Microsoft Security Bulletin for December Patches That Fix 39 Security Vulnerabilities

Overview Microsoft released December 2018 security updates on Tuesday which fix 39 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, Adobe Flash Player,Internet Explorer, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting […]

Adobe Security Bulletin for December 2018 Security Updates

Overview On December 11, 2018 (local time), Adobe released security updates which address multiple vulnerabilities in Acrobat and Reader. For details about the security bulletins and advisories, visit the following link: Vulnerability Overview Adobe Acrobat and Reader Adobe has released security updates for Adobe Acrobat and Reader on Windows to […]

ThinkPHP Remote Code Execution Vulnerability Handling Guide

1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access […]

ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert

Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is […]

Adobe Flash Player 0-Day Vulnerabilities Threat Alert

Overview On December 5, 2018, local time, Adobe released a security bulletin to document the remediation of two vulnerabilities, namely a critical 0-day vulnerability (CVE-2018-15982) in Adobe Flash Player and an important vulnerability (CVE-2018-15983) in Adobe Flash Player installer.

Analysis Report of the XorDDoS Malware Family

At the end of September 2014, MalwareMustDie discovered XorDDoS, which builds a botnet that can be used for launching DDoS attacks. The main characteristic of the XorDDoS family is that it compromises the target host by brute-force guessing against weak SSH passwords and executes corresponding shell scripts to install the […]