Overview Microsoft disclosed a remote code execution vulnerability (CVE-2020-17144) Microsoft Exchange Server 2010 in its latest December security updates, rating the vulnerability as Important.   The vulnerability exists because the program improperly verifies cmdlet parameters. An authenticated attacker could exploit this vulnerability to cause remote code execution. This vulnerability is similar to CVE-2020-0688 and requires login […]

Overview On December 8, 2020, local time, OpenSSL released a security advisory disclosing a NULL pointer dereference vulnerability (CVE-2020-1971), rating the vulnerability as High-risk. The vulnerability exists in the GENERAL_NAME_cmp function in OpenSSL. GENERAL_NAME_cmp compares different instances of a GENERAL_NAME to see if they are equal or not. When both GENERAL_NAMEs contain EDIPartyName, a NULL […]

Overview On December 8, 2020, Struts released a security bulletin disclosing a potential remote code execution vulnerability (CVE-2020-17530) in S2-061. The vulnerability stems from insufficient input validation. This results in two forced Object Graph Navigation Library (OGNL) evaluations when the original user input is calculated. When the OGNL expression is forced in Struts tag attributes […]

This section analyzes WS-Discovery reflection attacks. For details about the WS-Discovery service, see section 1.6 WS-Discovery First Found to Be Abused for DDoS Reflection Attacks.

Attackers are targeting Citrix ADC (Application Delivery Controller) and utilize it to launch amplification attacks. However, no official patch has been released yet.

Introduction This chapter analyzes IoT threats from the perspective of protocols. According to the data from NSFOCUS’s threat hunting system, Telnet services (port 23) were targeted most frequently1. Therefore, we first analyze the attacks launched via Telnet. WS-Discovery reflection attacks are a new type of DDoS reflection attacks emerging in 2019 and will be described […]

Background Some time ago, some researchers detected a code injection vulnerability (CVE-2020-7475), which could cause Schneider’s Programmable Logic Controllers (PLCs) to operate like worms. If successfully exploited, this vulnerability could allow a PLC to act as a mini PC to carry out malicious network activities or as an intranet springboard or a network scanner to […]

Overview On December 8, 2020, local time, Adobe released security updates which address multiple vulnerabilities in Adobe Prelude, Adobe Experience Manager, and Adobe Lightroom.

In this section, we analyze threat trends related to Netis routers according to the data captured by NSFOCUS’s threat hunting system. Our data is based on log messages generated from May 21 to October 30, 2019. The following subsections analyze these log messages from the aspects of attack sources, attack incidents, and samples. Attack Sources […]

Overview  Microsoft released December 2020 security updates on Tuesday which fix 58 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 9 critical vulnerabilities, 47 important vulnerabilities, and two moderate vulnerabilities. All users are advised to install updates without delay.