Vulnerability Overview On August 14, 2019, Beijing time, Microsoft released remote desktop (RDP) service fixes and patches for a series of vulnerabilities, including two critical remote code execution (RCE) vulnerabilities (CVE-2019-1181 and CVE-2019-1182). Similar to the BlueKeep vulnerability (CVE-2019-0708) previously fixed, vulnerabilities disclosed this time have characteristics of worms. In...
Blog
QEMU VM Escape Vulnerability (CVE-2019-14378) Threat Alert
Overview Recently, a security researcher disclosed a heap-based buffer overflow vulnerability (CVE-2019-14378) in the SLiRP networking backend in the QEMU emulator. An attacker could exploit this vulnerability to crash the QEMU process on a host machine, resulting in a denial of service, or possibly execute arbitrary code with privileges of...
Ghostscript .buildfont1 –dSAFER Sandbox Bypass Vulnerability
Vulnerability Overview Ghostscript is a suite of software based on an interpreter for Adobe System's PostScript and Portable Document Format (PDF) page description languages. It is widely used as a raster image processor (RIP) for raster computer printers. Currently, it has been ported from Linux to other operating systems, including...
IP Reputation Report-09012019
Top 10 countries in attack counts: (mais…)
Botnet Trend Report-12
4.3 XMRig: Cryptomining For Fun and Profit Cryptomining by botnets has gained popularity in the past two years. Unlike other common malicious activities like DDoS, ransomware attacks, and confidential information theft, cryptomining has some unique characteristics: 1. Predictable earnings. Cryptominers are good at hiding their presence by controlling their CPU...
TortoiseSVN Remote Code Execution Vulnerability (CVE-2019-14422) Threat Alert
Overview On August 13, local time, a researcher from a vulnerability laboratory (vxrl team) disclosed a remote code execution vulnerability (CVE-2019-14422) in TortoiseSVN. The URI handler of TortoiseSVN (Tsvncmd:) allows a customized diff operation on Excel workbooks. This vulnerability could be used to open remote workbooks without protection from macro...
