Information Security in the Workplace- Entry of outsiders2
setembro 14, 2019
With the advancement of IT-based transformation and the rapid development of IT, various network technologies have seen more extensive and profound applications, along with which come a multitude of cyber security issues. Come to find out what information security issues you should beware of in the workplace.
Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability (CVE-2019-12643) Threat Alert
setembro 13, 2019
Overview
On August 28, 2019, local time, Cisco released a security advisory, announcing remediation of an authentication bypass vulnerability (CVE-2019-12643) in the Cisco REST API virtual service container for Cisco IOS XE Software. (mais…)
IP Reputation Report-09012019
setembro 12, 2019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at September 08, 2019. Top 10 countries in attack percentage: The Laos is in first place. The Palestine is in the second place. The country China (CN) is […]
Botnet Trend Report-13
setembro 11, 2019
4.4 Satan: Evolving Ransomware
In late April 2018, MalwareHunterTeam reported seeing new ransomware that leveraged EternalBlue to propagate. Through analysis, we found that the ransomware was based on a new version (dubbed V2) of Satan, a ransomware family launched in 2017. The ransom demanded in this version increased from 0.1 to 0.3 Bitcoin. At the same time, a certain variant of IRCBOT also captured download instructions related to this malware. From the instruction set, Satan was confirmed to be the ransomware payload. (mais…)
Microsoft RDS Remote Code Execution Vulnerabilities (CVE-2019-1181-1182)Threat Alert
setembro 10, 2019
-
Vulnerability Overview
On August 14, 2019, Beijing time, Microsoft released remote desktop (RDP) service fixes and patches for a series of vulnerabilities, including two critical remote code execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182). Similar to the BlueKeep vulnerability (CVE-2019-0708) previously fixed, vulnerabilities disclosed this time have characteristics of worms. In other words, attackers could exploit them to execute arbitrary code and spread worm viruses without needing user interactions. (mais…)
QEMU VM Escape Vulnerability (CVE-2019-14378) Threat Alert
setembro 9, 2019
Overview
Recently, a security researcher disclosed a heap-based buffer overflow vulnerability (CVE-2019-14378) in the SLiRP networking backend in the QEMU emulator. An attacker could exploit this vulnerability to crash the QEMU process on a host machine, resulting in a denial of service, or possibly execute arbitrary code with privileges of the QEMU process. (mais…)
Ghostscript .buildfont1 –dSAFER Sandbox Bypass Vulnerability
setembro 6, 2019
-
Vulnerability Overview
Ghostscript is a suite of software based on an interpreter for Adobe System’s PostScript and Portable Document Format (PDF) page description languages. It is widely used as a raster image processor (RIP) for raster computer printers. Currently, it has been ported from Linux to other operating systems, including UNIX, Mac OS X, VMS, Windows, OS/2, and Mac OS classic. (mais…)
Botnet Trend Report-12
setembro 4, 2019
4.3 XMRig: Cryptomining For Fun and Profit Cryptomining by botnets has gained popularity in the past two years. Unlike other common malicious activities like DDoS, ransomware attacks, and confidential information theft, cryptomining has some unique characteristics: 1. Predictable earnings. Cryptominers are good at hiding their presence by controlling their CPU usage within 30%–40%. Based on […]
TortoiseSVN Remote Code Execution Vulnerability (CVE-2019-14422) Threat Alert
setembro 3, 2019
Overview
On August 13, local time, a researcher from a vulnerability laboratory (vxrl team) disclosed a remote code execution vulnerability (CVE-2019-14422) in TortoiseSVN.
The URI handler of TortoiseSVN (Tsvncmd:) allows a customized diff operation on Excel workbooks. This vulnerability could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. (mais…)
