Overview On January 15, 2021, Beijing time, JumpServer released an emergency bulletin to announce a remote command execution vulnerability in its bastion host and advised users to fix it as soon as possible, especially those whose JumpServer can be accessed via the Internet. (mais…)
Categoria: Emergency Response
Suggestions on Detection and Prevention of the Incaseformat Virus
Overview On January 13, 2021, NSFOCUS's emergency response team received feedback on the incaseformat virus from a host of customers in the government, healthcare, education, and telecom sectors. According to analysis, we found that this virus mainly infected hosts installed with financial management application systems. Also, we observed that all...
Apache Flink Directory Traversal Vulnerability (CVE-2020-17518/17519) Threat Alert
Overview Recently, Apache Flink announced two directory traversal vulnerabilities, CVE-2020-17518 and CVE-2020-17519. Currently, Apache Flink has released a new version to fix the preceding vulnerability. Affected users are advised to upgrade as soon as possible. (mais…)
SolarWinds Supply Chain Attack Threat Alert
Overview On December 14, 2020, Beijing time, FireEye posted a blog on a SolarWinds supply chain attack. The blog shows that SolarWinds software was trojanized by attackers around March 2020 and suffered a severe supply chain attack. Currently, SolarWinds has released relevant updates. Users are advised to install the updates...
Unauthorized Access of FireEye Red Team Tools Protection Solution
Overview On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated organization and that FireEye Red Team tools were stolen. According to FireEye, the stolen Red Team tools were mainly used to provide its customers with basic penetration testing...
Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17144) Threat Alert
Overview Microsoft disclosed a remote code execution vulnerability (CVE-2020-17144) Microsoft Exchange Server 2010 in its latest December security updates, rating the vulnerability as Important. The vulnerability exists because the program improperly verifies cmdlet parameters. An authenticated attacker could exploit this vulnerability to cause remote code execution. This vulnerability is similar...
