Handling Guide

ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* Remote Code Execution Vulnerability Handling Guide

January 21, 2019

1 Vulnerability Overview

Recently, ThinkPHP 5.0-5.0.23 was found to have a remote code execution (RCE) vulnerability. The NSFOCUS Falcon Team carried out tests and found that ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* were also prone to this vulnerability, which could be triggered in both Linux and Windows systems. (more…)

Satan Variant Analysis & Handling Guide

December 6, 2018

1 Background

In early November 2018, NSFOCUS discovered that some of its financial customers had been infected with a worm virus FT.exe that could affect both Linux and Windows platforms. Like the ransomware Satan, the virus spreads itself by exploiting multiple application vulnerabilities. However, this virus, after breaking into the system, does not do anything obviously damaging, but only spreads itself.

At the end of Novemb (more…)