Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

Overview Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting […]

Technical Report on Container Security (III)-3

Security Risks and Challenges – Container Application Security Threat Container Application Security Threat Microservice Security From traditional monolithic applications to modern microservice applications, security has always been a hot issue. A monolithic application usually exposes fewer services and ports,narrowing the attack surface. In addition, security professionals know common points from […]

Adobe Security Bulletin for December 2018 Security Updates

Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader. For details about the security bulletins and advisories, visit the following link: Vulnerability Overview Adobe Acrobat and Reader Adobe has released security updates for Adobe Acrobat and Reader on Windows to […]

NSFOCUS’s Presence at Botconf 2018

On December 7, 2018 security experts from NSFOCUS Fu Ying Labs delivered a speech at Botconf 2018, presenting WASM security threat analysis technologies with researchers from security firms, media personnel, and security practitioners from CERTs (Computer Emergency Response Teams) of various countries. Their striking insights were highly accepted and acknowledged […]

ThinkPHP Remote Code Execution Vulnerability Handling Guide

1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access […]

ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert

Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is […]

Adobe Flash Player 0-Day Vulnerabilities Threat Alert

Overview On December 5, 2018, local time, Adobe released a security bulletin to document the remediation of two vulnerabilities, namely a critical 0-day vulnerability (CVE-2018-15982) in Adobe Flash Player and an important vulnerability (CVE-2018-15983) in Adobe Flash Player installer.