS