LAC Co., Ltd.

Taking full advantage of cutting-edge technology to make way for the future.

Report An Emergency Incident
Close

24-Hour Consultation, No Reservations Necessary

Emergency Inquiries: Cyber Emergency Center ®

Emergency Response Service to quickly support our customers during security-related emergency cases.
If you are in an emergency situation, please contact us now [Cyber Emergency Center]

For inquiries by email

email of Cyber Emergency Center ®

24-Hour Consultation, No Reservations Necessary

Emergency Inquiries: Cyber Emergency Center ®

If you are in an emergency situation, please contact us now [Cyber Emergency Center]

JSOC INSIGHT vol.21 English Edition

11 APR 2019 | JSOC INSIGHT

"JSOC INSIGHT" is an analysis report on the trend of security incidents, such as unauthorized access and malware infection, in Japan, based on daily analysis results by our JSOC security analysts. Since this report analyzes the trends in attacks, based on the data of incidents which JSOC customers actually encountered, the report will help in understanding world trends as well as actual threats that Japanese users are facing.

JSOC INSIGHT vol.20 contains below topics.

  • Arbitrary code execution vulnerability in Drupal
  • Code injection vulnerability in osCommerce
  • Increased attack traffic that exploited IIS or WebLogic vulnerabilities

Contents

  1. Preface
  2. Executive Summary
  3. Trends in Severe Incidents at the JSOC
     3.1 Trends in severe incidents
     3.2 Types of Traffic to Pay Attention to
  4. Topics of This Volume
     4.1 Arbitrary code execution vulnerability in Drupal
      4.1.1 Regarding the attack traffic that targeted CVE-2018-7600
      4.1.2 Major types of attack traffic
      4.1.3 Regarding the attack traffic that targeted CVE-2018-7602
      4.1.4 Countermeasures against the vulnerability
     4.2 Code injection vulnerability in osCommerce
      4.2.1 Testing the vulnerability
      4.2.2 Trends of the attack traffic detected
      4.2.3 Countermeasures against the vulnerability
     4.3 Increased attack traffic that exploited IIS and WebLogic vulnerabilities
      4.3.1 Changes in the number of incidents detected
      4.3.2 Attack traffic contents
      4.3.3 Sources of attack traffic
      4.3.4 How to respond to these types of attacks
  5. Conclusion

Click here to download PDF file.

JSOC_INSIGHT_vol21_en.pdf (PDF)