Resposta de Emergência

VMware vCenter Server Multiple High-Risk Vulnerabilities Threat Alert

outubro 22, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, VMware’s official security advisory, disclosing multiple vulnerabilities in VMware vCenter Server on September 22. Those issues allow attackers to cause information disclosure, privilege promotion and remote code execution. Now VMware has released security updates to fix the vulnerabilities. Affected users are advised to take measures for protection. vCenter Server […]

XStream Multiple High-Risk Vulnerabilities Threat Alert

outubro 15, 2021 | Jie Ji

Overview Recently, NSFOCUS found that XStream released security advisories disclosing 14 security vulnerabilities in its products. An attacker could exploit these vulnerabilities to conduct a DoS, server-side request forgery (SSRF), or remote code execution (RCE) attack. XStream is a tool to serialize Java objects to XML and back again. When serializing JavaBeans or deserializing XML […]

Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444) Threat Alert

outubro 12, 2021 | Jie Ji

Overview On September 8, Beijing time, NSFOCUS CERT found that Microsoft released a security bulletin to disclose a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML. Attackers could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine, and convince the user to open a malicious […]

Atlassian Confluence Remote Code Execution Vulnerability (CVE-2021-26084) Threat Alert

outubro 4, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]

Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 2-2

setembro 27, 2021 | Jie Ji

Analysis of the Kill Chain of the LockFile Ransomware Group KDU Tool Terminating Multiple Antivirus Processes The attacker renames the KDU tool (open-source Windows driver loader implementing DSG bypass via an exploit) autologin, copies the related program to the temporary directory, and loads and executes the designated driver file to execute code with kernel privileges […]

Insights into Ransomware Spread Using Exchange 1-Day Vulnerabilities 1-2

setembro 26, 2021 | Jie Ji

Event Overview Recently, NSFOCUS CERT discovered a slew of security incidents that exploited security vulnerabilities (ProxyShell) in Microsoft Exchange. Also, NSFOCUS found that the new LockFile ransomware group LockFile took advantage of these ProxyShell and PetitPotam vulnerabilities to target enterprise domain environments, finally encrypting quite a few hosts from enterprises for ransom. In April, a […]

Linux Kernel Arbitrary Code Execution Vulnerability (CVE-2021-3490) Threat Alert

setembro 18, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT found that a security researcher published details and the PoC of an arbitrary code execution vulnerability (CVE-2021-3490) in eBPF and exploited this vulnerability to cause local privilege escalation on Ubuntu 20.10 and 21.04. This vulnerability exists because the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the […]

INFRAHALT: NicheStack TCP/IP Stack High-Risk Vulnerabilities Threat Alert

setembro 3, 2021 | Jie Ji

Overview Recently, researchers from JFrog and Forescout released a joint report to publicly disclose 14 security vulnerabilities (collectively referred to as INFRA:HALT) in the NicheStack TCP/IP stack, announcing that these vulnerabilities could lead to remote code execution, denial of service, information disclosure, TCP spoofing, or DNS cache poisoning. Researchers noted that attackers that successfully exploited […]

Exim Remote Code Execution Vulnerability (CVE-2020-28020) Threat Alert

agosto 30, 2021 | Jie Ji

Overview In May, Qualys publicly disclosed 21 security vulnerabilities in the Exim server, announcing that these vulnerabilities affected all Exim versions released after 2004 and most of them can be exploited in default configurations. Recently, NSFOCUS found that certain vulnerability details and PoCs were publicly available. Among the vulnerabilities, the most severe one is the […]

Microsoft August Security Updates for Multiple High-Risk Product Vulnerabilities

agosto 27, 2021 | Jie Ji

Overview According to NSFOCUS CERT’s monitoring, Microsoft released August 2021 Security Updates on August 11 to fix 46 vulnerabilities, including high-risk remote code execution and privilege escalation, in widely used products like Windows, Microsoft Office, ASP.NET Core, Visual Studio, and Azure. This month’s security updates fix seven critical vulnerabilities and 39 important ones, including three […]