Microsoft’s December 2019 Security Update Fixes 38 Security Vulnerabilities
dezembro 30, 2019
Overview
Microsoft released 2019 December security update on Tuesday that fixes 38 security issues ranging from simple spoofing attacks to remote code execution in various products, including End of Life Software, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, None, Open Source Software, Servicing Stack Updates, Skype for Business, SQL Server, Visual Studio, Windows Hyper-V, Windows Kernel, Windows Media Player, and Windows OLE. (mais…)
Adobe Security Advisory for December Security Updates
dezembro 29, 2019
Overview
On December 11, local time, Adobe officially released a December security update that fixes multiple vulnerabilities in Adobe’s many products, including Adobe Photoshop CC, Adobe Acrobat and Reader, Brackets, and Adobe ColdFusion.
For details, visit the following link:
Communication Data Decryption Based on Frida
dezembro 27, 2019
After completing the audit work, I discovered many out-of-bounds vulnerabilities and our vulnerability verification shows that the vulnerable program has no lack of data encryption. Initially, I handle it in the usual way: figure out the entire encryption process and write a Burp plug-in or mitm proxy script for data encryption and decryption. (mais…)
IP Reputation Report-12232019
dezembro 26, 2019
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at December 23, 2019.
Cybersecurity Insights-10
dezembro 25, 2019
5.3.2 Attack Type Distribution
In 2018, the most frequent attacks seen814 were SYN flood, UDP flood, ACK flood, HTTP flood and HTTPS flood attacks, which altogether accounted for 96% of all DDoS attacks. In contrast, reflection attackers contributed to no more than 3% of attacks. Compared with 2017, the year 2018 witnessed a 80% decrease in the number of reflection attacks, but a 73% increase in other attacks. This is because of effective governance measures taken against reflectors. (mais…)
Advisory: Gitlab EE multiple high-risk vulnerabilities
dezembro 24, 2019
Vulnerability Description
On December 10, 2019 local time, GitLab officially released an important version update notice, announcing three high-risk vulnerabilities in GitLab EE (Enterprise Edition). GitLab is an open source and web-based Git-repository management project. (mais…)
Advisory: Two high-risk vulnerabilities in GoAhead web server
dezembro 23, 2019
Vulnerability Description
On December 2, 2019, Cisco Talos publicly released reports of a remote code execution vulnerability (CVE-2019-5096) and a denial of service vulnerability (CVE-2019-5097) for the GoAhead web server. GoAhead is an open source, simple, lightweight, and powerful embedded Web Server. It is a Web server tailored for embedded real-time operating systems (RTOS) and can run on multiple platforms. (mais…)
VMware ESXi Remote Code Execution Vulnerability (CVE-2019-5544) Threat Alert
dezembro 20, 2019
Overview
On December 5, local time, VMware officially released a security advisory that revealed a remote code execution vulnerability (CVE-2019-5544) in VMware ESXi and Horizon DaaS. The vulnerability is due to a heap overwrite issue in OpenSLP used in ESXi and Horizon DaaS appliances. Malicious users with access to port 427 on the ESXi host or any Horizon DaaS platform through the network may overwrite the heap of the OpenSLP service, eventually causing remote code execution. (mais…)
IP Reputation Report-12152019
dezembro 19, 2019
-
Top 10 countries in attack counts:
- The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at December 15, 2019.
Cybersecurity Insights-9
dezembro 18, 2019
5.3 DDoS Attacks
5.3.1 Attack Trend
In 2018, we observed 148,000 DDoS attacks (down 28.4% from 2017), which generated a total of 643,100 TB of attack traffic, about the same volume as observed in 2017. This trend suggests that
while the number of DDoS attacks is lower, the size of the attack are growing. Large and medium-size attacks are on the rise.
