Risk Overview The GandCrab family is updating at a rapid pace. Since its V5 was released in September this year, a number of variants have appeared, including V5.0, V5.0.2, V5.0.3, V5.0.4, and V5.0.5. This virus family has targeted customers in various sectors in China. Users should take precautions to remove […]
Vulnerability Overview Recently, Apache Software Foundation (ASF) released a security advisory to announce the fix for an access control bypass vulnerability (CVE-2018-11759) in the mod_jk module in Apache Tomcat. Currently, the proof of concept (PoC) has been announced for this vulnerability. Users of this software should take precautions to fix […]
Case AnalysisCase Analysis Different employees assume different duties, and therefore have different permissions to access company data. If you do not lock your screen when you are out for lunch or go to the restroom, other co-workers may see the contents on your screen and those with ulterior motives may […]
Container Basics — Container Image Container Image Images are the basis of containers. The container engine service can use different images to launch different containers. After a container becomes faulty, the service can be promptly restored by deleting the faulty container and launching a new one thanks to the underlying […]
Overview In recent years, the cloud computing model has gradually been universally recognized and accepted in the industry. In China, sectors such as governments, finance, carriers, and energy as well as small and medium-size organizations, to varying degrees, have migrated their business to the cloud. However, just turning hosts, platforms, […]
Overview Recently, the TALOS team disclosed a critical remote code execution vulnerability (CVE-2018-4013). This vulnerability exists in the HTTP packet parsing functionality of the LIVE555 RTSP server library. An attacker could exploit this vulnerability to cause a stack-based buffer overflow via a specially crafted packet, resulting in code execution.