IP Reputation Report-03222020
março 26, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 22, 2020.
DDoS Attack Landscape 1
março 25, 2020
Executive Summary
In 2019, the average peak size of DDoS attacks rose steadily from 2018 to 42.9 Gbps, indicating that techniques employed by large and medium scale attacks are advancing year by year. After
a sharp rise in 2018, super-sized DDoS attacks (> 300 Gbps) were relatively stabilizing in 2019, increasing slightly by around 200. (mais…)
V8 Type Confusion Vulnerability (CVE-2020-6418) Threat Alert
março 24, 2020
Vulnerability Description
On February 25, security updates were released for Google Chrome and Microsoft Edge. The open-source JavaScript and WebAssembly engines in V8 in Google Chrome before 80.0.3987.122 and Microsoft Edge browser before 80.0.361.62 are prone to a type confusion vulnerability (CVE-2020-6418), which allows attackers to access data in an unauthorized way, thereby executing malicious code. According to researchers, this vulnerability has been exploited for attacks before security updates were released. Currently, details have been made public available. Users of Google Chrome and Microsoft Edge browsers adopting V8 are advised to install the updates as soon as possible. (mais…)
jackson-databind/Fastjson Remote Code Execution Vulnerability Threat Alert
março 23, 2020
Overview
Recently, two remote code execution vulnerabilities (CVE-2020-9547 and CVE-2020-9548) were fixed in jackson-databind. By using two components (ibatis-sqlmap and anteros-core) to bypass the blacklist restriction, attackers could exploit these vulnerabilities to cause remote code execution on the victim’s machine. (mais…)
IP Reputation Report-03152020
março 20, 2020
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at March 15, 2020.
Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555) Threat Alert
março 20, 2020
Vulnerability Description
On January 15, 2020, Oracle released Critical Patch Update (CPU) for January 2020 that fixes 334 vulnerabilities of different risk levels, including a remote code execution vulnerability (CVE-2020-2555) with the CVSS score of 9.8 in the deserialization by Oracle Coherence deserialization. This vulnerability allows an unauthenticated attacker to launch attacks via a crafted T3 request. A successful exploitation of this vulnerability could lead to arbitrary code execution on the target host. Products that use Oracle Coherence are affected by this vulnerability. The installation package of WebLogic Server 11g Release 10.3.4 and later has the Oracle Coherence library integrated by default. (mais…)
OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-8794) Threat Alert
março 18, 2020
Overview
On February 24, local time, researchers from Qualys released a remote code execution vulnerability (CVE-2020-8794) existing in OpenSMTPD.
As part of the OpenBSD part, OpenSMTPD (also known as OpenBSD’s mail server) is a free implementation of the server-side SMTP protocol as defined by RFC 5321.
CVE-2020-8794 is an out-of-bounds read vulnerability. Attackers could exploit this vulnerability to inject arbitrary commands into the envelope file that are then executed as root.
According to researchers, they developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6, OpenBSD 5.9, Debian 10 (stable), Debian 11 (testing), and Fedora 31.
Reference:
https://www.openwall.com/lists/oss-security/2020/02/24/5 (mais…)
ICS Information Security Assurance Framework 21
março 17, 2020
What to Expect for ICS Security in the Coming Years
With the policy guidance of various ministries and commissions under the State Council, related financial support, and the increased emphasis on ICS security by ICS enterprises, the ICS information security will get on the fast track of development. With the advancement of “one network, one database, and three platforms” proposed by the Ministry of Industry and Information Technology (MIIT), the introduction of Classified Protection of Information System Security 2.0 , and the introduction of Critical Information Infrastructure Security Protection Regulations , industrial security will see a very good opportunity for development. (mais…)
Google Chrome Releases Updates for Remediation of the Zero-day Vulnerability (CVE-2020-6418) Threat Alert
março 16, 2020
Overview
On February 24, local time, Google released updates for fixing multiple vulnerabilities existing in the desktop Chrome browser, including the high-risk CVE-2020-6418 vulnerability that has been exploited by attackers in the wild.
CVE-2020-6418 is a type confusion vulnerability in V8, which is Google Chrome’s open-source JavaScript and WebAssembly engine. This vulnerability was discovered and reported by Clement Lecigne of Google’s Threat Analysis Group. (mais…)
VMware vRealize Operations for Horizon Adapter Remote Code Execution Vulnerability (CVE-2020-3943) Threat Alert
março 13, 2020
Overview
Recently, VMware released a security advisory, announcing remediation of a remote code execution vulnerability (CVE-2020-3943) in vRealize Operations for Horizon Adapter. VMware has evaluated the severity of this vulnerability to be in the critical severity range with a maximum CVSSv3 base score of 9.0. (mais…)
