Vulnerability Description Recently, NSFOCUS detected that an Apache Solr arbitrary file read and server-side request forgery (SSRF) vulnerability was disclosed on the Internet. Since authentication was disabled by default when Apache Solr was installed, unauthenticated attackers could turn on requestDis patcher.requestParsers.enableRemoteStreaming via the Config API, thereby exploiting the vulnerability to read files. Currently, the proof […]

Vulnerability Description Recently, NSFOCUS detected that XStream released security advisories disclosing 11 security vulnerabilities in its products. An attacker could exploit these vulnerabilities to conduct DoS and SSRF attacks, delete arbitrary files, and lead to arbitrary RCE. XStream is a tool for converting between Java objects and XML. When serializing JavaBeans or deserializing XML files, […]

Vulnerability Description On March 11, NSFOCUS observed that F5 released a security bulletin to announce the fix of multiple high-risk vulnerabilities, CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, and CVE-2021-22992, which affect BIG-IP and BIG-IQ in F5. Users are advised to take preventive measures as soon as possible. BIG-IP is an F5 application delivery platform that […]

Vulnerability Description On March 19, 2021, NSFOCUS detected that GitLab released patches for a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE), which was assigned a CVSS base score of 9.9. Unauthorized authenticated attackers could craft malicious requests via controllable markdown rendering options, thereby executing arbitrary code on the server. GitLab […]

MILPITAS, Calif. – March 22, 2021 – We are pleased to announce that our web application firewall, NSFOCUS WAF, was awarded ICSA Labs Web Application Firewall Certification following rigorous and thorough testing. ICSA Labs, an independent division of Verizon, offers third-party testing and certification of security and health IT products, as well as connected devices, […]

Vulnerability Description On March 10, 2021, Beijing time, Microsoft released March 2021 Security Updates that fix 89 vulnerabilities, including high-risk ones like remote code execution and privilege escalation in various widely used products such as Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Internet Explorer, and Visual Studio. In these security updates, Microsoft fixes 14 critical […]

Produced by: NSFOCUS Security Labs FreakOut samples appearing in the campaign were a typical IRC bot Trojan program written in Python. The Trojan program would connect to IRC channels in hardcoded C&C and act as instructed by C&C to collect information, launch DDoS attacks, interact with shells, and conduct ARP sniffing attacks. Also, it carried […]

Produced by: NSFOCUS Security Labs In early January 2021, NSFOCUS Security Labs captured an unknown malicious program called “out.py” via its real-time data platform, which is usually spread with the domain name “gxbrowser.net”. NSFOCUS Security Labs conducted an in-depth research on the samples and payloads of the malware and compared the malware with NSFOCUS threat […]

Event Overview Since February 2021, NSFOCUS’s emergency response team has found that several provinces in China saw multiple SMS phishing events using fake bank domain names. As these events bear a striking resemblance in the phishing playbook, attack means, and phishing website pages, we can largely determine that these attacks were launched by the same […]

Vulnerability Description On March 2, NSFOCUS observed that Microsoft released emergency security updates to fix seven vulnerabilities in Exchange Server. Exchange server-side request forgery vulnerability (CVE-2021-26855): An unauthenticated attacker, via a crafted HTTP request, could exploit this vulnerability to scan the intranet and authenticate as Exchange Server. Exchange Server deserialization vulnerability (CVE-2021-26857): An attacker with […]