ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert

Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is […]

Adobe Flash Player 0-Day Vulnerabilities Threat Alert

Overview On December 5, 2018, local time, Adobe released a security bulletin to document the remediation of two vulnerabilities, namely a critical 0-day vulnerability (CVE-2018-15982) in Adobe Flash Player and an important vulnerability (CVE-2018-15983) in Adobe Flash Player installer.

Satan Variant Analysis & Handling Guide

1 Background In early November 2018, NSFOCUS discovered that some of its financial customers had been infected with a worm virus FT.exe that could affect both Linux and Windows platforms. Like the ransomware Satan, the virus spreads itself by exploiting multiple application vulnerabilities. However, this virus, after breaking into the […]

Technical Report on Container Security (III)-1

Security Risks and Challenges — Vulnerability and Security Risk Analysis Vulnerability and Security Risk Analysis As a specific implementation of the container technology, Docker is getting more and more popular in recent years. To some extent, Docker has become a typical representation of the container technology. Docker is based on […]