NSFOCUS Weekly Cybersecurity Report (ID: 201826)

Internet Threat Status CVE Statistics The number of new CVE IDs in last week was 193, a decrease compared with the previous week.   Threat Review   WPA3 Standard Officially Launches With New Wi-Fi Security Features (06-25-2018) The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises […]

Drupal Remote Code Execution Vulnerability Analysis

Overview Drupal released a security advisory on 28 March 2018 to disclose a remote execution code (RCE) vulnerability in the Drupal core, sa-core-2018-002 (CVE-2018-7600). Soon, two more security advisories were also published within a month, including a Cross-Site Scripting (XSS) vulnerability and a critical code execution vulnerability — sa-core-2018-004 (CVE-2018-7602). […]

2017 DDoS and Web Application Attack Landscape

1 Introduction New Internet-based technologies and models, such as cloud computing, big data, Internet of Things (IoT), and mobile computing, are profoundly influencing transformations in the cyberspace. In this context, cyber threats keep evolving and upgrading. Distributed denial-of-service (DDoS) attacks and web application attacks are the main security threats facing […]

Iran’s 3,500 Switches Attacked – Cisco IOS/IOS XE Remote Code Execution Vulnerability CVE-2018-0171 Exploitation

News from The Iran Project, the Iranian cyber police confirmed Friday night that the country’s data center was attacked. The attack involved Iran 3500 switches, but the official in the country emphasized that the attack didn’t lead to sensitive data leakage. From description, the suspected attacker exploited the Cisco IOS / IOS […]

Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)

At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, 2.7.9.1 and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind’s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method […]

Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)

A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). […]

Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the […]