Apache Struts Remote Code Execution Vulnerability S2-062 (CVE-2021-31805) Alert
abril 14, 2022
Overview On April 13, 2022, NSFOCUS CERT detected that Struts officially issued a security notice and fixed a remote code execution vulnerability S2-062 (CVE-2021-31805). This vulnerability is not fully repaired for S2-061. When developers use the %{…} syntax to force OGNL parsing, there are still some special TAG attributes that can be parsed twice; attackers […]
APT Group Lazarus Distributing Korean Phishing Lures to Feel Out Cryptocurrency Users
abril 12, 2022
Overview Recently, NSFOCUS Security Labs captured a series of phishing documents containing specific Korean bait information. Most of these documents contain keywords such as “BTC”, “ETH”, “NFT”, and “account information”, which trick victims into opening them and then use remote template injection to implant malicious programs, thereby stealing host information. Analysis shows that these phishing […]
Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965) Manual
abril 2, 2022
Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in Spring related frameworks. Unauthorized remote attackers can construct HTTP requests to write malicious programs on the target system to execute arbitrary code. This vulnerability is Spring framework remote code execution vulnerability. (CVE-2010-1622), but it has a wider impact. Officials have released versions 5.2.20.RELEASE and […]
Information Collection Technology of Cloud Native Environment (I)
março 31, 2022
Abstract Information collection is a very important part of both attack and defense, and high-quality information collected is the basis and premise of follow-up work. However, fragmentary information and the complex composition of cloud native itself bring certain challenges to information collection in cloud native environment. This series of posts will share ideas and methods […]
Spring Cloud Function SPEL Expression Injection Vulnerability Alert
março 28, 2022
Overview Recently, NSFOCUS CERT detected that Spring Cloud officially fixed a SPEL expression injection vulnerability in Spring Cloud Function, because the parameter “spring.cloud.function.routing-expression” in the request header is processed as a Spel expression by the apply method of the RoutingFunction class in Spring Cloud Function, resulting in a Spel expression injection vulnerability, which can be […]
Thoughts on Encrypted Traffic Detection in the Era of Encrypt Everything
março 24, 2022
Background With the wide application of encryption technology and the continuous development of new network technology, the network structure becomes more and more complex and the encrypted traffic explodes. Furthermore, as the evolution and promotion of encryption protocols such as TLS1.3, the era of full encryption is silently coming. When protecting users’ privacy, encryption technology […]
How to Monitor Threat Traffic in Cloud Environment ?
março 22, 2022
Background The public cloud has become the hardest hit by cyberattacks. This article gives you an effective threat monitoring proposal by using VPC traffic mirror. Traffic Mirror In the traditional network environment, the data communications between devices are realized via cables or wireless networks. We can completely divert the traffic to the bypass monitoring device […]
Microsoft’s March security update for multiple high-risk product vulnerabilities
março 14, 2022
Overview On March 9, NSFOCUS CERT detected that Microsoft released the March security update patch, which fixed 71 security issues, involving Windows, Exchange Server, Remote Desktop Client, Azure, etc., including privilege escalation, remote code execution and other high-risk vulnerability types. Among the vulnerabilities fixed by Microsoft’s update this month, there are 3 critical vulnerabilities and […]
1TB Multi-Vector DDoS Attack in LATAM Blocked after CVE-2022-26143 Vulnerability Exploited
março 10, 2022
In early March, NSFOCUS Cloud Scrubbing SOC team discovered that one of our customers in Latin America suffered a volumetric, multi-vector distributed denial-of-service (DDoS) attack. NSFOCUS Cloud DPS prevented this attack successfully. The captured entire attack and defense process is as follows: March 3, 10:00 a.m. GMT+8 NSFOCUS cloud-based Network Traffic Analyzer (NTA) detected a […]
Linux Kernel Privilege Escalation Vulnerability (CVE-2022-0847) Alert
março 10, 2022
Overview Recently, NSFOCUS CERT detected that a security researcher disclosed a local privilege escalation vulnerability (CVE-2022-0847) in the Linux kernel. Due to a flaw in the correct initialization of the copy_page_to_iter_pipe and push_pipe functions in the Linux kernel, an attacker can overwrite the data in any readable file by exploiting this vulnerability, thereby escalating ordinary […]
