Emergency Response Archives - Página 38 de 90

Black and white portraits of two men with professional titles.

Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) Threat Alert

Por Jie JiPostou 12 de outubro de 2021

Overview On September 8, Beijing time, NSFOCUS CERT found that Microsoft released a security bulletin to disclose a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML. Attackers could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine, and convince the...

Atlassian Confluence Remote Code Execution Vulnerability (CVE-2021-26084) Threat Alert

Por Jie JiPostou 4 de outubro de 2021

Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a...

Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 2-2

Por Jie JiPostou 27 de setembro de 2021

Analysis of the Kill Chain of the LockFile Ransomware Group KDU Tool Terminating Multiple Antivirus Processes The attacker renames the KDU tool (open-source Windows driver loader implementing DSG bypass via an exploit) autologin, copies the related program to the temporary directory, and loads and executes the designated driver file to...

Text about Exchange Server vulnerabilities notice.

Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2

Por Jie JiPostou 26 de setembro de 2021

Event Overview Recently, NSFOCUS CERT discovered a slew of security incidents that exploited security vulnerabilities (ProxyShell) in Microsoft Exchange. Also, NSFOCUS found that the new LockFile ransomware group LockFile took advantage of these ProxyShell and PetitPotam vulnerabilities to target enterprise domain environments, finally encrypting quite a few hosts from enterprises...

Linux Kernel Arbitrary Code Execution Vulnerability (CVE-2021-3490) Threat Alert

Por Jie JiPostou 18 de setembro de 2021

Overview Recently, NSFOCUS CERT found that a security researcher published details and the PoC of an arbitrary code execution vulnerability (CVE-2021-3490) in eBPF and exploited this vulnerability to cause local privilege escalation on Ubuntu 20.10 and 21.04. This vulnerability exists because the eBPF ALU32 bounds tracking for bitwise ops (AND,...

Person analyzing data on digital screens.

INFRAHALT: NicheStack TCP/IP Stack High-Risk Vulnerabilities Threat Alert

Por Jie JiPostou 3 de setembro de 2021

Overview Recently, researchers from JFrog and Forescout released a joint report to publicly disclose 14 security vulnerabilities (collectively referred to as INFRA:HALT) in the NicheStack TCP/IP stack, announcing that these vulnerabilities could lead to remote code execution, denial of service, information disclosure, TCP spoofing, or DNS cache poisoning. Researchers noted...