May 24, 2019
Vulnerability Notification: Remote Desktop Services Remote Code Execution
[Overview] Remote Desktop Services (RDS) is one of the components of Microsoft Windows that allow users to remotely access and take control of a computer or virtual machine. Recently, the Remote Desktop Services Remote Code Execution vulnerability was published officially. [Vulnerability Details] CVE-2019-0708: The vulnerability is pre-authentication and requires no user interaction. A remote attacker…March 1, 2019
Vulnerability Notification: Apache Subversion mod_dav_svn Denial of Service
[Overview] Subversion is an open source version control and software version control system that runs as a standalone server or as a module of the Apache HTTPD server. Recently, the denial of service vulnerability was fixed officially. [Vulnerability Details] CVE-2018-11803: The vulnerability is caused by improper dereference of an uninitialized pointer variable. A remote attacker…December 26, 2018
Vulnerability Notification: Microsoft Office Remote Code Execution
[Overview] Microsoft Office is an office software developed by Microsoft Corporation that can perform word processing, form editing, slide show production, and Email service. Recently, Microsoft fixed a remote code execution vulnerability in it. [Vulnerability Details] CVE-2018-8161: The vulnerability is caused by Outlook’s incorrect parsing of HTML. The vulnerable condition occurs when a MIME message…November 26, 2018
A ransomware variant is spreading – Hillstone has established a solid shield!
Recently, the GandCrab ransomware family has widely spread in China. The databases, pictures, documents, and compressed files on infected hosts are encrypted, causing a shutdown of business systems. Since its discovery in January, GandCrab has spread rapidly, with many variations in less than one year, showing how active and aggressive the ransomware developers are. China…November 11, 2018