2018 DDoS Attack Landscape-1
abril 5, 2019
NSFOCUS Security Lab research has seen a dramatic decrease in DDoS attacks between 2017 and 2018. We are in consensus with other TI vendors as to most of the driving factors behind this large scale reduction, except one. This webinar 1 will show why NSFOCUS is breaking from the pack on one of the key factors leading to the significant decrease in DDoS attacks in 2018. (mais…)
Internet Explorer and Edge Browsers 0-Day Vulnerability Threat Alert
abril 4, 2019
Overview
Recently, a foreign researcher announced a 0-day vulnerability with Microsoft Edge and Internet Explorer (IE). Enticing a user to click a malicious link, an attacker could exploit this vulnerability to bypass the same-origin policy of the two kinds of browsers to launch a universal cross-site scripting (UXSS) attack to steal the user’s sensitive information. (mais…)
UC Browser Potential Man-in-the-Middle Vulnerability Threat Alert
abril 2, 2019
Overview
Recently, a foreign researcher discovered a potential vulnerability in the UC browser which may affect hundreds of millions of users around the world. A hidden feature is found in the UC browser to download auxiliary software modules for execution by bypassing some restrictions of an application store. This feature is used to add new functions or install updates to the client, but can also be exploited for man-in-the-middle (MITM) attacks. For example, when a user uses the UC browser to download a PDF file and attempts to open it, an attacker, via an MITM attack, could enable the browser to download a malicious file and finally execute it. (mais…)
PostgreSQL Arbitrary Code Execution Vulnerability (CVE-2019-9193) Threat Alert
abril 1, 2019
1 Vulnerability Overview
Recently, a security researcher disclosed details about a PostgreSQL privilege escalation code execution vulnerability (CVE-2019-9193), which allows attackers with read access to database server-side files to execute arbitrary system commands. (mais…)
Daily Communication——Use of Shared Folders
março 29, 2019
Case Analysis
Public shared folders usually house various documents from different departments, many of which contain sensitive data. Sensitive files reside in such folders mainly because people forget to delete them after copying them, thus exposing sensitive data to intranet hackers and rogue insiders. (mais…)
Apache Tomcat DoS Vulnerability (CVE-2019-0199) Threat Alert
março 28, 2019
1 Vulnerability Overview
Recently, The Apache Software Foundation announced the existence of a denial-of-service (DoS) vulnerability in Apache Tomcat HTTP/2. Specifically, the HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permits clients to keep streams open without reading/writing request/response data. Thus, too many connection requests from clients can cause server-side thread exhaustion. Successful exploitation of this vulnerability would result in a denial of service on the target. (mais…)
Technical Report on Container Security (V)-3
março 27, 2019
Security Tools – StackRox
-
About StackRox
StackRox features a distributed architecture that collects and analyzes data throughout the application lifecycle to detect and block malicious actors, and finally meet the requirement for protecting containerized cloud-native applications. StackRox delivers continuous detection through its unique combination of distributed sensors and centralized analysis and machine learning to provide context and correlation at the speed and scale of containers. (mais…)
NSFOCUS Attack Threat Monitoring Wins 2019 Cyber Defense Magazine InfoSec Award
março 26, 2019
Earlier this month at RSA we released the newest service in our arsenal of holistic hybrid security solutions, Attack Threat Monitoring (ATM). We were thrilled not only to demo ATM at our RSA booth, but even more pleased to release the service to the public having already won an award. Cyber Defense Magazine examines thousands […]
Adobe Security Bulletins for March 2019 Security Updates Threat Alert
março 26, 2019
Overview
On March 12, 2019 (local time), Adobe released security updates which address multiple vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. (mais…)
