2017 DDoS and Web Application Attack Landscape

''

1 Introduction New Internet-based technologies and models, such as cloud computing, big data, Internet of Things (IoT), and mobile computing, are profoundly influencing transformations in the cyberspace. In this context, cyber threats keep evolving and upgrading. Distributed denial-of-service (DDoS) attacks and web application attacks are the main security threats facing […]

Oracle WebLogic Server RCE Deserialization Vulnerability Analysis

''

On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization vulnerability (CVE-2018-2628), via which attackers can remotely execute arbitrary code in an unauthorized manner. Reference link: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Affected Versions WebLogic 10.3.6.0 WebLogic 12.1.3.0 WebLogic 12.2.1.2 WebLogic 12.2.1.3 […]

Oracle WebLogic Server RCE Deserialization Vulnerability

''

On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization vulnerability (CVE-2018-2628) allowing remote code execution without authorization was disclosed. This vulnerability was first discovered by an NSFOCUS researcher, who reported it to Oracle immediately. More information about this […]

Iran’s 3,500 Switches Attacked – Cisco IOS/IOS XE Remote Code Execution Vulnerability CVE-2018-0171 Exploitation

''

News from The Iran Project, the Iranian cyber police confirmed Friday night that the country’s data center was attacked. The attack involved Iran 3500 switches, but the official in the country emphasized that the attack didn’t lead to sensitive data leakage. From description, the suspected attacker exploited the Cisco IOS / IOS […]