Alibaba Cloud Web Application Firewall Endorsed by Top Research Agencies

agencies, including Gartner and Frost & Sullivan.According to the Asia-Pacific Web Application Firewall (WAF) Solution Market's "Asia/Pacific Context: Magic Quadrant for Web Application Firewalls" published by Gartner. This achievement not ...
From: Community > blog Author: Alibaba Cloud Security Page View:31 Reply:0

Alibaba Cloud Security: 2018 Cryptocurrency Mining Hijacker Report

of time.Non-web-based applications exposed to public networks are the favorite targets of malicious cryptocurrency web applications were subject to high-risk vulnerabilities, posing major security threats to the entire Internet. The security ...
From: Community > blog Author: Alibaba Cloud Security Page View:92 Reply:0

Alibaba Cloud Offers a Security Emergency Response Plan for Global Bank Websites

Pro and Web Application Firewall (WAF). Alibaba Cloud responds to high-risk incidents with a defense system that integrates against SQL injection, XSS, common web server plugin vulnerabilities, Trojan uploads, unauthorized access to core resources, and ...
From: Community > blog Author: Alibaba Cloud Security Page View:166 Reply:0

Alibaba Cloud Security Team Discovers Apache Spark Rest API Remote Code Execution (RCE) Exploit

. Apache Spark also provides a web user interface and corresponding REST APIs in order to let users control tasks and view results operations: In the first step, the attacker discovers a Spark server with web UI service exposed on the web through mass scanning ...
From: Community > blog Author: Alibaba Cloud Security Page View:1744 Reply:0

Alibaba Cloud Discovers the Latest ThinkPHP v5 Vulnerability

Alarm service, which uses its web application firewall (WAF) to synchronously block the vulnerability, and protect all customers, mostly in the form of web-shells, "a script that can be uploaded to a web server to enable remote administration of the machine ...
From: Community > blog Author: Alibaba Cloud Security Page View:42 Reply:0

New Vulnerability Found in the Decade-Old phpCMS 2008 Can Lead to Fresh WebShell Attacks

This article describes Alibaba Cloud Security's discovery of the web shell vulnerability in phpCMS 2008 content management be routinely upgraded and maintained, and phpCMS 2008 owners must take an immediate action. Second, any web exposure (a website ...
From: Community > blog Author: Alibaba Cloud Security Page View:24 Reply:0

ThinkphpDD: An In-Depth Analysis of Blackhat SEO Techniques

vulnerabilities exposed in 2018 and occasionally uses other web vulnerabilities. Based on the name of the webshell file and main or malicious code implanted in it. 3. We recommend that you use the next-generation [Web Application Firewall](https ...
From: Community > blog Author: Alibaba Cloud Security Page View:28 Reply:0

Threat Alert: Multiple Cryptocurrency Miner Botnets Start to Exploit the New ThinkPHP

/EternalBlue ) and "ipc$" to launch brute-force attacks against port 445 and port 139 before exploiting the Web framework Web Application Firewall (WAF) to protect against attacks and ensure normal business operations.Users who have purchased Cloud ...
From: Community > blog Author: Alibaba Cloud Security Page View:8 Reply:0

ProtonMiner Gains Momentum via Expanded Attack Surface

access, there is a high chance that someone will develop a malware to hack your database or web service. >This blog post ProtonMiner ## Security Recommendations We strongly advise you to NOT run database and web services with root account. Furthermore ...
From: Community > blog Author: Alibaba Cloud Security Page View:64 Reply:0

The Qakbot Family Extends: Introducing a New QBot Variant

features of Alibaba Cloud Web Application Firewall. Cloud Firewall is already capable of protecting against the Hadoop YARN ...
From: Community > blog Author: Alibaba Cloud Security Page View:44 Reply:0

ImposterMiner Trojan Takes Advantage of Newly Published Jenkins RCE Vulnerability

. Second, the attacker implant a trojan directly onto hosts through web vulnerabilities, and the trojan does not further spread ...
From: Community > blog Author: Alibaba Cloud Security Page View:32 Reply:0

Return of Watchbog: Exploiting Jenkins CVE-2018-1000861

. Yet they are essentially different in that CVE-2018-1000861 is a vulnerability in Jenkins' Stapler web framework, while CVE ...
From: Community > blog Author: Alibaba Cloud Security Page View:77 Reply:0